3.94 GB
/srv/reproducible-results/rbuild-debian/r-b-build.oFtgPzvd/b1/scap-security-guide_0.1.76-1_i386.changes vs.
/srv/reproducible-results/rbuild-debian/r-b-build.oFtgPzvd/b2/scap-security-guide_0.1.76-1_i386.changes
824 B
Files
    
Offset 1, 6 lines modifiedOffset 1, 6 lines modified
  
1 ·c467056f33a78fdfb4dfcfb6d8ea9dee·153740·admin·optional·ssg-applications_0.1.76-1_all.deb1 ·28244348ef450e8b0f05c9a06d65d2c5·153796·admin·optional·ssg-applications_0.1.76-1_all.deb
2 ·ea0c1f19113a8a6c0a6e8b10e8e208a9·32632·admin·optional·ssg-base_0.1.76-1_all.deb2 ·ea0c1f19113a8a6c0a6e8b10e8e208a9·32632·admin·optional·ssg-base_0.1.76-1_all.deb
3 ·eac39e5ea9e21c45f3f7d3d7a5e98b39·3725872·admin·optional·ssg-debderived_0.1.76-1_all.deb 
4 ·579ce5778896318a8c16b21d78857309·1232492·admin·optional·ssg-debian_0.1.76-1_all.deb 
5 ·49cdcc194ed97aae68e1955c1608cb1f·37109064·admin·optional·ssg-nondebian_0.1.76-1_all.deb3 ·3b4607246a81c21b815898c9821384b3·3723676·admin·optional·ssg-debderived_0.1.76-1_all.deb
 4 ·fe16b47f0c0c4e357b1796465464d42c·1230228·admin·optional·ssg-debian_0.1.76-1_all.deb
 5 ·93b2a7030dd5c921a3a4eef4dcc79aa0·37097020·admin·optional·ssg-nondebian_0.1.76-1_all.deb
417 KB
ssg-applications_0.1.76-1_all.deb
452 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary1 -rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary
2 -rw-r--r--···0········0········0·····1724·2025-03-01·08:08:00.000000·control.tar.xz2 -rw-r--r--···0········0········0·····1728·2025-03-01·08:08:00.000000·control.tar.xz
3 -rw-r--r--···0········0········0···151824·2025-03-01·08:08:00.000000·data.tar.xz3 -rw-r--r--···0········0········0···151876·2025-03-01·08:08:00.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
417 KB
data.tar.xz
417 KB
data.tar
77.2 KB
./usr/share/xml/scap/ssg/content/ssg-chromium-ds.xml
77.1 KB
./usr/share/xml/scap/ssg/content/ssg-chromium-ds.xml
    
Offset 19, 23 lines modifiedOffset 19, 23 lines modified
19 ····</ds:checklists>19 ····</ds:checklists>
20 ····<ds:checks>20 ····<ds:checks>
21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-oval.xml"/>21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-oval.xml"/>
22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-ocil.xml"/>22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-ocil.xml"/>
23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-cpe-oval.xml"/>23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-cpe-oval.xml"/>
24 ····</ds:checks>24 ····</ds:checks>
25 ··</ds:data-stream>25 ··</ds:data-stream>
26 ··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">26 ··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28 ······<cpe-dict:cpe-item·name="cpe:/a:google:chromium-browser">28 ······<cpe-dict:cpe-item·name="cpe:/a:google:chromium-browser">
29 ········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>29 ········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>
30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>
31 ······</cpe-dict:cpe-item>31 ······</cpe-dict:cpe-item>
32 ····</cpe-dict:cpe-list>32 ····</cpe-dict:cpe-list>
33 ··</ds:component>33 ··</ds:component>
34 ··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2025-02-28T20:08:00">34 ··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">35 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>36 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>37 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>
38 ······<xccdf-1.2:description>38 ······<xccdf-1.2:description>
39 ········This·guide·presents·a·catalog·of·security-relevant39 ········This·guide·presents·a·catalog·of·security-relevant
40 configuration·settings·for·Chromium.·It·is·a·rendering·of40 configuration·settings·for·Chromium.·It·is·a·rendering·of
41 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)41 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 1675, 15 lines modifiedOffset 1675, 15 lines modified
1675 ··········<xccdf-1.2:check·system="http://scap.nist.gov/schema/ocil/2">1675 ··········<xccdf-1.2:check·system="http://scap.nist.gov/schema/ocil/2">
1676 ············<xccdf-1.2:check-content-ref·href="ssg-chromium-ocil.xml"·name="ocil:ssg-chromium_whitelist_plugin_urls_ocil:questionnaire:1"/>1676 ············<xccdf-1.2:check-content-ref·href="ssg-chromium-ocil.xml"·name="ocil:ssg-chromium_whitelist_plugin_urls_ocil:questionnaire:1"/>
1677 ··········</xccdf-1.2:check>1677 ··········</xccdf-1.2:check>
1678 ········</xccdf-1.2:Rule>1678 ········</xccdf-1.2:Rule>
1679 ······</xccdf-1.2:Group>1679 ······</xccdf-1.2:Group>
1680 ····</xccdf-1.2:Benchmark>1680 ····</xccdf-1.2:Benchmark>
1681 ··</ds:component>1681 ··</ds:component>
1682 ··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-oval.xml"·timestamp="2025-02-28T20:08:00">1682 ··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-oval.xml"·timestamp="2025-03-01T22:08:00">
1683 ····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">1683 ····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
1684 ······<oval-def:generator>1684 ······<oval-def:generator>
1685 ········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>1685 ········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
1686 ········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>1686 ········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>
1687 ········<oval:schema_version>5.11</oval:schema_version>1687 ········<oval:schema_version>5.11</oval:schema_version>
1688 ········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>1688 ········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
1689 ······</oval-def:generator>1689 ······</oval-def:generator>
Offset 2539, 328 lines modifiedOffset 2539, 328 lines modified
2539 ········<oval-def:external_variable·id="oval:ssg-var_enable_encrypted_searching:var:1"·version="1"·datatype="string"·comment="Expected·search·provider·name"/>2539 ········<oval-def:external_variable·id="oval:ssg-var_enable_encrypted_searching:var:1"·version="1"·datatype="string"·comment="Expected·search·provider·name"/>
2540 ········<oval-def:external_variable·id="oval:ssg-var_extension_whitelist:var:1"·version="1"·datatype="string"·comment="Expected·approved·extensions"/>2540 ········<oval-def:external_variable·id="oval:ssg-var_extension_whitelist:var:1"·version="1"·datatype="string"·comment="Expected·approved·extensions"/>
2541 ········<oval-def:external_variable·id="oval:ssg-var_auth_schema:var:1"·version="1"·datatype="string"·comment="Expected·HTTP·authentication·type"/>2541 ········<oval-def:external_variable·id="oval:ssg-var_auth_schema:var:1"·version="1"·datatype="string"·comment="Expected·HTTP·authentication·type"/>
2542 ········<oval-def:external_variable·id="oval:ssg-var_trusted_home_page:var:1"·version="1"·datatype="string"·comment="Expected·home·page"/>2542 ········<oval-def:external_variable·id="oval:ssg-var_trusted_home_page:var:1"·version="1"·datatype="string"·comment="Expected·home·page"/>
2543 ······</oval-def:variables>2543 ······</oval-def:variables>
2544 ····</oval-def:oval_definitions>2544 ····</oval-def:oval_definitions>
2545 ··</ds:component>2545 ··</ds:component>
2546 ··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-ocil.xml"·timestamp="2025-02-28T20:08:00">2546 ··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-ocil.xml"·timestamp="2025-03-01T22:08:00">
2547 ····<ocil:ocil>2547 ····<ocil:ocil>
2548 ······<ocil:generator>2548 ······<ocil:generator>
2549 ········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>2549 ········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
2550 ········<ocil:product_version>ssg:·0.1.76</ocil:product_version>2550 ········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
2551 ········<ocil:schema_version>2.0</ocil:schema_version>2551 ········<ocil:schema_version>2.0</ocil:schema_version>
2552 ········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>2552 ········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
2553 ······</ocil:generator>2553 ······</ocil:generator>
2554 ······<ocil:questionnaires>2554 ······<ocil:questionnaires>
2555 ········<ocil:questionnaire·id="ocil:ssg-chromium_default_search_provider_ocil:questionnaire:1">2555 ········<ocil:questionnaire·id="ocil:ssg-chromium_plugins_require_authorization_ocil:questionnaire:1">
2556 ··········<ocil:title>Enable·the·Default·Search·Provider</ocil:title>2556 ··········<ocil:title>Require·Outdated·Plugins·to·be·Authorized</ocil:title>
2557 ··········<ocil:actions>2557 ··········<ocil:actions>
2558 ············<ocil:test_action_ref>ocil:ssg-chromium_default_search_provider_action:testaction:1</ocil:test_action_ref>2558 ············<ocil:test_action_ref>ocil:ssg-chromium_plugins_require_authorization_action:testaction:1</ocil:test_action_ref>
2559 ··········</ocil:actions>2559 ··········</ocil:actions>
2560 ········</ocil:questionnaire>2560 ········</ocil:questionnaire>
2561 ········<ocil:questionnaire·id="ocil:ssg-chromium_http_authentication_ocil:questionnaire:1">2561 ········<ocil:questionnaire·id="ocil:ssg-chromium_enable_approved_plugins_ocil:questionnaire:1">
2562 ··········<ocil:title>Set·Chromium's·HTTP·Authentication·Scheme</ocil:title>2562 ··········<ocil:title>Enable·Only·Approved·Plugins</ocil:title>
2563 ··········<ocil:actions>2563 ··········<ocil:actions>
2564 ············<ocil:test_action_ref>ocil:ssg-chromium_http_authentication_action:testaction:1</ocil:test_action_ref>2564 ············<ocil:test_action_ref>ocil:ssg-chromium_enable_approved_plugins_action:testaction:1</ocil:test_action_ref>
2565 ··········</ocil:actions>2565 ··········</ocil:actions>
2566 ········</ocil:questionnaire>2566 ········</ocil:questionnaire>
2567 ········<ocil:questionnaire·id="ocil:ssg-chromium_default_search_provider_name_ocil:questionnaire:1">2567 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_cleartext_passwords_ocil:questionnaire:1">
2568 ··········<ocil:title>Set·the·Default·Search·Provider's·URL</ocil:title>2568 ··········<ocil:title>Disable·Use·of·Cleartext·Passwords</ocil:title>
2569 ··········<ocil:actions>2569 ··········<ocil:actions>
2570 ············<ocil:test_action_ref>ocil:ssg-chromium_default_search_provider_name_action:testaction:1</ocil:test_action_ref>2570 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_cleartext_passwords_action:testaction:1</ocil:test_action_ref>
2571 ··········</ocil:actions>2571 ··········</ocil:actions>
2572 ········</ocil:questionnaire>2572 ········</ocil:questionnaire>
2573 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_search_suggestions_ocil:questionnaire:1">2573 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_metrics_reporting_ocil:questionnaire:1">
2574 ··········<ocil:title>Disable·Search·Suggestion</ocil:title>2574 ··········<ocil:title>Disable·Metrics·Reporting</ocil:title>
2575 ··········<ocil:actions>2575 ··········<ocil:actions>
2576 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_search_suggestions_action:testaction:1</ocil:test_action_ref>2576 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_metrics_reporting_action:testaction:1</ocil:test_action_ref>
2577 ··········</ocil:actions>2577 ··········</ocil:actions>
2578 ········</ocil:questionnaire>2578 ········</ocil:questionnaire>
2579 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_cloud_print_sharing_ocil:questionnaire:1">2579 ········<ocil:questionnaire·id="ocil:ssg-chromium_blacklist_extension_installation_ocil:questionnaire:1">
2580 ··········<ocil:title>Disable·Cloud·Print·Sharing</ocil:title>2580 ··········<ocil:title>Disable·All·Extensions·by·Default</ocil:title>
2581 ··········<ocil:actions>2581 ··········<ocil:actions>
2582 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_cloud_print_sharing_action:testaction:1</ocil:test_action_ref>2582 ············<ocil:test_action_ref>ocil:ssg-chromium_blacklist_extension_installation_action:testaction:1</ocil:test_action_ref>
2583 ··········</ocil:actions>2583 ··········</ocil:actions>
2584 ········</ocil:questionnaire>2584 ········</ocil:questionnaire>
2585 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_password_manager_ocil:questionnaire:1">2585 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_protocol_schemas_ocil:questionnaire:1">
2586 ··········<ocil:title>Disable·Chromium·Password·Manager</ocil:title>2586 ··········<ocil:title>Disable·Insecure·And·Obsolete·Protocol·Schemas</ocil:title>
2587 ··········<ocil:actions>2587 ··········<ocil:actions>
2588 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_password_manager_action:testaction:1</ocil:test_action_ref>2588 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_protocol_schemas_action:testaction:1</ocil:test_action_ref>
2589 ··········</ocil:actions>2589 ··········</ocil:actions>
2590 ········</ocil:questionnaire>2590 ········</ocil:questionnaire>
2591 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_automatic_installation_ocil:questionnaire:1">2591 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_plugin_blacklist_ocil:questionnaire:1">
2592 ··········<ocil:title>Disable·Automatic·Search·And·Installation·of·Plugins</ocil:title>2592 ··········<ocil:title>Disable·All·Plugins·by·Default</ocil:title>
2593 ··········<ocil:actions>2593 ··········<ocil:actions>
2594 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_automatic_installation_action:testaction:1</ocil:test_action_ref>2594 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_plugin_blacklist_action:testaction:1</ocil:test_action_ref>
2595 ··········</ocil:actions>2595 ··········</ocil:actions>
2596 ········</ocil:questionnaire>2596 ········</ocil:questionnaire>
2597 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_3d_graphics_api_ocil:questionnaire:1">2597 ········<ocil:questionnaire·id="ocil:ssg-chromium_trusted_home_page_ocil:questionnaire:1">
2598 ··········<ocil:title>Disable·the·3D·Graphics·APIs</ocil:title>2598 ··········<ocil:title>Set·the·Default·Home·Page</ocil:title>
2599 ··········<ocil:actions>2599 ··········<ocil:actions>
2600 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_3d_graphics_api_action:testaction:1</ocil:test_action_ref>2600 ············<ocil:test_action_ref>ocil:ssg-chromium_trusted_home_page_action:testaction:1</ocil:test_action_ref>
2601 ··········</ocil:actions>2601 ··········</ocil:actions>
2602 ········</ocil:questionnaire>2602 ········</ocil:questionnaire>
2603 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_incognito_mode_ocil:questionnaire:1">2603 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_cloud_print_sharing_ocil:questionnaire:1">
2604 ··········<ocil:title>Disable·Incognito·Mode</ocil:title>2604 ··········<ocil:title>Disable·Cloud·Print·Sharing</ocil:title>
2605 ··········<ocil:actions>2605 ··········<ocil:actions>
2606 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_incognito_mode_action:testaction:1</ocil:test_action_ref>2606 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_cloud_print_sharing_action:testaction:1</ocil:test_action_ref>
2607 ··········</ocil:actions>2607 ··········</ocil:actions>
2608 ········</ocil:questionnaire>2608 ········</ocil:questionnaire>
2609 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_autocomplete_ocil:questionnaire:1">2609 ········<ocil:questionnaire·id="ocil:ssg-chromium_disallow_location_tracking_ocil:questionnaire:1">
2610 ··········<ocil:title>Disable·the·AutoFill·Feature</ocil:title>2610 ··········<ocil:title>Disable·Location·Tracking</ocil:title>
2611 ··········<ocil:actions>2611 ··········<ocil:actions>
2612 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_autocomplete_action:testaction:1</ocil:test_action_ref>2612 ············<ocil:test_action_ref>ocil:ssg-chromium_disallow_location_tracking_action:testaction:1</ocil:test_action_ref>
2613 ··········</ocil:actions>2613 ··········</ocil:actions>
2614 ········</ocil:questionnaire>2614 ········</ocil:questionnaire>
2615 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_plugin_blacklist_ocil:questionnaire:1">2615 ········<ocil:questionnaire·id="ocil:ssg-chromium_policy_file_ocil:questionnaire:1">
2616 ··········<ocil:title>Disable·All·Plugins·by·Default</ocil:title>2616 ··········<ocil:title>Ensure·the·Chromium·Policy·Configuration·File·Exists</ocil:title>
2617 ··········<ocil:actions>2617 ··········<ocil:actions>
2618 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_plugin_blacklist_action:testaction:1</ocil:test_action_ref>2618 ············<ocil:test_action_ref>ocil:ssg-chromium_policy_file_action:testaction:1</ocil:test_action_ref>
2619 ··········</ocil:actions>2619 ··········</ocil:actions>
2620 ········</ocil:questionnaire>2620 ········</ocil:questionnaire>
2621 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_google_sync_ocil:questionnaire:1">2621 ········<ocil:questionnaire·id="ocil:ssg-chromium_disable_google_sync_ocil:questionnaire:1">
2622 ··········<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>2622 ··········<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>
2623 ··········<ocil:actions>2623 ··········<ocil:actions>
2624 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>2624 ············<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>
2625 ··········</ocil:actions>2625 ··········</ocil:actions>
Max diff block lines reached; 66455/78879 bytes (84.25%) of diff not shown.
68.7 KB
./usr/share/xml/scap/ssg/content/ssg-chromium-ocil.xml
68.6 KB
./usr/share/xml/scap/ssg/content/ssg-chromium-ocil.xml
Ordering differences only
    
Offset 3, 319 lines modifiedOffset 3, 319 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-chromium_default_search_provider_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-chromium_plugins_require_authorization_ocil:questionnaire:1">
11 ······<ocil:title>Enable·the·Default·Search·Provider</ocil:title>11 ······<ocil:title>Require·Outdated·Plugins·to·be·Authorized</ocil:title>
12 ······<ocil:actions>12 ······<ocil:actions>
13 ········<ocil:test_action_ref>ocil:ssg-chromium_default_search_provider_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-chromium_plugins_require_authorization_action:testaction:1</ocil:test_action_ref>
14 ······</ocil:actions>14 ······</ocil:actions>
15 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
16 ····<ocil:questionnaire·id="ocil:ssg-chromium_http_authentication_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-chromium_enable_approved_plugins_ocil:questionnaire:1">
17 ······<ocil:title>Set·Chromium's·HTTP·Authentication·Scheme</ocil:title>17 ······<ocil:title>Enable·Only·Approved·Plugins</ocil:title>
18 ······<ocil:actions>18 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-chromium_http_authentication_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-chromium_enable_approved_plugins_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>20 ······</ocil:actions>
21 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-chromium_default_search_provider_name_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_cleartext_passwords_ocil:questionnaire:1">
23 ······<ocil:title>Set·the·Default·Search·Provider's·URL</ocil:title>23 ······<ocil:title>Disable·Use·of·Cleartext·Passwords</ocil:title>
24 ······<ocil:actions>24 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-chromium_default_search_provider_name_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_cleartext_passwords_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>26 ······</ocil:actions>
27 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_search_suggestions_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_metrics_reporting_ocil:questionnaire:1">
29 ······<ocil:title>Disable·Search·Suggestion</ocil:title>29 ······<ocil:title>Disable·Metrics·Reporting</ocil:title>
30 ······<ocil:actions>30 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_search_suggestions_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_metrics_reporting_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>32 ······</ocil:actions>
33 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_cloud_print_sharing_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-chromium_blacklist_extension_installation_ocil:questionnaire:1">
35 ······<ocil:title>Disable·Cloud·Print·Sharing</ocil:title>35 ······<ocil:title>Disable·All·Extensions·by·Default</ocil:title>
36 ······<ocil:actions>36 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_cloud_print_sharing_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-chromium_blacklist_extension_installation_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>38 ······</ocil:actions>
39 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_password_manager_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_protocol_schemas_ocil:questionnaire:1">
41 ······<ocil:title>Disable·Chromium·Password·Manager</ocil:title>41 ······<ocil:title>Disable·Insecure·And·Obsolete·Protocol·Schemas</ocil:title>
42 ······<ocil:actions>42 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_password_manager_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_protocol_schemas_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>44 ······</ocil:actions>
45 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_automatic_installation_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_plugin_blacklist_ocil:questionnaire:1">
47 ······<ocil:title>Disable·Automatic·Search·And·Installation·of·Plugins</ocil:title>47 ······<ocil:title>Disable·All·Plugins·by·Default</ocil:title>
48 ······<ocil:actions>48 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_automatic_installation_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_plugin_blacklist_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>50 ······</ocil:actions>
51 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_3d_graphics_api_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-chromium_trusted_home_page_ocil:questionnaire:1">
53 ······<ocil:title>Disable·the·3D·Graphics·APIs</ocil:title>53 ······<ocil:title>Set·the·Default·Home·Page</ocil:title>
54 ······<ocil:actions>54 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_3d_graphics_api_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-chromium_trusted_home_page_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>56 ······</ocil:actions>
57 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_incognito_mode_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_cloud_print_sharing_ocil:questionnaire:1">
59 ······<ocil:title>Disable·Incognito·Mode</ocil:title>59 ······<ocil:title>Disable·Cloud·Print·Sharing</ocil:title>
60 ······<ocil:actions>60 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_incognito_mode_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_cloud_print_sharing_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>62 ······</ocil:actions>
63 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_autocomplete_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-chromium_disallow_location_tracking_ocil:questionnaire:1">
65 ······<ocil:title>Disable·the·AutoFill·Feature</ocil:title>65 ······<ocil:title>Disable·Location·Tracking</ocil:title>
66 ······<ocil:actions>66 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_autocomplete_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-chromium_disallow_location_tracking_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>68 ······</ocil:actions>
69 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_plugin_blacklist_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-chromium_policy_file_ocil:questionnaire:1">
71 ······<ocil:title>Disable·All·Plugins·by·Default</ocil:title>71 ······<ocil:title>Ensure·the·Chromium·Policy·Configuration·File·Exists</ocil:title>
72 ······<ocil:actions>72 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_plugin_blacklist_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-chromium_policy_file_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>74 ······</ocil:actions>
75 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_google_sync_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_google_sync_ocil:questionnaire:1">
77 ······<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>77 ······<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>
78 ······<ocil:actions>78 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>80 ······</ocil:actions>
81 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-chromium_enable_browser_history_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_background_processing_ocil:questionnaire:1">
83 ······<ocil:title>Enable·Saving·the·Browser·History</ocil:title>83 ······<ocil:title>Disable·Background·Processing</ocil:title>
84 ······<ocil:actions>84 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-chromium_enable_browser_history_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_background_processing_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>86 ······</ocil:actions>
87 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_network_prediction_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_3d_graphics_api_ocil:questionnaire:1">
89 ······<ocil:title>Disable·Network·Prediction</ocil:title>89 ······<ocil:title>Disable·the·3D·Graphics·APIs</ocil:title>
90 ······<ocil:actions>90 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_network_prediction_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_3d_graphics_api_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>92 ······</ocil:actions>
93 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-chromium_plugins_require_authorization_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_session_cookies_ocil:questionnaire:1">
95 ······<ocil:title>Require·Outdated·Plugins·to·be·Authorized</ocil:title>95 ······<ocil:title>Disable·Session·Cookies</ocil:title>
96 ······<ocil:actions>96 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-chromium_plugins_require_authorization_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_session_cookies_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>98 ······</ocil:actions>
99 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-chromium_blacklist_extension_installation_ocil:questionnaire:1">100 ····<ocil:questionnaire·id="ocil:ssg-chromium_default_search_provider_ocil:questionnaire:1">
101 ······<ocil:title>Disable·All·Extensions·by·Default</ocil:title>101 ······<ocil:title>Enable·the·Default·Search·Provider</ocil:title>
102 ······<ocil:actions>102 ······<ocil:actions>
 103 ········<ocil:test_action_ref>ocil:ssg-chromium_default_search_provider_action:testaction:1</ocil:test_action_ref>
 104 ······</ocil:actions>
 105 ····</ocil:questionnaire>
 106 ····<ocil:questionnaire·id="ocil:ssg-chromium_whitelist_plugin_urls_ocil:questionnaire:1">
 107 ······<ocil:title>Enable·Plugins·for·Only·Approved·URLs</ocil:title>
 108 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-chromium_blacklist_extension_installation_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-chromium_whitelist_plugin_urls_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>110 ······</ocil:actions>
105 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_outdated_plugins_ocil:questionnaire:1">112 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_outdated_plugins_ocil:questionnaire:1">
107 ······<ocil:title>Disable·Outdated·Plugins</ocil:title>113 ······<ocil:title>Disable·Outdated·Plugins</ocil:title>
108 ······<ocil:actions>114 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_outdated_plugins_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_outdated_plugins_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>116 ······</ocil:actions>
111 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-chromium_disallow_location_tracking_ocil:questionnaire:1">118 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_network_prediction_ocil:questionnaire:1">
113 ······<ocil:title>Disable·Location·Tracking</ocil:title>119 ······<ocil:title>Disable·Network·Prediction</ocil:title>
114 ······<ocil:actions>120 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-chromium_disallow_location_tracking_action:testaction:1</ocil:test_action_ref>121 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_network_prediction_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>122 ······</ocil:actions>
117 ····</ocil:questionnaire>123 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-chromium_disable_background_processing_ocil:questionnaire:1">124 ····<ocil:questionnaire·id="ocil:ssg-chromium_block_desktop_notifications_ocil:questionnaire:1">
119 ······<ocil:title>Disable·Background·Processing</ocil:title>125 ······<ocil:title>Prevent·Desktop·Notifications</ocil:title>
120 ······<ocil:actions>126 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-chromium_disable_background_processing_action:testaction:1</ocil:test_action_ref>127 ········<ocil:test_action_ref>ocil:ssg-chromium_block_desktop_notifications_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>128 ······</ocil:actions>
123 ····</ocil:questionnaire>129 ····</ocil:questionnaire>
Max diff block lines reached; 57702/70088 bytes (82.33%) of diff not shown.
89.1 KB
./usr/share/xml/scap/ssg/content/ssg-eks-ds.xml
89.0 KB
./usr/share/xml/scap/ssg/content/ssg-eks-ds.xml
    
Offset 19, 15 lines modifiedOffset 19, 15 lines modified
19 ····</ds:checklists>19 ····</ds:checklists>
20 ····<ds:checks>20 ····<ds:checks>
21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-oval.xml"/>21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-oval.xml"/>
22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-ocil.xml"/>22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-ocil.xml"/>
23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-cpe-oval.xml"/>23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-cpe-oval.xml"/>
24 ····</ds:checks>24 ····</ds:checks>
25 ··</ds:data-stream>25 ··</ds:data-stream>
26 ··<ds:component·id="scap_org.open-scap_comp_ssg-eks-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">26 ··<ds:component·id="scap_org.open-scap_comp_ssg-eks-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28 ······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service:1">28 ······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service:1">
29 ········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service</cpe-dict:title>29 ········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service</cpe-dict:title>
30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks:def:1</cpe-dict:check>30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks:def:1</cpe-dict:check>
31 ······</cpe-dict:cpe-item>31 ······</cpe-dict:cpe-item>
32 ······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service_node:1.21">32 ······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service_node:1.21">
33 ········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·1.21</cpe-dict:title>33 ········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·1.21</cpe-dict:title>
Offset 35, 15 lines modifiedOffset 35, 15 lines modified
35 ······</cpe-dict:cpe-item>35 ······</cpe-dict:cpe-item>
36 ······<cpe-dict:cpe-item·name="cpe:/o:amazon:elastic_kubernetes_service_node:1">36 ······<cpe-dict:cpe-item·name="cpe:/o:amazon:elastic_kubernetes_service_node:1">
37 ········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>37 ········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>
38 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>38 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>
39 ······</cpe-dict:cpe-item>39 ······</cpe-dict:cpe-item>
40 ····</cpe-dict:cpe-list>40 ····</cpe-dict:cpe-list>
41 ··</ds:component>41 ··</ds:component>
42 ··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2025-02-28T20:08:00">42 ··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2025-03-01T22:08:00">
43 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">43 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
44 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>44 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
45 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>45 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>
46 ······<xccdf-1.2:description>46 ······<xccdf-1.2:description>
47 ········This·guide·presents·a·catalog·of·security-relevant47 ········This·guide·presents·a·catalog·of·security-relevant
48 configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of48 configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of
49 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)49 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 113, 24 lines modifiedOffset 113, 24 lines modified
113 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>113 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
114 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>114 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
115 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>115 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
116 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>116 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
117 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>117 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
118 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>118 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
119 ······<cpe-lang:platform-specification>119 ······<cpe-lang:platform-specification>
120 ········<cpe-lang:platform·id="eks-node"> 
121 ··········<cpe-lang:logical-test·operator="AND"·negate="false"> 
122 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_eks_node:def:1"/> 
123 ··········</cpe-lang:logical-test> 
124 ········</cpe-lang:platform> 
125 ········<cpe-lang:platform·id="not_ocp4-on-hypershift">120 ········<cpe-lang:platform·id="not_ocp4-on-hypershift">
126 ··········<cpe-lang:logical-test·operator="AND"·negate="true">121 ··········<cpe-lang:logical-test·operator="AND"·negate="true">
127 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift:def:1"/>122 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift:def:1"/>
128 ··········</cpe-lang:logical-test>123 ··········</cpe-lang:logical-test>
129 ········</cpe-lang:platform>124 ········</cpe-lang:platform>
 125 ········<cpe-lang:platform·id="eks-node">
 126 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 127 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_eks_node:def:1"/>
 128 ··········</cpe-lang:logical-test>
 129 ········</cpe-lang:platform>
130 ······</cpe-lang:platform-specification>130 ······</cpe-lang:platform-specification>
131 ······<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service_node:1.21"/>131 ······<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service_node:1.21"/>
132 ······<xccdf-1.2:platform·idref="cpe:/o:amazon:elastic_kubernetes_service_node:1"/>132 ······<xccdf-1.2:platform·idref="cpe:/o:amazon:elastic_kubernetes_service_node:1"/>
133 ······<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service:1"/>133 ······<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service:1"/>
134 ······<xccdf-1.2:version·update="https://github.com/ComplianceAsCode/content/releases/latest">0.1.76</xccdf-1.2:version>134 ······<xccdf-1.2:version·update="https://github.com/ComplianceAsCode/content/releases/latest">0.1.76</xccdf-1.2:version>
135 ······<xccdf-1.2:metadata>135 ······<xccdf-1.2:metadata>
136 ········<dc:publisher>SCAP·Security·Guide·Project</dc:publisher>136 ········<dc:publisher>SCAP·Security·Guide·Project</dc:publisher>
Offset 1545, 15 lines modifiedOffset 1545, 15 lines modified
1545 ··············<xccdf-1.2:check-content-ref·href="ssg-eks-ocil.xml"·name="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1"/>1545 ··············<xccdf-1.2:check-content-ref·href="ssg-eks-ocil.xml"·name="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1"/>
1546 ············</xccdf-1.2:check>1546 ············</xccdf-1.2:check>
1547 ··········</xccdf-1.2:Rule>1547 ··········</xccdf-1.2:Rule>
1548 ········</xccdf-1.2:Group>1548 ········</xccdf-1.2:Group>
1549 ······</xccdf-1.2:Group>1549 ······</xccdf-1.2:Group>
1550 ····</xccdf-1.2:Benchmark>1550 ····</xccdf-1.2:Benchmark>
1551 ··</ds:component>1551 ··</ds:component>
1552 ··<ds:component·id="scap_org.open-scap_comp_ssg-eks-oval.xml"·timestamp="2025-02-28T20:08:00">1552 ··<ds:component·id="scap_org.open-scap_comp_ssg-eks-oval.xml"·timestamp="2025-03-01T22:08:00">
1553 ····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">1553 ····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
1554 ······<oval-def:generator>1554 ······<oval-def:generator>
1555 ········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>1555 ········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
1556 ········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>1556 ········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>
1557 ········<oval:schema_version>5.11</oval:schema_version>1557 ········<oval:schema_version>5.11</oval:schema_version>
1558 ········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>1558 ········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
1559 ······</oval-def:generator>1559 ······</oval-def:generator>
Offset 2166, 531 lines modifiedOffset 2166, 499 lines modified
2166 ········<oval-def:external_variable·id="oval:ssg-var_streaming_connection_timeouts:var:1"·version="1"·datatype="string"·comment="variable"/>2166 ········<oval-def:external_variable·id="oval:ssg-var_streaming_connection_timeouts:var:1"·version="1"·datatype="string"·comment="variable"/>
2167 ········<oval-def:local_variable·id="oval:ssg-kubelet_read_only_port_secured_file_location:var:1"·version="1"·datatype="string"·comment="The·actual·path·of·the·file·to·scan.">2167 ········<oval-def:local_variable·id="oval:ssg-kubelet_read_only_port_secured_file_location:var:1"·version="1"·datatype="string"·comment="The·actual·path·of·the·file·to·scan.">
2168 ··········<oval-def:literal_component>/etc/kubernetes/compliance-operator/kubeletconfig/openscap-kubeletconfig</oval-def:literal_component>2168 ··········<oval-def:literal_component>/etc/kubernetes/compliance-operator/kubeletconfig/openscap-kubeletconfig</oval-def:literal_component>
2169 ········</oval-def:local_variable>2169 ········</oval-def:local_variable>
2170 ······</oval-def:variables>2170 ······</oval-def:variables>
2171 ····</oval-def:oval_definitions>2171 ····</oval-def:oval_definitions>
2172 ··</ds:component>2172 ··</ds:component>
2173 ··<ds:component·id="scap_org.open-scap_comp_ssg-eks-ocil.xml"·timestamp="2025-02-28T20:08:00">2173 ··<ds:component·id="scap_org.open-scap_comp_ssg-eks-ocil.xml"·timestamp="2025-03-01T22:08:00">
2174 ····<ocil:ocil>2174 ····<ocil:ocil>
2175 ······<ocil:generator>2175 ······<ocil:generator>
2176 ········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>2176 ········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
2177 ········<ocil:product_version>ssg:·0.1.76</ocil:product_version>2177 ········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
2178 ········<ocil:schema_version>2.0</ocil:schema_version>2178 ········<ocil:schema_version>2.0</ocil:schema_version>
2179 ········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>2179 ········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
2180 ······</ocil:generator>2180 ······</ocil:generator>
2181 ······<ocil:questionnaires>2181 ······<ocil:questionnaires>
2182 ········<ocil:questionnaire·id="ocil:ssg-kubelet_read_only_port_secured_ocil:questionnaire:1"> 
2183 ··········<ocil:title>kubelet·-·Ensure·that·the·--read-only-port·is·secured</ocil:title> 
2184 ··········<ocil:actions> 
2185 ············<ocil:test_action_ref>ocil:ssg-kubelet_read_only_port_secured_action:testaction:1</ocil:test_action_ref> 
2186 ··········</ocil:actions> 
2187 ········</ocil:questionnaire> 
2188 ········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_streaming_connections_ocil:questionnaire:1"> 
2189 ··········<ocil:title>kubelet·-·Do·Not·Disable·Streaming·Timeouts</ocil:title> 
2190 ··········<ocil:actions> 
2191 ············<ocil:test_action_ref>ocil:ssg-kubelet_enable_streaming_connections_action:testaction:1</ocil:test_action_ref> 
2192 ··········</ocil:actions> 
2193 ········</ocil:questionnaire> 
2194 ········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_client_cert_rotation_ocil:questionnaire:1"> 
2195 ··········<ocil:title>kubelet·-·Enable·Client·Certificate·Rotation</ocil:title> 
2196 ··········<ocil:actions> 
2197 ············<ocil:test_action_ref>ocil:ssg-kubelet_enable_client_cert_rotation_action:testaction:1</ocil:test_action_ref> 
2198 ··········</ocil:actions> 
2199 ········</ocil:questionnaire> 
2200 ········<ocil:questionnaire·id="ocil:ssg-read_only_registry_access_ocil:questionnaire:1"> 
2201 ··········<ocil:title>Ensure·Cluster·Service·Account·with·read-only·access·to·Amazon·ECR</ocil:title> 
2202 ··········<ocil:actions> 
2203 ············<ocil:test_action_ref>ocil:ssg-read_only_registry_access_action:testaction:1</ocil:test_action_ref> 
2204 ··········</ocil:actions> 
2205 ········</ocil:questionnaire> 
2206 ········<ocil:questionnaire·id="ocil:ssg-kubelet_anonymous_auth_ocil:questionnaire:1">2182 ········<ocil:questionnaire·id="ocil:ssg-image_scanning_ocil:questionnaire:1">
2207 ··········<ocil:title>Disable·Anonymous·Authentication·to·the·Kubelet</ocil:title>2183 ··········<ocil:title>Ensure·Image·Vulnerability·Scanning</ocil:title>
2208 ··········<ocil:actions>2184 ··········<ocil:actions>
2209 ············<ocil:test_action_ref>ocil:ssg-kubelet_anonymous_auth_action:testaction:1</ocil:test_action_ref>2185 ············<ocil:test_action_ref>ocil:ssg-image_scanning_action:testaction:1</ocil:test_action_ref>
2210 ··········</ocil:actions>2186 ··········</ocil:actions>
2211 ········</ocil:questionnaire>2187 ········</ocil:questionnaire>
2212 ········<ocil:questionnaire·id="ocil:ssg-control_plane_access_ocil:questionnaire:1">2188 ········<ocil:questionnaire·id="ocil:ssg-control_plane_access_ocil:questionnaire:1">
2213 ··········<ocil:title>Restrict·Access·to·the·Control·Plane·Endpoint</ocil:title>2189 ··········<ocil:title>Restrict·Access·to·the·Control·Plane·Endpoint</ocil:title>
2214 ··········<ocil:actions>2190 ··········<ocil:actions>
Max diff block lines reached; 80908/91044 bytes (88.87%) of diff not shown.
78.1 KB
./usr/share/xml/scap/ssg/content/ssg-eks-ocil.xml
78.0 KB
./usr/share/xml/scap/ssg/content/ssg-eks-ocil.xml
Ordering differences only
    
Offset 3, 522 lines modifiedOffset 3, 490 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-kubelet_read_only_port_secured_ocil:questionnaire:1"> 
11 ······<ocil:title>kubelet·-·Ensure·that·the·--read-only-port·is·secured</ocil:title> 
12 ······<ocil:actions> 
13 ········<ocil:test_action_ref>ocil:ssg-kubelet_read_only_port_secured_action:testaction:1</ocil:test_action_ref> 
14 ······</ocil:actions> 
15 ····</ocil:questionnaire> 
16 ····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_streaming_connections_ocil:questionnaire:1"> 
17 ······<ocil:title>kubelet·-·Do·Not·Disable·Streaming·Timeouts</ocil:title> 
18 ······<ocil:actions> 
19 ········<ocil:test_action_ref>ocil:ssg-kubelet_enable_streaming_connections_action:testaction:1</ocil:test_action_ref> 
20 ······</ocil:actions> 
21 ····</ocil:questionnaire> 
22 ····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_client_cert_rotation_ocil:questionnaire:1"> 
23 ······<ocil:title>kubelet·-·Enable·Client·Certificate·Rotation</ocil:title> 
24 ······<ocil:actions> 
25 ········<ocil:test_action_ref>ocil:ssg-kubelet_enable_client_cert_rotation_action:testaction:1</ocil:test_action_ref> 
26 ······</ocil:actions> 
27 ····</ocil:questionnaire> 
28 ····<ocil:questionnaire·id="ocil:ssg-read_only_registry_access_ocil:questionnaire:1"> 
29 ······<ocil:title>Ensure·Cluster·Service·Account·with·read-only·access·to·Amazon·ECR</ocil:title> 
30 ······<ocil:actions> 
31 ········<ocil:test_action_ref>ocil:ssg-read_only_registry_access_action:testaction:1</ocil:test_action_ref> 
32 ······</ocil:actions> 
33 ····</ocil:questionnaire> 
34 ····<ocil:questionnaire·id="ocil:ssg-kubelet_anonymous_auth_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-image_scanning_ocil:questionnaire:1">
35 ······<ocil:title>Disable·Anonymous·Authentication·to·the·Kubelet</ocil:title>11 ······<ocil:title>Ensure·Image·Vulnerability·Scanning</ocil:title>
36 ······<ocil:actions>12 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-kubelet_anonymous_auth_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-image_scanning_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>14 ······</ocil:actions>
39 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-control_plane_access_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-control_plane_access_ocil:questionnaire:1">
41 ······<ocil:title>Restrict·Access·to·the·Control·Plane·Endpoint</ocil:title>17 ······<ocil:title>Restrict·Access·to·the·Control·Plane·Endpoint</ocil:title>
42 ······<ocil:actions>18 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-control_plane_access_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-control_plane_access_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>20 ······</ocil:actions>
45 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-iam_integration_ocil:questionnaire:1">
47 ······<ocil:title>Verify·Permissions·on·the·Worker·Kubeconfig·File</ocil:title>23 ······<ocil:title>Manage·Users·with·AWS·IAM</ocil:title>
48 ······<ocil:actions>24 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-file_permissions_worker_kubeconfig_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-iam_integration_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>26 ······</ocil:actions>
51 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_cert_rotation_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-configure_network_policy_ocil:questionnaire:1">
53 ······<ocil:title>kubelet·-·Enable·Certificate·Rotation</ocil:title>29 ······<ocil:title>Ensure·Network·Policy·is·Enabled</ocil:title>
54 ······<ocil:actions>30 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-kubelet_enable_cert_rotation_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-configure_network_policy_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>32 ······</ocil:actions>
57 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-registry_access_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-file_owner_worker_kubeconfig_ocil:questionnaire:1">
59 ······<ocil:title>Minimize·user·access·to·Amazon·ECR</ocil:title>35 ······<ocil:title>Verify·User·Who·Owns·The·Worker·Kubeconfig·File</ocil:title>
60 ······<ocil:actions>36 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-registry_access_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-file_owner_worker_kubeconfig_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>38 ······</ocil:actions>
63 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-secret_encryption_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-kubelet_authorization_mode_ocil:questionnaire:1">
65 ······<ocil:title>Ensure·Kubernetes·Secrets·are·Encrypted</ocil:title>41 ······<ocil:title>Ensure·authorization·is·set·to·Webhook</ocil:title>
66 ······<ocil:actions>42 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-secret_encryption_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-kubelet_authorization_mode_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>44 ······</ocil:actions>
69 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-configure_network_policies_namespaces_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-configure_tls_ocil:questionnaire:1">
71 ······<ocil:title>Ensure·that·application·Namespaces·have·Network·Policies·defined.</ocil:title>47 ······<ocil:title>Encrypt·Traffic·to·Load·Balancers·and·Workloads</ocil:title>
72 ······<ocil:actions>48 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-configure_network_policies_namespaces_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-configure_tls_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>50 ······</ocil:actions>
75 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-configure_network_policy_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-audit_logging_ocil:questionnaire:1">
77 ······<ocil:title>Ensure·Network·Policy·is·Enabled</ocil:title>53 ······<ocil:title>Ensure·Audit·Logging·is·Enabled</ocil:title>
78 ······<ocil:actions>54 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-configure_network_policy_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-audit_logging_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>56 ······</ocil:actions>
81 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-endpoint_configuration_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-endpoint_configuration_ocil:questionnaire:1">
83 ······<ocil:title>Ensure·Private·Endpoint·Access</ocil:title>59 ······<ocil:title>Ensure·Private·Endpoint·Access</ocil:title>
84 ······<ocil:actions>60 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-endpoint_configuration_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-endpoint_configuration_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>62 ······</ocil:actions>
87 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-iam_integration_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_kubelet_conf_ocil:questionnaire:1">
89 ······<ocil:title>Manage·Users·with·AWS·IAM</ocil:title>65 ······<ocil:title>Verify·Group·Who·Owns·The·Kubelet·Configuration·File</ocil:title>
90 ······<ocil:actions>66 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-iam_integration_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_kubelet_conf_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>68 ······</ocil:actions>
93 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-file_owner_kubelet_conf_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_iptables_util_chains_ocil:questionnaire:1">
95 ······<ocil:title>Verify·User·Who·Owns·The·Kubelet·Configuration·File</ocil:title>71 ······<ocil:title>kubelet·-·Allow·Automatic·Firewall·Configuration</ocil:title>
96 ······<ocil:actions>72 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-file_owner_kubelet_conf_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-kubelet_enable_iptables_util_chains_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>74 ······</ocil:actions>
99 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_kubelet_conf_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_kubelet_conf_ocil:questionnaire:1">
101 ······<ocil:title>Verify·Permissions·on·The·Kubelet·Configuration·File</ocil:title>77 ······<ocil:title>Verify·Permissions·on·The·Kubelet·Configuration·File</ocil:title>
102 ······<ocil:actions>78 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-file_permissions_kubelet_conf_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-file_permissions_kubelet_conf_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>80 ······</ocil:actions>
105 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_worker_kubeconfig_ocil:questionnaire:1"> 
107 ······<ocil:title>Verify·Group·Who·Owns·The·Worker·Kubeconfig·File</ocil:title>82 ····<ocil:questionnaire·id="ocil:ssg-dedicated_service_accounts_ocil:questionnaire:1">
 83 ······<ocil:title>Use·Dedicated·Service·Accounts</ocil:title>
108 ······<ocil:actions>84 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_worker_kubeconfig_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-dedicated_service_accounts_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>86 ······</ocil:actions>
111 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-kubelet_authorization_mode_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-configure_network_policies_namespaces_ocil:questionnaire:1">
113 ······<ocil:title>Ensure·authorization·is·set·to·Webhook</ocil:title>89 ······<ocil:title>Ensure·that·application·Namespaces·have·Network·Policies·defined.</ocil:title>
114 ······<ocil:actions>90 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-kubelet_authorization_mode_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-configure_network_policies_namespaces_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>92 ······</ocil:actions>
117 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-fargate_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_client_cert_rotation_ocil:questionnaire:1">
119 ······<ocil:title>Consider·Fargate·for·Untrusted·Workloads</ocil:title>95 ······<ocil:title>kubelet·-·Enable·Client·Certificate·Rotation</ocil:title>
120 ······<ocil:actions>96 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-fargate_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-kubelet_enable_client_cert_rotation_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>98 ······</ocil:actions>
123 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
124 ····<ocil:questionnaire·id="ocil:ssg-dedicated_service_accounts_ocil:questionnaire:1">100 ····<ocil:questionnaire·id="ocil:ssg-secret_encryption_ocil:questionnaire:1">
125 ······<ocil:title>Use·Dedicated·Service·Accounts</ocil:title>101 ······<ocil:title>Ensure·Kubernetes·Secrets·are·Encrypted</ocil:title>
126 ······<ocil:actions>102 ······<ocil:actions>
127 ········<ocil:test_action_ref>ocil:ssg-dedicated_service_accounts_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-secret_encryption_action:testaction:1</ocil:test_action_ref>
128 ······</ocil:actions>104 ······</ocil:actions>
Max diff block lines reached; 69004/79727 bytes (86.55%) of diff not shown.
2.5 KB
./usr/share/xml/scap/ssg/content/ssg-eks-xccdf.xml
2.41 KB
./usr/share/xml/scap/ssg/content/ssg-eks-xccdf.xml
Ordering differences only
    
Offset 72, 24 lines modifiedOffset 72, 24 lines modified
72 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>72 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
73 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>73 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
74 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>74 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
75 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>75 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
77 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>77 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
78 ··<cpe-lang:platform-specification>78 ··<cpe-lang:platform-specification>
79 ····<cpe-lang:platform·id="eks-node"> 
80 ······<cpe-lang:logical-test·operator="AND"·negate="false"> 
81 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_eks_node:def:1"/> 
82 ······</cpe-lang:logical-test> 
83 ····</cpe-lang:platform> 
84 ····<cpe-lang:platform·id="not_ocp4-on-hypershift">79 ····<cpe-lang:platform·id="not_ocp4-on-hypershift">
85 ······<cpe-lang:logical-test·operator="AND"·negate="true">80 ······<cpe-lang:logical-test·operator="AND"·negate="true">
86 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift:def:1"/>81 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift:def:1"/>
87 ······</cpe-lang:logical-test>82 ······</cpe-lang:logical-test>
88 ····</cpe-lang:platform>83 ····</cpe-lang:platform>
 84 ····<cpe-lang:platform·id="eks-node">
 85 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 86 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_eks_node:def:1"/>
 87 ······</cpe-lang:logical-test>
 88 ····</cpe-lang:platform>
89 ··</cpe-lang:platform-specification>89 ··</cpe-lang:platform-specification>
90 ··<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service_node:1.21"/>90 ··<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service_node:1.21"/>
91 ··<xccdf-1.2:platform·idref="cpe:/o:amazon:elastic_kubernetes_service_node:1"/>91 ··<xccdf-1.2:platform·idref="cpe:/o:amazon:elastic_kubernetes_service_node:1"/>
92 ··<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service:1"/>92 ··<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service:1"/>
93 ··<xccdf-1.2:version·update="https://github.com/ComplianceAsCode/content/releases/latest">0.1.76</xccdf-1.2:version>93 ··<xccdf-1.2:version·update="https://github.com/ComplianceAsCode/content/releases/latest">0.1.76</xccdf-1.2:version>
94 ··<xccdf-1.2:metadata>94 ··<xccdf-1.2:metadata>
95 ····<dc:publisher>SCAP·Security·Guide·Project</dc:publisher>95 ····<dc:publisher>SCAP·Security·Guide·Project</dc:publisher>
54.1 KB
./usr/share/xml/scap/ssg/content/ssg-firefox-ds.xml
54.0 KB
./usr/share/xml/scap/ssg/content/ssg-firefox-ds.xml
    
Offset 19, 23 lines modifiedOffset 19, 23 lines modified
19 ····</ds:checklists>19 ····</ds:checklists>
20 ····<ds:checks>20 ····<ds:checks>
21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-oval.xml"/>21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-oval.xml"/>
22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-ocil.xml"/>22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-ocil.xml"/>
23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-cpe-oval.xml"/>23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-cpe-oval.xml"/>
24 ····</ds:checks>24 ····</ds:checks>
25 ··</ds:data-stream>25 ··</ds:data-stream>
26 ··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">26 ··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28 ······<cpe-dict:cpe-item·name="cpe:/a:mozilla:firefox">28 ······<cpe-dict:cpe-item·name="cpe:/a:mozilla:firefox">
29 ········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>29 ········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>
30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>
31 ······</cpe-dict:cpe-item>31 ······</cpe-dict:cpe-item>
32 ····</cpe-dict:cpe-list>32 ····</cpe-dict:cpe-list>
33 ··</ds:component>33 ··</ds:component>
34 ··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2025-02-28T20:08:00">34 ··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">35 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>36 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>37 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>
38 ······<xccdf-1.2:description>38 ······<xccdf-1.2:description>
39 ········This·guide·presents·a·catalog·of·security-relevant39 ········This·guide·presents·a·catalog·of·security-relevant
40 configuration·settings·for·Firefox.·It·is·a·rendering·of40 configuration·settings·for·Firefox.·It·is·a·rendering·of
41 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)41 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 3488, 15 lines modifiedOffset 3488, 15 lines modified
3488 ··············<xccdf-1.2:check-content-ref·href="ssg-firefox-ocil.xml"·name="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1"/>3488 ··············<xccdf-1.2:check-content-ref·href="ssg-firefox-ocil.xml"·name="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1"/>
3489 ············</xccdf-1.2:check>3489 ············</xccdf-1.2:check>
3490 ··········</xccdf-1.2:Rule>3490 ··········</xccdf-1.2:Rule>
3491 ········</xccdf-1.2:Group>3491 ········</xccdf-1.2:Group>
3492 ······</xccdf-1.2:Group>3492 ······</xccdf-1.2:Group>
3493 ····</xccdf-1.2:Benchmark>3493 ····</xccdf-1.2:Benchmark>
3494 ··</ds:component>3494 ··</ds:component>
3495 ··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-oval.xml"·timestamp="2025-02-28T20:08:00">3495 ··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-oval.xml"·timestamp="2025-03-01T22:08:00">
3496 ····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">3496 ····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
3497 ······<oval-def:generator>3497 ······<oval-def:generator>
3498 ········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>3498 ········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
3499 ········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>3499 ········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>
3500 ········<oval:schema_version>5.11</oval:schema_version>3500 ········<oval:schema_version>5.11</oval:schema_version>
3501 ········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>3501 ········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
3502 ······</oval-def:generator>3502 ······</oval-def:generator>
Offset 5198, 384 lines modifiedOffset 5198, 395 lines modified
5198 ··············<oval-def:literal_component>/distribution</oval-def:literal_component>5198 ··············<oval-def:literal_component>/distribution</oval-def:literal_component>
5199 ············</oval-def:concat>5199 ············</oval-def:concat>
5200 ··········</oval-def:unique>5200 ··········</oval-def:unique>
5201 ········</oval-def:local_variable>5201 ········</oval-def:local_variable>
5202 ······</oval-def:variables>5202 ······</oval-def:variables>
5203 ····</oval-def:oval_definitions>5203 ····</oval-def:oval_definitions>
5204 ··</ds:component>5204 ··</ds:component>
5205 ··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-ocil.xml"·timestamp="2025-02-28T20:08:00">5205 ··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-ocil.xml"·timestamp="2025-03-01T22:08:00">
5206 ····<ocil:ocil>5206 ····<ocil:ocil>
5207 ······<ocil:generator>5207 ······<ocil:generator>
5208 ········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>5208 ········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5209 ········<ocil:product_version>ssg:·0.1.76</ocil:product_version>5209 ········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
5210 ········<ocil:schema_version>2.0</ocil:schema_version>5210 ········<ocil:schema_version>2.0</ocil:schema_version>
5211 ········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>5211 ········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
5212 ······</ocil:generator>5212 ······</ocil:generator>
5213 ······<ocil:questionnaires>5213 ······<ocil:questionnaires>
5214 ········<ocil:questionnaire·id="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1">5214 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-content_blocker_ocil:questionnaire:1">
5215 ··········<ocil:title>Enable·Shared·System·Certificates</ocil:title>5215 ··········<ocil:title>Ensure·the·Content·Blocker·uBlock·Origin·is·Installed</ocil:title>
5216 ··········<ocil:actions>5216 ··········<ocil:actions>
 5217 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-content_blocker_action:testaction:1</ocil:test_action_ref>
 5218 ··········</ocil:actions>
 5219 ········</ocil:questionnaire>
 5220 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-telemetry_ocil:questionnaire:1">
 5221 ··········<ocil:title>Disable·Firefox·Telemetry</ocil:title>
 5222 ··········<ocil:actions>
5217 ············<ocil:test_action_ref>ocil:ssg-firefox_preferences-enable_ca_trust_action:testaction:1</ocil:test_action_ref>5223 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-telemetry_action:testaction:1</ocil:test_action_ref>
5218 ··········</ocil:actions>5224 ··········</ocil:actions>
5219 ········</ocil:questionnaire>5225 ········</ocil:questionnaire>
5220 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-verification_ocil:questionnaire:1">5226 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-verification_ocil:questionnaire:1">
5221 ··········<ocil:title>Enable·Certificate·Verification</ocil:title>5227 ··········<ocil:title>Enable·Certificate·Verification</ocil:title>
5222 ··········<ocil:actions>5228 ··········<ocil:actions>
5223 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-verification_action:testaction:1</ocil:test_action_ref>5229 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-verification_action:testaction:1</ocil:test_action_ref>
5224 ··········</ocil:actions>5230 ··········</ocil:actions>
5225 ········</ocil:questionnaire>5231 ········</ocil:questionnaire>
5226 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-private_browsing_ocil:questionnaire:1">5232 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-private_browsing_ocil:questionnaire:1">
5227 ··········<ocil:title>Firefox·private·browsing·must·be·disabled.</ocil:title>5233 ··········<ocil:title>Firefox·private·browsing·must·be·disabled.</ocil:title>
5228 ··········<ocil:actions>5234 ··········<ocil:actions>
5229 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-private_browsing_action:testaction:1</ocil:test_action_ref>5235 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-private_browsing_action:testaction:1</ocil:test_action_ref>
5230 ··········</ocil:actions>5236 ··········</ocil:actions>
5231 ········</ocil:questionnaire>5237 ········</ocil:questionnaire>
5232 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_resizing_ocil:questionnaire:1">5238 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-cryptomining_ocil:questionnaire:1">
5233 ··········<ocil:title>Disable·JavaScript's·Moving·Or·Resizing·Windows·Capability</ocil:title>5239 ··········<ocil:title>Enabled·Firefox·Cryptomining·protection</ocil:title>
5234 ··········<ocil:actions>5240 ··········<ocil:actions>
5235 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_resizing_action:testaction:1</ocil:test_action_ref>5241 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-cryptomining_action:testaction:1</ocil:test_action_ref>
5236 ··········</ocil:actions>5242 ··········</ocil:actions>
5237 ········</ocil:questionnaire>5243 ········</ocil:questionnaire>
5238 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_pocket_ocil:questionnaire:1">5244 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-extension_update_ocil:questionnaire:1">
5239 ··········<ocil:title>Disable·Firefox·Pocket</ocil:title>5245 ··········<ocil:title>Firefox·must·be·configured·to·not·automatically·update·installed·add-ons·and·plugins.</ocil:title>
5240 ··········<ocil:actions>5246 ··········<ocil:actions>
5241 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_pocket_action:testaction:1</ocil:test_action_ref>5247 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-extension_update_action:testaction:1</ocil:test_action_ref>
5242 ··········</ocil:actions>5248 ··········</ocil:actions>
5243 ········</ocil:questionnaire>5249 ········</ocil:questionnaire>
5244 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_studies_ocil:questionnaire:1">5250 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-fingerprinting_protection_ocil:questionnaire:1">
5245 ··········<ocil:title>Disable·Firefox·Studies</ocil:title>5251 ··········<ocil:title>Enabled·Firefox·Fingerprinting·Protection</ocil:title>
5246 ··········<ocil:actions>5252 ··········<ocil:actions>
5247 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_studies_action:testaction:1</ocil:test_action_ref>5253 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-fingerprinting_protection_action:testaction:1</ocil:test_action_ref>
 5254 ··········</ocil:actions>
 5255 ········</ocil:questionnaire>
 5256 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_changes_ocil:questionnaire:1">
 5257 ··········<ocil:title>Disable·JavaScript's·Raise·Or·Lower·Windows·Capability</ocil:title>
 5258 ··········<ocil:actions>
 5259 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_changes_action:testaction:1</ocil:test_action_ref>
5248 ··········</ocil:actions>5260 ··········</ocil:actions>
5249 ········</ocil:questionnaire>5261 ········</ocil:questionnaire>
5250 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-network_prediction_ocil:questionnaire:1">5262 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-network_prediction_ocil:questionnaire:1">
5251 ··········<ocil:title>Disable·Firefox·network·prediction</ocil:title>5263 ··········<ocil:title>Disable·Firefox·network·prediction</ocil:title>
5252 ··········<ocil:actions>5264 ··········<ocil:actions>
5253 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-network_prediction_action:testaction:1</ocil:test_action_ref>5265 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-network_prediction_action:testaction:1</ocil:test_action_ref>
5254 ··········</ocil:actions>5266 ··········</ocil:actions>
5255 ········</ocil:questionnaire>5267 ········</ocil:questionnaire>
5256 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_deprecated_ciphers_ocil:questionnaire:1">5268 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-autoplay_video_ocil:questionnaire:1">
5257 ··········<ocil:title>Disable·Firefox·deprecated·ciphers</ocil:title>5269 ··········<ocil:title>Firefox·autoplay·must·be·disabled.</ocil:title>
5258 ··········<ocil:actions>5270 ··········<ocil:actions>
5259 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_deprecated_ciphers_action:testaction:1</ocil:test_action_ref>5271 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-autoplay_video_action:testaction:1</ocil:test_action_ref>
5260 ··········</ocil:actions>5272 ··········</ocil:actions>
5261 ········</ocil:questionnaire>5273 ········</ocil:questionnaire>
5262 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-development_tools_ocil:questionnaire:1">5274 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-development_tools_ocil:questionnaire:1">
5263 ··········<ocil:title>Disable·Firefox·Development·Tools</ocil:title>5275 ··········<ocil:title>Disable·Firefox·Development·Tools</ocil:title>
5264 ··········<ocil:actions>5276 ··········<ocil:actions>
5265 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-development_tools_action:testaction:1</ocil:test_action_ref>5277 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-development_tools_action:testaction:1</ocil:test_action_ref>
5266 ··········</ocil:actions>5278 ··········</ocil:actions>
5267 ········</ocil:questionnaire>5279 ········</ocil:questionnaire>
5268 ········<ocil:questionnaire·id="ocil:ssg-firefox_policy-enhanced_tracking_ocil:questionnaire:1"> 
5269 ··········<ocil:title>Enabled·Firefox·Enhanced·Tracking·Protection</ocil:title> 
5270 ··········<ocil:actions> 
5271 ············<ocil:test_action_ref>ocil:ssg-firefox_policy-enhanced_tracking_action:testaction:1</ocil:test_action_ref> 
5272 ··········</ocil:actions> 
Max diff block lines reached; 43670/55170 bytes (79.16%) of diff not shown.
47.1 KB
./usr/share/xml/scap/ssg/content/ssg-firefox-ocil.xml
47.0 KB
./usr/share/xml/scap/ssg/content/ssg-firefox-ocil.xml
Ordering differences only
    
Offset 3, 375 lines modifiedOffset 3, 386 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-content_blocker_ocil:questionnaire:1">
11 ······<ocil:title>Enable·Shared·System·Certificates</ocil:title>11 ······<ocil:title>Ensure·the·Content·Blocker·uBlock·Origin·is·Installed</ocil:title>
12 ······<ocil:actions>12 ······<ocil:actions>
 13 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-content_blocker_action:testaction:1</ocil:test_action_ref>
 14 ······</ocil:actions>
 15 ····</ocil:questionnaire>
 16 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-telemetry_ocil:questionnaire:1">
 17 ······<ocil:title>Disable·Firefox·Telemetry</ocil:title>
 18 ······<ocil:actions>
13 ········<ocil:test_action_ref>ocil:ssg-firefox_preferences-enable_ca_trust_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-telemetry_action:testaction:1</ocil:test_action_ref>
14 ······</ocil:actions>20 ······</ocil:actions>
15 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
16 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-verification_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-verification_ocil:questionnaire:1">
17 ······<ocil:title>Enable·Certificate·Verification</ocil:title>23 ······<ocil:title>Enable·Certificate·Verification</ocil:title>
18 ······<ocil:actions>24 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-verification_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-verification_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>26 ······</ocil:actions>
21 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-private_browsing_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-private_browsing_ocil:questionnaire:1">
23 ······<ocil:title>Firefox·private·browsing·must·be·disabled.</ocil:title>29 ······<ocil:title>Firefox·private·browsing·must·be·disabled.</ocil:title>
24 ······<ocil:actions>30 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-private_browsing_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-private_browsing_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>32 ······</ocil:actions>
27 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_resizing_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-cryptomining_ocil:questionnaire:1">
29 ······<ocil:title>Disable·JavaScript's·Moving·Or·Resizing·Windows·Capability</ocil:title>35 ······<ocil:title>Enabled·Firefox·Cryptomining·protection</ocil:title>
30 ······<ocil:actions>36 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_resizing_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-cryptomining_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>38 ······</ocil:actions>
33 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_pocket_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-extension_update_ocil:questionnaire:1">
35 ······<ocil:title>Disable·Firefox·Pocket</ocil:title>41 ······<ocil:title>Firefox·must·be·configured·to·not·automatically·update·installed·add-ons·and·plugins.</ocil:title>
36 ······<ocil:actions>42 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_pocket_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-extension_update_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>44 ······</ocil:actions>
39 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_studies_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-fingerprinting_protection_ocil:questionnaire:1">
41 ······<ocil:title>Disable·Firefox·Studies</ocil:title>47 ······<ocil:title>Enabled·Firefox·Fingerprinting·Protection</ocil:title>
42 ······<ocil:actions>48 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_studies_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-fingerprinting_protection_action:testaction:1</ocil:test_action_ref>
 50 ······</ocil:actions>
 51 ····</ocil:questionnaire>
 52 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_changes_ocil:questionnaire:1">
 53 ······<ocil:title>Disable·JavaScript's·Raise·Or·Lower·Windows·Capability</ocil:title>
 54 ······<ocil:actions>
 55 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_changes_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>56 ······</ocil:actions>
45 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-network_prediction_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-network_prediction_ocil:questionnaire:1">
47 ······<ocil:title>Disable·Firefox·network·prediction</ocil:title>59 ······<ocil:title>Disable·Firefox·network·prediction</ocil:title>
48 ······<ocil:actions>60 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-network_prediction_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-network_prediction_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>62 ······</ocil:actions>
51 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_deprecated_ciphers_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-autoplay_video_ocil:questionnaire:1">
53 ······<ocil:title>Disable·Firefox·deprecated·ciphers</ocil:title>65 ······<ocil:title>Firefox·autoplay·must·be·disabled.</ocil:title>
54 ······<ocil:actions>66 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_deprecated_ciphers_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-autoplay_video_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>68 ······</ocil:actions>
57 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-development_tools_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-development_tools_ocil:questionnaire:1">
59 ······<ocil:title>Disable·Firefox·Development·Tools</ocil:title>71 ······<ocil:title>Disable·Firefox·Development·Tools</ocil:title>
60 ······<ocil:actions>72 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-development_tools_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-development_tools_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>74 ······</ocil:actions>
63 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-enhanced_tracking_ocil:questionnaire:1"> 
65 ······<ocil:title>Enabled·Firefox·Enhanced·Tracking·Protection</ocil:title> 
66 ······<ocil:actions> 
67 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-enhanced_tracking_action:testaction:1</ocil:test_action_ref> 
68 ······</ocil:actions> 
69 ····</ocil:questionnaire> 
70 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-content_blocker_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-forget_button_ocil:questionnaire:1">
 77 ······<ocil:title>Firefox·must·prevent·the·user·from·quickly·deleting·data.</ocil:title>
71 ······<ocil:title>Ensure·the·Content·Blocker·uBlock·Origin·is·Installed</ocil:title> 
72 ······<ocil:actions> 
73 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-content_blocker_action:testaction:1</ocil:test_action_ref> 
74 ······</ocil:actions> 
75 ····</ocil:questionnaire> 
76 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_changes_ocil:questionnaire:1"> 
77 ······<ocil:title>Disable·JavaScript's·Raise·Or·Lower·Windows·Capability</ocil:title> 
78 ······<ocil:actions> 
79 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_changes_action:testaction:1</ocil:test_action_ref> 
80 ······</ocil:actions> 
81 ····</ocil:questionnaire> 
82 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-fingerprinting_protection_ocil:questionnaire:1"> 
83 ······<ocil:title>Enabled·Firefox·Fingerprinting·Protection</ocil:title> 
84 ······<ocil:actions>78 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-fingerprinting_protection_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-forget_button_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>80 ······</ocil:actions>
87 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-cryptomining_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-extension_recommendation_ocil:questionnaire:1">
89 ······<ocil:title>Enabled·Firefox·Cryptomining·protection</ocil:title>83 ······<ocil:title>Disabled·Firefox·Extension·Recommendations</ocil:title>
90 ······<ocil:actions>84 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-cryptomining_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-extension_recommendation_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>86 ······</ocil:actions>
93 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-dod_root_certificate_installed_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-dod_root_certificate_installed_ocil:questionnaire:1">
95 ······<ocil:title>The·DoD·Root·Certificate·Exists</ocil:title>89 ······<ocil:title>The·DoD·Root·Certificate·Exists</ocil:title>
96 ······<ocil:actions>90 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-firefox_preferences-dod_root_certificate_installed_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-firefox_preferences-dod_root_certificate_installed_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>92 ······</ocil:actions>
99 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-search_update_ocil:questionnaire:1"> 
101 ······<ocil:title>Disable·Installed·Search·Plugins·Update·Checking</ocil:title> 
102 ······<ocil:actions> 
103 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-search_update_action:testaction:1</ocil:test_action_ref> 
104 ······</ocil:actions> 
105 ····</ocil:questionnaire> 
106 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-extension_recommendation_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_resizing_ocil:questionnaire:1">
107 ······<ocil:title>Disabled·Firefox·Extension·Recommendations</ocil:title>95 ······<ocil:title>Disable·JavaScript's·Moving·Or·Resizing·Windows·Capability</ocil:title>
108 ······<ocil:actions>96 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-extension_recommendation_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_resizing_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>98 ······</ocil:actions>
111 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-auto-download_actions_ocil:questionnaire:1">100 ····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_pocket_ocil:questionnaire:1">
113 ······<ocil:title>Disable·auto-download·for·proscribed·MIME·types.</ocil:title>101 ······<ocil:title>Disable·Firefox·Pocket</ocil:title>
114 ······<ocil:actions>102 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-firefox_preferences-auto-download_actions_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_pocket_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>104 ······</ocil:actions>
Max diff block lines reached; 37789/47954 bytes (78.80%) of diff not shown.
261 MB
ssg-debderived_0.1.76-1_all.deb
452 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary1 -rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary
2 -rw-r--r--···0········0········0·····3040·2025-03-01·08:08:00.000000·control.tar.xz2 -rw-r--r--···0········0········0·····3044·2025-03-01·08:08:00.000000·control.tar.xz
3 -rw-r--r--···0········0········0··3722640·2025-03-01·08:08:00.000000·data.tar.xz3 -rw-r--r--···0········0········0··3720440·2025-03-01·08:08:00.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
261 MB
data.tar.xz
261 MB
data.tar
1.07 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu1604-guide-anssi_np_nt28_average.html
    
Offset 15999, 146 lines modifiedOffset 15999, 146 lines modified
0003e7e0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003e7e0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003e7f0:·2223·6964·6d31·3736·3722·2074·6162·696e··"#idm1767"·tabin0003e7f0:·2223·6964·6d31·3736·3722·2074·6162·696e··"#idm1767"·tabin
0003e800:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003e800:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003e810:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003e810:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003e820:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003e820:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003e830:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003e830:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003e840:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003e840:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
 0003e850:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
 0003e860:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
 0003e870:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003e880:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003e890:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003e8a0:·6d31·3736·3722·3e3c·7461·626c·6520·636c··m1767"><table·cl
 0003e8b0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
 0003e8c0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
 0003e8d0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
 0003e8e0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
 0003e8f0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
 0003e900:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003e910:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
 0003e920:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
 0003e930:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003e940:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
 0003e950:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
 0003e960:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
 0003e970:·6779·3a3c·2f74·683e·3c74·643e·7265·7374··gy:</th><td>rest
 0003e980:·7269·6374·3c2f·7464·3e3c·2f74·723e·3c2f··rict</td></tr></
 0003e990:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
 0003e9a0:·3e0a·666f·7220·6620·696e·202f·6574·632f··>.for·f·in·/etc/
 0003e9b0:·7375·646f·6572·7320·2f65·7463·2f73·7564··sudoers·/etc/sud
 0003e9c0:·6f65·7273·2e64·2f2a·203b·2064·6f0a·2020··oers.d/*·;·do.··
 0003e9d0:·6966·205b·2021·202d·6520·2224·6622·205d··if·[·!·-e·"$f"·]
 0003e9e0:·203b·2074·6865·6e0a·2020·2020·636f·6e74···;·then.····cont
 0003e9f0:·696e·7565·0a20·2066·690a·2020·6d61·7463··inue.··fi.··matc
 0003ea00:·6869·6e67·5f6c·6973·743d·2428·6772·6570··hing_list=$(grep
 0003ea10:·202d·5020·275e·283f·2123·292e·2a5b·5c73···-P·'^(?!#).*[\s
 0003ea20:·5d2b·5c21·6175·7468·656e·7469·6361·7465··]+\!authenticate
 0003ea30:·2e2a·2427·2024·6620·7c20·756e·6971·2029··.*$'·$f·|·uniq·)
 0003ea40:·0a20·2069·6620·2120·7465·7374·202d·7a20··.··if·!·test·-z·
 0003ea50:·2224·6d61·7463·6869·6e67·5f6c·6973·7422··"$matching_list"
 0003ea60:·3b20·7468·656e·0a20·2020·2077·6869·6c65··;·then.····while
 0003ea70:·2049·4653·3d20·7265·6164·202d·7220·656e···IFS=·read·-r·en
 0003ea80:·7472·793b·2064·6f0a·2020·2020·2020·2320··try;·do.······#·
 0003ea90:·636f·6d6d·656e·7420·6f75·7420·2221·6175··comment·out·"!au
 0003eaa0:·7468·656e·7469·6361·7465·2220·6d61·7463··thenticate"·matc
 0003eab0:·6865·7320·746f·2070·7265·7365·7276·6520··hes·to·preserve·
 0003eac0:·7573·6572·2064·6174·610a·2020·2020·2020··user·data.······
 0003ead0:·7365·6420·2d69·2022·732f·5e24·7b65·6e74··sed·-i·"s/^${ent
 0003eae0:·7279·7d24·2f23·2026·616d·703b·2f67·2220··ry}$/#·&amp;/g"·
 0003eaf0:·2466·0a20·2020·2064·6f6e·6520·266c·743b··$f.····done·&lt;
 0003eb00:·266c·743b·266c·743b·2022·246d·6174·6368··&lt;&lt;·"$match
 0003eb10:·696e·675f·6c69·7374·220a·0a20·2020·202f··ing_list"..····/
 0003eb20:·7573·722f·7362·696e·2f76·6973·7564·6f20··usr/sbin/visudo·
 0003eb30:·2d63·6620·2466·2026·616d·703b·2667·743b··-cf·$f·&amp;&gt;
 0003eb40:·202f·6465·762f·6e75·6c6c·207c·7c20·6563···/dev/null·||·ec
 0003eb50:·686f·2022·4661·696c·2074·6f20·7661·6c69··ho·"Fail·to·vali
 0003eb60:·6461·7465·2024·6620·7769·7468·2076·6973··date·$f·with·vis
 0003eb70:·7564·6f22·0a20·2066·690a·646f·6e65·0a3c··udo".··fi.done.<
 0003eb80:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
 0003eb90:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
 0003eba0:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
 0003ebb0:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
 0003ebc0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
 0003ebd0:·2223·6964·6d31·3736·3822·2074·6162·696e··"#idm1768"·tabin
 0003ebe0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
 0003ebf0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
 0003ec00:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
 0003ec10:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
 0003ec20:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003e850:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003ec30:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans
0003e860:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...0003ec40:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...
0003e870:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003ec50:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003e880:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003ec60:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003e890:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003ec70:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003e8a0:·2269·646d·3137·3637·223e·3c74·6162·6c65··"idm1767"><table 
0003e8b0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003e8c0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003e8d0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003e8e0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003e8f0:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
0003e900:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003e910:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis 
0003e920:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td 
0003e930:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003e940:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
0003e950:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003e960:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003e970:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r 
0003e980:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr 
0003e990:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003e9a0:·6f64·653e·2d20·6e61·6d65·3a20·4669·6e64··ode>-·name:·Find 
0003e9b0:·202f·6574·632f·7375·646f·6572·732e·642f···/etc/sudoers.d/ 
0003e9c0:·2066·696c·6573·0a20·2061·6e73·6962·6c65···files.··ansible 
0003e9d0:·2e62·7569·6c74·696e·2e66·696e·643a·0a20··.builtin.find:.· 
0003e9e0:·2020·2070·6174·6873·3a0a·2020·2020·2d20·····paths:.····-· 
0003e9f0:·2f65·7463·2f73·7564·6f65·7273·2e64·2f0a··/etc/sudoers.d/. 
0003ea00:·2020·7265·6769·7374·6572·3a20·7375·646f····register:·sudo 
0003ea10:·6572·730a·2020·7461·6773·3a0a·2020·2d20··ers.··tags:.··-· 
0003ea20:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6 
0003ea30:·2861·290a·2020·2d20·4e49·5354·2d38·3030··(a).··-·NIST-800 
0003ea40:·2d35·332d·4941·2d31·310a·2020·2d20·6c6f··-53-IA-11.··-·lo 
0003ea50:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··- 
0003ea60:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption. 
0003ea70:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever 
0003ea80:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo 
0003ea90:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res 
0003eaa0:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.· 
0003eab0:·202d·2073·7564·6f5f·7265·6d6f·7665·5f6e···-·sudo_remove_n 
0003eac0:·6f5f·6175·7468·656e·7469·6361·7465·0a0a··o_authenticate.. 
0003ead0:·2d20·6e61·6d65·3a20·5265·6d6f·7665·206c··-·name:·Remove·l 
0003eae0:·696e·6573·2063·6f6e·7461·696e·696e·6720··ines·containing· 
0003eaf0:·2161·7574·6865·6e74·6963·6174·6520·6672··!authenticate·fr 
0003eb00:·6f6d·2073·7564·6f65·7273·2066·696c·6573··om·sudoers·files 
0003eb10:·0a20·2061·6e73·6962·6c65·2e62·7569·6c74··.··ansible.built 
0003eb20:·696e·2e72·6570·6c61·6365·3a0a·2020·2020··in.replace:.···· 
0003eb30:·7265·6765·7870·3a20·285e·283f·2123·292e··regexp:·(^(?!#). 
0003eb40:·2a5b·5c73·5d2b·5c21·6175·7468·656e·7469··*[\s]+\!authenti 
0003eb50:·6361·7465·2e2a·2429·0a20·2020·2072·6570··cate.*$).····rep 
0003eb60:·6c61·6365·3a20·2723·205c·6726·6c74·3b31··lace:·'#·\g&lt;1 
0003eb70:·2667·743b·270a·2020·2020·7061·7468·3a20··&gt;'.····path:· 
0003eb80:·277b·7b20·6974·656d·2e70·6174·6820·7d7d··'{{·item.path·}} 
0003eb90:·270a·2020·2020·7661·6c69·6461·7465·3a20··'.····validate:· 
0003eba0:·2f75·7372·2f73·6269·6e2f·7669·7375·646f··/usr/sbin/visudo 
0003ebb0:·202d·6366·2025·730a·2020·7769·7468·5f69···-cf·%s.··with_i 
0003ebc0:·7465·6d73·3a0a·2020·2d20·7061·7468·3a20··tems:.··-·path:· 
0003ebd0:·2f65·7463·2f73·7564·6f65·7273·0a20·202d··/etc/sudoers.··- 
0003ebe0:·2027·7b7b·2073·7564·6f65·7273·2e66·696c···'{{·sudoers.fil 
Max diff block lines reached; 984584/1003380 bytes (98.13%) of diff not shown.
117 KB
html2text {}
    
Offset 227, 14 lines modifiedOffset 227, 35 lines modified
227 ···························1.7,·SR·1.8,·SR·1.9227 ···························1.7,·SR·1.8,·SR·1.9
228 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,228 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
229 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3229 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
230 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)230 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
231 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7231 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
232 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,232 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
233 ···························SRG-OS-000373-GPOS-00158233 ···························SRG-OS-000373-GPOS-00158
 234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 235 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 236 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 237 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 238 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 239 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 240 ··if·[·!·-e·"$f"·]·;·then
 241 ····continue
 242 ··fi
 243 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 244 ··if·!·test·-z·"$matching_list";·then
 245 ····while·IFS=·read·-r·entry;·do
 246 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 247 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 248 ····done·<<<·"$matching_list"
  
 249 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 250 visudo"
 251 ··fi
 252 done
234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8253 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
235 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low254 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
236 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low255 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
237 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false256 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
238 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict257 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
239 -·name:·Find·/etc/sudoers.d/·files258 -·name:·Find·/etc/sudoers.d/·files
240 ··ansible.builtin.find:259 ··ansible.builtin.find:
Offset 265, 35 lines modifiedOffset 286, 14 lines modified
265 ··-·NIST-800-53-IA-11286 ··-·NIST-800-53-IA-11
266 ··-·low_complexity287 ··-·low_complexity
267 ··-·low_disruption288 ··-·low_disruption
268 ··-·medium_severity289 ··-·medium_severity
269 ··-·no_reboot_needed290 ··-·no_reboot_needed
270 ··-·restrict_strategy291 ··-·restrict_strategy
271 ··-·sudo_remove_no_authenticate292 ··-·sudo_remove_no_authenticate
272 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
273 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
274 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
275 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
276 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
277 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
278 ··if·[·!·-e·"$f"·]·;·then 
279 ····continue 
280 ··fi 
281 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
282 ··if·!·test·-z·"$matching_list";·then 
283 ····while·IFS=·read·-r·entry;·do 
284 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
285 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
286 ····done·<<<·"$matching_list" 
  
287 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
288 visudo" 
289 ··fi 
290 done 
291 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o293 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
292 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*294 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
293 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using295 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
294 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure296 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
295 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any297 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
296 sudo·configuration·snippets·in·/etc/sudoers.d/.298 sudo·configuration·snippets·in·/etc/sudoers.d/.
297 ············Without·re-authentication,·users·may·access·resources·or·perform299 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 314, 14 lines modifiedOffset 314, 35 lines modified
314 ···························1.7,·SR·1.8,·SR·1.9314 ···························1.7,·SR·1.8,·SR·1.9
315 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,315 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
316 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3316 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
317 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)317 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
318 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7318 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
319 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,319 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
320 ···························SRG-OS-000373-GPOS-00158320 ···························SRG-OS-000373-GPOS-00158
 321 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 322 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 323 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 324 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 325 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 326 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 327 ··if·[·!·-e·"$f"·]·;·then
 328 ····continue
 329 ··fi
 330 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 331 ··if·!·test·-z·"$matching_list";·then
 332 ····while·IFS=·read·-r·entry;·do
 333 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 334 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 335 ····done·<<<·"$matching_list"
  
 336 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 337 visudo"
 338 ··fi
 339 done
321 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8340 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
322 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low341 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
323 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low342 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
324 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false343 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
325 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict344 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
326 -·name:·Find·/etc/sudoers.d/·files345 -·name:·Find·/etc/sudoers.d/·files
327 ··ansible.builtin.find:346 ··ansible.builtin.find:
Offset 352, 35 lines modifiedOffset 373, 14 lines modified
352 ··-·NIST-800-53-IA-11373 ··-·NIST-800-53-IA-11
353 ··-·low_complexity374 ··-·low_complexity
354 ··-·low_disruption375 ··-·low_disruption
355 ··-·medium_severity376 ··-·medium_severity
356 ··-·no_reboot_needed377 ··-·no_reboot_needed
357 ··-·restrict_strategy378 ··-·restrict_strategy
358 ··-·sudo_remove_nopasswd379 ··-·sudo_remove_nopasswd
359 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
360 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
361 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
362 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
363 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
364 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
365 ··if·[·!·-e·"$f"·]·;·then 
366 ····continue 
367 ··fi 
368 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
369 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 114730/120178 bytes (95.47%) of diff not shown.
1.22 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu1604-guide-anssi_np_nt28_high.html
    
Offset 16020, 146 lines modifiedOffset 16020, 146 lines modified
0003e930:·6765·743d·2223·6964·6d31·3736·3722·2074··get="#idm1767"·t0003e930:·6765·743d·2223·6964·6d31·3736·3722·2074··get="#idm1767"·t
0003e940:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003e940:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003e950:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003e950:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003e960:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003e960:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003e970:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003e970:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003e980:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003e980:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003e990:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003e990:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
 0003e9a0:·2053·6865·6c6c·2073·6372·6970·7420·e287···Shell·script·..
 0003e9b0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
 0003e9c0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
 0003e9d0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
 0003e9e0:·3d22·6964·6d31·3736·3722·3e3c·7461·626c··="idm1767"><tabl
 0003e9f0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
 0003ea00:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
 0003ea10:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
 0003ea20:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
 0003ea30:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
 0003ea40:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003ea50:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di
 0003ea60:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t
 0003ea70:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
 0003ea80:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</
 0003ea90:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td
 0003eaa0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
 0003eab0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
 0003eac0:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t
 0003ead0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 0003eae0:·636f·6465·3e0a·666f·7220·6620·696e·202f··code>.for·f·in·/
 0003eaf0:·6574·632f·7375·646f·6572·7320·2f65·7463··etc/sudoers·/etc
 0003eb00:·2f73·7564·6f65·7273·2e64·2f2a·203b·2064··/sudoers.d/*·;·d
 0003eb10:·6f0a·2020·6966·205b·2021·202d·6520·2224··o.··if·[·!·-e·"$
 0003eb20:·6622·205d·203b·2074·6865·6e0a·2020·2020··f"·]·;·then.····
 0003eb30:·636f·6e74·696e·7565·0a20·2066·690a·2020··continue.··fi.··
 0003eb40:·6d61·7463·6869·6e67·5f6c·6973·743d·2428··matching_list=$(
 0003eb50:·6772·6570·202d·5020·275e·283f·2123·292e··grep·-P·'^(?!#).
 0003eb60:·2a5b·5c73·5d2b·5c21·6175·7468·656e·7469··*[\s]+\!authenti
 0003eb70:·6361·7465·2e2a·2427·2024·6620·7c20·756e··cate.*$'·$f·|·un
 0003eb80:·6971·2029·0a20·2069·6620·2120·7465·7374··iq·).··if·!·test
 0003eb90:·202d·7a20·2224·6d61·7463·6869·6e67·5f6c···-z·"$matching_l
 0003eba0:·6973·7422·3b20·7468·656e·0a20·2020·2077··ist";·then.····w
 0003ebb0:·6869·6c65·2049·4653·3d20·7265·6164·202d··hile·IFS=·read·-
 0003ebc0:·7220·656e·7472·793b·2064·6f0a·2020·2020··r·entry;·do.····
 0003ebd0:·2020·2320·636f·6d6d·656e·7420·6f75·7420····#·comment·out·
 0003ebe0:·2221·6175·7468·656e·7469·6361·7465·2220··"!authenticate"·
 0003ebf0:·6d61·7463·6865·7320·746f·2070·7265·7365··matches·to·prese
 0003ec00:·7276·6520·7573·6572·2064·6174·610a·2020··rve·user·data.··
 0003ec10:·2020·2020·7365·6420·2d69·2022·732f·5e24······sed·-i·"s/^$
 0003ec20:·7b65·6e74·7279·7d24·2f23·2026·616d·703b··{entry}$/#·&amp;
 0003ec30:·2f67·2220·2466·0a20·2020·2064·6f6e·6520··/g"·$f.····done·
 0003ec40:·266c·743b·266c·743b·266c·743b·2022·246d··&lt;&lt;&lt;·"$m
 0003ec50:·6174·6368·696e·675f·6c69·7374·220a·0a20··atching_list"..·
 0003ec60:·2020·202f·7573·722f·7362·696e·2f76·6973·····/usr/sbin/vis
 0003ec70:·7564·6f20·2d63·6620·2466·2026·616d·703b··udo·-cf·$f·&amp;
 0003ec80:·2667·743b·202f·6465·762f·6e75·6c6c·207c··&gt;·/dev/null·|
 0003ec90:·7c20·6563·686f·2022·4661·696c·2074·6f20··|·echo·"Fail·to·
 0003eca0:·7661·6c69·6461·7465·2024·6620·7769·7468··validate·$f·with
 0003ecb0:·2076·6973·7564·6f22·0a20·2066·690a·646f···visudo".··fi.do
 0003ecc0:·6e65·0a3c·2f63·6f64·653e·3c2f·7072·653e··ne.</code></pre>
 0003ecd0:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="
 0003ece0:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"
 0003ecf0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co
 0003ed00:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar
 0003ed10:·6765·743d·2223·6964·6d31·3736·3822·2074··get="#idm1768"·t
 0003ed20:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
 0003ed30:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
 0003ed40:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
 0003ed50:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
 0003ed60:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
 0003ed70:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003e9a0:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet0003ed80:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet
0003e9b0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div0003ed90:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003e9c0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003e9d0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003e9e0:·2069·643d·2269·646d·3137·3637·223e·3c74···id="idm1767"><t 
0003e9f0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003ea00:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003ea10:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003ea20:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003ea30:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003ea40:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003ea50:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003ea60:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003ea70:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003ea80:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003ea90:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003eaa0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003eab0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003eac0:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td> 
0003ead0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
0003eae0:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:· 
0003eaf0:·4669·6e64·202f·6574·632f·7375·646f·6572··Find·/etc/sudoer 
0003eb00:·732e·642f·2066·696c·6573·0a20·2061·6e73··s.d/·files.··ans 
0003eb10:·6962·6c65·2e62·7569·6c74·696e·2e66·696e··ible.builtin.fin 
0003eb20:·643a·0a20·2020·2070·6174·6873·3a0a·2020··d:.····paths:.·· 
0003eb30:·2020·2d20·2f65·7463·2f73·7564·6f65·7273····-·/etc/sudoers 
0003eb40:·2e64·2f0a·2020·7265·6769·7374·6572·3a20··.d/.··register:· 
0003eb50:·7375·646f·6572·730a·2020·7461·6773·3a0a··sudoers.··tags:. 
0003eb60:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53- 
0003eb70:·434d·2d36·2861·290a·2020·2d20·4e49·5354··CM-6(a).··-·NIST 
0003eb80:·2d38·3030·2d35·332d·4941·2d31·310a·2020··-800-53-IA-11.·· 
0003eb90:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity 
0003eba0:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt 
0003ebb0:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s 
0003ebc0:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r 
0003ebd0:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··- 
0003ebe0:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate 
0003ebf0:·6779·0a20·202d·2073·7564·6f5f·7265·6d6f··gy.··-·sudo_remo 
0003ec00:·7665·5f6e·6f5f·6175·7468·656e·7469·6361··ve_no_authentica 
0003ec10:·7465·0a0a·2d20·6e61·6d65·3a20·5265·6d6f··te..-·name:·Remo 
0003ec20:·7665·206c·696e·6573·2063·6f6e·7461·696e··ve·lines·contain 
0003ec30:·696e·6720·2161·7574·6865·6e74·6963·6174··ing·!authenticat 
0003ec40:·6520·6672·6f6d·2073·7564·6f65·7273·2066··e·from·sudoers·f 
0003ec50:·696c·6573·0a20·2061·6e73·6962·6c65·2e62··iles.··ansible.b 
0003ec60:·7569·6c74·696e·2e72·6570·6c61·6365·3a0a··uiltin.replace:. 
0003ec70:·2020·2020·7265·6765·7870·3a20·285e·283f······regexp:·(^(? 
0003ec80:·2123·292e·2a5b·5c73·5d2b·5c21·6175·7468··!#).*[\s]+\!auth 
0003ec90:·656e·7469·6361·7465·2e2a·2429·0a20·2020··enticate.*$).··· 
0003eca0:·2072·6570·6c61·6365·3a20·2723·205c·6726···replace:·'#·\g& 
0003ecb0:·6c74·3b31·2667·743b·270a·2020·2020·7061··lt;1&gt;'.····pa 
0003ecc0:·7468·3a20·277b·7b20·6974·656d·2e70·6174··th:·'{{·item.pat 
0003ecd0:·6820·7d7d·270a·2020·2020·7661·6c69·6461··h·}}'.····valida 
0003ece0:·7465·3a20·2f75·7372·2f73·6269·6e2f·7669··te:·/usr/sbin/vi 
0003ecf0:·7375·646f·202d·6366·2025·730a·2020·7769··sudo·-cf·%s.··wi 
0003ed00:·7468·5f69·7465·6d73·3a0a·2020·2d20·7061··th_items:.··-·pa 
0003ed10:·7468·3a20·2f65·7463·2f73·7564·6f65·7273··th:·/etc/sudoers 
0003ed20:·0a20·202d·2027·7b7b·2073·7564·6f65·7273··.··-·'{{·sudoers 
0003ed30:·2e66·696c·6573·207d·7d27·0a20·2074·6167··.files·}}'.··tag 
Max diff block lines reached; 1124960/1143756 bytes (98.36%) of diff not shown.
134 KB
html2text {}
    
Offset 231, 14 lines modifiedOffset 231, 35 lines modified
231 ···························1.7,·SR·1.8,·SR·1.9231 ···························1.7,·SR·1.8,·SR·1.9
232 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,232 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
233 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3233 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
234 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)234 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
235 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7235 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
236 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,236 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
237 ···························SRG-OS-000373-GPOS-00158237 ···························SRG-OS-000373-GPOS-00158
 238 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 239 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 240 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 241 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 242 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 243 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 244 ··if·[·!·-e·"$f"·]·;·then
 245 ····continue
 246 ··fi
 247 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 248 ··if·!·test·-z·"$matching_list";·then
 249 ····while·IFS=·read·-r·entry;·do
 250 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 251 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 252 ····done·<<<·"$matching_list"
  
 253 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 254 visudo"
 255 ··fi
 256 done
238 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8257 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
239 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low258 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
240 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low259 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
241 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false260 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
242 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict261 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
243 -·name:·Find·/etc/sudoers.d/·files262 -·name:·Find·/etc/sudoers.d/·files
244 ··ansible.builtin.find:263 ··ansible.builtin.find:
Offset 269, 35 lines modifiedOffset 290, 14 lines modified
269 ··-·NIST-800-53-IA-11290 ··-·NIST-800-53-IA-11
270 ··-·low_complexity291 ··-·low_complexity
271 ··-·low_disruption292 ··-·low_disruption
272 ··-·medium_severity293 ··-·medium_severity
273 ··-·no_reboot_needed294 ··-·no_reboot_needed
274 ··-·restrict_strategy295 ··-·restrict_strategy
275 ··-·sudo_remove_no_authenticate296 ··-·sudo_remove_no_authenticate
276 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
277 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
278 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
279 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
280 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
281 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
282 ··if·[·!·-e·"$f"·]·;·then 
283 ····continue 
284 ··fi 
285 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
286 ··if·!·test·-z·"$matching_list";·then 
287 ····while·IFS=·read·-r·entry;·do 
288 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
289 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
290 ····done·<<<·"$matching_list" 
  
291 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
292 visudo" 
293 ··fi 
294 done 
295 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o297 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
296 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*298 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
297 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using299 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
298 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure300 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
299 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any301 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
300 sudo·configuration·snippets·in·/etc/sudoers.d/.302 sudo·configuration·snippets·in·/etc/sudoers.d/.
301 ············Without·re-authentication,·users·may·access·resources·or·perform303 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 318, 14 lines modifiedOffset 318, 35 lines modified
318 ···························1.7,·SR·1.8,·SR·1.9318 ···························1.7,·SR·1.8,·SR·1.9
319 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,319 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
320 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3320 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
321 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)321 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
322 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7322 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
323 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,323 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
324 ···························SRG-OS-000373-GPOS-00158324 ···························SRG-OS-000373-GPOS-00158
 325 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 326 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 327 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 328 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 329 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 330 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 331 ··if·[·!·-e·"$f"·]·;·then
 332 ····continue
 333 ··fi
 334 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 335 ··if·!·test·-z·"$matching_list";·then
 336 ····while·IFS=·read·-r·entry;·do
 337 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 338 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 339 ····done·<<<·"$matching_list"
  
 340 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 341 visudo"
 342 ··fi
 343 done
325 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8344 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
326 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low345 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
327 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low346 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
328 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false347 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
329 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict348 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
330 -·name:·Find·/etc/sudoers.d/·files349 -·name:·Find·/etc/sudoers.d/·files
331 ··ansible.builtin.find:350 ··ansible.builtin.find:
Offset 356, 35 lines modifiedOffset 377, 14 lines modified
356 ··-·NIST-800-53-IA-11377 ··-·NIST-800-53-IA-11
357 ··-·low_complexity378 ··-·low_complexity
358 ··-·low_disruption379 ··-·low_disruption
359 ··-·medium_severity380 ··-·medium_severity
360 ··-·no_reboot_needed381 ··-·no_reboot_needed
361 ··-·restrict_strategy382 ··-·restrict_strategy
362 ··-·sudo_remove_nopasswd383 ··-·sudo_remove_nopasswd
363 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
364 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
365 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
366 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
367 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
368 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
369 ··if·[·!·-e·"$f"·]·;·then 
370 ····continue 
371 ··fi 
372 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
373 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 131266/136714 bytes (96.02%) of diff not shown.
302 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1604-guide-anssi_np_nt28_minimal.html
    
Offset 14774, 147 lines modifiedOffset 14774, 147 lines modified
00039b50:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe00039b50:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
00039b60:·743d·2223·6964·6d31·3736·3722·2074·6162··t="#idm1767"·tab00039b60:·743d·2223·6964·6d31·3736·3722·2074·6162··t="#idm1767"·tab
00039b70:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="00039b70:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
00039b80:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp00039b80:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
00039b90:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti00039b90:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
00039ba0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to00039ba0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
00039bb0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#00039bb0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
 00039bc0:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
 00039bd0:·6865·6c6c·2073·6372·6970·7420·e287·b23c··hell·script·...<
 00039be0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 00039bf0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 00039c00:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 00039c10:·6964·6d31·3736·3722·3e3c·7461·626c·6520··idm1767"><table·
 00039c20:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 00039c30:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 00039c40:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 00039c50:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 00039c60:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
 00039c70:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 00039c80:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 00039c90:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
 00039ca0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 00039cb0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 00039cc0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 00039cd0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 00039ce0:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re
 00039cf0:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>
 00039d00:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
 00039d10:·6465·3e0a·666f·7220·6620·696e·202f·6574··de>.for·f·in·/et
 00039d20:·632f·7375·646f·6572·7320·2f65·7463·2f73··c/sudoers·/etc/s
 00039d30:·7564·6f65·7273·2e64·2f2a·203b·2064·6f0a··udoers.d/*·;·do.
 00039d40:·2020·6966·205b·2021·202d·6520·2224·6622····if·[·!·-e·"$f"
 00039d50:·205d·203b·2074·6865·6e0a·2020·2020·636f···]·;·then.····co
 00039d60:·6e74·696e·7565·0a20·2066·690a·2020·6d61··ntinue.··fi.··ma
 00039d70:·7463·6869·6e67·5f6c·6973·743d·2428·6772··tching_list=$(gr
 00039d80:·6570·202d·5020·275e·283f·2123·292e·2a5b··ep·-P·'^(?!#).*[
 00039d90:·5c73·5d2b·5c21·6175·7468·656e·7469·6361··\s]+\!authentica
 00039da0:·7465·2e2a·2427·2024·6620·7c20·756e·6971··te.*$'·$f·|·uniq
 00039db0:·2029·0a20·2069·6620·2120·7465·7374·202d···).··if·!·test·-
 00039dc0:·7a20·2224·6d61·7463·6869·6e67·5f6c·6973··z·"$matching_lis
 00039dd0:·7422·3b20·7468·656e·0a20·2020·2077·6869··t";·then.····whi
 00039de0:·6c65·2049·4653·3d20·7265·6164·202d·7220··le·IFS=·read·-r·
 00039df0:·656e·7472·793b·2064·6f0a·2020·2020·2020··entry;·do.······
 00039e00:·2320·636f·6d6d·656e·7420·6f75·7420·2221··#·comment·out·"!
 00039e10:·6175·7468·656e·7469·6361·7465·2220·6d61··authenticate"·ma
 00039e20:·7463·6865·7320·746f·2070·7265·7365·7276··tches·to·preserv
 00039e30:·6520·7573·6572·2064·6174·610a·2020·2020··e·user·data.····
 00039e40:·2020·7365·6420·2d69·2022·732f·5e24·7b65····sed·-i·"s/^${e
 00039e50:·6e74·7279·7d24·2f23·2026·616d·703b·2f67··ntry}$/#·&amp;/g
 00039e60:·2220·2466·0a20·2020·2064·6f6e·6520·266c··"·$f.····done·&l
 00039e70:·743b·266c·743b·266c·743b·2022·246d·6174··t;&lt;&lt;·"$mat
 00039e80:·6368·696e·675f·6c69·7374·220a·0a20·2020··ching_list"..···
 00039e90:·202f·7573·722f·7362·696e·2f76·6973·7564···/usr/sbin/visud
 00039ea0:·6f20·2d63·6620·2466·2026·616d·703b·2667··o·-cf·$f·&amp;&g
 00039eb0:·743b·202f·6465·762f·6e75·6c6c·207c·7c20··t;·/dev/null·||·
 00039ec0:·6563·686f·2022·4661·696c·2074·6f20·7661··echo·"Fail·to·va
 00039ed0:·6c69·6461·7465·2024·6620·7769·7468·2076··lidate·$f·with·v
 00039ee0:·6973·7564·6f22·0a20·2066·690a·646f·6e65··isudo".··fi.done
 00039ef0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
 00039f00:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
 00039f10:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
 00039f20:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
 00039f30:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
 00039f40:·743d·2223·6964·6d31·3736·3822·2074·6162··t="#idm1768"·tab
 00039f50:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
 00039f60:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
 00039f70:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
 00039f80:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
 00039f90:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
00039bc0:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A00039fa0:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A
00039bd0:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·.00039fb0:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·.
00039be0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c00039fc0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
00039bf0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll00039fd0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
00039c00:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i00039fe0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
00039c10:·643d·2269·646d·3137·3637·223e·3c74·6162··d="idm1767"><tab 
00039c20:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
00039c30:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
00039c40:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
00039c50:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
00039c60:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
00039c70:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
00039c80:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
00039c90:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
00039ca0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
00039cb0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
00039cc0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
00039cd0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
00039ce0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
00039cf0:·3e72·6573·7472·6963·743c·2f74·643e·3c2f··>restrict</td></ 
00039d00:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
00039d10:·3c63·6f64·653e·2d20·6e61·6d65·3a20·4669··<code>-·name:·Fi 
00039d20:·6e64·202f·6574·632f·7375·646f·6572·732e··nd·/etc/sudoers. 
00039d30:·642f·2066·696c·6573·0a20·2061·6e73·6962··d/·files.··ansib 
00039d40:·6c65·2e62·7569·6c74·696e·2e66·696e·643a··le.builtin.find: 
00039d50:·0a20·2020·2070·6174·6873·3a0a·2020·2020··.····paths:.···· 
00039d60:·2d20·2f65·7463·2f73·7564·6f65·7273·2e64··-·/etc/sudoers.d 
00039d70:·2f0a·2020·7265·6769·7374·6572·3a20·7375··/.··register:·su 
00039d80:·646f·6572·730a·2020·7461·6773·3a0a·2020··doers.··tags:.·· 
00039d90:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM 
00039da0:·2d36·2861·290a·2020·2d20·4e49·5354·2d38··-6(a).··-·NIST-8 
00039db0:·3030·2d35·332d·4941·2d31·310a·2020·2d20··00-53-IA-11.··-· 
00039dc0:·6c6f·775f·636f·6d70·6c65·7869·7479·0a20··low_complexity.· 
00039dd0:·202d·206c·6f77·5f64·6973·7275·7074·696f···-·low_disruptio 
00039de0:·6e0a·2020·2d20·6d65·6469·756d·5f73·6576··n.··-·medium_sev 
00039df0:·6572·6974·790a·2020·2d20·6e6f·5f72·6562··erity.··-·no_reb 
00039e00:·6f6f·745f·6e65·6564·6564·0a20·202d·2072··oot_needed.··-·r 
00039e10:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy 
00039e20:·0a20·202d·2073·7564·6f5f·7265·6d6f·7665··.··-·sudo_remove 
00039e30:·5f6e·6f5f·6175·7468·656e·7469·6361·7465··_no_authenticate 
00039e40:·0a0a·2d20·6e61·6d65·3a20·5265·6d6f·7665··..-·name:·Remove 
00039e50:·206c·696e·6573·2063·6f6e·7461·696e·696e···lines·containin 
00039e60:·6720·2161·7574·6865·6e74·6963·6174·6520··g·!authenticate· 
00039e70:·6672·6f6d·2073·7564·6f65·7273·2066·696c··from·sudoers·fil 
00039e80:·6573·0a20·2061·6e73·6962·6c65·2e62·7569··es.··ansible.bui 
00039e90:·6c74·696e·2e72·6570·6c61·6365·3a0a·2020··ltin.replace:.·· 
00039ea0:·2020·7265·6765·7870·3a20·285e·283f·2123····regexp:·(^(?!# 
00039eb0:·292e·2a5b·5c73·5d2b·5c21·6175·7468·656e··).*[\s]+\!authen 
00039ec0:·7469·6361·7465·2e2a·2429·0a20·2020·2072··ticate.*$).····r 
00039ed0:·6570·6c61·6365·3a20·2723·205c·6726·6c74··eplace:·'#·\g&lt 
00039ee0:·3b31·2667·743b·270a·2020·2020·7061·7468··;1&gt;'.····path 
00039ef0:·3a20·277b·7b20·6974·656d·2e70·6174·6820··:·'{{·item.path· 
00039f00:·7d7d·270a·2020·2020·7661·6c69·6461·7465··}}'.····validate 
00039f10:·3a20·2f75·7372·2f73·6269·6e2f·7669·7375··:·/usr/sbin/visu 
00039f20:·646f·202d·6366·2025·730a·2020·7769·7468··do·-cf·%s.··with 
00039f30:·5f69·7465·6d73·3a0a·2020·2d20·7061·7468··_items:.··-·path 
00039f40:·3a20·2f65·7463·2f73·7564·6f65·7273·0a20··:·/etc/sudoers.· 
00039f50:·202d·2027·7b7b·2073·7564·6f65·7273·2e66···-·'{{·sudoers.f 
Max diff block lines reached; 252462/271396 bytes (93.02%) of diff not shown.
36.5 KB
html2text {}
    
Offset 90, 14 lines modifiedOffset 90, 35 lines modified
90 ···························1.7,·SR·1.8,·SR·1.990 ···························1.7,·SR·1.8,·SR·1.9
91 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,91 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
92 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.392 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
93 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)93 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
94 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-794 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
95 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,95 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
96 ···························SRG-OS-000373-GPOS-0015896 ···························SRG-OS-000373-GPOS-00158
 97 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 98 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 99 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 100 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 101 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 102 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 103 ··if·[·!·-e·"$f"·]·;·then
 104 ····continue
 105 ··fi
 106 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 107 ··if·!·test·-z·"$matching_list";·then
 108 ····while·IFS=·read·-r·entry;·do
 109 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 110 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 111 ····done·<<<·"$matching_list"
  
 112 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 113 visudo"
 114 ··fi
 115 done
97 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8116 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
98 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low117 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
99 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low118 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
100 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false119 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
101 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict120 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
102 -·name:·Find·/etc/sudoers.d/·files121 -·name:·Find·/etc/sudoers.d/·files
103 ··ansible.builtin.find:122 ··ansible.builtin.find:
Offset 128, 35 lines modifiedOffset 149, 14 lines modified
128 ··-·NIST-800-53-IA-11149 ··-·NIST-800-53-IA-11
129 ··-·low_complexity150 ··-·low_complexity
130 ··-·low_disruption151 ··-·low_disruption
131 ··-·medium_severity152 ··-·medium_severity
132 ··-·no_reboot_needed153 ··-·no_reboot_needed
133 ··-·restrict_strategy154 ··-·restrict_strategy
134 ··-·sudo_remove_no_authenticate155 ··-·sudo_remove_no_authenticate
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
140 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
141 ··if·[·!·-e·"$f"·]·;·then 
142 ····continue 
143 ··fi 
144 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
145 ··if·!·test·-z·"$matching_list";·then 
146 ····while·IFS=·read·-r·entry;·do 
147 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
148 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
149 ····done·<<<·"$matching_list" 
  
150 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
151 visudo" 
152 ··fi 
153 done 
154 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o156 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
155 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*157 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
156 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using158 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
157 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure159 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
158 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any160 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
159 sudo·configuration·snippets·in·/etc/sudoers.d/.161 sudo·configuration·snippets·in·/etc/sudoers.d/.
160 ············Without·re-authentication,·users·may·access·resources·or·perform162 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 177, 14 lines modifiedOffset 177, 35 lines modified
177 ···························1.7,·SR·1.8,·SR·1.9177 ···························1.7,·SR·1.8,·SR·1.9
178 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,178 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
179 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3179 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
180 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)180 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
181 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7181 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
182 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,182 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
183 ···························SRG-OS-000373-GPOS-00158183 ···························SRG-OS-000373-GPOS-00158
 184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 185 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 186 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 187 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 188 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 189 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 190 ··if·[·!·-e·"$f"·]·;·then
 191 ····continue
 192 ··fi
 193 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 194 ··if·!·test·-z·"$matching_list";·then
 195 ····while·IFS=·read·-r·entry;·do
 196 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 197 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 198 ····done·<<<·"$matching_list"
  
 199 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 200 visudo"
 201 ··fi
 202 done
184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8203 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
185 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low204 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
186 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low205 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
187 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false206 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
188 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict207 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
189 -·name:·Find·/etc/sudoers.d/·files208 -·name:·Find·/etc/sudoers.d/·files
190 ··ansible.builtin.find:209 ··ansible.builtin.find:
Offset 215, 35 lines modifiedOffset 236, 14 lines modified
215 ··-·NIST-800-53-IA-11236 ··-·NIST-800-53-IA-11
216 ··-·low_complexity237 ··-·low_complexity
217 ··-·low_disruption238 ··-·low_disruption
218 ··-·medium_severity239 ··-·medium_severity
219 ··-·no_reboot_needed240 ··-·no_reboot_needed
220 ··-·restrict_strategy241 ··-·restrict_strategy
221 ··-·sudo_remove_nopasswd242 ··-·sudo_remove_nopasswd
222 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
223 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
224 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
225 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
226 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
227 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
228 ··if·[·!·-e·"$f"·]·;·then 
229 ····continue 
230 ··fi 
231 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
232 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 31928/37385 bytes (85.40%) of diff not shown.
1.2 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu1604-guide-anssi_np_nt28_restrictive.html
    
Offset 16010, 146 lines modifiedOffset 16010, 146 lines modified
0003e890:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003e890:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003e8a0:·6d31·3736·3722·2074·6162·696e·6465·783d··m1767"·tabindex=0003e8a0:·6d31·3736·3722·2074·6162·696e·6465·783d··m1767"·tabindex=
0003e8b0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003e8b0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003e8c0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003e8c0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003e8d0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003e8d0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003e8e0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003e8e0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
0003e8f0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003e8f0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
 0003e900:·6564·6961·7469·6f6e·2053·6865·6c6c·2073··ediation·Shell·s
 0003e910:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br
 0003e920:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
 0003e930:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
 0003e940:·6170·7365·2220·6964·3d22·6964·6d31·3736··apse"·id="idm176
 0003e950:·3722·3e3c·7461·626c·6520·636c·6173·733d··7"><table·class=
 0003e960:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
 0003e970:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
 0003e980:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
 0003e990:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
 0003e9a0:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
 0003e9b0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003e9c0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
 0003e9d0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003e9e0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
 0003e9f0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
 0003ea00:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
 0003ea10:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
 0003ea20:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict
 0003ea30:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
 0003ea40:·653e·3c70·7265·3e3c·636f·6465·3e0a·666f··e><pre><code>.fo
 0003ea50:·7220·6620·696e·202f·6574·632f·7375·646f··r·f·in·/etc/sudo
 0003ea60:·6572·7320·2f65·7463·2f73·7564·6f65·7273··ers·/etc/sudoers
 0003ea70:·2e64·2f2a·203b·2064·6f0a·2020·6966·205b··.d/*·;·do.··if·[
 0003ea80:·2021·202d·6520·2224·6622·205d·203b·2074···!·-e·"$f"·]·;·t
 0003ea90:·6865·6e0a·2020·2020·636f·6e74·696e·7565··hen.····continue
 0003eaa0:·0a20·2066·690a·2020·6d61·7463·6869·6e67··.··fi.··matching
 0003eab0:·5f6c·6973·743d·2428·6772·6570·202d·5020··_list=$(grep·-P·
 0003eac0:·275e·283f·2123·292e·2a5b·5c73·5d2b·5c21··'^(?!#).*[\s]+\!
 0003ead0:·6175·7468·656e·7469·6361·7465·2e2a·2427··authenticate.*$'
 0003eae0:·2024·6620·7c20·756e·6971·2029·0a20·2069···$f·|·uniq·).··i
 0003eaf0:·6620·2120·7465·7374·202d·7a20·2224·6d61··f·!·test·-z·"$ma
 0003eb00:·7463·6869·6e67·5f6c·6973·7422·3b20·7468··tching_list";·th
 0003eb10:·656e·0a20·2020·2077·6869·6c65·2049·4653··en.····while·IFS
 0003eb20:·3d20·7265·6164·202d·7220·656e·7472·793b··=·read·-r·entry;
 0003eb30:·2064·6f0a·2020·2020·2020·2320·636f·6d6d···do.······#·comm
 0003eb40:·656e·7420·6f75·7420·2221·6175·7468·656e··ent·out·"!authen
 0003eb50:·7469·6361·7465·2220·6d61·7463·6865·7320··ticate"·matches·
 0003eb60:·746f·2070·7265·7365·7276·6520·7573·6572··to·preserve·user
 0003eb70:·2064·6174·610a·2020·2020·2020·7365·6420···data.······sed·
 0003eb80:·2d69·2022·732f·5e24·7b65·6e74·7279·7d24··-i·"s/^${entry}$
 0003eb90:·2f23·2026·616d·703b·2f67·2220·2466·0a20··/#·&amp;/g"·$f.·
 0003eba0:·2020·2064·6f6e·6520·266c·743b·266c·743b·····done·&lt;&lt;
 0003ebb0:·266c·743b·2022·246d·6174·6368·696e·675f··&lt;·"$matching_
 0003ebc0:·6c69·7374·220a·0a20·2020·202f·7573·722f··list"..····/usr/
 0003ebd0:·7362·696e·2f76·6973·7564·6f20·2d63·6620··sbin/visudo·-cf·
 0003ebe0:·2466·2026·616d·703b·2667·743b·202f·6465··$f·&amp;&gt;·/de
 0003ebf0:·762f·6e75·6c6c·207c·7c20·6563·686f·2022··v/null·||·echo·"
 0003ec00:·4661·696c·2074·6f20·7661·6c69·6461·7465··Fail·to·validate
 0003ec10:·2024·6620·7769·7468·2076·6973·7564·6f22···$f·with·visudo"
 0003ec20:·0a20·2066·690a·646f·6e65·0a3c·2f63·6f64··.··fi.done.</cod
 0003ec30:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a
 0003ec40:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-
 0003ec50:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to
 0003ec60:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·
 0003ec70:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
 0003ec80:·6d31·3736·3822·2074·6162·696e·6465·783d··m1768"·tabindex=
 0003ec90:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
 0003eca0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
 0003ecb0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
 0003ecc0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
 0003ecd0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
0003e900:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible0003ece0:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible
0003e910:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>0003ecf0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>
0003e920:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="0003ed00:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003e930:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c0003ed10:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003e940:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm0003ed20:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003e950:·3137·3637·223e·3c74·6162·6c65·2063·6c61··1767"><table·cla0003ed30:·3137·3638·223e·3c74·6162·6c65·2063·6c61··1768"><table·cla
0003e960:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-0003ed40:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
0003e970:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo0003ed50:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
0003e980:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con0003ed60:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
0003e990:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>0003ed70:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
0003e9a0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>0003ed80:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003e9b0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr0003ed90:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
0003e9c0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003e9d0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003e9e0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003e9f0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003ea00:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003ea10:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003ea20:·793a·3c2f·7468·3e3c·7464·3e72·6573·7472··y:</th><td>restr 
0003ea30:·6963·743c·2f74·643e·3c2f·7472·3e3c·2f74··ict</td></tr></t 
0003ea40:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003ea50:·2d20·6e61·6d65·3a20·4669·6e64·202f·6574··-·name:·Find·/et 
0003ea60:·632f·7375·646f·6572·732e·642f·2066·696c··c/sudoers.d/·fil 
0003ea70:·6573·0a20·2061·6e73·6962·6c65·2e62·7569··es.··ansible.bui 
0003ea80:·6c74·696e·2e66·696e·643a·0a20·2020·2070··ltin.find:.····p 
0003ea90:·6174·6873·3a0a·2020·2020·2d20·2f65·7463··aths:.····-·/etc 
0003eaa0:·2f73·7564·6f65·7273·2e64·2f0a·2020·7265··/sudoers.d/.··re 
0003eab0:·6769·7374·6572·3a20·7375·646f·6572·730a··gister:·sudoers. 
0003eac0:·2020·7461·6773·3a0a·2020·2d20·4e49·5354····tags:.··-·NIST 
0003ead0:·2d38·3030·2d35·332d·434d·2d36·2861·290a··-800-53-CM-6(a). 
0003eae0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53- 
0003eaf0:·4941·2d31·310a·2020·2d20·6c6f·775f·636f··IA-11.··-·low_co 
0003eb00:·6d70·6c65·7869·7479·0a20·202d·206c·6f77··mplexity.··-·low 
0003eb10:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-· 
0003eb20:·6d65·6469·756d·5f73·6576·6572·6974·790a··medium_severity. 
0003eb30:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne 
0003eb40:·6564·6564·0a20·202d·2072·6573·7472·6963··eded.··-·restric 
0003eb50:·745f·7374·7261·7465·6779·0a20·202d·2073··t_strategy.··-·s 
0003eb60:·7564·6f5f·7265·6d6f·7665·5f6e·6f5f·6175··udo_remove_no_au 
0003eb70:·7468·656e·7469·6361·7465·0a0a·2d20·6e61··thenticate..-·na 
0003eb80:·6d65·3a20·5265·6d6f·7665·206c·696e·6573··me:·Remove·lines 
0003eb90:·2063·6f6e·7461·696e·696e·6720·2161·7574···containing·!aut 
0003eba0:·6865·6e74·6963·6174·6520·6672·6f6d·2073··henticate·from·s 
0003ebb0:·7564·6f65·7273·2066·696c·6573·0a20·2061··udoers·files.··a 
0003ebc0:·6e73·6962·6c65·2e62·7569·6c74·696e·2e72··nsible.builtin.r 
0003ebd0:·6570·6c61·6365·3a0a·2020·2020·7265·6765··eplace:.····rege 
0003ebe0:·7870·3a20·285e·283f·2123·292e·2a5b·5c73··xp:·(^(?!#).*[\s 
0003ebf0:·5d2b·5c21·6175·7468·656e·7469·6361·7465··]+\!authenticate 
0003ec00:·2e2a·2429·0a20·2020·2072·6570·6c61·6365··.*$).····replace 
0003ec10:·3a20·2723·205c·6726·6c74·3b31·2667·743b··:·'#·\g&lt;1&gt; 
0003ec20:·270a·2020·2020·7061·7468·3a20·277b·7b20··'.····path:·'{{· 
0003ec30:·6974·656d·2e70·6174·6820·7d7d·270a·2020··item.path·}}'.·· 
0003ec40:·2020·7661·6c69·6461·7465·3a20·2f75·7372····validate:·/usr 
0003ec50:·2f73·6269·6e2f·7669·7375·646f·202d·6366··/sbin/visudo·-cf 
0003ec60:·2025·730a·2020·7769·7468·5f69·7465·6d73···%s.··with_items 
0003ec70:·3a0a·2020·2d20·7061·7468·3a20·2f65·7463··:.··-·path:·/etc 
0003ec80:·2f73·7564·6f65·7273·0a20·202d·2027·7b7b··/sudoers.··-·'{{ 
0003ec90:·2073·7564·6f65·7273·2e66·696c·6573·207d···sudoers.files·} 
Max diff block lines reached; 1106992/1125788 bytes (98.33%) of diff not shown.
132 KB
html2text {}
    
Offset 229, 14 lines modifiedOffset 229, 35 lines modified
229 ···························1.7,·SR·1.8,·SR·1.9229 ···························1.7,·SR·1.8,·SR·1.9
230 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,230 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
231 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3231 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
232 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)232 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
233 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7233 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
234 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,234 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
235 ···························SRG-OS-000373-GPOS-00158235 ···························SRG-OS-000373-GPOS-00158
 236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 237 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 238 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 239 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 240 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 241 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 242 ··if·[·!·-e·"$f"·]·;·then
 243 ····continue
 244 ··fi
 245 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 246 ··if·!·test·-z·"$matching_list";·then
 247 ····while·IFS=·read·-r·entry;·do
 248 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 249 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 250 ····done·<<<·"$matching_list"
  
 251 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 252 visudo"
 253 ··fi
 254 done
236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8255 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
237 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low256 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
238 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low257 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
239 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false258 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
240 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict259 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
241 -·name:·Find·/etc/sudoers.d/·files260 -·name:·Find·/etc/sudoers.d/·files
242 ··ansible.builtin.find:261 ··ansible.builtin.find:
Offset 267, 35 lines modifiedOffset 288, 14 lines modified
267 ··-·NIST-800-53-IA-11288 ··-·NIST-800-53-IA-11
268 ··-·low_complexity289 ··-·low_complexity
269 ··-·low_disruption290 ··-·low_disruption
270 ··-·medium_severity291 ··-·medium_severity
271 ··-·no_reboot_needed292 ··-·no_reboot_needed
272 ··-·restrict_strategy293 ··-·restrict_strategy
273 ··-·sudo_remove_no_authenticate294 ··-·sudo_remove_no_authenticate
274 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
275 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
276 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
277 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
278 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
279 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
280 ··if·[·!·-e·"$f"·]·;·then 
281 ····continue 
282 ··fi 
283 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
284 ··if·!·test·-z·"$matching_list";·then 
285 ····while·IFS=·read·-r·entry;·do 
286 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
287 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
288 ····done·<<<·"$matching_list" 
  
289 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
290 visudo" 
291 ··fi 
292 done 
293 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o295 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
294 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*296 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
295 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using297 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
296 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure298 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
297 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any299 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
298 sudo·configuration·snippets·in·/etc/sudoers.d/.300 sudo·configuration·snippets·in·/etc/sudoers.d/.
299 ············Without·re-authentication,·users·may·access·resources·or·perform301 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 316, 14 lines modifiedOffset 316, 35 lines modified
316 ···························1.7,·SR·1.8,·SR·1.9316 ···························1.7,·SR·1.8,·SR·1.9
317 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,317 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
318 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3318 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
319 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)319 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
320 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7320 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
321 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,321 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
322 ···························SRG-OS-000373-GPOS-00158322 ···························SRG-OS-000373-GPOS-00158
 323 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 324 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 325 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 326 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 327 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 328 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 329 ··if·[·!·-e·"$f"·]·;·then
 330 ····continue
 331 ··fi
 332 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 333 ··if·!·test·-z·"$matching_list";·then
 334 ····while·IFS=·read·-r·entry;·do
 335 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 336 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 337 ····done·<<<·"$matching_list"
  
 338 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 339 visudo"
 340 ··fi
 341 done
323 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8342 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
324 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low343 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
325 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low344 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
326 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false345 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
327 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict346 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
328 -·name:·Find·/etc/sudoers.d/·files347 -·name:·Find·/etc/sudoers.d/·files
329 ··ansible.builtin.find:348 ··ansible.builtin.find:
Offset 354, 35 lines modifiedOffset 375, 14 lines modified
354 ··-·NIST-800-53-IA-11375 ··-·NIST-800-53-IA-11
355 ··-·low_complexity376 ··-·low_complexity
356 ··-·low_disruption377 ··-·low_disruption
357 ··-·medium_severity378 ··-·medium_severity
358 ··-·no_reboot_needed379 ··-·no_reboot_needed
359 ··-·restrict_strategy380 ··-·restrict_strategy
360 ··-·sudo_remove_nopasswd381 ··-·sudo_remove_nopasswd
361 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
362 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
363 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
364 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
365 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
366 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
367 ··if·[·!·-e·"$f"·]·;·then 
368 ····continue 
369 ··fi 
370 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
371 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 129451/134899 bytes (95.96%) of diff not shown.
1.23 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu1604-guide-standard.html
    
Offset 16217, 783 lines modifiedOffset 16217, 783 lines modified
0003f580:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe0003f580:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003f590:·743d·2223·6964·6d34·3936·3922·2074·6162··t="#idm4969"·tab0003f590:·743d·2223·6964·6d34·3936·3922·2074·6162··t="#idm4969"·tab
0003f5a0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="0003f5a0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003f5b0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp0003f5b0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003f5c0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti0003f5c0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003f5d0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to0003f5d0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
Diff chunk too large, falling back to line-by-line diff (769 lines added, 769 lines removed)
0003f5e0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#0003f5e0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003f5f0:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A0003f5f0:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
0003f600:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·.0003f600:·6865·6c6c·2073·6372·6970·7420·e287·b23c··hell·script·...<
0003f610:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c0003f610:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
0003f620:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll0003f620:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
0003f630:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i0003f630:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
0003f640:·643d·2269·646d·3439·3639·223e·3c74·6162··d="idm4969"><tab0003f640:·6964·6d34·3936·3922·3e3c·7072·653e·3c63··idm4969"><pre><c
0003f650:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·0003f650:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
0003f660:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta0003f660:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
0003f670:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab0003f670:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
0003f680:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t0003f680:·706c·6174·666f·726d·730a·6966·2064·706b··platforms.if·dpk
0003f690:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity0003f690:·672d·7175·6572·7920·2d2d·7368·6f77·202d··g-query·--show·-
0003f6a0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t0003f6a0:·2d73·686f·7766·6f72·6d61·743d·2724·7b64··-showformat='${d
0003f6b0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D0003f6b0:·623a·5374·6174·7573·2d53·7461·7475·737d··b:Status-Status}
0003f6c0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><0003f6c0:·0a27·2027·6c69·6e75·782d·6261·7365·2720··.'·'linux-base'·
0003f6d0:·7464·3e6d·6564·6975·6d3c·2f74·643e·3c2f··td>medium</td></0003f6d0:·3226·6774·3b2f·6465·762f·6e75·6c6c·207c··2&gt;/dev/null·|
0003f6e0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo0003f6e0:·2067·7265·7020·2d71·205e·696e·7374·616c···grep·-q·^instal
0003f6f0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false0003f6f0:·6c65·6420·2661·6d70·3b26·616d·703b·2064··led·&amp;&amp;·d
0003f700:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003f700:·706b·672d·7175·6572·7920·2d2d·7368·6f77··pkg-query·--show
0003f710:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>0003f710:·202d·2d73·686f·7766·6f72·6d61·743d·2724···--showformat='$
0003f720:·3c74·643e·636f·6e66·6967·7572·653c·2f74··<td>configure</t0003f720:·7b64·623a·5374·6174·7573·2d53·7461·7475··{db:Status-Statu
0003f730:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><0003f730:·737d·5c6e·2720·2772·7379·736c·6f67·2720··s}\n'·'rsyslog'·
0003f740:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name0003f740:·3226·6774·3b2f·6465·762f·6e75·6c6c·207c··2&gt;/dev/null·|
0003f750:·3a20·4761·7468·6572·2074·6865·2070·6163··:·Gather·the·pac0003f750:·2067·7265·7020·2d71·2027·5e69·6e73·7461···grep·-q·'^insta
0003f760:·6b61·6765·2066·6163·7473·0a20·2070·6163··kage·facts.··pac0003f760:·6c6c·6564·273b·2074·6865·6e0a·0a23·204c··lled';·then..#·L
0003f770:·6b61·6765·5f66·6163·7473·3a0a·2020·2020··kage_facts:.····0003f770:·6973·7420·6f66·206c·6f67·2066·696c·6520··ist·of·log·file·
0003f780:·6d61·6e61·6765·723a·2061·7574·6f0a·2020··manager:·auto.··0003f780:·7061·7468·7320·746f·2062·6520·696e·7370··paths·to·be·insp
0003f790:·7461·6773·3a0a·2020·2d20·4e49·5354·2d38··tags:.··-·NIST-80003f790:·6563·7465·6420·666f·7220·636f·7272·6563··ected·for·correc
0003f7a0:·3030·2d35·332d·4143·2d36·2831·290a·2020··00-53-AC-6(1).··0003f7a0:·7420·7065·726d·6973·7369·6f6e·730a·2320··t·permissions.#·
0003f7b0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003f7b0:·2a20·5072·696d·6172·696c·7920·696e·7370··*·Primarily·insp
0003f7c0:·2d36·2861·290a·2020·2d20·5043·492d·4453··-6(a).··-·PCI-DS0003f7c0:·6563·7420·6c6f·6720·6669·6c65·2070·6174··ect·log·file·pat
0003f7d0:·532d·5265·712d·3130·2e35·2e31·0a20·202d··S-Req-10.5.1.··-0003f7d0:·6873·206c·6973·7465·6420·696e·202f·6574··hs·listed·in·/et
0003f7e0:·2050·4349·2d44·5353·2d52·6571·2d31·302e···PCI-DSS-Req-10.0003f7e0:·632f·7273·7973·6c6f·672e·636f·6e66·0a52··c/rsyslog.conf.R
0003f7f0:·352e·320a·2020·2d20·5043·492d·4453·5376··5.2.··-·PCI-DSSv0003f7f0:·5359·534c·4f47·5f45·5443·5f43·4f4e·4649··SYSLOG_ETC_CONFI
0003f800:·342d·3130·2e33·0a20·202d·2050·4349·2d44··4-10.3.··-·PCI-D0003f800:·473d·222f·6574·632f·7273·7973·6c6f·672e··G="/etc/rsyslog.
0003f810:·5353·7634·2d31·302e·332e·320a·2020·2d20··SSv4-10.3.2.··-·0003f810:·636f·6e66·220a·2320·2a20·416e·6420·616c··conf".#·*·And·al
0003f820:·636f·6e66·6967·7572·655f·7374·7261·7465··configure_strate0003f820:·736f·2074·6865·206c·6f67·2066·696c·6520··so·the·log·file·
0003f830:·6779·0a20·202d·206c·6f77·5f63·6f6d·706c··gy.··-·low_compl0003f830:·7061·7468·7320·6c69·7374·6564·2061·6674··paths·listed·aft
0003f840:·6578·6974·790a·2020·2d20·6d65·6469·756d··exity.··-·medium0003f840:·6572·2072·7379·736c·6f67·2773·2024·496e··er·rsyslog's·$In
0003f850:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·0003f850:·636c·7564·6543·6f6e·6669·6720·6469·7265··cludeConfig·dire
0003f860:·6d65·6469·756d·5f73·6576·6572·6974·790a··medium_severity.0003f860:·6374·6976·650a·2320·2020·2873·746f·7265··ctive.#···(store
0003f870:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne0003f870:·2074·6865·2072·6573·756c·7420·696e·746f···the·result·into
0003f880:·6564·6564·0a20·202d·2072·7379·736c·6f67··eded.··-·rsyslog0003f880:·2061·7272·6179·2066·6f72·2074·6865·2063···array·for·the·c
0003f890:·5f66·696c·6573·5f67·726f·7570·6f77·6e65··_files_groupowne0003f890:·6173·6520·7468·6572·6527·7320·7368·656c··ase·there's·shel
0003f8a0:·7273·6869·700a·0a2d·206e·616d·653a·2045··rship..-·name:·E0003f8a0:·6c20·676c·6f62·2075·7365·6420·6173·2076··l·glob·used·as·v
0003f8b0:·6e73·7572·6520·4c6f·6720·4669·6c65·7320··nsure·Log·Files·0003f8b0:·616c·7565·206f·6620·496e·636c·7564·6543··alue·of·IncludeC
0003f8c0:·4172·6520·4f77·6e65·6420·4279·2041·7070··Are·Owned·By·App0003f8c0:·6f6e·6669·6729·0a72·6561·6461·7272·6179··onfig).readarray
0003f8d0:·726f·7072·6961·7465·2047·726f·7570·202d··ropriate·Group·-0003f8d0:·202d·7420·4f4c·445f·494e·4320·266c·743b···-t·OLD_INC·&lt;
0003f8e0:·2053·6574·2072·7379·736c·6f67·206c·6f67···Set·rsyslog·log0003f8e0:·2026·6c74·3b28·6772·6570·202d·6520·225c···&lt;(grep·-e·"\
0003f8f0:·6669·6c65·2063·6f6e·6669·6775·7261·7469··file·configurati0003f8f0:·2449·6e63·6c75·6465·436f·6e66·6967·5b5b··$IncludeConfig[[
0003f900:·6f6e·0a20·2020·2066·6163·7473·0a20·2061··on.····facts.··a0003f900:·3a73·7061·6365·3a5d·5d5c·2b5b·5e5b·3a73··:space:]]\+[^[:s
0003f910:·6e73·6962·6c65·2e62·7569·6c74·696e·2e73··nsible.builtin.s0003f910:·7061·6365·3a5d·3b5d·5c2b·2220·2f65·7463··pace:];]\+"·/etc
0003f920:·6574·5f66·6163·743a·0a20·2020·2072·7379··et_fact:.····rsy0003f920:·2f72·7379·736c·6f67·2e63·6f6e·6620·7c20··/rsyslog.conf·|·
0003f930:·736c·6f67·5f65·7463·5f63·6f6e·6669·673a··slog_etc_config:0003f930:·6375·7420·2d64·2027·2027·202d·6620·3229··cut·-d·'·'·-f·2)
0003f940:·202f·6574·632f·7273·7973·6c6f·672e·636f···/etc/rsyslog.co0003f940:·0a72·6561·6461·7272·6179·202d·7420·5253··.readarray·-t·RS
0003f950:·6e66·0a20·2077·6865·6e3a·0a20·202d·2027··nf.··when:.··-·'0003f950:·5953·4c4f·475f·494e·434c·5544·455f·434f··YSLOG_INCLUDE_CO
0003f960:·226c·696e·7578·2d62·6173·6522·2069·6e20··"linux-base"·in·0003f960:·4e46·4947·2026·6c74·3b20·266c·743b·2866··NFIG·&lt;·&lt;(f
0003f970:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003f970:·6f72·2049·4e43·5041·5448·2069·6e20·2224··or·INCPATH·in·"$
0003f980:·636b·6167·6573·270a·2020·2d20·2722·7273··ckages'.··-·'"rs0003f980:·7b4f·4c44·5f49·4e43·5b40·5d7d·223b·2064··{OLD_INC[@]}";·d
0003f990:·7973·6c6f·6722·2069·6e20·616e·7369·626c··yslog"·in·ansibl0003f990:·6f20·6576·616c·2070·7269·6e74·6620·2725··o·eval·printf·'%
0003f9a0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003f9a0:·735c·5c6e·2720·2224·7b49·4e43·5041·5448··s\\n'·"${INCPATH
0003f9b0:·270a·2020·7461·6773·3a0a·2020·2d20·4e49··'.··tags:.··-·NI0003f9b0:·7d22·3b20·646f·6e65·290a·7265·6164·6172··}";·done).readar
0003f9c0:·5354·2d38·3030·2d35·332d·4143·2d36·2831··ST-800-53-AC-6(10003f9c0:·7261·7920·2d74·204e·4557·5f49·4e43·2026··ray·-t·NEW_INC·&
0003f9d0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003f9d0:·6c74·3b20·266c·743b·2873·6564·202d·6e20··lt;·&lt;(sed·-n·
0003f9e0:·332d·434d·2d36·2861·290a·2020·2d20·5043··3-CM-6(a).··-·PC0003f9e0:·272f·5e5c·732a·696e·636c·7564·6528·2f2c··'/^\s*include(/,
0003f9f0:·492d·4453·532d·5265·712d·3130·2e35·2e31··I-DSS-Req-10.5.10003f9f0:·2f29·2f49·7027·202f·6574·632f·7273·7973··/)/Ip'·/etc/rsys
0003fa00:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003fa00:·6c6f·672e·636f·6e66·207c·2073·6564·202d··log.conf·|·sed·-
0003fa10:·2d31·302e·352e·320a·2020·2d20·5043·492d··-10.5.2.··-·PCI-0003fa10:·6e20·2773·402e·2a66·696c·655c·732a·3d5c··n·'s@.*file\s*=\
0003fa20:·4453·5376·342d·3130·2e33·0a20·202d·2050··DSSv4-10.3.··-·P0003fa20:·732a·225c·285b·2f5b·3a61·6c6e·756d·3a5d··s*"\([/[:alnum:]
0003fa30:·4349·2d44·5353·7634·2d31·302e·332e·320a··CI-DSSv4-10.3.2.0003fa30:·5b3a·7075·6e63·743a·5d5d·2a5c·2922·2e2a··[:punct:]]*\)".*
0003fa40:·2020·2d20·636f·6e66·6967·7572·655f·7374····-·configure_st0003fa40:·405c·3140·4970·2729·0a72·6561·6461·7272··@\1@Ip').readarr
0003fa50:·7261·7465·6779·0a20·202d·206c·6f77·5f63··rategy.··-·low_c0003fa50:·6179·202d·7420·5253·5953·4c4f·475f·494e··ay·-t·RSYSLOG_IN
0003fa60:·6f6d·706c·6578·6974·790a·2020·2d20·6d65··omplexity.··-·me0003fa60:·434c·5544·4520·266c·743b·2026·6c74·3b28··CLUDE·&lt;·&lt;(
0003fa70:·6469·756d·5f64·6973·7275·7074·696f·6e0a··dium_disruption.0003fa70:·666f·7220·494e·4350·4154·4820·696e·2022··for·INCPATH·in·"
0003fa80:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever0003fa80:·247b·4e45·575f·494e·435b·405d·7d22·3b20··${NEW_INC[@]}";·
0003fa90:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo0003fa90:·646f·2065·7661·6c20·7072·696e·7466·2027··do·eval·printf·'
0003faa0:·745f·6e65·6564·6564·0a20·202d·2072·7379··t_needed.··-·rsy0003faa0:·2573·5c5c·6e27·2022·247b·494e·4350·4154··%s\\n'·"${INCPAT
0003fab0:·736c·6f67·5f66·696c·6573·5f67·726f·7570··slog_files_group0003fab0:·487d·223b·2064·6f6e·6529·0a0a·2320·4465··H}";·done)..#·De
0003fac0:·6f77·6e65·7273·6869·700a·0a2d·206e·616d··ownership..-·nam0003fac0:·636c·6172·6520·616e·2061·7272·6179·2074··clare·an·array·t
0003fad0:·653a·2045·6e73·7572·6520·4c6f·6720·4669··e:·Ensure·Log·Fi0003fad0:·6f20·686f·6c64·2074·6865·2066·696e·616c··o·hold·the·final
0003fae0:·6c65·7320·4172·6520·4f77·6e65·6420·4279··les·Are·Owned·By0003fae0:·206c·6973·7420·6f66·2064·6966·6665·7265···list·of·differe
0003faf0:·2041·7070·726f·7072·6961·7465·2047·726f···Appropriate·Gro0003faf0:·6e74·206c·6f67·2066·696c·6520·7061·7468··nt·log·file·path
0003fb00:·7570·202d·2047·6574·2049·6e63·6c75·6465··up·-·Get·Include0003fb00:·730a·6465·636c·6172·6520·2d61·204c·4f47··s.declare·-a·LOG
0003fb10:·436f·6e66·6967·2064·6972·6563·7469·7665··Config·directive0003fb10:·5f46·494c·455f·5041·5448·530a·0a23·2041··_FILE_PATHS..#·A
0003fb20:·0a20·2061·6e73·6962·6c65·2e62·7569·6c74··.··ansible.built0003fb20:·7272·6179·2074·6f20·686f·6c64·2061·6c6c··rray·to·hold·all
0003fb30:·696e·2e73·6865·6c6c·3a20·7c0a·2020·2020··in.shell:·|.····0003fb30:·2072·7379·736c·6f67·2063·6f6e·6669·6720···rsyslog·config·
0003fb40:·7365·7420·2d6f·2070·6970·6566·6169·6c0a··set·-o·pipefail.0003fb40:·656e·7472·6965·730a·5253·5953·4c4f·475f··entries.RSYSLOG_
0003fb50:·2020·2020·6772·6570·202d·6520·2724·496e······grep·-e·'$In0003fb50:·434f·4e46·4947·533d·2829·0a52·5359·534c··CONFIGS=().RSYSL
0003fb60:·636c·7564·6543·6f6e·6669·6727·207b·7b20··cludeConfig'·{{·0003fb60:·4f47·5f43·4f4e·4649·4753·3d28·2224·7b52··OG_CONFIGS=("${R
0003fb70:·7273·7973·6c6f·675f·6574·635f·636f·6e66··rsyslog_etc_conf0003fb70:·5359·534c·4f47·5f45·5443·5f43·4f4e·4649··SYSLOG_ETC_CONFI
0003fb80:·6967·207d·7d20·7c20·6375·7420·2d64·2027··ig·}}·|·cut·-d·'0003fb80:·477d·2220·2224·7b52·5359·534c·4f47·5f49··G}"·"${RSYSLOG_I
0003fb90:·2027·202d·6620·3220·7c7c·2074·7275·650a···'·-f·2·||·true.0003fb90:·4e43·4c55·4445·5f43·4f4e·4649·475b·405d··NCLUDE_CONFIG[@]
0003fba0:·2020·7265·6769·7374·6572·3a20·7273·7973····register:·rsys0003fba0:·7d22·2022·247b·5253·5953·4c4f·475f·494e··}"·"${RSYSLOG_IN
0003fbb0:·6c6f·675f·6f6c·645f·696e·630a·2020·6368··log_old_inc.··ch0003fbb0:·434c·5544·455b·405d·7d22·290a·0a23·2047··CLUDE[@]}")..#·G
0003fbc0:·616e·6765·645f·7768·656e·3a20·6661·6c73··anged_when:·fals0003fbc0:·6574·2066·756c·6c20·6c69·7374·206f·6620··et·full·list·of·
0003fbd0:·650a·2020·7768·656e·3a0a·2020·2d20·2722··e.··when:.··-·'"0003fbd0:·6669·6c65·7320·746f·2062·6520·6368·6563··files·to·be·chec
0003fbe0:·6c69·6e75·782d·6261·7365·2220·696e·2061··linux-base"·in·a0003fbe0:·6b65·640a·2320·5253·5953·4c4f·475f·434f··ked.#·RSYSLOG_CO
0003fbf0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003fbf0:·4e46·4947·5320·6d61·7920·636f·6e74·6169··NFIGS·may·contai
0003fc00:·6b61·6765·7327·0a20·202d·2027·2272·7379··kages'.··-·'"rsy0003fc00:·6e20·676c·6f62·7320·7375·6368·2061·730a··n·globs·such·as.
0003fc10:·736c·6f67·2220·696e·2061·6e73·6962·6c65··slog"·in·ansible0003fc10:·2320·2f65·7463·2f72·7379·736c·6f67·2e64··#·/etc/rsyslog.d
0003fc20:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'0003fc20:·2f2a·2e63·6f6e·6620·2f65·7463·2f72·7379··/*.conf·/etc/rsy
0003fc30:·0a20·2074·6167·733a·0a20·202d·204e·4953··.··tags:.··-·NIS0003fc30:·736c·6f67·2e64·2f2a·2e66·7275·6c65·0a23··slog.d/*.frule.#
0003fc40:·542d·3830·302d·3533·2d41·432d·3628·3129··T-800-53-AC-6(1)0003fc40:·2053·6f2c·206c·6f6f·7020·6f76·6572·2074···So,·loop·over·t
0003fc50:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003fc50:·6865·2065·6e74·7269·6573·2069·6e20·5253··he·entries·in·RS
0003fc60:·2d43·4d2d·3628·6129·0a20·202d·2050·4349··-CM-6(a).··-·PCI0003fc60:·5953·4c4f·475f·434f·4e46·4947·5320·616e··YSLOG_CONFIGS·an
0003fc70:·2d44·5353·2d52·6571·2d31·302e·352e·310a··-DSS-Req-10.5.1.0003fc70:·6420·7573·6520·6669·6e64·2074·6f20·6765··d·use·find·to·ge
0003fc80:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-0003fc80:·7420·7468·6520·6c69·7374·206f·6620·696e··t·the·list·of·in
0003fc90:·3130·2e35·2e32·0a20·202d·2050·4349·2d44··10.5.2.··-·PCI-D0003fc90:·636c·7564·6564·2066·696c·6573·2e0a·5253··cluded·files..RS
0003fca0:·5353·7634·2d31·302e·330a·2020·2d20·5043··SSv4-10.3.··-·PC0003fca0:·5953·4c4f·475f·434f·4e46·4947·5f46·494c··YSLOG_CONFIG_FIL
0003fcb0:·492d·4453·5376·342d·3130·2e33·2e32·0a20··I-DSSv4-10.3.2.·0003fcb0:·4553·3d28·290a·666f·7220·454e·5452·5920··ES=().for·ENTRY·
0003fcc0:·202d·2063·6f6e·6669·6775·7265·5f73·7472···-·configure_str0003fcc0:·696e·2022·247b·5253·5953·4c4f·475f·434f··in·"${RSYSLOG_CO
0003fcd0:·6174·6567·790a·2020·2d20·6c6f·775f·636f··ategy.··-·low_co0003fcd0:·4e46·4947·535b·405d·7d22·0a64·6f0a·0923··NFIGS[@]}".do..#
0003fce0:·6d70·6c65·7869·7479·0a20·202d·206d·6564··mplexity.··-·med0003fce0:·2049·6620·6469·7265·6374·6f72·792c·2072···If·directory,·r
0003fcf0:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·0003fcf0:·7379·736c·6f67·2077·696c·6c20·7365·6172··syslog·will·sear
0003fd00:·202d·206d·6564·6975·6d5f·7365·7665·7269···-·medium_severi0003fd00:·6368·2066·6f72·2063·6f6e·6669·6720·6669··ch·for·config·fi
0003fd10:·7479·0a20·202d·206e·6f5f·7265·626f·6f74··ty.··-·no_reboot0003fd10:·6c65·7320·696e·2072·6563·7572·7369·7665··les·in·recursive
0003fd20:·5f6e·6565·6465·640a·2020·2d20·7273·7973··_needed.··-·rsys0003fd20:·6c79·2e0a·0923·2048·6f77·6576·6572·2c20··ly...#·However,·
0003fd30:·6c6f·675f·6669·6c65·735f·6772·6f75·706f··log_files_groupo0003fd30:·6669·6c65·7320·696e·2068·6964·6465·6e20··files·in·hidden·
0003fd40:·776e·6572·7368·6970·0a0a·2d20·6e61·6d65··wnership..-·name0003fd40:·7375·622d·6469·7265·6374·6f72·6965·7320··sub-directories·
0003fd50:·3a20·456e·7375·7265·204c·6f67·2046·696c··:·Ensure·Log·Fil0003fd50:·6f72·2068·6964·6465·6e20·6669·6c65·7320··or·hidden·files·
Max diff block lines reached; 1043816/1150518 bytes (90.73%) of diff not shown.
134 KB
html2text {}
    
Offset 259, 14 lines modifiedOffset 259, 142 lines modified
259 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-007-3·R2.1,·CIP-007-3·R2.2,·CIP-007-3·R2.3,·CIP-259 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-007-3·R2.1,·CIP-007-3·R2.2,·CIP-007-3·R2.3,·CIP-
260 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2260 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2
261 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)261 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)
262 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5262 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5
263 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.5.1,·Req-10.5.2263 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.5.1,·Req-10.5.2
264 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R71264 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R71
265 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.3.2,·10.3265 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.3.2,·10.3
 266 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 267 #·Remediation·is·applicable·only·in·certain·platforms
 268 if·dpkg-query·--show·--showformat='${db:Status-Status}
 269 '·'linux-base'·2>/dev/null·|·grep·-q·^installed·&&·dpkg-query·--show·--
 270 showformat='${db:Status-Status}\n'·'rsyslog'·2>/dev/null·|·grep·-
 271 q·'^installed';·then
  
 272 #·List·of·log·file·paths·to·be·inspected·for·correct·permissions
 273 #·*·Primarily·inspect·log·file·paths·listed·in·/etc/rsyslog.conf
 274 RSYSLOG_ETC_CONFIG="/etc/rsyslog.conf"
 275 #·*·And·also·the·log·file·paths·listed·after·rsyslog's·$IncludeConfig·directive
 276 #···(store·the·result·into·array·for·the·case·there's·shell·glob·used·as·value
 277 of·IncludeConfig)
 278 readarray·-t·OLD_INC·<·<(grep·-e·"\$IncludeConfig[[:space:]]\+[^[:space:];]\+"
 279 /etc/rsyslog.conf·|·cut·-d·'·'·-f·2)
 280 readarray·-t·RSYSLOG_INCLUDE_CONFIG·<·<(for·INCPATH·in·"${OLD_INC[@]}";·do·eval
 281 printf·'%s\\n'·"${INCPATH}";·done)
 282 readarray·-t·NEW_INC·<·<(sed·-n·'/^\s*include(/,/)/Ip'·/etc/rsyslog.conf·|·sed
 283 -n·'s@.*file\s*=\s*"\([/[:alnum:][:punct:]]*\)".*@\1@Ip')
 284 readarray·-t·RSYSLOG_INCLUDE·<·<(for·INCPATH·in·"${NEW_INC[@]}";·do·eval·printf
 285 '%s\\n'·"${INCPATH}";·done)
  
 286 #·Declare·an·array·to·hold·the·final·list·of·different·log·file·paths
 287 declare·-a·LOG_FILE_PATHS
  
 288 #·Array·to·hold·all·rsyslog·config·entries
 289 RSYSLOG_CONFIGS=()
 290 RSYSLOG_CONFIGS=("${RSYSLOG_ETC_CONFIG}"·"${RSYSLOG_INCLUDE_CONFIG[@]}"·"$
 291 {RSYSLOG_INCLUDE[@]}")
  
 292 #·Get·full·list·of·files·to·be·checked
 293 #·RSYSLOG_CONFIGS·may·contain·globs·such·as
 294 #·/etc/rsyslog.d/*.conf·/etc/rsyslog.d/*.frule
 295 #·So,·loop·over·the·entries·in·RSYSLOG_CONFIGS·and·use·find·to·get·the·list·of
 296 included·files.
 297 RSYSLOG_CONFIG_FILES=()
 298 for·ENTRY·in·"${RSYSLOG_CONFIGS[@]}"
 299 do
 300 »       #·If·directory,·rsyslog·will·search·for·config·files·in·recursively.
 301 »       #·However,·files·in·hidden·sub-directories·or·hidden·files·will·be·ignored.
 302 »       if·[·-d·"${ENTRY}"·]
 303 »       then
 304 »       »       readarray·-t·FINDOUT·<·<(find·"${ENTRY}"·-not·-path·'*/.*'·-type·f)
 305 »       »       RSYSLOG_CONFIG_FILES+=("${FINDOUT[@]}")
 306 »       elif·[·-f·"${ENTRY}"·]
 307 »       then
 308 »       »       RSYSLOG_CONFIG_FILES+=("${ENTRY}")
 309 »       else
 310 »       »       echo·"Invalid·include·object:·${ENTRY}"
 311 »       fi
 312 done
  
 313 #·Browse·each·file·selected·above·as·containing·paths·of·log·files
 314 #·('/etc/rsyslog.conf'·and·'/etc/rsyslog.d/*.conf'·in·the·default
 315 configuration)
 316 for·LOG_FILE·in·"${RSYSLOG_CONFIG_FILES[@]}"
 317 do
 318 »       #·From·each·of·these·files·extract·just·particular·log·file·path(s),·thus:
 319 »       #·*·Ignore·lines·starting·with·space·('·'),·comment·('#"),·or·variable·syntax
 320 ('$')·characters,
 321 »       #·*·Ignore·empty·lines,
 322 »       #·*·Strip·quotes·and·closing·brackets·from·paths.
 323 »       #·*·Ignore·paths·that·match·/dev|/etc.*\.conf,·as·those·are·paths,·but·likely
 324 not·log·files
 325 »       #·*·From·the·remaining·valid·rows·select·only·fields·constituting·a·log·file
 326 path
 327 »       #·Text·file·column·is·understood·to·represent·a·log·file·path·if·and·only·if
 328 all·of·the
 329 »       #·following·are·met:
 330 »       #·*·it·contains·at·least·one·slash·'/'·character,
 331 »       #·*·it·is·preceded·by·space
 332 »       #·*·it·doesn't·contain·space·('·'),·colon·(':'),·and·semicolon·(';')
 333 characters
 334 »       #·Search·log·file·for·path(s)·only·in·case·it·exists!
 335 »       if·[[·-f·"${LOG_FILE}"·]]
 336 »       then
 337 »       »       NORMALIZED_CONFIG_FILE_LINES=$(sed·-e·"/^[#|$]/d"·"${LOG_FILE}")
 338 »       »       LINES_WITH_PATHS=$(grep·'[^/]*\s\+\S*/\S\+$'·<<<·"$
 339 {NORMALIZED_CONFIG_FILE_LINES}")
 340 »       »       FILTERED_PATHS=$(awk·'{if(NF>=2&&($NF~/^\//||$NF~/^-\//)){sub(/^-\//,"/
 341 ",$NF);print·$NF}}'·<<<·"${LINES_WITH_PATHS}")
 342 »       »       CLEANED_PATHS=$(sed·-e·"s/[\"')]//g;·/\\/etc.*\.conf/d;·/\\/dev\\//d"·<<<·"$
 343 {FILTERED_PATHS}")
 344 »       »       MATCHED_ITEMS=$(sed·-e·"/^$/d"·<<<·"${CLEANED_PATHS}")
 345 »       »       #·Since·above·sed·command·might·return·more·than·one·item·(delimited·by
 346 newline),·split
 347 »       »       #·the·particular·matches·entries·into·new·array·specific·for·this·log·file
 348 »       »       readarray·-t·ARRAY_FOR_LOG_FILE·<<<·"$MATCHED_ITEMS"
 349 »       »       #·Concatenate·the·two·arrays·-·previous·content·of·$LOG_FILE_PATHS·array·with
 350 »       »       #·items·from·newly·created·array·for·this·log·file
 351 »       »       LOG_FILE_PATHS+=("${ARRAY_FOR_LOG_FILE[@]}")
 352 »       »       #·Delete·the·temporary·array
 353 »       »       unset·ARRAY_FOR_LOG_FILE
 354 »       fi
 355 done
  
 356 #·Check·for·RainerScript·action·log·format·which·might·be·also·multiline·so
 357 grep·regex·is·a·bit
 358 #·curly:
 359 #·extract·possibly·multiline·action·omfile·expressions
 360 #·extract·File="logfile"·expression
 361 #·match·only·"logfile"·expression
 362 for·LOG_FILE·in·"${RSYSLOG_CONFIG_FILES[@]}"
 363 do
 364 »       ACTION_OMFILE_LINES=$(grep·-iozP·"action\s*\(\s*type\s*=\s*\"omfile\"[^\)]*\)"
 365 "${LOG_FILE}")
 366 »       OMFILE_LINES=$(echo·"${ACTION_OMFILE_LINES}"|·grep·-iaoP·"\bFile\s*=\s*\"([/[:
 367 alnum:][:punct:]]*)\"\s*\)")
 368 »       LOG_FILE_PATHS+=("$(echo·"${OMFILE_LINES}"|·grep·-oE·"\"([/[:alnum:][:punct:
 369 ]]*)\""|tr·-d·"\"")")
 370 done
  
 371 #·Ensure·the·correct·attribute·if·file·exists
 372 FILE_CMD="chgrp"
 373 for·LOG_FILE_PATH·in·"${LOG_FILE_PATHS[@]}"
 374 do
 375 »       #·Sanity·check·-·if·particular·$LOG_FILE_PATH·is·empty·string,·skip·it·from
 376 further·processing
 377 »       if·[·-z·"$LOG_FILE_PATH"·]
 378 »       then
Max diff block lines reached; 131477/137128 bytes (95.88%) of diff not shown.
1.07 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-anssi_np_nt28_average.html
    
Offset 16031, 146 lines modifiedOffset 16031, 146 lines modified
0003e9e0:·7461·7267·6574·3d22·2369·646d·3139·3930··target="#idm19900003e9e0:·7461·7267·6574·3d22·2369·646d·3139·3930··target="#idm1990
0003e9f0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003e9f0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003ea00:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003ea00:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003ea10:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003ea10:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003ea20:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003ea20:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003ea30:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003ea30:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003ea40:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003ea40:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
 0003ea50:·696f·6e20·5368·656c·6c20·7363·7269·7074··ion·Shell·script
 0003ea60:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
 0003ea70:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
 0003ea80:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
 0003ea90:·2069·643d·2269·646d·3139·3930·223e·3c74···id="idm1990"><t
 0003eaa0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
 0003eab0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
 0003eac0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
 0003ead0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
 0003eae0:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
 0003eaf0:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<
 0003eb00:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003eb10:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th
 0003eb20:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003eb30:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
 0003eb40:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
 0003eb50:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003eb60:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
 0003eb70:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>
 0003eb80:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
 0003eb90:·653e·3c63·6f64·653e·0a66·6f72·2066·2069··e><code>.for·f·i
 0003eba0:·6e20·2f65·7463·2f73·7564·6f65·7273·202f··n·/etc/sudoers·/
 0003ebb0:·6574·632f·7375·646f·6572·732e·642f·2a20··etc/sudoers.d/*·
 0003ebc0:·3b20·646f·0a20·2069·6620·5b20·2120·2d65··;·do.··if·[·!·-e
 0003ebd0:·2022·2466·2220·5d20·3b20·7468·656e·0a20···"$f"·]·;·then.·
 0003ebe0:·2020·2063·6f6e·7469·6e75·650a·2020·6669·····continue.··fi
 0003ebf0:·0a20·206d·6174·6368·696e·675f·6c69·7374··.··matching_list
 0003ec00:·3d24·2867·7265·7020·2d50·2027·5e28·3f21··=$(grep·-P·'^(?!
 0003ec10:·2329·2e2a·5b5c·735d·2b5c·2161·7574·6865··#).*[\s]+\!authe
 0003ec20:·6e74·6963·6174·652e·2a24·2720·2466·207c··nticate.*$'·$f·|
 0003ec30:·2075·6e69·7120·290a·2020·6966·2021·2074···uniq·).··if·!·t
 0003ec40:·6573·7420·2d7a·2022·246d·6174·6368·696e··est·-z·"$matchin
 0003ec50:·675f·6c69·7374·223b·2074·6865·6e0a·2020··g_list";·then.··
 0003ec60:·2020·7768·696c·6520·4946·533d·2072·6561····while·IFS=·rea
 0003ec70:·6420·2d72·2065·6e74·7279·3b20·646f·0a20··d·-r·entry;·do.·
 0003ec80:·2020·2020·2023·2063·6f6d·6d65·6e74·206f·······#·comment·o
 0003ec90:·7574·2022·2161·7574·6865·6e74·6963·6174··ut·"!authenticat
 0003eca0:·6522·206d·6174·6368·6573·2074·6f20·7072··e"·matches·to·pr
 0003ecb0:·6573·6572·7665·2075·7365·7220·6461·7461··eserve·user·data
 0003ecc0:·0a20·2020·2020·2073·6564·202d·6920·2273··.······sed·-i·"s
 0003ecd0:·2f5e·247b·656e·7472·797d·242f·2320·2661··/^${entry}$/#·&a
 0003ece0:·6d70·3b2f·6722·2024·660a·2020·2020·646f··mp;/g"·$f.····do
 0003ecf0:·6e65·2026·6c74·3b26·6c74·3b26·6c74·3b20··ne·&lt;&lt;&lt;·
 0003ed00:·2224·6d61·7463·6869·6e67·5f6c·6973·7422··"$matching_list"
 0003ed10:·0a0a·2020·2020·2f75·7372·2f73·6269·6e2f··..····/usr/sbin/
 0003ed20:·7669·7375·646f·202d·6366·2024·6620·2661··visudo·-cf·$f·&a
 0003ed30:·6d70·3b26·6774·3b20·2f64·6576·2f6e·756c··mp;&gt;·/dev/nul
 0003ed40:·6c20·7c7c·2065·6368·6f20·2246·6169·6c20··l·||·echo·"Fail·
 0003ed50:·746f·2076·616c·6964·6174·6520·2466·2077··to·validate·$f·w
 0003ed60:·6974·6820·7669·7375·646f·220a·2020·6669··ith·visudo".··fi
 0003ed70:·0a64·6f6e·650a·3c2f·636f·6465·3e3c·2f70··.done.</code></p
 0003ed80:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas
 0003ed90:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe
 0003eda0:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle=
 0003edb0:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data-
 0003edc0:·7461·7267·6574·3d22·2369·646d·3139·3931··target="#idm1991
 0003edd0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
 0003ede0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
 0003edf0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
 0003ee00:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
 0003ee10:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
 0003ee20:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
0003ea50:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip0003ee30:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip
0003ea60:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><0003ee40:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><
0003ea70:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel0003ee50:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003ea80:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap0003ee60:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003ea90:·7365·2220·6964·3d22·6964·6d31·3939·3022··se"·id="idm1990"0003ee70:·7365·2220·6964·3d22·6964·6d31·3939·3122··se"·id="idm1991"
0003eaa0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t0003ee80:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
0003eab0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip0003ee90:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
0003eac0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere0003eea0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
0003ead0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003eae0:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl 
0003eaf0:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l 
0003eb00:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003eb10:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:< 
0003eb20:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003eb30:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb 
0003eb40:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal 
0003eb50:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr> 
0003eb60:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t 
0003eb70:·683e·3c74·643e·7265·7374·7269·6374·3c2f··h><td>restrict</ 
0003eb80:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table> 
0003eb90:·3c70·7265·3e3c·636f·6465·3e2d·206e·616d··<pre><code>-·nam 
0003eba0:·653a·2046·696e·6420·2f65·7463·2f73·7564··e:·Find·/etc/sud 
0003ebb0:·6f65·7273·2e64·2f20·6669·6c65·730a·2020··oers.d/·files.·· 
0003ebc0:·616e·7369·626c·652e·6275·696c·7469·6e2e··ansible.builtin. 
0003ebd0:·6669·6e64·3a0a·2020·2020·7061·7468·733a··find:.····paths: 
0003ebe0:·0a20·2020·202d·202f·6574·632f·7375·646f··.····-·/etc/sudo 
0003ebf0:·6572·732e·642f·0a20·2072·6567·6973·7465··ers.d/.··registe 
0003ec00:·723a·2073·7564·6f65·7273·0a20·2074·6167··r:·sudoers.··tag 
0003ec10:·733a·0a20·202d·204e·4953·542d·3830·302d··s:.··-·NIST-800- 
0003ec20:·3533·2d43·4d2d·3628·6129·0a20·202d·204e··53-CM-6(a).··-·N 
0003ec30:·4953·542d·3830·302d·3533·2d49·412d·3131··IST-800-53-IA-11 
0003ec40:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex 
0003ec50:·6974·790a·2020·2d20·6c6f·775f·6469·7372··ity.··-·low_disr 
0003ec60:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu 
0003ec70:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n 
0003ec80:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed. 
0003ec90:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str 
0003eca0:·6174·6567·790a·2020·2d20·7375·646f·5f72··ategy.··-·sudo_r 
0003ecb0:·656d·6f76·655f·6e6f·5f61·7574·6865·6e74··emove_no_authent 
0003ecc0:·6963·6174·650a·0a2d·206e·616d·653a·2052··icate..-·name:·R 
0003ecd0:·656d·6f76·6520·6c69·6e65·7320·636f·6e74··emove·lines·cont 
0003ece0:·6169·6e69·6e67·2021·6175·7468·656e·7469··aining·!authenti 
0003ecf0:·6361·7465·2066·726f·6d20·7375·646f·6572··cate·from·sudoer 
0003ed00:·7320·6669·6c65·730a·2020·616e·7369·626c··s·files.··ansibl 
0003ed10:·652e·6275·696c·7469·6e2e·7265·706c·6163··e.builtin.replac 
0003ed20:·653a·0a20·2020·2072·6567·6578·703a·2028··e:.····regexp:·( 
0003ed30:·5e28·3f21·2329·2e2a·5b5c·735d·2b5c·2161··^(?!#).*[\s]+\!a 
0003ed40:·7574·6865·6e74·6963·6174·652e·2a24·290a··uthenticate.*$). 
0003ed50:·2020·2020·7265·706c·6163·653a·2027·2320······replace:·'#· 
0003ed60:·5c67·266c·743b·3126·6774·3b27·0a20·2020··\g&lt;1&gt;'.··· 
0003ed70:·2070·6174·683a·2027·7b7b·2069·7465·6d2e···path:·'{{·item. 
0003ed80:·7061·7468·207d·7d27·0a20·2020·2076·616c··path·}}'.····val 
0003ed90:·6964·6174·653a·202f·7573·722f·7362·696e··idate:·/usr/sbin 
0003eda0:·2f76·6973·7564·6f20·2d63·6620·2573·0a20··/visudo·-cf·%s.· 
0003edb0:·2077·6974·685f·6974·656d·733a·0a20·202d···with_items:.··- 
0003edc0:·2070·6174·683a·202f·6574·632f·7375·646f···path:·/etc/sudo 
0003edd0:·6572·730a·2020·2d20·277b·7b20·7375·646f··ers.··-·'{{·sudo 
0003ede0:·6572·732e·6669·6c65·7320·7d7d·270a·2020··ers.files·}}'.·· 
Max diff block lines reached; 985136/1003932 bytes (98.13%) of diff not shown.
117 KB
html2text {}
    
Offset 232, 14 lines modifiedOffset 232, 35 lines modified
232 ···························1.7,·SR·1.8,·SR·1.9232 ···························1.7,·SR·1.8,·SR·1.9
233 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,233 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
234 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3234 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
235 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)235 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
236 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7236 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
237 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,237 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
238 ···························SRG-OS-000373-GPOS-00158238 ···························SRG-OS-000373-GPOS-00158
 239 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 240 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 241 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 242 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 243 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 244 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 245 ··if·[·!·-e·"$f"·]·;·then
 246 ····continue
 247 ··fi
 248 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 249 ··if·!·test·-z·"$matching_list";·then
 250 ····while·IFS=·read·-r·entry;·do
 251 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 252 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 253 ····done·<<<·"$matching_list"
  
 254 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 255 visudo"
 256 ··fi
 257 done
239 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8258 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
240 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low259 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
241 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low260 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
242 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false261 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
243 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict262 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
244 -·name:·Find·/etc/sudoers.d/·files263 -·name:·Find·/etc/sudoers.d/·files
245 ··ansible.builtin.find:264 ··ansible.builtin.find:
Offset 270, 35 lines modifiedOffset 291, 14 lines modified
270 ··-·NIST-800-53-IA-11291 ··-·NIST-800-53-IA-11
271 ··-·low_complexity292 ··-·low_complexity
272 ··-·low_disruption293 ··-·low_disruption
273 ··-·medium_severity294 ··-·medium_severity
274 ··-·no_reboot_needed295 ··-·no_reboot_needed
275 ··-·restrict_strategy296 ··-·restrict_strategy
276 ··-·sudo_remove_no_authenticate297 ··-·sudo_remove_no_authenticate
277 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
278 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
279 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
280 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
281 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
282 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
283 ··if·[·!·-e·"$f"·]·;·then 
284 ····continue 
285 ··fi 
286 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
287 ··if·!·test·-z·"$matching_list";·then 
288 ····while·IFS=·read·-r·entry;·do 
289 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
290 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
291 ····done·<<<·"$matching_list" 
  
292 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
293 visudo" 
294 ··fi 
295 done 
296 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o298 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
297 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*299 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
298 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using300 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
299 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure301 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
300 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any302 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
301 sudo·configuration·snippets·in·/etc/sudoers.d/.303 sudo·configuration·snippets·in·/etc/sudoers.d/.
302 ············Without·re-authentication,·users·may·access·resources·or·perform304 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 319, 14 lines modifiedOffset 319, 35 lines modified
319 ···························1.7,·SR·1.8,·SR·1.9319 ···························1.7,·SR·1.8,·SR·1.9
320 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,320 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
321 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3321 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
322 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)322 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
323 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7323 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
324 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,324 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
325 ···························SRG-OS-000373-GPOS-00158325 ···························SRG-OS-000373-GPOS-00158
 326 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 327 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 328 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 329 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 330 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 331 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 332 ··if·[·!·-e·"$f"·]·;·then
 333 ····continue
 334 ··fi
 335 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 336 ··if·!·test·-z·"$matching_list";·then
 337 ····while·IFS=·read·-r·entry;·do
 338 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 339 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 340 ····done·<<<·"$matching_list"
  
 341 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 342 visudo"
 343 ··fi
 344 done
326 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8345 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
327 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low346 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
328 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low347 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
329 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false348 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
330 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict349 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
331 -·name:·Find·/etc/sudoers.d/·files350 -·name:·Find·/etc/sudoers.d/·files
332 ··ansible.builtin.find:351 ··ansible.builtin.find:
Offset 357, 35 lines modifiedOffset 378, 14 lines modified
357 ··-·NIST-800-53-IA-11378 ··-·NIST-800-53-IA-11
358 ··-·low_complexity379 ··-·low_complexity
359 ··-·low_disruption380 ··-·low_disruption
360 ··-·medium_severity381 ··-·medium_severity
361 ··-·no_reboot_needed382 ··-·no_reboot_needed
362 ··-·restrict_strategy383 ··-·restrict_strategy
363 ··-·sudo_remove_nopasswd384 ··-·sudo_remove_nopasswd
364 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
365 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
366 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
367 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
368 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
369 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
370 ··if·[·!·-e·"$f"·]·;·then 
371 ····continue 
372 ··fi 
373 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
374 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 114729/120177 bytes (95.47%) of diff not shown.
1.22 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-anssi_np_nt28_high.html
    
Offset 16051, 146 lines modifiedOffset 16051, 146 lines modified
0003eb20:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003eb20:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003eb30:·3139·3930·2220·7461·6269·6e64·6578·3d22··1990"·tabindex="0003eb30:·3139·3930·2220·7461·6269·6e64·6578·3d22··1990"·tabindex="
0003eb40:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003eb40:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003eb50:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003eb50:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003eb60:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003eb60:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003eb70:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003eb70:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003eb80:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003eb80:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
 0003eb90:·6469·6174·696f·6e20·5368·656c·6c20·7363··diation·Shell·sc
 0003eba0:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
 0003ebb0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
 0003ebc0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
 0003ebd0:·7073·6522·2069·643d·2269·646d·3139·3930··pse"·id="idm1990
 0003ebe0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
 0003ebf0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
 0003ec00:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
 0003ec10:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
 0003ec20:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
 0003ec30:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
 0003ec40:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003ec50:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
 0003ec60:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003ec70:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
 0003ec80:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
 0003ec90:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
 0003eca0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
 0003ecb0:·7468·3e3c·7464·3e72·6573·7472·6963·743c··th><td>restrict<
 0003ecc0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
 0003ecd0:·3e3c·7072·653e·3c63·6f64·653e·0a66·6f72··><pre><code>.for
 0003ece0:·2066·2069·6e20·2f65·7463·2f73·7564·6f65···f·in·/etc/sudoe
 0003ecf0:·7273·202f·6574·632f·7375·646f·6572·732e··rs·/etc/sudoers.
 0003ed00:·642f·2a20·3b20·646f·0a20·2069·6620·5b20··d/*·;·do.··if·[·
 0003ed10:·2120·2d65·2022·2466·2220·5d20·3b20·7468··!·-e·"$f"·]·;·th
 0003ed20:·656e·0a20·2020·2063·6f6e·7469·6e75·650a··en.····continue.
 0003ed30:·2020·6669·0a20·206d·6174·6368·696e·675f····fi.··matching_
 0003ed40:·6c69·7374·3d24·2867·7265·7020·2d50·2027··list=$(grep·-P·'
 0003ed50:·5e28·3f21·2329·2e2a·5b5c·735d·2b5c·2161··^(?!#).*[\s]+\!a
 0003ed60:·7574·6865·6e74·6963·6174·652e·2a24·2720··uthenticate.*$'·
 0003ed70:·2466·207c·2075·6e69·7120·290a·2020·6966··$f·|·uniq·).··if
 0003ed80:·2021·2074·6573·7420·2d7a·2022·246d·6174···!·test·-z·"$mat
 0003ed90:·6368·696e·675f·6c69·7374·223b·2074·6865··ching_list";·the
 0003eda0:·6e0a·2020·2020·7768·696c·6520·4946·533d··n.····while·IFS=
 0003edb0:·2072·6561·6420·2d72·2065·6e74·7279·3b20···read·-r·entry;·
 0003edc0:·646f·0a20·2020·2020·2023·2063·6f6d·6d65··do.······#·comme
 0003edd0:·6e74·206f·7574·2022·2161·7574·6865·6e74··nt·out·"!authent
 0003ede0:·6963·6174·6522·206d·6174·6368·6573·2074··icate"·matches·t
 0003edf0:·6f20·7072·6573·6572·7665·2075·7365·7220··o·preserve·user·
 0003ee00:·6461·7461·0a20·2020·2020·2073·6564·202d··data.······sed·-
 0003ee10:·6920·2273·2f5e·247b·656e·7472·797d·242f··i·"s/^${entry}$/
 0003ee20:·2320·2661·6d70·3b2f·6722·2024·660a·2020··#·&amp;/g"·$f.··
 0003ee30:·2020·646f·6e65·2026·6c74·3b26·6c74·3b26····done·&lt;&lt;&
 0003ee40:·6c74·3b20·2224·6d61·7463·6869·6e67·5f6c··lt;·"$matching_l
 0003ee50:·6973·7422·0a0a·2020·2020·2f75·7372·2f73··ist"..····/usr/s
 0003ee60:·6269·6e2f·7669·7375·646f·202d·6366·2024··bin/visudo·-cf·$
 0003ee70:·6620·2661·6d70·3b26·6774·3b20·2f64·6576··f·&amp;&gt;·/dev
 0003ee80:·2f6e·756c·6c20·7c7c·2065·6368·6f20·2246··/null·||·echo·"F
 0003ee90:·6169·6c20·746f·2076·616c·6964·6174·6520··ail·to·validate·
 0003eea0:·2466·2077·6974·6820·7669·7375·646f·220a··$f·with·visudo".
 0003eeb0:·2020·6669·0a64·6f6e·650a·3c2f·636f·6465····fi.done.</code
 0003eec0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
 0003eed0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
 0003eee0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
 0003eef0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
 0003ef00:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
 0003ef10:·3139·3931·2220·7461·6269·6e64·6578·3d22··1991"·tabindex="
 0003ef20:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
 0003ef30:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
 0003ef40:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
 0003ef50:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
 0003ef60:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003eb90:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·0003ef70:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·
0003eba0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003ef80:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
0003ebb0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003ef90:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003ebc0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003efa0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003ebd0:·6c6c·6170·7365·2220·6964·3d22·6964·6d31··llapse"·id="idm10003efb0:·6c6c·6170·7365·2220·6964·3d22·6964·6d31··llapse"·id="idm1
0003ebe0:·3939·3022·3e3c·7461·626c·6520·636c·6173··990"><table·clas0003efc0:·3939·3122·3e3c·7461·626c·6520·636c·6173··991"><table·clas
0003ebf0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s0003efd0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003ec00:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor0003efe0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003ec10:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond0003eff0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003ec20:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003ec30:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003ec40:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003ec50:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003ec60:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003ec70:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003ec80:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003ec90:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003eca0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003ecb0:·3a3c·2f74·683e·3c74·643e·7265·7374·7269··:</th><td>restri 
0003ecc0:·6374·3c2f·7464·3e3c·2f74·723e·3c2f·7461··ct</td></tr></ta 
0003ecd0:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>- 
0003ece0:·206e·616d·653a·2046·696e·6420·2f65·7463···name:·Find·/etc 
0003ecf0:·2f73·7564·6f65·7273·2e64·2f20·6669·6c65··/sudoers.d/·file 
0003ed00:·730a·2020·616e·7369·626c·652e·6275·696c··s.··ansible.buil 
0003ed10:·7469·6e2e·6669·6e64·3a0a·2020·2020·7061··tin.find:.····pa 
0003ed20:·7468·733a·0a20·2020·202d·202f·6574·632f··ths:.····-·/etc/ 
0003ed30:·7375·646f·6572·732e·642f·0a20·2072·6567··sudoers.d/.··reg 
0003ed40:·6973·7465·723a·2073·7564·6f65·7273·0a20··ister:·sudoers.· 
0003ed50:·2074·6167·733a·0a20·202d·204e·4953·542d···tags:.··-·NIST- 
0003ed60:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).· 
0003ed70:·202d·204e·4953·542d·3830·302d·3533·2d49···-·NIST-800-53-I 
0003ed80:·412d·3131·0a20·202d·206c·6f77·5f63·6f6d··A-11.··-·low_com 
0003ed90:·706c·6578·6974·790a·2020·2d20·6c6f·775f··plexity.··-·low_ 
0003eda0:·6469·7372·7570·7469·6f6e·0a20·202d·206d··disruption.··-·m 
0003edb0:·6564·6975·6d5f·7365·7665·7269·7479·0a20··edium_severity.· 
0003edc0:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee 
0003edd0:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict 
0003ede0:·5f73·7472·6174·6567·790a·2020·2d20·7375··_strategy.··-·su 
0003edf0:·646f·5f72·656d·6f76·655f·6e6f·5f61·7574··do_remove_no_aut 
0003ee00:·6865·6e74·6963·6174·650a·0a2d·206e·616d··henticate..-·nam 
0003ee10:·653a·2052·656d·6f76·6520·6c69·6e65·7320··e:·Remove·lines· 
0003ee20:·636f·6e74·6169·6e69·6e67·2021·6175·7468··containing·!auth 
0003ee30:·656e·7469·6361·7465·2066·726f·6d20·7375··enticate·from·su 
0003ee40:·646f·6572·7320·6669·6c65·730a·2020·616e··doers·files.··an 
0003ee50:·7369·626c·652e·6275·696c·7469·6e2e·7265··sible.builtin.re 
0003ee60:·706c·6163·653a·0a20·2020·2072·6567·6578··place:.····regex 
0003ee70:·703a·2028·5e28·3f21·2329·2e2a·5b5c·735d··p:·(^(?!#).*[\s] 
0003ee80:·2b5c·2161·7574·6865·6e74·6963·6174·652e··+\!authenticate. 
0003ee90:·2a24·290a·2020·2020·7265·706c·6163·653a··*$).····replace: 
0003eea0:·2027·2320·5c67·266c·743b·3126·6774·3b27···'#·\g&lt;1&gt;' 
0003eeb0:·0a20·2020·2070·6174·683a·2027·7b7b·2069··.····path:·'{{·i 
0003eec0:·7465·6d2e·7061·7468·207d·7d27·0a20·2020··tem.path·}}'.··· 
0003eed0:·2076·616c·6964·6174·653a·202f·7573·722f···validate:·/usr/ 
0003eee0:·7362·696e·2f76·6973·7564·6f20·2d63·6620··sbin/visudo·-cf· 
0003eef0:·2573·0a20·2077·6974·685f·6974·656d·733a··%s.··with_items: 
0003ef00:·0a20·202d·2070·6174·683a·202f·6574·632f··.··-·path:·/etc/ 
0003ef10:·7375·646f·6572·730a·2020·2d20·277b·7b20··sudoers.··-·'{{· 
0003ef20:·7375·646f·6572·732e·6669·6c65·7320·7d7d··sudoers.files·}} 
Max diff block lines reached; 1125374/1144170 bytes (98.36%) of diff not shown.
134 KB
html2text {}
    
Offset 236, 14 lines modifiedOffset 236, 35 lines modified
236 ···························1.7,·SR·1.8,·SR·1.9236 ···························1.7,·SR·1.8,·SR·1.9
237 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,237 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
238 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3238 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
239 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)239 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
240 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7240 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
241 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,241 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
242 ···························SRG-OS-000373-GPOS-00158242 ···························SRG-OS-000373-GPOS-00158
 243 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 244 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 245 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 246 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 247 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 248 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 249 ··if·[·!·-e·"$f"·]·;·then
 250 ····continue
 251 ··fi
 252 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 253 ··if·!·test·-z·"$matching_list";·then
 254 ····while·IFS=·read·-r·entry;·do
 255 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 256 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 257 ····done·<<<·"$matching_list"
  
 258 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 259 visudo"
 260 ··fi
 261 done
243 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8262 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
244 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low263 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
245 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low264 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
246 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false265 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
247 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict266 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
248 -·name:·Find·/etc/sudoers.d/·files267 -·name:·Find·/etc/sudoers.d/·files
249 ··ansible.builtin.find:268 ··ansible.builtin.find:
Offset 274, 35 lines modifiedOffset 295, 14 lines modified
274 ··-·NIST-800-53-IA-11295 ··-·NIST-800-53-IA-11
275 ··-·low_complexity296 ··-·low_complexity
276 ··-·low_disruption297 ··-·low_disruption
277 ··-·medium_severity298 ··-·medium_severity
278 ··-·no_reboot_needed299 ··-·no_reboot_needed
279 ··-·restrict_strategy300 ··-·restrict_strategy
280 ··-·sudo_remove_no_authenticate301 ··-·sudo_remove_no_authenticate
281 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
282 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
283 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
284 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
285 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
286 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
287 ··if·[·!·-e·"$f"·]·;·then 
288 ····continue 
289 ··fi 
290 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
291 ··if·!·test·-z·"$matching_list";·then 
292 ····while·IFS=·read·-r·entry;·do 
293 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
294 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
295 ····done·<<<·"$matching_list" 
  
296 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
297 visudo" 
298 ··fi 
299 done 
300 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o302 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
301 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*303 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
302 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using304 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
303 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure305 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
304 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any306 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
305 sudo·configuration·snippets·in·/etc/sudoers.d/.307 sudo·configuration·snippets·in·/etc/sudoers.d/.
306 ············Without·re-authentication,·users·may·access·resources·or·perform308 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 323, 14 lines modifiedOffset 323, 35 lines modified
323 ···························1.7,·SR·1.8,·SR·1.9323 ···························1.7,·SR·1.8,·SR·1.9
324 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,324 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
325 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3325 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
326 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)326 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
327 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7327 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
328 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,328 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
329 ···························SRG-OS-000373-GPOS-00158329 ···························SRG-OS-000373-GPOS-00158
 330 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 331 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 332 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 333 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 334 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 335 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 336 ··if·[·!·-e·"$f"·]·;·then
 337 ····continue
 338 ··fi
 339 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 340 ··if·!·test·-z·"$matching_list";·then
 341 ····while·IFS=·read·-r·entry;·do
 342 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 343 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 344 ····done·<<<·"$matching_list"
  
 345 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 346 visudo"
 347 ··fi
 348 done
330 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8349 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
331 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low350 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
332 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low351 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
333 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false352 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
334 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict353 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
335 -·name:·Find·/etc/sudoers.d/·files354 -·name:·Find·/etc/sudoers.d/·files
336 ··ansible.builtin.find:355 ··ansible.builtin.find:
Offset 361, 35 lines modifiedOffset 382, 14 lines modified
361 ··-·NIST-800-53-IA-11382 ··-·NIST-800-53-IA-11
362 ··-·low_complexity383 ··-·low_complexity
363 ··-·low_disruption384 ··-·low_disruption
364 ··-·medium_severity385 ··-·medium_severity
365 ··-·no_reboot_needed386 ··-·no_reboot_needed
366 ··-·restrict_strategy387 ··-·restrict_strategy
367 ··-·sudo_remove_nopasswd388 ··-·sudo_remove_nopasswd
368 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
369 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
370 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
371 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
372 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
373 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
374 ··if·[·!·-e·"$f"·]·;·then 
375 ····continue 
376 ··fi 
377 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
378 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 131265/136713 bytes (96.02%) of diff not shown.
302 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-anssi_np_nt28_minimal.html
    
Offset 14774, 147 lines modifiedOffset 14774, 147 lines modified
00039b50:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe00039b50:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
00039b60:·743d·2223·6964·6d31·3939·3022·2074·6162··t="#idm1990"·tab00039b60:·743d·2223·6964·6d31·3939·3022·2074·6162··t="#idm1990"·tab
00039b70:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="00039b70:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
00039b80:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp00039b80:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
00039b90:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti00039b90:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
00039ba0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to00039ba0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
00039bb0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#00039bb0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
 00039bc0:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
 00039bd0:·6865·6c6c·2073·6372·6970·7420·e287·b23c··hell·script·...<
 00039be0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 00039bf0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 00039c00:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 00039c10:·6964·6d31·3939·3022·3e3c·7461·626c·6520··idm1990"><table·
 00039c20:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 00039c30:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 00039c40:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 00039c50:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 00039c60:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
 00039c70:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 00039c80:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 00039c90:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
 00039ca0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 00039cb0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 00039cc0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 00039cd0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 00039ce0:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re
 00039cf0:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>
 00039d00:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
 00039d10:·6465·3e0a·666f·7220·6620·696e·202f·6574··de>.for·f·in·/et
 00039d20:·632f·7375·646f·6572·7320·2f65·7463·2f73··c/sudoers·/etc/s
 00039d30:·7564·6f65·7273·2e64·2f2a·203b·2064·6f0a··udoers.d/*·;·do.
 00039d40:·2020·6966·205b·2021·202d·6520·2224·6622····if·[·!·-e·"$f"
 00039d50:·205d·203b·2074·6865·6e0a·2020·2020·636f···]·;·then.····co
 00039d60:·6e74·696e·7565·0a20·2066·690a·2020·6d61··ntinue.··fi.··ma
 00039d70:·7463·6869·6e67·5f6c·6973·743d·2428·6772··tching_list=$(gr
 00039d80:·6570·202d·5020·275e·283f·2123·292e·2a5b··ep·-P·'^(?!#).*[
 00039d90:·5c73·5d2b·5c21·6175·7468·656e·7469·6361··\s]+\!authentica
 00039da0:·7465·2e2a·2427·2024·6620·7c20·756e·6971··te.*$'·$f·|·uniq
 00039db0:·2029·0a20·2069·6620·2120·7465·7374·202d···).··if·!·test·-
 00039dc0:·7a20·2224·6d61·7463·6869·6e67·5f6c·6973··z·"$matching_lis
 00039dd0:·7422·3b20·7468·656e·0a20·2020·2077·6869··t";·then.····whi
 00039de0:·6c65·2049·4653·3d20·7265·6164·202d·7220··le·IFS=·read·-r·
 00039df0:·656e·7472·793b·2064·6f0a·2020·2020·2020··entry;·do.······
 00039e00:·2320·636f·6d6d·656e·7420·6f75·7420·2221··#·comment·out·"!
 00039e10:·6175·7468·656e·7469·6361·7465·2220·6d61··authenticate"·ma
 00039e20:·7463·6865·7320·746f·2070·7265·7365·7276··tches·to·preserv
 00039e30:·6520·7573·6572·2064·6174·610a·2020·2020··e·user·data.····
 00039e40:·2020·7365·6420·2d69·2022·732f·5e24·7b65····sed·-i·"s/^${e
 00039e50:·6e74·7279·7d24·2f23·2026·616d·703b·2f67··ntry}$/#·&amp;/g
 00039e60:·2220·2466·0a20·2020·2064·6f6e·6520·266c··"·$f.····done·&l
 00039e70:·743b·266c·743b·266c·743b·2022·246d·6174··t;&lt;&lt;·"$mat
 00039e80:·6368·696e·675f·6c69·7374·220a·0a20·2020··ching_list"..···
 00039e90:·202f·7573·722f·7362·696e·2f76·6973·7564···/usr/sbin/visud
 00039ea0:·6f20·2d63·6620·2466·2026·616d·703b·2667··o·-cf·$f·&amp;&g
 00039eb0:·743b·202f·6465·762f·6e75·6c6c·207c·7c20··t;·/dev/null·||·
 00039ec0:·6563·686f·2022·4661·696c·2074·6f20·7661··echo·"Fail·to·va
 00039ed0:·6c69·6461·7465·2024·6620·7769·7468·2076··lidate·$f·with·v
 00039ee0:·6973·7564·6f22·0a20·2066·690a·646f·6e65··isudo".··fi.done
 00039ef0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
 00039f00:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
 00039f10:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
 00039f20:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
 00039f30:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
 00039f40:·743d·2223·6964·6d31·3939·3122·2074·6162··t="#idm1991"·tab
 00039f50:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
 00039f60:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
 00039f70:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
 00039f80:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
 00039f90:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
00039bc0:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A00039fa0:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A
00039bd0:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·.00039fb0:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·.
00039be0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c00039fc0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
00039bf0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll00039fd0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
00039c00:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i00039fe0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
00039c10:·643d·2269·646d·3139·3930·223e·3c74·6162··d="idm1990"><tab 
00039c20:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
00039c30:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
00039c40:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
00039c50:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
00039c60:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
00039c70:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
00039c80:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
00039c90:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
00039ca0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
00039cb0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
00039cc0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
00039cd0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
00039ce0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
00039cf0:·3e72·6573·7472·6963·743c·2f74·643e·3c2f··>restrict</td></ 
00039d00:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
00039d10:·3c63·6f64·653e·2d20·6e61·6d65·3a20·4669··<code>-·name:·Fi 
00039d20:·6e64·202f·6574·632f·7375·646f·6572·732e··nd·/etc/sudoers. 
00039d30:·642f·2066·696c·6573·0a20·2061·6e73·6962··d/·files.··ansib 
00039d40:·6c65·2e62·7569·6c74·696e·2e66·696e·643a··le.builtin.find: 
00039d50:·0a20·2020·2070·6174·6873·3a0a·2020·2020··.····paths:.···· 
00039d60:·2d20·2f65·7463·2f73·7564·6f65·7273·2e64··-·/etc/sudoers.d 
00039d70:·2f0a·2020·7265·6769·7374·6572·3a20·7375··/.··register:·su 
00039d80:·646f·6572·730a·2020·7461·6773·3a0a·2020··doers.··tags:.·· 
00039d90:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM 
00039da0:·2d36·2861·290a·2020·2d20·4e49·5354·2d38··-6(a).··-·NIST-8 
00039db0:·3030·2d35·332d·4941·2d31·310a·2020·2d20··00-53-IA-11.··-· 
00039dc0:·6c6f·775f·636f·6d70·6c65·7869·7479·0a20··low_complexity.· 
00039dd0:·202d·206c·6f77·5f64·6973·7275·7074·696f···-·low_disruptio 
00039de0:·6e0a·2020·2d20·6d65·6469·756d·5f73·6576··n.··-·medium_sev 
00039df0:·6572·6974·790a·2020·2d20·6e6f·5f72·6562··erity.··-·no_reb 
00039e00:·6f6f·745f·6e65·6564·6564·0a20·202d·2072··oot_needed.··-·r 
00039e10:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy 
00039e20:·0a20·202d·2073·7564·6f5f·7265·6d6f·7665··.··-·sudo_remove 
00039e30:·5f6e·6f5f·6175·7468·656e·7469·6361·7465··_no_authenticate 
00039e40:·0a0a·2d20·6e61·6d65·3a20·5265·6d6f·7665··..-·name:·Remove 
00039e50:·206c·696e·6573·2063·6f6e·7461·696e·696e···lines·containin 
00039e60:·6720·2161·7574·6865·6e74·6963·6174·6520··g·!authenticate· 
00039e70:·6672·6f6d·2073·7564·6f65·7273·2066·696c··from·sudoers·fil 
00039e80:·6573·0a20·2061·6e73·6962·6c65·2e62·7569··es.··ansible.bui 
00039e90:·6c74·696e·2e72·6570·6c61·6365·3a0a·2020··ltin.replace:.·· 
00039ea0:·2020·7265·6765·7870·3a20·285e·283f·2123····regexp:·(^(?!# 
00039eb0:·292e·2a5b·5c73·5d2b·5c21·6175·7468·656e··).*[\s]+\!authen 
00039ec0:·7469·6361·7465·2e2a·2429·0a20·2020·2072··ticate.*$).····r 
00039ed0:·6570·6c61·6365·3a20·2723·205c·6726·6c74··eplace:·'#·\g&lt 
00039ee0:·3b31·2667·743b·270a·2020·2020·7061·7468··;1&gt;'.····path 
00039ef0:·3a20·277b·7b20·6974·656d·2e70·6174·6820··:·'{{·item.path· 
00039f00:·7d7d·270a·2020·2020·7661·6c69·6461·7465··}}'.····validate 
00039f10:·3a20·2f75·7372·2f73·6269·6e2f·7669·7375··:·/usr/sbin/visu 
00039f20:·646f·202d·6366·2025·730a·2020·7769·7468··do·-cf·%s.··with 
00039f30:·5f69·7465·6d73·3a0a·2020·2d20·7061·7468··_items:.··-·path 
00039f40:·3a20·2f65·7463·2f73·7564·6f65·7273·0a20··:·/etc/sudoers.· 
00039f50:·202d·2027·7b7b·2073·7564·6f65·7273·2e66···-·'{{·sudoers.f 
Max diff block lines reached; 252738/271672 bytes (93.03%) of diff not shown.
36.5 KB
html2text {}
    
Offset 90, 14 lines modifiedOffset 90, 35 lines modified
90 ···························1.7,·SR·1.8,·SR·1.990 ···························1.7,·SR·1.8,·SR·1.9
91 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,91 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
92 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.392 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
93 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)93 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
94 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-794 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
95 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,95 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
96 ···························SRG-OS-000373-GPOS-0015896 ···························SRG-OS-000373-GPOS-00158
 97 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 98 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 99 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 100 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 101 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 102 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 103 ··if·[·!·-e·"$f"·]·;·then
 104 ····continue
 105 ··fi
 106 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 107 ··if·!·test·-z·"$matching_list";·then
 108 ····while·IFS=·read·-r·entry;·do
 109 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 110 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 111 ····done·<<<·"$matching_list"
  
 112 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 113 visudo"
 114 ··fi
 115 done
97 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8116 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
98 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low117 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
99 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low118 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
100 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false119 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
101 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict120 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
102 -·name:·Find·/etc/sudoers.d/·files121 -·name:·Find·/etc/sudoers.d/·files
103 ··ansible.builtin.find:122 ··ansible.builtin.find:
Offset 128, 35 lines modifiedOffset 149, 14 lines modified
128 ··-·NIST-800-53-IA-11149 ··-·NIST-800-53-IA-11
129 ··-·low_complexity150 ··-·low_complexity
130 ··-·low_disruption151 ··-·low_disruption
131 ··-·medium_severity152 ··-·medium_severity
132 ··-·no_reboot_needed153 ··-·no_reboot_needed
133 ··-·restrict_strategy154 ··-·restrict_strategy
134 ··-·sudo_remove_no_authenticate155 ··-·sudo_remove_no_authenticate
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
140 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
141 ··if·[·!·-e·"$f"·]·;·then 
142 ····continue 
143 ··fi 
144 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
145 ··if·!·test·-z·"$matching_list";·then 
146 ····while·IFS=·read·-r·entry;·do 
147 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
148 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
149 ····done·<<<·"$matching_list" 
  
150 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
151 visudo" 
152 ··fi 
153 done 
154 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o156 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
155 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*157 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
156 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using158 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
157 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure159 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
158 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any160 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
159 sudo·configuration·snippets·in·/etc/sudoers.d/.161 sudo·configuration·snippets·in·/etc/sudoers.d/.
160 ············Without·re-authentication,·users·may·access·resources·or·perform162 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 177, 14 lines modifiedOffset 177, 35 lines modified
177 ···························1.7,·SR·1.8,·SR·1.9177 ···························1.7,·SR·1.8,·SR·1.9
178 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,178 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
179 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3179 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
180 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)180 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
181 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7181 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
182 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,182 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
183 ···························SRG-OS-000373-GPOS-00158183 ···························SRG-OS-000373-GPOS-00158
 184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 185 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 186 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 187 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 188 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 189 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 190 ··if·[·!·-e·"$f"·]·;·then
 191 ····continue
 192 ··fi
 193 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 194 ··if·!·test·-z·"$matching_list";·then
 195 ····while·IFS=·read·-r·entry;·do
 196 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 197 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 198 ····done·<<<·"$matching_list"
  
 199 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 200 visudo"
 201 ··fi
 202 done
184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8203 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
185 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low204 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
186 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low205 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
187 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false206 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
188 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict207 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
189 -·name:·Find·/etc/sudoers.d/·files208 -·name:·Find·/etc/sudoers.d/·files
190 ··ansible.builtin.find:209 ··ansible.builtin.find:
Offset 215, 35 lines modifiedOffset 236, 14 lines modified
215 ··-·NIST-800-53-IA-11236 ··-·NIST-800-53-IA-11
216 ··-·low_complexity237 ··-·low_complexity
217 ··-·low_disruption238 ··-·low_disruption
218 ··-·medium_severity239 ··-·medium_severity
219 ··-·no_reboot_needed240 ··-·no_reboot_needed
220 ··-·restrict_strategy241 ··-·restrict_strategy
221 ··-·sudo_remove_nopasswd242 ··-·sudo_remove_nopasswd
222 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
223 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
224 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
225 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
226 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
227 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
228 ··if·[·!·-e·"$f"·]·;·then 
229 ····continue 
230 ··fi 
231 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
232 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 31928/37385 bytes (85.40%) of diff not shown.
1.2 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-anssi_np_nt28_restrictive.html
    
Offset 16042, 146 lines modifiedOffset 16042, 146 lines modified
0003ea90:·6574·3d22·2369·646d·3139·3930·2220·7461··et="#idm1990"·ta0003ea90:·6574·3d22·2369·646d·3139·3930·2220·7461··et="#idm1990"·ta
0003eaa0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003eaa0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003eab0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003eab0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003eac0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003eac0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003ead0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003ead0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003eae0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003eae0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003eaf0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003eaf0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
 0003eb00:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
 0003eb10:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
 0003eb20:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
 0003eb30:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
 0003eb40:·2269·646d·3139·3930·223e·3c74·6162·6c65··"idm1990"><table
 0003eb50:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
 0003eb60:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
 0003eb70:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
 0003eb80:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
 0003eb90:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
 0003eba0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003ebb0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
 0003ebc0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
 0003ebd0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003ebe0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
 0003ebf0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
 0003ec00:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
 0003ec10:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r
 0003ec20:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr
 0003ec30:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
 0003ec40:·6f64·653e·0a66·6f72·2066·2069·6e20·2f65··ode>.for·f·in·/e
 0003ec50:·7463·2f73·7564·6f65·7273·202f·6574·632f··tc/sudoers·/etc/
 0003ec60:·7375·646f·6572·732e·642f·2a20·3b20·646f··sudoers.d/*·;·do
 0003ec70:·0a20·2069·6620·5b20·2120·2d65·2022·2466··.··if·[·!·-e·"$f
 0003ec80:·2220·5d20·3b20·7468·656e·0a20·2020·2063··"·]·;·then.····c
 0003ec90:·6f6e·7469·6e75·650a·2020·6669·0a20·206d··ontinue.··fi.··m
 0003eca0:·6174·6368·696e·675f·6c69·7374·3d24·2867··atching_list=$(g
 0003ecb0:·7265·7020·2d50·2027·5e28·3f21·2329·2e2a··rep·-P·'^(?!#).*
 0003ecc0:·5b5c·735d·2b5c·2161·7574·6865·6e74·6963··[\s]+\!authentic
 0003ecd0:·6174·652e·2a24·2720·2466·207c·2075·6e69··ate.*$'·$f·|·uni
 0003ece0:·7120·290a·2020·6966·2021·2074·6573·7420··q·).··if·!·test·
 0003ecf0:·2d7a·2022·246d·6174·6368·696e·675f·6c69··-z·"$matching_li
 0003ed00:·7374·223b·2074·6865·6e0a·2020·2020·7768··st";·then.····wh
 0003ed10:·696c·6520·4946·533d·2072·6561·6420·2d72··ile·IFS=·read·-r
 0003ed20:·2065·6e74·7279·3b20·646f·0a20·2020·2020···entry;·do.·····
 0003ed30:·2023·2063·6f6d·6d65·6e74·206f·7574·2022···#·comment·out·"
 0003ed40:·2161·7574·6865·6e74·6963·6174·6522·206d··!authenticate"·m
 0003ed50:·6174·6368·6573·2074·6f20·7072·6573·6572··atches·to·preser
 0003ed60:·7665·2075·7365·7220·6461·7461·0a20·2020··ve·user·data.···
 0003ed70:·2020·2073·6564·202d·6920·2273·2f5e·247b·····sed·-i·"s/^${
 0003ed80:·656e·7472·797d·242f·2320·2661·6d70·3b2f··entry}$/#·&amp;/
 0003ed90:·6722·2024·660a·2020·2020·646f·6e65·2026··g"·$f.····done·&
 0003eda0:·6c74·3b26·6c74·3b26·6c74·3b20·2224·6d61··lt;&lt;&lt;·"$ma
 0003edb0:·7463·6869·6e67·5f6c·6973·7422·0a0a·2020··tching_list"..··
 0003edc0:·2020·2f75·7372·2f73·6269·6e2f·7669·7375····/usr/sbin/visu
 0003edd0:·646f·202d·6366·2024·6620·2661·6d70·3b26··do·-cf·$f·&amp;&
 0003ede0:·6774·3b20·2f64·6576·2f6e·756c·6c20·7c7c··gt;·/dev/null·||
 0003edf0:·2065·6368·6f20·2246·6169·6c20·746f·2076···echo·"Fail·to·v
 0003ee00:·616c·6964·6174·6520·2466·2077·6974·6820··alidate·$f·with·
 0003ee10:·7669·7375·646f·220a·2020·6669·0a64·6f6e··visudo".··fi.don
 0003ee20:·650a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··e.</code></pre><
 0003ee30:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b
 0003ee40:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"·
 0003ee50:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col
 0003ee60:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ
 0003ee70:·6574·3d22·2369·646d·3139·3931·2220·7461··et="#idm1991"·ta
 0003ee80:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
 0003ee90:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
 0003eea0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
 0003eeb0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
 0003eec0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
 0003eed0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003eb00:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet·0003eee0:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet·
0003eb10:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·0003eef0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
0003eb20:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003eb30:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003eb40:·6964·3d22·6964·6d31·3939·3022·3e3c·7461··id="idm1990"><ta 
0003eb50:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003eb60:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003eb70:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
0003eb80:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
0003eb90:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
0003eba0:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</ 
0003ebb0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003ebc0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
0003ebd0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003ebe0:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003ebf0:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</ 
0003ec00:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003ec10:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t 
0003ec20:·643e·7265·7374·7269·6374·3c2f·7464·3e3c··d>restrict</td>< 
0003ec30:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003ec40:·3e3c·636f·6465·3e2d·206e·616d·653a·2046··><code>-·name:·F 
0003ec50:·696e·6420·2f65·7463·2f73·7564·6f65·7273··ind·/etc/sudoers 
0003ec60:·2e64·2f20·6669·6c65·730a·2020·616e·7369··.d/·files.··ansi 
0003ec70:·626c·652e·6275·696c·7469·6e2e·6669·6e64··ble.builtin.find 
0003ec80:·3a0a·2020·2020·7061·7468·733a·0a20·2020··:.····paths:.··· 
0003ec90:·202d·202f·6574·632f·7375·646f·6572·732e···-·/etc/sudoers. 
0003eca0:·642f·0a20·2072·6567·6973·7465·723a·2073··d/.··register:·s 
0003ecb0:·7564·6f65·7273·0a20·2074·6167·733a·0a20··udoers.··tags:.· 
0003ecc0:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C 
0003ecd0:·4d2d·3628·6129·0a20·202d·204e·4953·542d··M-6(a).··-·NIST- 
0003ece0:·3830·302d·3533·2d49·412d·3131·0a20·202d··800-53-IA-11.··- 
0003ecf0:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity. 
0003ed00:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti 
0003ed10:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se 
0003ed20:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re 
0003ed30:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-· 
0003ed40:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg 
0003ed50:·790a·2020·2d20·7375·646f·5f72·656d·6f76··y.··-·sudo_remov 
0003ed60:·655f·6e6f·5f61·7574·6865·6e74·6963·6174··e_no_authenticat 
0003ed70:·650a·0a2d·206e·616d·653a·2052·656d·6f76··e..-·name:·Remov 
0003ed80:·6520·6c69·6e65·7320·636f·6e74·6169·6e69··e·lines·containi 
0003ed90:·6e67·2021·6175·7468·656e·7469·6361·7465··ng·!authenticate 
0003eda0:·2066·726f·6d20·7375·646f·6572·7320·6669···from·sudoers·fi 
0003edb0:·6c65·730a·2020·616e·7369·626c·652e·6275··les.··ansible.bu 
0003edc0:·696c·7469·6e2e·7265·706c·6163·653a·0a20··iltin.replace:.· 
0003edd0:·2020·2072·6567·6578·703a·2028·5e28·3f21·····regexp:·(^(?! 
0003ede0:·2329·2e2a·5b5c·735d·2b5c·2161·7574·6865··#).*[\s]+\!authe 
0003edf0:·6e74·6963·6174·652e·2a24·290a·2020·2020··nticate.*$).···· 
0003ee00:·7265·706c·6163·653a·2027·2320·5c67·266c··replace:·'#·\g&l 
0003ee10:·743b·3126·6774·3b27·0a20·2020·2070·6174··t;1&gt;'.····pat 
0003ee20:·683a·2027·7b7b·2069·7465·6d2e·7061·7468··h:·'{{·item.path 
0003ee30:·207d·7d27·0a20·2020·2076·616c·6964·6174···}}'.····validat 
0003ee40:·653a·202f·7573·722f·7362·696e·2f76·6973··e:·/usr/sbin/vis 
0003ee50:·7564·6f20·2d63·6620·2573·0a20·2077·6974··udo·-cf·%s.··wit 
0003ee60:·685f·6974·656d·733a·0a20·202d·2070·6174··h_items:.··-·pat 
0003ee70:·683a·202f·6574·632f·7375·646f·6572·730a··h:·/etc/sudoers. 
0003ee80:·2020·2d20·277b·7b20·7375·646f·6572·732e····-·'{{·sudoers. 
0003ee90:·6669·6c65·7320·7d7d·270a·2020·7461·6773··files·}}'.··tags 
Max diff block lines reached; 1107544/1126340 bytes (98.33%) of diff not shown.
132 KB
html2text {}
    
Offset 234, 14 lines modifiedOffset 234, 35 lines modified
234 ···························1.7,·SR·1.8,·SR·1.9234 ···························1.7,·SR·1.8,·SR·1.9
235 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,235 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
236 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3236 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
237 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)237 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
238 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7238 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
239 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,239 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
240 ···························SRG-OS-000373-GPOS-00158240 ···························SRG-OS-000373-GPOS-00158
 241 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 242 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 243 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 244 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 245 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 246 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 247 ··if·[·!·-e·"$f"·]·;·then
 248 ····continue
 249 ··fi
 250 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 251 ··if·!·test·-z·"$matching_list";·then
 252 ····while·IFS=·read·-r·entry;·do
 253 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 254 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 255 ····done·<<<·"$matching_list"
  
 256 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 257 visudo"
 258 ··fi
 259 done
241 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8260 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
242 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low261 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
243 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low262 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
244 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false263 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
245 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict264 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
246 -·name:·Find·/etc/sudoers.d/·files265 -·name:·Find·/etc/sudoers.d/·files
247 ··ansible.builtin.find:266 ··ansible.builtin.find:
Offset 272, 35 lines modifiedOffset 293, 14 lines modified
272 ··-·NIST-800-53-IA-11293 ··-·NIST-800-53-IA-11
273 ··-·low_complexity294 ··-·low_complexity
274 ··-·low_disruption295 ··-·low_disruption
275 ··-·medium_severity296 ··-·medium_severity
276 ··-·no_reboot_needed297 ··-·no_reboot_needed
277 ··-·restrict_strategy298 ··-·restrict_strategy
278 ··-·sudo_remove_no_authenticate299 ··-·sudo_remove_no_authenticate
279 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
280 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
281 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
282 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
283 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
284 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
285 ··if·[·!·-e·"$f"·]·;·then 
286 ····continue 
287 ··fi 
288 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
289 ··if·!·test·-z·"$matching_list";·then 
290 ····while·IFS=·read·-r·entry;·do 
291 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
292 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
293 ····done·<<<·"$matching_list" 
  
294 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
295 visudo" 
296 ··fi 
297 done 
298 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o300 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
299 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*301 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
300 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using302 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
301 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure303 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
302 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any304 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
303 sudo·configuration·snippets·in·/etc/sudoers.d/.305 sudo·configuration·snippets·in·/etc/sudoers.d/.
304 ············Without·re-authentication,·users·may·access·resources·or·perform306 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 321, 14 lines modifiedOffset 321, 35 lines modified
321 ···························1.7,·SR·1.8,·SR·1.9321 ···························1.7,·SR·1.8,·SR·1.9
322 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,322 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
323 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3323 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
324 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)324 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
325 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7325 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
326 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,326 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
327 ···························SRG-OS-000373-GPOS-00158327 ···························SRG-OS-000373-GPOS-00158
 328 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 329 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 330 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 331 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 332 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 333 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 334 ··if·[·!·-e·"$f"·]·;·then
 335 ····continue
 336 ··fi
 337 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 338 ··if·!·test·-z·"$matching_list";·then
 339 ····while·IFS=·read·-r·entry;·do
 340 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 341 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 342 ····done·<<<·"$matching_list"
  
 343 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 344 visudo"
 345 ··fi
 346 done
328 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8347 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
329 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low348 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
330 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low349 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
331 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false350 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
332 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict351 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
333 -·name:·Find·/etc/sudoers.d/·files352 -·name:·Find·/etc/sudoers.d/·files
334 ··ansible.builtin.find:353 ··ansible.builtin.find:
Offset 359, 35 lines modifiedOffset 380, 14 lines modified
359 ··-·NIST-800-53-IA-11380 ··-·NIST-800-53-IA-11
360 ··-·low_complexity381 ··-·low_complexity
361 ··-·low_disruption382 ··-·low_disruption
362 ··-·medium_severity383 ··-·medium_severity
363 ··-·no_reboot_needed384 ··-·no_reboot_needed
364 ··-·restrict_strategy385 ··-·restrict_strategy
365 ··-·sudo_remove_nopasswd386 ··-·sudo_remove_nopasswd
366 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
367 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
368 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
369 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
370 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
371 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
372 ··if·[·!·-e·"$f"·]·;·then 
373 ····continue 
374 ··fi 
375 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
376 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 129450/134898 bytes (95.96%) of diff not shown.
1.92 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-cis.html
    
Offset 16680, 181 lines modifiedOffset 16680, 181 lines modified
00041270:·6574·3d22·2369·646d·3638·3836·2220·7461··et="#idm6886"·ta00041270:·6574·3d22·2369·646d·3638·3836·2220·7461··et="#idm6886"·ta
00041280:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=00041280:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
00041290:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex00041290:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
000412a0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t000412a0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
000412b0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t000412b0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
000412c0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="000412c0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
000412d0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·000412d0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
 000412e0:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
 000412f0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
 00041300:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
 00041310:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
 00041320:·2269·646d·3638·3836·223e·3c74·6162·6c65··"idm6886"><table
 00041330:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
 00041340:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
 00041350:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
 00041360:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
 00041370:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
 00041380:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 00041390:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
 000413a0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
 000413b0:·3e6d·6564·6975·6d3c·2f74·643e·3c2f·7472··>medium</td></tr
 000413c0:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:
 000413d0:·3c2f·7468·3e3c·7464·3e74·7275·653c·2f74··</th><td>true</t
 000413e0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 000413f0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 00041400:·3e64·6973·6162·6c65·3c2f·7464·3e3c·2f74··>disable</td></t
 00041410:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 00041420:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
 00041430:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
 00041440:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
 00041450:·2070·6c61·7466·6f72·6d73·0a69·6620·6470···platforms.if·dp
 00041460:·6b67·2d71·7565·7279·202d·2d73·686f·7720··kg-query·--show·
 00041470:·2d2d·7368·6f77·666f·726d·6174·3d27·247b··--showformat='${
 00041480:·6462·3a53·7461·7475·732d·5374·6174·7573··db:Status-Status
000412e0:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet· 
000412f0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
00041300:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
00041310:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
00041320:·6964·3d22·6964·6d36·3838·3622·3e3c·7461··id="idm6886"><ta 
00041330:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
00041340:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
00041350:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
00041360:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
00041370:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
00041380:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</ 
00041390:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
000413a0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
000413b0:·3c74·643e·6d65·6469·756d·3c2f·7464·3e3c··<td>medium</td>< 
000413c0:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo 
000413d0:·6f74·3a3c·2f74·683e·3c74·643e·7472·7565··ot:</th><td>true 
000413e0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
000413f0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
00041400:·3c74·643e·6469·7361·626c·653c·2f74·643e··<td>disable</td> 
00041410:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
00041420:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:· 
00041430:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa 
00041440:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa 
00041450:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma 
00041460:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta 
00041470:·6773·3a0a·2020·2d20·4e49·5354·2d38·3030··gs:.··-·NIST-800 
00041480:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-· 
00041490:·4e49·5354·2d38·3030·2d35·332d·434d·2d37··NIST-800-53-CM-7 
000414a0:·2861·290a·2020·2d20·4e49·5354·2d38·3030··(a).··-·NIST-800 
000414b0:·2d35·332d·434d·2d37·2862·290a·2020·2d20··-53-CM-7(b).··-· 
000414c0:·6469·7361·626c·655f·7374·7261·7465·6779··disable_strategy 
000414d0:·0a20·202d·206b·6572·6e65·6c5f·6d6f·6475··.··-·kernel_modu 
000414e0:·6c65·5f72·6473·5f64·6973·6162·6c65·640a··le_rds_disabled. 
000414f0:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi 
00041500:·7479·0a20·202d·206c·6f77·5f73·6576·6572··ty.··-·low_sever 
00041510:·6974·790a·2020·2d20·6d65·6469·756d·5f64··ity.··-·medium_d 
00041520:·6973·7275·7074·696f·6e0a·2020·2d20·7265··isruption.··-·re 
00041530:·626f·6f74·5f72·6571·7569·7265·640a·0a2d··boot_required..- 
00041540:·206e·616d·653a·2045·6e73·7572·6520·6b65···name:·Ensure·ke 
00041550:·726e·656c·206d·6f64·756c·6520·2772·6473··rnel·module·'rds 
00041560:·2720·6973·2064·6973·6162·6c65·640a·2020··'·is·disabled.·· 
00041570:·6c69·6e65·696e·6669·6c65·3a0a·2020·2020··lineinfile:.···· 
00041580:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.··· 
00041590:·2064·6573·743a·202f·6574·632f·6d6f·6470···dest:·/etc/modp 
000415a0:·726f·6265·2e64·2f72·6473·2e63·6f6e·660a··robe.d/rds.conf. 
000415b0:·2020·2020·7265·6765·7870·3a20·696e·7374······regexp:·inst 
000415c0:·616c·6c5c·732b·7264·730a·2020·2020·6c69··all\s+rds.····li 
000415d0:·6e65·3a20·696e·7374·616c·6c20·7264·7320··ne:·install·rds· 
000415e0:·2f62·696e·2f66·616c·7365·0a20·2077·6865··/bin/false.··whe 
000415f0:·6e3a·2027·226c·696e·7578·2d62·6173·6522··n:·'"linux-base"00041490:·7d0a·2720·276c·696e·7578·2d62·6173·6527··}.'·'linux-base'
 000414a0:·2032·2667·743b·2f64·6576·2f6e·756c·6c20···2&gt;/dev/null·
 000414b0:·7c20·6772·6570·202d·7120·5e69·6e73·7461··|·grep·-q·^insta
 000414c0:·6c6c·6564·3b20·7468·656e·0a0a·6966·204c··lled;·then..if·L
 000414d0:·435f·414c·4c3d·4320·6772·6570·202d·7120··C_ALL=C·grep·-q·
 000414e0:·2d6d·2031·2022·5e69·6e73·7461·6c6c·2072··-m·1·"^install·r
 000414f0:·6473·2220·2f65·7463·2f6d·6f64·7072·6f62··ds"·/etc/modprob
 00041500:·652e·642f·7264·732e·636f·6e66·203b·2074··e.d/rds.conf·;·t
 00041510:·6865·6e0a·090a·0973·6564·202d·6920·2773··hen....sed·-i·'s
 00041520:·235e·696e·7374·616c·6c20·7264·732e·2a23··#^install·rds.*#
 00041530:·696e·7374·616c·6c20·7264·7320·2f62·696e··install·rds·/bin
 00041540:·2f66·616c·7365·2367·2720·2f65·7463·2f6d··/false#g'·/etc/m
00041600:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
00041610:·732e·7061·636b·6167·6573·270a·2020·7461··s.packages'.··ta 
00041620:·6773·3a0a·2020·2d20·4e49·5354·2d38·3030··gs:.··-·NIST-800 
00041630:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-· 
00041640:·4e49·5354·2d38·3030·2d35·332d·434d·2d37··NIST-800-53-CM-7 
00041650:·2861·290a·2020·2d20·4e49·5354·2d38·3030··(a).··-·NIST-800 
00041660:·2d35·332d·434d·2d37·2862·290a·2020·2d20··-53-CM-7(b).··-· 
00041670:·6469·7361·626c·655f·7374·7261·7465·6779··disable_strategy 
00041680:·0a20·202d·206b·6572·6e65·6c5f·6d6f·6475··.··-·kernel_modu 
00041690:·6c65·5f72·6473·5f64·6973·6162·6c65·640a··le_rds_disabled. 
000416a0:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi 
000416b0:·7479·0a20·202d·206c·6f77·5f73·6576·6572··ty.··-·low_sever 
000416c0:·6974·790a·2020·2d20·6d65·6469·756d·5f64··ity.··-·medium_d 
000416d0:·6973·7275·7074·696f·6e0a·2020·2d20·7265··isruption.··-·re 
000416e0:·626f·6f74·5f72·6571·7569·7265·640a·0a2d··boot_required..- 
000416f0:·206e·616d·653a·2045·6e73·7572·6520·6b65···name:·Ensure·ke 
00041700:·726e·656c·206d·6f64·756c·6520·2772·6473··rnel·module·'rds 
00041710:·2720·6973·2062·6c61·636b·6c69·7374·6564··'·is·blacklisted 
00041720:·0a20·206c·696e·6569·6e66·696c·653a·0a20··.··lineinfile:.· 
00041730:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true. 
00041740:·2020·2020·6465·7374·3a20·2f65·7463·2f6d······dest:·/etc/m 
00041750:·6f64·7072·6f62·652e·642f·7264·732e·636f··odprobe.d/rds.co00041550:·6f64·7072·6f62·652e·642f·7264·732e·636f··odprobe.d/rds.co
 00041560:·6e66·0a65·6c73·650a·0965·6368·6f20·2d65··nf.else..echo·-e
 00041570:·2022·5c6e·2320·4469·7361·626c·6520·7065···"\n#·Disable·pe
 00041580:·7220·7365·6375·7269·7479·2072·6571·7569··r·security·requi
 00041590:·7265·6d65·6e74·7322·2026·6774·3b26·6774··rements"·&gt;&gt
 000415a0:·3b20·2f65·7463·2f6d·6f64·7072·6f62·652e··;·/etc/modprobe.
 000415b0:·642f·7264·732e·636f·6e66·0a09·6563·686f··d/rds.conf..echo
 000415c0:·2022·696e·7374·616c·6c20·7264·7320·2f62···"install·rds·/b
 000415d0:·696e·2f66·616c·7365·2220·2667·743b·2667··in/false"·&gt;&g
 000415e0:·743b·202f·6574·632f·6d6f·6470·726f·6265··t;·/etc/modprobe
 000415f0:·2e64·2f72·6473·2e63·6f6e·660a·6669·0a0a··.d/rds.conf.fi..
Max diff block lines reached; 1765611/1789237 bytes (98.68%) of diff not shown.
216 KB
html2text {}
    
Offset 304, 14 lines modifiedOffset 304, 38 lines modified
304 ···························SR·1.1,·SR·1.10,·SR·1.11,·SR·1.12,·SR·1.13,·SR·1.2,·SR·1.3,·SR304 ···························SR·1.1,·SR·1.10,·SR·1.11,·SR·1.12,·SR·1.13,·SR·1.2,·SR·1.3,·SR
305 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·1.4,·SR·1.5,·SR·1.6,·SR·1.7,·SR·1.8,·SR·1.9,·SR·2.1,·SR·2.2,·SR305 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·1.4,·SR·1.5,·SR·1.6,·SR·1.7,·SR·1.8,·SR·1.9,·SR·2.1,·SR·2.2,·SR
306 ···························2.3,·SR·2.4,·SR·2.5,·SR·2.6,·SR·2.7,·SR·7.6306 ···························2.3,·SR·2.4,·SR·2.5,·SR·2.6,·SR·2.7,·SR·7.6
307 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.12.1.2,·A.12.5.1,·A.12.6.2,·A.14.2.2,·A.14.2.3,·A.14.2.4,307 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.12.1.2,·A.12.5.1,·A.12.6.2,·A.14.2.2,·A.14.2.3,·A.14.2.4,
308 ···························A.9.1.2308 ···························A.9.1.2
309 ············_\x8n_\x8i_\x8s_\x8t···········CM-7(a),·CM-7(b),·CM-6(a)309 ············_\x8n_\x8i_\x8s_\x8t···········CM-7(a),·CM-7(b),·CM-6(a)
310 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.IP-1,·PR.PT-3310 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.IP-1,·PR.PT-3
 311 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 312 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 313 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 314 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
 315 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable
 316 #·Remediation·is·applicable·only·in·certain·platforms
 317 if·dpkg-query·--show·--showformat='${db:Status-Status}
 318 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
 319 if·LC_ALL=C·grep·-q·-m·1·"^install·rds"·/etc/modprobe.d/rds.conf·;·then
 320 »       
 321 »       sed·-i·'s#^install·rds.*#install·rds·/bin/false#g'·/etc/modprobe.d/rds.conf
 322 else
 323 »       echo·-e·"\n#·Disable·per·security·requirements"·>>·/etc/modprobe.d/rds.conf
 324 »       echo·"install·rds·/bin/false"·>>·/etc/modprobe.d/rds.conf
 325 fi
  
 326 if·!·LC_ALL=C·grep·-q·-m·1·"^blacklist·rds$"·/etc/modprobe.d/rds.conf·;·then
 327 »       echo·"blacklist·rds"·>>·/etc/modprobe.d/rds.conf
 328 fi
  
 329 else
 330 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 331 fi
311 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8332 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
312 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low333 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
313 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium334 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
314 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true335 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
315 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable336 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable
316 -·name:·Gather·the·package·facts337 -·name:·Gather·the·package·facts
317 ··package_facts:338 ··package_facts:
Offset 358, 38 lines modifiedOffset 382, 14 lines modified
358 ··-·NIST-800-53-CM-7(b)382 ··-·NIST-800-53-CM-7(b)
359 ··-·disable_strategy383 ··-·disable_strategy
360 ··-·kernel_module_rds_disabled384 ··-·kernel_module_rds_disabled
361 ··-·low_complexity385 ··-·low_complexity
362 ··-·low_severity386 ··-·low_severity
363 ··-·medium_disruption387 ··-·medium_disruption
364 ··-·reboot_required388 ··-·reboot_required
365 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
366 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
367 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
368 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true 
369 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable 
370 #·Remediation·is·applicable·only·in·certain·platforms 
371 if·dpkg-query·--show·--showformat='${db:Status-Status} 
372 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
373 if·LC_ALL=C·grep·-q·-m·1·"^install·rds"·/etc/modprobe.d/rds.conf·;·then 
374 »        
375 »       sed·-i·'s#^install·rds.*#install·rds·/bin/false#g'·/etc/modprobe.d/rds.conf 
376 else 
377 »       echo·-e·"\n#·Disable·per·security·requirements"·>>·/etc/modprobe.d/rds.conf 
378 »       echo·"install·rds·/bin/false"·>>·/etc/modprobe.d/rds.conf 
379 fi 
  
380 if·!·LC_ALL=C·grep·-q·-m·1·"^blacklist·rds$"·/etc/modprobe.d/rds.conf·;·then 
381 »       echo·"blacklist·rds"·>>·/etc/modprobe.d/rds.conf 
382 fi 
  
383 else 
384 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
385 fi 
386 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·D\x8Di\x8is\x8sa\x8ab\x8bl\x8le\x8e·T\x8TI\x8IP\x8PC\x8C·S\x8Su\x8up\x8pp\x8po\x8or\x8rt\x8t·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*389 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·D\x8Di\x8is\x8sa\x8ab\x8bl\x8le\x8e·T\x8TI\x8IP\x8PC\x8C·S\x8Su\x8up\x8pp\x8po\x8or\x8rt\x8t·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
387 The·Transparent·Inter-Process·Communication·(TIPC)·protocol·is·designed·to·provide390 The·Transparent·Inter-Process·Communication·(TIPC)·protocol·is·designed·to·provide
388 communications·between·nodes·in·a·cluster.·To·configure·the·system·to·prevent·the·tipc391 communications·between·nodes·in·a·cluster.·To·configure·the·system·to·prevent·the·tipc
389 kernel·module·from·being·loaded,·add·the·following·line·to·the·file·/etc/modprobe.d/392 kernel·module·from·being·loaded,·add·the·following·line·to·the·file·/etc/modprobe.d/
390 tipc.conf:393 tipc.conf:
391 install·tipc·/bin/false394 install·tipc·/bin/false
392 Warning: ·This·configuration·baseline·was·created·to·deploy·the·base·operating·system·for395 Warning: ·This·configuration·baseline·was·created·to·deploy·the·base·operating·system·for
Offset 414, 14 lines modifiedOffset 414, 38 lines modified
414 ···························2.3,·SR·2.4,·SR·2.5,·SR·2.6,·SR·2.7,·SR·7.6414 ···························2.3,·SR·2.4,·SR·2.5,·SR·2.6,·SR·2.7,·SR·7.6
415 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.12.1.2,·A.12.5.1,·A.12.6.2,·A.14.2.2,·A.14.2.3,·A.14.2.4,415 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.12.1.2,·A.12.5.1,·A.12.6.2,·A.14.2.2,·A.14.2.3,·A.14.2.4,
416 ···························A.9.1.2416 ···························A.9.1.2
417 ············_\x8n_\x8i_\x8s_\x8t···········CM-7(a),·CM-7(b),·CM-6(a)417 ············_\x8n_\x8i_\x8s_\x8t···········CM-7(a),·CM-7(b),·CM-6(a)
418 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.IP-1,·PR.PT-3418 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.IP-1,·PR.PT-3
419 ············_\x8o_\x8s_\x8p_\x8p···········FMT_SMF_EXT.1419 ············_\x8o_\x8s_\x8p_\x8p···········FMT_SMF_EXT.1
420 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000095-GPOS-00049420 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000095-GPOS-00049
 421 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 422 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 423 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 424 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
 425 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable
 426 #·Remediation·is·applicable·only·in·certain·platforms
 427 if·dpkg-query·--show·--showformat='${db:Status-Status}
 428 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
 429 if·LC_ALL=C·grep·-q·-m·1·"^install·tipc"·/etc/modprobe.d/tipc.conf·;·then
 430 »       
 431 »       sed·-i·'s#^install·tipc.*#install·tipc·/bin/false#g'·/etc/modprobe.d/tipc.conf
 432 else
 433 »       echo·-e·"\n#·Disable·per·security·requirements"·>>·/etc/modprobe.d/tipc.conf
 434 »       echo·"install·tipc·/bin/false"·>>·/etc/modprobe.d/tipc.conf
 435 fi
  
 436 if·!·LC_ALL=C·grep·-q·-m·1·"^blacklist·tipc$"·/etc/modprobe.d/tipc.conf·;·then
 437 »       echo·"blacklist·tipc"·>>·/etc/modprobe.d/tipc.conf
 438 fi
  
 439 else
 440 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 441 fi
421 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8442 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
422 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low443 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
423 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium444 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
424 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true445 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
425 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable446 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable
426 -·name:·Gather·the·package·facts447 -·name:·Gather·the·package·facts
427 ··package_facts:448 ··package_facts:
Offset 468, 38 lines modifiedOffset 492, 14 lines modified
468 ··-·NIST-800-53-CM-7(b)492 ··-·NIST-800-53-CM-7(b)
469 ··-·disable_strategy493 ··-·disable_strategy
470 ··-·kernel_module_tipc_disabled494 ··-·kernel_module_tipc_disabled
471 ··-·low_complexity495 ··-·low_complexity
472 ··-·low_severity496 ··-·low_severity
473 ··-·medium_disruption497 ··-·medium_disruption
474 ··-·reboot_required498 ··-·reboot_required
475 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
476 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
477 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
Max diff block lines reached; 215391/221670 bytes (97.17%) of diff not shown.
1.23 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-standard.html
    
Offset 16249, 783 lines modifiedOffset 16249, 783 lines modified
0003f780:·612d·7461·7267·6574·3d22·2369·646d·3531··a-target="#idm510003f780:·612d·7461·7267·6574·3d22·2369·646d·3531··a-target="#idm51
0003f790:·3932·2220·7461·6269·6e64·6578·3d22·3022··92"·tabindex="0"0003f790:·3932·2220·7461·6269·6e64·6578·3d22·3022··92"·tabindex="0"
0003f7a0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a0003f7a0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003f7b0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa0003f7b0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003f7c0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti0003f7c0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003f7d0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·0003f7d0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
Diff chunk too large, falling back to line-by-line diff (769 lines added, 769 lines removed)
0003f7e0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi0003f7e0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
0003f7f0:·6174·696f·6e20·416e·7369·626c·6520·736e··ation·Ansible·sn0003f7f0:·6174·696f·6e20·5368·656c·6c20·7363·7269··ation·Shell·scri
0003f800:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br0003f800:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
0003f810:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan0003f810:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0003f820:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll0003f820:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
0003f830:·6170·7365·2220·6964·3d22·6964·6d35·3139··apse"·id="idm5190003f830:·6522·2069·643d·2269·646d·3531·3932·223e··e"·id="idm5192">
0003f840:·3222·3e3c·7461·626c·6520·636c·6173·733d··2"><table·class=0003f840:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
0003f850:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str0003f850:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
0003f860:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde0003f860:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
0003f870:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden0003f870:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
0003f880:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com0003f880:·0a69·6620·6470·6b67·2d71·7565·7279·202d··.if·dpkg-query·-
0003f890:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td0003f890:·2d73·686f·7720·2d2d·7368·6f77·666f·726d··-show·--showform
0003f8a0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t0003f8a0:·6174·3d27·247b·6462·3a53·7461·7475·732d··at='${db:Status-
0003f8b0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption0003f8b0:·5374·6174·7573·7d0a·2720·276c·696e·7578··Status}.'·'linux
0003f8c0:·3a3c·2f74·683e·3c74·643e·6d65·6469·756d··:</th><td>medium0003f8c0:·2d62·6173·6527·2032·2667·743b·2f64·6576··-base'·2&gt;/dev
0003f8d0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003f8d0:·2f6e·756c·6c20·7c20·6772·6570·202d·7120··/null·|·grep·-q·
0003f8e0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t0003f8e0:·5e69·6e73·7461·6c6c·6564·2026·616d·703b··^installed·&amp;
0003f8f0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr0003f8f0:·2661·6d70·3b20·6470·6b67·2d71·7565·7279··&amp;·dpkg-query
0003f900:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg0003f900:·202d·2d73·686f·7720·2d2d·7368·6f77·666f···--show·--showfo
0003f910:·793a·3c2f·7468·3e3c·7464·3e63·6f6e·6669··y:</th><td>confi0003f910:·726d·6174·3d27·247b·6462·3a53·7461·7475··rmat='${db:Statu
0003f920:·6775·7265·3c2f·7464·3e3c·2f74·723e·3c2f··gure</td></tr></0003f920:·732d·5374·6174·7573·7d5c·6e27·2027·7273··s-Status}\n'·'rs
0003f930:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code0003f930:·7973·6c6f·6727·2032·2667·743b·2f64·6576··yslog'·2&gt;/dev
0003f940:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather·0003f940:·2f6e·756c·6c20·7c20·6772·6570·202d·7120··/null·|·grep·-q·
0003f950:·7468·6520·7061·636b·6167·6520·6661·6374··the·package·fact0003f950:·275e·696e·7374·616c·6c65·6427·3b20·7468··'^installed';·th
0003f960:·730a·2020·7061·636b·6167·655f·6661·6374··s.··package_fact0003f960:·656e·0a0a·2320·4c69·7374·206f·6620·6c6f··en..#·List·of·lo
0003f970:·733a·0a20·2020·206d·616e·6167·6572·3a20··s:.····manager:·0003f970:·6720·6669·6c65·2070·6174·6873·2074·6f20··g·file·paths·to·
0003f980:·6175·746f·0a20·2074·6167·733a·0a20·202d··auto.··tags:.··-0003f980:·6265·2069·6e73·7065·6374·6564·2066·6f72··be·inspected·for
0003f990:·204e·4953·542d·3830·302d·3533·2d41·432d···NIST-800-53-AC-0003f990:·2063·6f72·7265·6374·2070·6572·6d69·7373···correct·permiss
0003f9a0:·3628·3129·0a20·202d·204e·4953·542d·3830··6(1).··-·NIST-800003f9a0:·696f·6e73·0a23·202a·2050·7269·6d61·7269··ions.#·*·Primari
0003f9b0:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··-0003f9b0:·6c79·2069·6e73·7065·6374·206c·6f67·2066··ly·inspect·log·f
0003f9c0:·2050·4349·2d44·5353·2d52·6571·2d31·302e···PCI-DSS-Req-10.0003f9c0:·696c·6520·7061·7468·7320·6c69·7374·6564··ile·paths·listed
0003f9d0:·352e·310a·2020·2d20·5043·492d·4453·532d··5.1.··-·PCI-DSS-0003f9d0:·2069·6e20·2f65·7463·2f72·7379·736c·6f67···in·/etc/rsyslog
0003f9e0:·5265·712d·3130·2e35·2e32·0a20·202d·2050··Req-10.5.2.··-·P0003f9e0:·2e63·6f6e·660a·5253·5953·4c4f·475f·4554··.conf.RSYSLOG_ET
0003f9f0:·4349·2d44·5353·7634·2d31·302e·330a·2020··CI-DSSv4-10.3.··0003f9f0:·435f·434f·4e46·4947·3d22·2f65·7463·2f72··C_CONFIG="/etc/r
0003fa00:·2d20·5043·492d·4453·5376·342d·3130·2e33··-·PCI-DSSv4-10.30003fa00:·7379·736c·6f67·2e63·6f6e·6622·0a23·202a··syslog.conf".#·*
0003fa10:·2e32·0a20·202d·2063·6f6e·6669·6775·7265··.2.··-·configure0003fa10:·2041·6e64·2061·6c73·6f20·7468·6520·6c6f···And·also·the·lo
0003fa20:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo0003fa20:·6720·6669·6c65·2070·6174·6873·206c·6973··g·file·paths·lis
0003fa30:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-0003fa30:·7465·6420·6166·7465·7220·7273·7973·6c6f··ted·after·rsyslo
0003fa40:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti0003fa40:·6727·7320·2449·6e63·6c75·6465·436f·6e66··g's·$IncludeConf
0003fa50:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se0003fa50:·6967·2064·6972·6563·7469·7665·0a23·2020··ig·directive.#··
0003fa60:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re0003fa60:·2028·7374·6f72·6520·7468·6520·7265·7375···(store·the·resu
0003fa70:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003fa70:·6c74·2069·6e74·6f20·6172·7261·7920·666f··lt·into·array·fo
0003fa80:·7273·7973·6c6f·675f·6669·6c65·735f·6772··rsyslog_files_gr0003fa80:·7220·7468·6520·6361·7365·2074·6865·7265··r·the·case·there
0003fa90:·6f75·706f·776e·6572·7368·6970·0a0a·2d20··oupownership..-·0003fa90:·2773·2073·6865·6c6c·2067·6c6f·6220·7573··'s·shell·glob·us
0003faa0:·6e61·6d65·3a20·456e·7375·7265·204c·6f67··name:·Ensure·Log0003faa0:·6564·2061·7320·7661·6c75·6520·6f66·2049··ed·as·value·of·I
0003fab0:·2046·696c·6573·2041·7265·204f·776e·6564···Files·Are·Owned0003fab0:·6e63·6c75·6465·436f·6e66·6967·290a·7265··ncludeConfig).re
0003fac0:·2042·7920·4170·7072·6f70·7269·6174·6520···By·Appropriate·0003fac0:·6164·6172·7261·7920·2d74·204f·4c44·5f49··adarray·-t·OLD_I
0003fad0:·4772·6f75·7020·2d20·5365·7420·7273·7973··Group·-·Set·rsys0003fad0:·4e43·2026·6c74·3b20·266c·743b·2867·7265··NC·&lt;·&lt;(gre
0003fae0:·6c6f·6720·6c6f·6766·696c·6520·636f·6e66··log·logfile·conf0003fae0:·7020·2d65·2022·5c24·496e·636c·7564·6543··p·-e·"\$IncludeC
0003faf0:·6967·7572·6174·696f·6e0a·2020·2020·6661··iguration.····fa0003faf0:·6f6e·6669·675b·5b3a·7370·6163·653a·5d5d··onfig[[:space:]]
0003fb00:·6374·730a·2020·616e·7369·626c·652e·6275··cts.··ansible.bu0003fb00:·5c2b·5b5e·5b3a·7370·6163·653a·5d3b·5d5c··\+[^[:space:];]\
0003fb10:·696c·7469·6e2e·7365·745f·6661·6374·3a0a··iltin.set_fact:.0003fb10:·2b22·202f·6574·632f·7273·7973·6c6f·672e··+"·/etc/rsyslog.
0003fb20:·2020·2020·7273·7973·6c6f·675f·6574·635f······rsyslog_etc_0003fb20:·636f·6e66·207c·2063·7574·202d·6420·2720··conf·|·cut·-d·'·
0003fb30:·636f·6e66·6967·3a20·2f65·7463·2f72·7379··config:·/etc/rsy0003fb30:·2720·2d66·2032·290a·7265·6164·6172·7261··'·-f·2).readarra
0003fb40:·736c·6f67·2e63·6f6e·660a·2020·7768·656e··slog.conf.··when0003fb40:·7920·2d74·2052·5359·534c·4f47·5f49·4e43··y·-t·RSYSLOG_INC
0003fb50:·3a0a·2020·2d20·2722·6c69·6e75·782d·6261··:.··-·'"linux-ba0003fb50:·4c55·4445·5f43·4f4e·4649·4720·266c·743b··LUDE_CONFIG·&lt;
0003fb60:·7365·2220·696e·2061·6e73·6962·6c65·5f66··se"·in·ansible_f0003fb60:·2026·6c74·3b28·666f·7220·494e·4350·4154···&lt;(for·INCPAT
0003fb70:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·0003fb70:·4820·696e·2022·247b·4f4c·445f·494e·435b··H·in·"${OLD_INC[
0003fb80:·202d·2027·2272·7379·736c·6f67·2220·696e···-·'"rsyslog"·in0003fb80:·405d·7d22·3b20·646f·2065·7661·6c20·7072··@]}";·do·eval·pr
0003fb90:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003fb90:·696e·7466·2027·2573·5c5c·6e27·2022·247b··intf·'%s\\n'·"${
0003fba0:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags:0003fba0:·494e·4350·4154·487d·223b·2064·6f6e·6529··INCPATH}";·done)
0003fbb0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003fbb0:·0a72·6561·6461·7272·6179·202d·7420·4e45··.readarray·-t·NE
0003fbc0:·2d41·432d·3628·3129·0a20·202d·204e·4953··-AC-6(1).··-·NIS0003fbc0:·575f·494e·4320·266c·743b·2026·6c74·3b28··W_INC·&lt;·&lt;(
0003fbd0:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a)0003fbd0:·7365·6420·2d6e·2027·2f5e·5c73·2a69·6e63··sed·-n·'/^\s*inc
0003fbe0:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003fbe0:·6c75·6465·282f·2c2f·292f·4970·2720·2f65··lude(/,/)/Ip'·/e
0003fbf0:·2d31·302e·352e·310a·2020·2d20·5043·492d··-10.5.1.··-·PCI-0003fbf0:·7463·2f72·7379·736c·6f67·2e63·6f6e·6620··tc/rsyslog.conf·
0003fc00:·4453·532d·5265·712d·3130·2e35·2e32·0a20··DSS-Req-10.5.2.·0003fc00:·7c20·7365·6420·2d6e·2027·7340·2e2a·6669··|·sed·-n·'s@.*fi
0003fc10:·202d·2050·4349·2d44·5353·7634·2d31·302e···-·PCI-DSSv4-10.0003fc10:·6c65·5c73·2a3d·5c73·2a22·5c28·5b2f·5b3a··le\s*=\s*"\([/[:
0003fc20:·330a·2020·2d20·5043·492d·4453·5376·342d··3.··-·PCI-DSSv4-0003fc20:·616c·6e75·6d3a·5d5b·3a70·756e·6374·3a5d··alnum:][:punct:]
0003fc30:·3130·2e33·2e32·0a20·202d·2063·6f6e·6669··10.3.2.··-·confi0003fc30:·5d2a·5c29·222e·2a40·5c31·4049·7027·290a··]*\)".*@\1@Ip').
0003fc40:·6775·7265·5f73·7472·6174·6567·790a·2020··gure_strategy.··0003fc40:·7265·6164·6172·7261·7920·2d74·2052·5359··readarray·-t·RSY
0003fc50:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity0003fc50:·534c·4f47·5f49·4e43·4c55·4445·2026·6c74··SLOG_INCLUDE·&lt
0003fc60:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003fc60:·3b20·266c·743b·2866·6f72·2049·4e43·5041··;·&lt;(for·INCPA
0003fc70:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu0003fc70:·5448·2069·6e20·2224·7b4e·4557·5f49·4e43··TH·in·"${NEW_INC
0003fc80:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n0003fc80:·5b40·5d7d·223b·2064·6f20·6576·616c·2070··[@]}";·do·eval·p
0003fc90:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003fc90:·7269·6e74·6620·2725·735c·5c6e·2720·2224··rintf·'%s\\n'·"$
0003fca0:·2020·2d20·7273·7973·6c6f·675f·6669·6c65····-·rsyslog_file0003fca0:·7b49·4e43·5041·5448·7d22·3b20·646f·6e65··{INCPATH}";·done
0003fcb0:·735f·6772·6f75·706f·776e·6572·7368·6970··s_groupownership0003fcb0:·290a·0a23·2044·6563·6c61·7265·2061·6e20··)..#·Declare·an·
0003fcc0:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure0003fcc0:·6172·7261·7920·746f·2068·6f6c·6420·7468··array·to·hold·th
0003fcd0:·204c·6f67·2046·696c·6573·2041·7265·204f···Log·Files·Are·O0003fcd0:·6520·6669·6e61·6c20·6c69·7374·206f·6620··e·final·list·of·
0003fce0:·776e·6564·2042·7920·4170·7072·6f70·7269··wned·By·Appropri0003fce0:·6469·6666·6572·656e·7420·6c6f·6720·6669··different·log·fi
0003fcf0:·6174·6520·4772·6f75·7020·2d20·4765·7420··ate·Group·-·Get·0003fcf0:·6c65·2070·6174·6873·0a64·6563·6c61·7265··le·paths.declare
0003fd00:·496e·636c·7564·6543·6f6e·6669·6720·6469··IncludeConfig·di0003fd00:·202d·6120·4c4f·475f·4649·4c45·5f50·4154···-a·LOG_FILE_PAT
0003fd10:·7265·6374·6976·650a·2020·616e·7369·626c··rective.··ansibl0003fd10:·4853·0a0a·2320·4172·7261·7920·746f·2068··HS..#·Array·to·h
0003fd20:·652e·6275·696c·7469·6e2e·7368·656c·6c3a··e.builtin.shell:0003fd20:·6f6c·6420·616c·6c20·7273·7973·6c6f·6720··old·all·rsyslog·
0003fd30:·207c·0a20·2020·2073·6574·202d·6f20·7069···|.····set·-o·pi0003fd30:·636f·6e66·6967·2065·6e74·7269·6573·0a52··config·entries.R
0003fd40:·7065·6661·696c·0a20·2020·2067·7265·7020··pefail.····grep·0003fd40:·5359·534c·4f47·5f43·4f4e·4649·4753·3d28··SYSLOG_CONFIGS=(
0003fd50:·2d65·2027·2449·6e63·6c75·6465·436f·6e66··-e·'$IncludeConf0003fd50:·290a·5253·5953·4c4f·475f·434f·4e46·4947··).RSYSLOG_CONFIG
0003fd60:·6967·2720·7b7b·2072·7379·736c·6f67·5f65··ig'·{{·rsyslog_e0003fd60:·533d·2822·247b·5253·5953·4c4f·475f·4554··S=("${RSYSLOG_ET
0003fd70:·7463·5f63·6f6e·6669·6720·7d7d·207c·2063··tc_config·}}·|·c0003fd70:·435f·434f·4e46·4947·7d22·2022·247b·5253··C_CONFIG}"·"${RS
0003fd80:·7574·202d·6420·2720·2720·2d66·2032·207c··ut·-d·'·'·-f·2·|0003fd80:·5953·4c4f·475f·494e·434c·5544·455f·434f··YSLOG_INCLUDE_CO
0003fd90:·7c20·7472·7565·0a20·2072·6567·6973·7465··|·true.··registe0003fd90:·4e46·4947·5b40·5d7d·2220·2224·7b52·5359··NFIG[@]}"·"${RSY
0003fda0:·723a·2072·7379·736c·6f67·5f6f·6c64·5f69··r:·rsyslog_old_i0003fda0:·534c·4f47·5f49·4e43·4c55·4445·5b40·5d7d··SLOG_INCLUDE[@]}
0003fdb0:·6e63·0a20·2063·6861·6e67·6564·5f77·6865··nc.··changed_whe0003fdb0:·2229·0a0a·2320·4765·7420·6675·6c6c·206c··")..#·Get·full·l
0003fdc0:·6e3a·2066·616c·7365·0a20·2077·6865·6e3a··n:·false.··when:0003fdc0:·6973·7420·6f66·2066·696c·6573·2074·6f20··ist·of·files·to·
0003fdd0:·0a20·202d·2027·226c·696e·7578·2d62·6173··.··-·'"linux-bas0003fdd0:·6265·2063·6865·636b·6564·0a23·2052·5359··be·checked.#·RSY
0003fde0:·6522·2069·6e20·616e·7369·626c·655f·6661··e"·in·ansible_fa0003fde0:·534c·4f47·5f43·4f4e·4649·4753·206d·6179··SLOG_CONFIGS·may
0003fdf0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··0003fdf0:·2063·6f6e·7461·696e·2067·6c6f·6273·2073···contain·globs·s
0003fe00:·2d20·2722·7273·7973·6c6f·6722·2069·6e20··-·'"rsyslog"·in·0003fe00:·7563·6820·6173·0a23·202f·6574·632f·7273··uch·as.#·/etc/rs
0003fe10:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003fe10:·7973·6c6f·672e·642f·2a2e·636f·6e66·202f··yslog.d/*.conf·/
0003fe20:·636b·6167·6573·270a·2020·7461·6773·3a0a··ckages'.··tags:.0003fe20:·6574·632f·7273·7973·6c6f·672e·642f·2a2e··etc/rsyslog.d/*.
0003fe30:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003fe30:·6672·756c·650a·2320·536f·2c20·6c6f·6f70··frule.#·So,·loop
0003fe40:·4143·2d36·2831·290a·2020·2d20·4e49·5354··AC-6(1).··-·NIST0003fe40:·206f·7665·7220·7468·6520·656e·7472·6965···over·the·entrie
0003fe50:·2d38·3030·2d35·332d·434d·2d36·2861·290a··-800-53-CM-6(a).0003fe50:·7320·696e·2052·5359·534c·4f47·5f43·4f4e··s·in·RSYSLOG_CON
0003fe60:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-0003fe60:·4649·4753·2061·6e64·2075·7365·2066·696e··FIGS·and·use·fin
0003fe70:·3130·2e35·2e31·0a20·202d·2050·4349·2d44··10.5.1.··-·PCI-D0003fe70:·6420·746f·2067·6574·2074·6865·206c·6973··d·to·get·the·lis
0003fe80:·5353·2d52·6571·2d31·302e·352e·320a·2020··SS-Req-10.5.2.··0003fe80:·7420·6f66·2069·6e63·6c75·6465·6420·6669··t·of·included·fi
0003fe90:·2d20·5043·492d·4453·5376·342d·3130·2e33··-·PCI-DSSv4-10.30003fe90:·6c65·732e·0a52·5359·534c·4f47·5f43·4f4e··les..RSYSLOG_CON
0003fea0:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-10003fea0:·4649·475f·4649·4c45·533d·2829·0a66·6f72··FIG_FILES=().for
0003feb0:·302e·332e·320a·2020·2d20·636f·6e66·6967··0.3.2.··-·config0003feb0:·2045·4e54·5259·2069·6e20·2224·7b52·5359···ENTRY·in·"${RSY
0003fec0:·7572·655f·7374·7261·7465·6779·0a20·202d··ure_strategy.··-0003fec0:·534c·4f47·5f43·4f4e·4649·4753·5b40·5d7d··SLOG_CONFIGS[@]}
0003fed0:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity.0003fed0:·220a·646f·0a09·2320·4966·2064·6972·6563··".do..#·If·direc
0003fee0:·2020·2d20·6d65·6469·756d·5f64·6973·7275····-·medium_disru0003fee0:·746f·7279·2c20·7273·7973·6c6f·6720·7769··tory,·rsyslog·wi
0003fef0:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium0003fef0:·6c6c·2073·6561·7263·6820·666f·7220·636f··ll·search·for·co
0003ff00:·5f73·6576·6572·6974·790a·2020·2d20·6e6f··_severity.··-·no0003ff00:·6e66·6967·2066·696c·6573·2069·6e20·7265··nfig·files·in·re
0003ff10:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·0003ff10:·6375·7273·6976·656c·792e·0a09·2320·486f··cursively...#·Ho
0003ff20:·202d·2072·7379·736c·6f67·5f66·696c·6573···-·rsyslog_files0003ff20:·7765·7665·722c·2066·696c·6573·2069·6e20··wever,·files·in·
0003ff30:·5f67·726f·7570·6f77·6e65·7273·6869·700a··_groupownership.0003ff30:·6869·6464·656e·2073·7562·2d64·6972·6563··hidden·sub-direc
0003ff40:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·0003ff40:·746f·7269·6573·206f·7220·6869·6464·656e··tories·or·hidden
0003ff50:·4c6f·6720·4669·6c65·7320·4172·6520·4f77··Log·Files·Are·Ow0003ff50:·2066·696c·6573·2077·696c·6c20·6265·2069···files·will·be·i
Max diff block lines reached; 1044782/1151484 bytes (90.73%) of diff not shown.
134 KB
html2text {}
    
Offset 264, 14 lines modifiedOffset 264, 142 lines modified
264 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-007-3·R2.1,·CIP-007-3·R2.2,·CIP-007-3·R2.3,·CIP-264 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-007-3·R2.1,·CIP-007-3·R2.2,·CIP-007-3·R2.3,·CIP-
265 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2265 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2
266 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)266 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)
267 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5267 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5
268 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.5.1,·Req-10.5.2268 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.5.1,·Req-10.5.2
269 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R71269 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R71
270 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.3.2,·10.3270 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.3.2,·10.3
 271 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 272 #·Remediation·is·applicable·only·in·certain·platforms
 273 if·dpkg-query·--show·--showformat='${db:Status-Status}
 274 '·'linux-base'·2>/dev/null·|·grep·-q·^installed·&&·dpkg-query·--show·--
 275 showformat='${db:Status-Status}\n'·'rsyslog'·2>/dev/null·|·grep·-
 276 q·'^installed';·then
  
 277 #·List·of·log·file·paths·to·be·inspected·for·correct·permissions
 278 #·*·Primarily·inspect·log·file·paths·listed·in·/etc/rsyslog.conf
 279 RSYSLOG_ETC_CONFIG="/etc/rsyslog.conf"
 280 #·*·And·also·the·log·file·paths·listed·after·rsyslog's·$IncludeConfig·directive
 281 #···(store·the·result·into·array·for·the·case·there's·shell·glob·used·as·value
 282 of·IncludeConfig)
 283 readarray·-t·OLD_INC·<·<(grep·-e·"\$IncludeConfig[[:space:]]\+[^[:space:];]\+"
 284 /etc/rsyslog.conf·|·cut·-d·'·'·-f·2)
 285 readarray·-t·RSYSLOG_INCLUDE_CONFIG·<·<(for·INCPATH·in·"${OLD_INC[@]}";·do·eval
 286 printf·'%s\\n'·"${INCPATH}";·done)
 287 readarray·-t·NEW_INC·<·<(sed·-n·'/^\s*include(/,/)/Ip'·/etc/rsyslog.conf·|·sed
 288 -n·'s@.*file\s*=\s*"\([/[:alnum:][:punct:]]*\)".*@\1@Ip')
 289 readarray·-t·RSYSLOG_INCLUDE·<·<(for·INCPATH·in·"${NEW_INC[@]}";·do·eval·printf
 290 '%s\\n'·"${INCPATH}";·done)
  
 291 #·Declare·an·array·to·hold·the·final·list·of·different·log·file·paths
 292 declare·-a·LOG_FILE_PATHS
  
 293 #·Array·to·hold·all·rsyslog·config·entries
 294 RSYSLOG_CONFIGS=()
 295 RSYSLOG_CONFIGS=("${RSYSLOG_ETC_CONFIG}"·"${RSYSLOG_INCLUDE_CONFIG[@]}"·"$
 296 {RSYSLOG_INCLUDE[@]}")
  
 297 #·Get·full·list·of·files·to·be·checked
 298 #·RSYSLOG_CONFIGS·may·contain·globs·such·as
 299 #·/etc/rsyslog.d/*.conf·/etc/rsyslog.d/*.frule
 300 #·So,·loop·over·the·entries·in·RSYSLOG_CONFIGS·and·use·find·to·get·the·list·of
 301 included·files.
 302 RSYSLOG_CONFIG_FILES=()
 303 for·ENTRY·in·"${RSYSLOG_CONFIGS[@]}"
 304 do
 305 »       #·If·directory,·rsyslog·will·search·for·config·files·in·recursively.
 306 »       #·However,·files·in·hidden·sub-directories·or·hidden·files·will·be·ignored.
 307 »       if·[·-d·"${ENTRY}"·]
 308 »       then
 309 »       »       readarray·-t·FINDOUT·<·<(find·"${ENTRY}"·-not·-path·'*/.*'·-type·f)
 310 »       »       RSYSLOG_CONFIG_FILES+=("${FINDOUT[@]}")
 311 »       elif·[·-f·"${ENTRY}"·]
 312 »       then
 313 »       »       RSYSLOG_CONFIG_FILES+=("${ENTRY}")
 314 »       else
 315 »       »       echo·"Invalid·include·object:·${ENTRY}"
 316 »       fi
 317 done
  
 318 #·Browse·each·file·selected·above·as·containing·paths·of·log·files
 319 #·('/etc/rsyslog.conf'·and·'/etc/rsyslog.d/*.conf'·in·the·default
 320 configuration)
 321 for·LOG_FILE·in·"${RSYSLOG_CONFIG_FILES[@]}"
 322 do
 323 »       #·From·each·of·these·files·extract·just·particular·log·file·path(s),·thus:
 324 »       #·*·Ignore·lines·starting·with·space·('·'),·comment·('#"),·or·variable·syntax
 325 ('$')·characters,
 326 »       #·*·Ignore·empty·lines,
 327 »       #·*·Strip·quotes·and·closing·brackets·from·paths.
 328 »       #·*·Ignore·paths·that·match·/dev|/etc.*\.conf,·as·those·are·paths,·but·likely
 329 not·log·files
 330 »       #·*·From·the·remaining·valid·rows·select·only·fields·constituting·a·log·file
 331 path
 332 »       #·Text·file·column·is·understood·to·represent·a·log·file·path·if·and·only·if
 333 all·of·the
 334 »       #·following·are·met:
 335 »       #·*·it·contains·at·least·one·slash·'/'·character,
 336 »       #·*·it·is·preceded·by·space
 337 »       #·*·it·doesn't·contain·space·('·'),·colon·(':'),·and·semicolon·(';')
 338 characters
 339 »       #·Search·log·file·for·path(s)·only·in·case·it·exists!
 340 »       if·[[·-f·"${LOG_FILE}"·]]
 341 »       then
 342 »       »       NORMALIZED_CONFIG_FILE_LINES=$(sed·-e·"/^[#|$]/d"·"${LOG_FILE}")
 343 »       »       LINES_WITH_PATHS=$(grep·'[^/]*\s\+\S*/\S\+$'·<<<·"$
 344 {NORMALIZED_CONFIG_FILE_LINES}")
 345 »       »       FILTERED_PATHS=$(awk·'{if(NF>=2&&($NF~/^\//||$NF~/^-\//)){sub(/^-\//,"/
 346 ",$NF);print·$NF}}'·<<<·"${LINES_WITH_PATHS}")
 347 »       »       CLEANED_PATHS=$(sed·-e·"s/[\"')]//g;·/\\/etc.*\.conf/d;·/\\/dev\\//d"·<<<·"$
 348 {FILTERED_PATHS}")
 349 »       »       MATCHED_ITEMS=$(sed·-e·"/^$/d"·<<<·"${CLEANED_PATHS}")
 350 »       »       #·Since·above·sed·command·might·return·more·than·one·item·(delimited·by
 351 newline),·split
 352 »       »       #·the·particular·matches·entries·into·new·array·specific·for·this·log·file
 353 »       »       readarray·-t·ARRAY_FOR_LOG_FILE·<<<·"$MATCHED_ITEMS"
 354 »       »       #·Concatenate·the·two·arrays·-·previous·content·of·$LOG_FILE_PATHS·array·with
 355 »       »       #·items·from·newly·created·array·for·this·log·file
 356 »       »       LOG_FILE_PATHS+=("${ARRAY_FOR_LOG_FILE[@]}")
 357 »       »       #·Delete·the·temporary·array
 358 »       »       unset·ARRAY_FOR_LOG_FILE
 359 »       fi
 360 done
  
 361 #·Check·for·RainerScript·action·log·format·which·might·be·also·multiline·so
 362 grep·regex·is·a·bit
 363 #·curly:
 364 #·extract·possibly·multiline·action·omfile·expressions
 365 #·extract·File="logfile"·expression
 366 #·match·only·"logfile"·expression
 367 for·LOG_FILE·in·"${RSYSLOG_CONFIG_FILES[@]}"
 368 do
 369 »       ACTION_OMFILE_LINES=$(grep·-iozP·"action\s*\(\s*type\s*=\s*\"omfile\"[^\)]*\)"
 370 "${LOG_FILE}")
 371 »       OMFILE_LINES=$(echo·"${ACTION_OMFILE_LINES}"|·grep·-iaoP·"\bFile\s*=\s*\"([/[:
 372 alnum:][:punct:]]*)\"\s*\)")
 373 »       LOG_FILE_PATHS+=("$(echo·"${OMFILE_LINES}"|·grep·-oE·"\"([/[:alnum:][:punct:
 374 ]]*)\""|tr·-d·"\"")")
 375 done
  
 376 #·Ensure·the·correct·attribute·if·file·exists
 377 FILE_CMD="chgrp"
 378 for·LOG_FILE_PATH·in·"${LOG_FILE_PATHS[@]}"
 379 do
 380 »       #·Sanity·check·-·if·particular·$LOG_FILE_PATH·is·empty·string,·skip·it·from
 381 further·processing
 382 »       if·[·-z·"$LOG_FILE_PATH"·]
 383 »       then
Max diff block lines reached; 131476/137127 bytes (95.88%) of diff not shown.
6.94 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level1_server.html
    
Offset 15133, 150 lines modifiedOffset 15133, 150 lines modified
0003b1c0:·612d·7461·7267·6574·3d22·2369·646d·3237··a-target="#idm270003b1c0:·612d·7461·7267·6574·3d22·2369·646d·3237··a-target="#idm27
0003b1d0:·3634·2220·7461·6269·6e64·6578·3d22·3022··64"·tabindex="0"0003b1d0:·3634·2220·7461·6269·6e64·6578·3d22·3022··64"·tabindex="0"
0003b1e0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a0003b1e0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003b1f0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa0003b1f0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003b200:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti0003b200:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003b210:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·0003b210:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003b220:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi0003b220:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
 0003b230:·6174·696f·6e20·5368·656c·6c20·7363·7269··ation·Shell·scri
 0003b240:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
 0003b250:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
 0003b260:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
 0003b270:·6522·2069·643d·2269·646d·3237·3634·223e··e"·id="idm2764">
 0003b280:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
 0003b290:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
 0003b2a0:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
 0003b2b0:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
 0003b2c0:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
 0003b2d0:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo
 0003b2e0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003b2f0:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
0003b230:·6174·696f·6e20·4f53·4275·696c·6420·426c··ation·OSBuild·Bl 
0003b240:·7565·7072·696e·7420·736e·6970·7065·7420··ueprint·snippet· 
0003b250:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003b260:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003b270:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003b280:·6964·3d22·6964·6d32·3736·3422·3e3c·7072··id="idm2764"><pr 
0003b290:·653e·3c63·6f64·653e·0a5b·5b70·6163·6b61··e><code>.[[packa 
0003b2a0:·6765·735d·5d0a·6e61·6d65·203d·2022·6169··ges]].name·=·"ai 
0003b2b0:·6465·220a·7665·7273·696f·6e20·3d20·222a··de".version·=·"* 
0003b2c0:·220a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··".</code></pre>< 
0003b2d0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003b2e0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003b2f0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003b300:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003b310:·6574·3d22·2369·646d·3237·3635·2220·7461··et="#idm2765"·ta 
0003b320:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003b330:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003b340:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003b350:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003b360:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003b370:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003b380:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet· 
0003b390:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003b3a0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003b3b0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003b3c0:·6964·3d22·6964·6d32·3736·3522·3e3c·7461··id="idm2765"><ta 
0003b3d0:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003b3e0:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003b3f0:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
0003b400:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
0003b410:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
0003b420:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</0003b300:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
0003b430:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>0003b310:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo
 0003b320:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals
 0003b330:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><
 0003b340:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
 0003b350:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td>
 0003b360:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
 0003b370:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
 0003b380:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
 0003b390:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
 0003b3a0:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
 0003b3b0:·2064·706b·672d·7175·6572·7920·2d2d·7368···dpkg-query·--sh
 0003b3c0:·6f77·202d·2d73·686f·7766·6f72·6d61·743d··ow·--showformat=
 0003b3d0:·2724·7b64·623a·5374·6174·7573·2d53·7461··'${db:Status-Sta
 0003b3e0:·7475·737d·0a27·2027·6c69·6e75·782d·6261··tus}.'·'linux-ba
 0003b3f0:·7365·2720·3226·6774·3b2f·6465·762f·6e75··se'·2&gt;/dev/nu
 0003b400:·6c6c·207c·2067·7265·7020·2d71·205e·696e··ll·|·grep·-q·^in
 0003b410:·7374·616c·6c65·643b·2074·6865·6e0a·0a44··stalled;·then..D
 0003b420:·4542·4941·4e5f·4652·4f4e·5445·4e44·3d6e··EBIAN_FRONTEND=n
 0003b430:·6f6e·696e·7465·7261·6374·6976·6520·6170··oninteractive·ap
 0003b440:·742d·6765·7420·696e·7374·616c·6c20·2d79··t-get·install·-y
 0003b450:·2022·6169·6465·220a·0a65·6c73·650a·2020···"aide"..else.··
 0003b460:·2020·2667·743b·2661·6d70·3b32·2065·6368····&gt;&amp;2·ech
 0003b470:·6f20·2752·656d·6564·6961·7469·6f6e·2069··o·'Remediation·i
 0003b480:·7320·6e6f·7420·6170·706c·6963·6162·6c65··s·not·applicable
 0003b490:·2c20·6e6f·7468·696e·6720·7761·7320·646f··,·nothing·was·do
0003b440:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
0003b450:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b460:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003b470:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</ 
0003b480:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b490:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t 
0003b4a0:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t 
0003b4b0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003b4c0:·636f·6465·3e2d·206e·616d·653a·2047·6174··code>-·name:·Gat 
0003b4d0:·6865·7220·7468·6520·7061·636b·6167·6520··her·the·package· 
0003b4e0:·6661·6374·730a·2020·7061·636b·6167·655f··facts.··package_ 
0003b4f0:·6661·6374·733a·0a20·2020·206d·616e·6167··facts:.····manag 
0003b500:·6572·3a20·6175·746f·0a20·2074·6167·733a··er:·auto.··tags: 
0003b510:·0a20·202d·2043·4a49·532d·352e·3130·2e31··.··-·CJIS-5.10.1 
0003b520:·2e33·0a20·202d·2044·4953·412d·5354·4947··.3.··-·DISA-STIG 
0003b530:·2d55·4254·552d·3230·2d30·3130·3435·300a··-UBTU-20-010450. 
0003b540:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53- 
0003b550:·434d·2d36·2861·290a·2020·2d20·5043·492d··CM-6(a).··-·PCI- 
0003b560:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··- 
0003b570:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5. 
0003b580:·320a·2020·2d20·656e·6162·6c65·5f73·7472··2.··-·enable_str 
0003b590:·6174·6567·790a·2020·2d20·6c6f·775f·636f··ategy.··-·low_co 
0003b5a0:·6d70·6c65·7869·7479·0a20·202d·206c·6f77··mplexity.··-·low 
0003b5b0:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-· 
0003b5c0:·6d65·6469·756d·5f73·6576·6572·6974·790a··medium_severity. 
0003b5d0:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne 
0003b5e0:·6564·6564·0a20·202d·2070·6163·6b61·6765··eded.··-·package 
0003b5f0:·5f61·6964·655f·696e·7374·616c·6c65·640a··_aide_installed. 
0003b600:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure· 
0003b610:·6169·6465·2069·7320·696e·7374·616c·6c65··aide·is·installe 
0003b620:·640a·2020·7061·636b·6167·653a·0a20·2020··d.··package:.··· 
0003b630:·206e·616d·653a·2061·6964·650a·2020·2020···name:·aide.···· 
0003b640:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.· 
0003b650:·2077·6865·6e3a·2027·226c·696e·7578·2d62···when:·'"linux-b 
0003b660:·6173·6522·2069·6e20·616e·7369·626c·655f··ase"·in·ansible_ 
0003b670:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
0003b680:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS 
0003b690:·2d35·2e31·302e·312e·330a·2020·2d20·4449··-5.10.1.3.··-·DI 
0003b6a0:·5341·2d53·5449·472d·5542·5455·2d32·302d··SA-STIG-UBTU-20- 
0003b6b0:·3031·3034·3530·0a20·202d·204e·4953·542d··010450.··-·NIST- 
0003b6c0:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).· 
0003b6d0:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1 
0003b6e0:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv 
0003b6f0:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena 
0003b700:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··- 
0003b710:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity. 
0003b720:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti 
0003b730:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se 
0003b740:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re 
0003b750:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-· 
Max diff block lines reached; 6399817/6419165 bytes (99.70%) of diff not shown.
842 KB
html2text {}
    
Offset 133, 19 lines modifiedOffset 133, 28 lines modified
133 include·install_aide133 include·install_aide
  
134 class·install_aide·{134 class·install_aide·{
135 ··package·{·'aide':135 ··package·{·'aide':
136 ····ensure·=>·'installed',136 ····ensure·=>·'installed',
137 ··}137 ··}
138 }138 }
139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 140 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 141 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 142 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 143 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 144 #·Remediation·is·applicable·only·in·certain·platforms
 145 if·dpkg-query·--show·--showformat='${db:Status-Status}
 146 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
140 [[packages]] 
141 name·=·"aide" 
142 version·=·"*"147 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 148 else
 149 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 150 fi
143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low152 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low153 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false154 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable155 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
148 -·name:·Gather·the·package·facts156 -·name:·Gather·the·package·facts
149 ··package_facts:157 ··package_facts:
Offset 176, 28 lines modifiedOffset 185, 19 lines modified
176 ··-·PCI-DSSv4-11.5.2185 ··-·PCI-DSSv4-11.5.2
177 ··-·enable_strategy186 ··-·enable_strategy
178 ··-·low_complexity187 ··-·low_complexity
179 ··-·low_disruption188 ··-·low_disruption
180 ··-·medium_severity189 ··-·medium_severity
181 ··-·no_reboot_needed190 ··-·no_reboot_needed
182 ··-·package_aide_installed191 ··-·package_aide_installed
 192 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
183 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
184 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
185 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
186 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
187 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
188 #·Remediation·is·applicable·only·in·certain·platforms 
189 if·dpkg-query·--show·--showformat='${db:Status-Status} 
190 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
191 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
192 else 
193 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
194 fi193 [[packages]]
 194 name·=·"aide"
 195 version·=·"*"
195 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*196 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
196 Run·the·following·command·to·generate·a·new·database:197 Run·the·following·command·to·generate·a·new·database:
197 $·sudo·aideinit198 $·sudo·aideinit
198 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the199 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the
199 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide.wrapper·(or·hashes·of200 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide.wrapper·(or·hashes·of
200 these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about201 these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about
201 their·integrity.·The·newly-generated·database·can·be·installed·as·follows:202 their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 224, 14 lines modifiedOffset 224, 41 lines modified
224 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5224 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
225 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199225 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
226 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········UBTU-20-010450226 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········UBTU-20-010450
227 ············_\x8c_\x8i_\x8s············1.4.1227 ············_\x8c_\x8i_\x8s············1.4.1
228 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79228 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
229 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2229 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
230 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-238371r880913_rule230 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-238371r880913_rule
 231 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 232 #·Remediation·is·applicable·only·in·certain·platforms
 233 if·dpkg-query·--show·--showformat='${db:Status-Status}
 234 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
 235 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 236 AIDE_CONFIG=/etc/aide/aide.conf
 237 DEFAULT_DB_PATH=/var/lib/aide/aide.db
  
 238 #·Fix·db·path·in·the·config·file,·if·necessary
 239 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then
 240 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used.
 241 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s'
 242 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG}
 243 fi
  
 244 #·Fix·db·out·path·in·the·config·file,·if·necessary
 245 if·!·grep·-q·'^database_out=file:'·${AIDE_CONFIG};·then
 246 ····echo·"database_out=file:${DEFAULT_DB_PATH}.new"·>>·${AIDE_CONFIG}
 247 fi
  
 248 /usr/sbin/aideinit·-y·-f
  
 249 else
 250 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 251 fi
231 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8252 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
232 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low253 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
233 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low254 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
234 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false255 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
235 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict256 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
236 -·name:·Gather·the·package·facts257 -·name:·Gather·the·package·facts
237 ··package_facts:258 ··package_facts:
Offset 410, 41 lines modifiedOffset 437, 14 lines modified
410 ··-·PCI-DSSv4-11.5.2437 ··-·PCI-DSSv4-11.5.2
411 ··-·aide_build_database438 ··-·aide_build_database
412 ··-·low_complexity439 ··-·low_complexity
413 ··-·low_disruption440 ··-·low_disruption
414 ··-·medium_severity441 ··-·medium_severity
415 ··-·no_reboot_needed442 ··-·no_reboot_needed
416 ··-·restrict_strategy443 ··-·restrict_strategy
417 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
418 #·Remediation·is·applicable·only·in·certain·platforms 
419 if·dpkg-query·--show·--showformat='${db:Status-Status} 
420 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
421 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
422 AIDE_CONFIG=/etc/aide/aide.conf 
423 DEFAULT_DB_PATH=/var/lib/aide/aide.db 
  
424 #·Fix·db·path·in·the·config·file,·if·necessary 
425 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then 
426 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used. 
427 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s' 
428 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG} 
Max diff block lines reached; 856755/862415 bytes (99.34%) of diff not shown.
6.78 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level1_workstation.html
    
Offset 15129, 150 lines modifiedOffset 15129, 150 lines modified
0003b180:·6172·6765·743d·2223·6964·6d32·3736·3422··arget="#idm2764"0003b180:·6172·6765·743d·2223·6964·6d32·3736·3422··arget="#idm2764"
0003b190:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003b190:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003b1a0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003b1a0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003b1b0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003b1b0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003b1c0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003b1c0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003b1d0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003b1d0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003b1e0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003b1e0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
 0003b1f0:·6f6e·2053·6865·6c6c·2073·6372·6970·7420··on·Shell·script·
 0003b200:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
 0003b210:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
 0003b220:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
 0003b230:·6964·3d22·6964·6d32·3736·3422·3e3c·7461··id="idm2764"><ta
 0003b240:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
 0003b250:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
 0003b260:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
 0003b270:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
 0003b280:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
 0003b290:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</
 0003b2a0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003b2b0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th>
0003b1f0:·6f6e·204f·5342·7569·6c64·2042·6c75·6570··on·OSBuild·Bluep 
0003b200:·7269·6e74·2073·6e69·7070·6574·20e2·87b2··rint·snippet·... 
0003b210:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003b220:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003b230:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003b240:·2269·646d·3237·3634·223e·3c70·7265·3e3c··"idm2764"><pre>< 
0003b250:·636f·6465·3e0a·5b5b·7061·636b·6167·6573··code>.[[packages 
0003b260:·5d5d·0a6e·616d·6520·3d20·2261·6964·6522··]].name·=·"aide" 
0003b270:·0a76·6572·7369·6f6e·203d·2022·2a22·0a3c··.version·=·"*".< 
0003b280:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003b290:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003b2a0:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003b2b0:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003b2c0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003b2d0:·2223·6964·6d32·3736·3522·2074·6162·696e··"#idm2765"·tabin 
0003b2e0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003b2f0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003b300:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003b310:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003b320:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003b330:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans 
0003b340:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·... 
0003b350:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003b360:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003b370:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003b380:·2269·646d·3237·3635·223e·3c74·6162·6c65··"idm2765"><table 
0003b390:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003b3a0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003b3b0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003b3c0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003b3d0:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
0003b3e0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>0003b2c0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
 0003b2d0:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:
 0003b2e0:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</
 0003b2f0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003b300:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
 0003b310:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t
 0003b320:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 0003b330:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
 0003b340:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
 0003b350:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
 0003b360:·2070·6c61·7466·6f72·6d73·0a69·6620·6470···platforms.if·dp
 0003b370:·6b67·2d71·7565·7279·202d·2d73·686f·7720··kg-query·--show·
 0003b380:·2d2d·7368·6f77·666f·726d·6174·3d27·247b··--showformat='${
 0003b390:·6462·3a53·7461·7475·732d·5374·6174·7573··db:Status-Status
 0003b3a0:·7d0a·2720·276c·696e·7578·2d62·6173·6527··}.'·'linux-base'
 0003b3b0:·2032·2667·743b·2f64·6576·2f6e·756c·6c20···2&gt;/dev/null·
 0003b3c0:·7c20·6772·6570·202d·7120·5e69·6e73·7461··|·grep·-q·^insta
 0003b3d0:·6c6c·6564·3b20·7468·656e·0a0a·4445·4249··lled;·then..DEBI
 0003b3e0:·414e·5f46·524f·4e54·454e·443d·6e6f·6e69··AN_FRONTEND=noni
 0003b3f0:·6e74·6572·6163·7469·7665·2061·7074·2d67··nteractive·apt-g
 0003b400:·6574·2069·6e73·7461·6c6c·202d·7920·2261··et·install·-y·"a
 0003b410:·6964·6522·0a0a·656c·7365·0a20·2020·2026··ide"..else.····&
 0003b420:·6774·3b26·616d·703b·3220·6563·686f·2027··gt;&amp;2·echo·'
 0003b430:·5265·6d65·6469·6174·696f·6e20·6973·206e··Remediation·is·n
 0003b440:·6f74·2061·7070·6c69·6361·626c·652c·206e··ot·applicable,·n
 0003b450:·6f74·6869·6e67·2077·6173·2064·6f6e·6527··othing·was·done'
0003b3f0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis 
0003b400:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td 
0003b410:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003b420:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
0003b430:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003b440:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003b450:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e 
0003b460:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr>< 
0003b470:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod 
0003b480:·653e·2d20·6e61·6d65·3a20·4761·7468·6572··e>-·name:·Gather 
0003b490:·2074·6865·2070·6163·6b61·6765·2066·6163···the·package·fac 
0003b4a0:·7473·0a20·2070·6163·6b61·6765·5f66·6163··ts.··package_fac 
0003b4b0:·7473·3a0a·2020·2020·6d61·6e61·6765·723a··ts:.····manager: 
0003b4c0:·2061·7574·6f0a·2020·7461·6773·3a0a·2020···auto.··tags:.·· 
0003b4d0:·2d20·434a·4953·2d35·2e31·302e·312e·330a··-·CJIS-5.10.1.3. 
0003b4e0:·2020·2d20·4449·5341·2d53·5449·472d·5542····-·DISA-STIG-UB 
0003b4f0:·5455·2d32·302d·3031·3034·3530·0a20·202d··TU-20-010450.··- 
0003b500:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM- 
0003b510:·3628·6129·0a20·202d·2050·4349·2d44·5353··6(a).··-·PCI-DSS 
0003b520:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC 
0003b530:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.· 
0003b540:·202d·2065·6e61·626c·655f·7374·7261·7465···-·enable_strate 
0003b550:·6779·0a20·202d·206c·6f77·5f63·6f6d·706c··gy.··-·low_compl 
0003b560:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di 
0003b570:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med 
0003b580:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··- 
0003b590:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede 
0003b5a0:·640a·2020·2d20·7061·636b·6167·655f·6169··d.··-·package_ai 
0003b5b0:·6465·5f69·6e73·7461·6c6c·6564·0a0a·2d20··de_installed..-· 
0003b5c0:·6e61·6d65·3a20·456e·7375·7265·2061·6964··name:·Ensure·aid 
0003b5d0:·6520·6973·2069·6e73·7461·6c6c·6564·0a20··e·is·installed.· 
0003b5e0:·2070·6163·6b61·6765·3a0a·2020·2020·6e61···package:.····na 
0003b5f0:·6d65·3a20·6169·6465·0a20·2020·2073·7461··me:·aide.····sta 
0003b600:·7465·3a20·7072·6573·656e·740a·2020·7768··te:·present.··wh 
0003b610:·656e·3a20·2722·6c69·6e75·782d·6261·7365··en:·'"linux-base 
0003b620:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
0003b630:·7473·2e70·6163·6b61·6765·7327·0a20·2074··ts.packages'.··t 
0003b640:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5. 
0003b650:·3130·2e31·2e33·0a20·202d·2044·4953·412d··10.1.3.··-·DISA- 
0003b660:·5354·4947·2d55·4254·552d·3230·2d30·3130··STIG-UBTU-20-010 
0003b670:·3435·300a·2020·2d20·4e49·5354·2d38·3030··450.··-·NIST-800 
0003b680:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-· 
0003b690:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.5 
0003b6a0:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1 
0003b6b0:·312e·352e·320a·2020·2d20·656e·6162·6c65··1.5.2.··-·enable 
0003b6c0:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo 
0003b6d0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··- 
0003b6e0:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption. 
0003b6f0:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever 
0003b700:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo 
Max diff block lines reached; 6246215/6265563 bytes (99.69%) of diff not shown.
825 KB
html2text {}
    
Offset 132, 19 lines modifiedOffset 132, 28 lines modified
132 include·install_aide132 include·install_aide
  
133 class·install_aide·{133 class·install_aide·{
134 ··package·{·'aide':134 ··package·{·'aide':
135 ····ensure·=>·'installed',135 ····ensure·=>·'installed',
136 ··}136 ··}
137 }137 }
138 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8138 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 139 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 140 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 141 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 142 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 143 #·Remediation·is·applicable·only·in·certain·platforms
 144 if·dpkg-query·--show·--showformat='${db:Status-Status}
 145 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
139 [[packages]] 
140 name·=·"aide" 
141 version·=·"*"146 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 147 else
 148 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 149 fi
142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8150 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low151 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low152 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false153 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable154 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
147 -·name:·Gather·the·package·facts155 -·name:·Gather·the·package·facts
148 ··package_facts:156 ··package_facts:
Offset 175, 28 lines modifiedOffset 184, 19 lines modified
175 ··-·PCI-DSSv4-11.5.2184 ··-·PCI-DSSv4-11.5.2
176 ··-·enable_strategy185 ··-·enable_strategy
177 ··-·low_complexity186 ··-·low_complexity
178 ··-·low_disruption187 ··-·low_disruption
179 ··-·medium_severity188 ··-·medium_severity
180 ··-·no_reboot_needed189 ··-·no_reboot_needed
181 ··-·package_aide_installed190 ··-·package_aide_installed
 191 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
182 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
183 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
184 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
185 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
186 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
187 #·Remediation·is·applicable·only·in·certain·platforms 
188 if·dpkg-query·--show·--showformat='${db:Status-Status} 
189 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
190 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
191 else 
192 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
193 fi192 [[packages]]
 193 name·=·"aide"
 194 version·=·"*"
194 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*195 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
195 Run·the·following·command·to·generate·a·new·database:196 Run·the·following·command·to·generate·a·new·database:
196 $·sudo·aideinit197 $·sudo·aideinit
197 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the198 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the
198 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide.wrapper·(or·hashes·of199 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide.wrapper·(or·hashes·of
199 these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about200 these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about
200 their·integrity.·The·newly-generated·database·can·be·installed·as·follows:201 their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 223, 14 lines modifiedOffset 223, 41 lines modified
223 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5223 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
224 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199224 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
225 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········UBTU-20-010450225 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········UBTU-20-010450
226 ············_\x8c_\x8i_\x8s············1.4.1226 ············_\x8c_\x8i_\x8s············1.4.1
227 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79227 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
228 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2228 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
229 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-238371r880913_rule229 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-238371r880913_rule
 230 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 231 #·Remediation·is·applicable·only·in·certain·platforms
 232 if·dpkg-query·--show·--showformat='${db:Status-Status}
 233 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
 234 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 235 AIDE_CONFIG=/etc/aide/aide.conf
 236 DEFAULT_DB_PATH=/var/lib/aide/aide.db
  
 237 #·Fix·db·path·in·the·config·file,·if·necessary
 238 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then
 239 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used.
 240 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s'
 241 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG}
 242 fi
  
 243 #·Fix·db·out·path·in·the·config·file,·if·necessary
 244 if·!·grep·-q·'^database_out=file:'·${AIDE_CONFIG};·then
 245 ····echo·"database_out=file:${DEFAULT_DB_PATH}.new"·>>·${AIDE_CONFIG}
 246 fi
  
 247 /usr/sbin/aideinit·-y·-f
  
 248 else
 249 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 250 fi
230 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8251 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
231 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low252 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
232 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low253 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
233 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false254 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
234 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict255 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
235 -·name:·Gather·the·package·facts256 -·name:·Gather·the·package·facts
236 ··package_facts:257 ··package_facts:
Offset 409, 41 lines modifiedOffset 436, 14 lines modified
409 ··-·PCI-DSSv4-11.5.2436 ··-·PCI-DSSv4-11.5.2
410 ··-·aide_build_database437 ··-·aide_build_database
411 ··-·low_complexity438 ··-·low_complexity
412 ··-·low_disruption439 ··-·low_disruption
413 ··-·medium_severity440 ··-·medium_severity
414 ··-·no_reboot_needed441 ··-·no_reboot_needed
415 ··-·restrict_strategy442 ··-·restrict_strategy
416 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
417 #·Remediation·is·applicable·only·in·certain·platforms 
418 if·dpkg-query·--show·--showformat='${db:Status-Status} 
419 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
420 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
421 AIDE_CONFIG=/etc/aide/aide.conf 
422 DEFAULT_DB_PATH=/var/lib/aide/aide.db 
  
423 #·Fix·db·path·in·the·config·file,·if·necessary 
424 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then 
425 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used. 
426 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s' 
427 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG} 
Max diff block lines reached; 839501/845161 bytes (99.33%) of diff not shown.
20.3 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level2_server.html
    
Offset 15155, 150 lines modifiedOffset 15155, 150 lines modified
0003b320:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe0003b320:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003b330:·743d·2223·6964·6d32·3736·3422·2074·6162··t="#idm2764"·tab0003b330:·743d·2223·6964·6d32·3736·3422·2074·6162··t="#idm2764"·tab
0003b340:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="0003b340:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003b350:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp0003b350:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003b360:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti0003b360:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003b370:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to0003b370:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003b380:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#0003b380:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003b390:·2122·3e52·656d·6564·6961·7469·6f6e·204f··!">Remediation·O0003b390:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
 0003b3a0:·6865·6c6c·2073·6372·6970·7420·e287·b23c··hell·script·...<
 0003b3b0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003b3c0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003b3d0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003b3e0:·6964·6d32·3736·3422·3e3c·7461·626c·6520··idm2764"><table·
 0003b3f0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 0003b400:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 0003b410:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 0003b420:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 0003b430:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
 0003b440:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003b450:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 0003b460:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
0003b3a0:·5342·7569·6c64·2042·6c75·6570·7269·6e74··SBuild·Blueprint 
0003b3b0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b3c0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b3d0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b3e0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b3f0:·3237·3634·223e·3c70·7265·3e3c·636f·6465··2764"><pre><code 
0003b400:·3e0a·5b5b·7061·636b·6167·6573·5d5d·0a6e··>.[[packages]].n 
0003b410:·616d·6520·3d20·2261·6964·6522·0a76·6572··ame·=·"aide".ver 
0003b420:·7369·6f6e·203d·2022·2a22·0a3c·2f63·6f64··sion·=·"*".</cod 
0003b430:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003b440:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003b450:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003b460:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003b470:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003b480:·6d32·3736·3522·2074·6162·696e·6465·783d··m2765"·tabindex= 
0003b490:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003b4a0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003b4b0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003b4c0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003b4d0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003b4e0:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible 
0003b4f0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b500:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b510:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b520:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b530:·3237·3635·223e·3c74·6162·6c65·2063·6c61··2765"><table·cla 
0003b540:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003b550:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003b560:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003b570:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003b580:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003b590:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b5a0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003b5b0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003b5c0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b5d0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b5e0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b5f0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b600:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b610:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab0003b470:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003b480:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 0003b490:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 0003b4a0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 0003b4b0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
 0003b4c0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
 0003b4d0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
 0003b4e0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
 0003b4f0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
 0003b500:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
 0003b510:·7466·6f72·6d73·0a69·6620·6470·6b67·2d71··tforms.if·dpkg-q
 0003b520:·7565·7279·202d·2d73·686f·7720·2d2d·7368··uery·--show·--sh
 0003b530:·6f77·666f·726d·6174·3d27·247b·6462·3a53··owformat='${db:S
 0003b540:·7461·7475·732d·5374·6174·7573·7d0a·2720··tatus-Status}.'·
 0003b550:·276c·696e·7578·2d62·6173·6527·2032·2667··'linux-base'·2&g
 0003b560:·743b·2f64·6576·2f6e·756c·6c20·7c20·6772··t;/dev/null·|·gr
 0003b570:·6570·202d·7120·5e69·6e73·7461·6c6c·6564··ep·-q·^installed
 0003b580:·3b20·7468·656e·0a0a·4445·4249·414e·5f46··;·then..DEBIAN_F
 0003b590:·524f·4e54·454e·443d·6e6f·6e69·6e74·6572··RONTEND=noninter
 0003b5a0:·6163·7469·7665·2061·7074·2d67·6574·2069··active·apt-get·i
 0003b5b0:·6e73·7461·6c6c·202d·7920·2261·6964·6522··nstall·-y·"aide"
 0003b5c0:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
 0003b5d0:·616d·703b·3220·6563·686f·2027·5265·6d65··amp;2·echo·'Reme
 0003b5e0:·6469·6174·696f·6e20·6973·206e·6f74·2061··diation·is·not·a
 0003b5f0:·7070·6c69·6361·626c·652c·206e·6f74·6869··pplicable,·nothi
 0003b600:·6e67·2077·6173·2064·6f6e·6527·0a66·690a··ng·was·done'.fi.
0003b620:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-· 
0003b630:·6e61·6d65·3a20·4761·7468·6572·2074·6865··name:·Gather·the 
0003b640:·2070·6163·6b61·6765·2066·6163·7473·0a20···package·facts.· 
0003b650:·2070·6163·6b61·6765·5f66·6163·7473·3a0a···package_facts:. 
0003b660:·2020·2020·6d61·6e61·6765·723a·2061·7574······manager:·aut 
0003b670:·6f0a·2020·7461·6773·3a0a·2020·2d20·434a··o.··tags:.··-·CJ 
0003b680:·4953·2d35·2e31·302e·312e·330a·2020·2d20··IS-5.10.1.3.··-· 
0003b690:·4449·5341·2d53·5449·472d·5542·5455·2d32··DISA-STIG-UBTU-2 
0003b6a0:·302d·3031·3034·3530·0a20·202d·204e·4953··0-010450.··-·NIS 
0003b6b0:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a) 
0003b6c0:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req 
0003b6d0:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS 
0003b6e0:·5376·342d·3131·2e35·2e32·0a20·202d·2065··Sv4-11.5.2.··-·e 
0003b6f0:·6e61·626c·655f·7374·7261·7465·6779·0a20··nable_strategy.· 
0003b700:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit 
0003b710:·790a·2020·2d20·6c6f·775f·6469·7372·7570··y.··-·low_disrup 
0003b720:·7469·6f6e·0a20·202d·206d·6564·6975·6d5f··tion.··-·medium_ 
0003b730:·7365·7665·7269·7479·0a20·202d·206e·6f5f··severity.··-·no_ 
0003b740:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.·· 
0003b750:·2d20·7061·636b·6167·655f·6169·6465·5f69··-·package_aide_i 
0003b760:·6e73·7461·6c6c·6564·0a0a·2d20·6e61·6d65··nstalled..-·name 
0003b770:·3a20·456e·7375·7265·2061·6964·6520·6973··:·Ensure·aide·is 
0003b780:·2069·6e73·7461·6c6c·6564·0a20·2070·6163···installed.··pac 
0003b790:·6b61·6765·3a0a·2020·2020·6e61·6d65·3a20··kage:.····name:· 
0003b7a0:·6169·6465·0a20·2020·2073·7461·7465·3a20··aide.····state:· 
0003b7b0:·7072·6573·656e·740a·2020·7768·656e·3a20··present.··when:· 
0003b7c0:·2722·6c69·6e75·782d·6261·7365·2220·696e··'"linux-base"·in 
0003b7d0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
0003b7e0:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags: 
0003b7f0:·0a20·202d·2043·4a49·532d·352e·3130·2e31··.··-·CJIS-5.10.1 
0003b800:·2e33·0a20·202d·2044·4953·412d·5354·4947··.3.··-·DISA-STIG 
0003b810:·2d55·4254·552d·3230·2d30·3130·3435·300a··-UBTU-20-010450. 
0003b820:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53- 
0003b830:·434d·2d36·2861·290a·2020·2d20·5043·492d··CM-6(a).··-·PCI- 
0003b840:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··- 
0003b850:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5. 
0003b860:·320a·2020·2d20·656e·6162·6c65·5f73·7472··2.··-·enable_str 
0003b870:·6174·6567·790a·2020·2d20·6c6f·775f·636f··ategy.··-·low_co 
0003b880:·6d70·6c65·7869·7479·0a20·202d·206c·6f77··mplexity.··-·low 
0003b890:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-· 
0003b8a0:·6d65·6469·756d·5f73·6576·6572·6974·790a··medium_severity. 
Max diff block lines reached; 19538597/19557945 bytes (99.90%) of diff not shown.
1.69 MB
html2text {}
Max HTML report size reached
20.3 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level2_workstation.html
    
Offset 15151, 150 lines modifiedOffset 15151, 150 lines modified
0003b2e0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003b2e0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003b2f0:·6964·6d32·3736·3422·2074·6162·696e·6465··idm2764"·tabinde0003b2f0:·6964·6d32·3736·3422·2074·6162·696e·6465··idm2764"·tabinde
0003b300:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003b300:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003b310:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003b310:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003b320:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003b320:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003b330:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003b330:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003b340:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003b340:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003b350:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui0003b350:·656d·6564·6961·7469·6f6e·2053·6865·6c6c··emediation·Shell
0003b360:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
0003b370:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b380:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b390:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b3a0:·7073·6522·2069·643d·2269·646d·3237·3634··pse"·id="idm27640003b360:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
 0003b370:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
 0003b380:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
 0003b390:·6c6c·6170·7365·2220·6964·3d22·6964·6d32··llapse"·id="idm2
 0003b3a0:·3736·3422·3e3c·7461·626c·6520·636c·6173··764"><table·clas
 0003b3b0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
 0003b3c0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
 0003b3d0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
 0003b3e0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
 0003b3f0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
 0003b400:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003b410:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
 0003b420:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
 0003b430:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b440:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
 0003b450:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
 0003b460:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
 0003b470:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable
 0003b480:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
0003b3b0:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[0003b490:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R
 0003b4a0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
 0003b4b0:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
 0003b4c0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
 0003b4d0:·6d73·0a69·6620·6470·6b67·2d71·7565·7279··ms.if·dpkg-query
 0003b4e0:·202d·2d73·686f·7720·2d2d·7368·6f77·666f···--show·--showfo
 0003b4f0:·726d·6174·3d27·247b·6462·3a53·7461·7475··rmat='${db:Statu
 0003b500:·732d·5374·6174·7573·7d0a·2720·276c·696e··s-Status}.'·'lin
 0003b510:·7578·2d62·6173·6527·2032·2667·743b·2f64··ux-base'·2&gt;/d
 0003b520:·6576·2f6e·756c·6c20·7c20·6772·6570·202d··ev/null·|·grep·-
 0003b530:·7120·5e69·6e73·7461·6c6c·6564·3b20·7468··q·^installed;·th
 0003b540:·656e·0a0a·4445·4249·414e·5f46·524f·4e54··en..DEBIAN_FRONT
 0003b550:·454e·443d·6e6f·6e69·6e74·6572·6163·7469··END=noninteracti
 0003b560:·7665·2061·7074·2d67·6574·2069·6e73·7461··ve·apt-get·insta
 0003b570:·6c6c·202d·7920·2261·6964·6522·0a0a·656c··ll·-y·"aide"..el
 0003b580:·7365·0a20·2020·2026·6774·3b26·616d·703b··se.····&gt;&amp;
 0003b590:·3220·6563·686f·2027·5265·6d65·6469·6174··2·echo·'Remediat
 0003b5a0:·696f·6e20·6973·206e·6f74·2061·7070·6c69··ion·is·not·appli
 0003b5b0:·6361·626c·652c·206e·6f74·6869·6e67·2077··cable,·nothing·w
 0003b5c0:·6173·2064·6f6e·6527·0a66·690a·3c2f·636f··as·done'.fi.</co
0003b3c0:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name· 
0003b3d0:·3d20·2261·6964·6522·0a76·6572·7369·6f6e··=·"aide".version 
0003b3e0:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></ 
0003b3f0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003b400:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003b410:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003b420:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003b430:·2d74·6172·6765·743d·2223·6964·6d32·3736··-target="#idm276 
0003b440:·3522·2074·6162·696e·6465·783d·2230·2220··5"·tabindex="0"· 
0003b450:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003b460:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003b470:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003b480:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003b490:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003b4a0:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni 
0003b4b0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b4c0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b4d0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b4e0:·7073·6522·2069·643d·2269·646d·3237·3635··pse"·id="idm2765 
0003b4f0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003b500:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003b510:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003b520:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003b530:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003b540:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003b550:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b560:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003b570:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b580:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003b590:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003b5a0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003b5b0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003b5c0:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003b5d0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003b5e0:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name 
0003b5f0:·3a20·4761·7468·6572·2074·6865·2070·6163··:·Gather·the·pac 
0003b600:·6b61·6765·2066·6163·7473·0a20·2070·6163··kage·facts.··pac 
0003b610:·6b61·6765·5f66·6163·7473·3a0a·2020·2020··kage_facts:.···· 
0003b620:·6d61·6e61·6765·723a·2061·7574·6f0a·2020··manager:·auto.·· 
0003b630:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5 
0003b640:·2e31·302e·312e·330a·2020·2d20·4449·5341··.10.1.3.··-·DISA 
0003b650:·2d53·5449·472d·5542·5455·2d32·302d·3031··-STIG-UBTU-20-01 
0003b660:·3034·3530·0a20·202d·204e·4953·542d·3830··0450.··-·NIST-80 
0003b670:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··- 
0003b680:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11. 
0003b690:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4- 
0003b6a0:·3131·2e35·2e32·0a20·202d·2065·6e61·626c··11.5.2.··-·enabl 
0003b6b0:·655f·7374·7261·7465·6779·0a20·202d·206c··e_strategy.··-·l 
0003b6c0:·6f77·5f63·6f6d·706c·6578·6974·790a·2020··ow_complexity.·· 
0003b6d0:·2d20·6c6f·775f·6469·7372·7570·7469·6f6e··-·low_disruption 
0003b6e0:·0a20·202d·206d·6564·6975·6d5f·7365·7665··.··-·medium_seve 
0003b6f0:·7269·7479·0a20·202d·206e·6f5f·7265·626f··rity.··-·no_rebo 
0003b700:·6f74·5f6e·6565·6465·640a·2020·2d20·7061··ot_needed.··-·pa 
0003b710:·636b·6167·655f·6169·6465·5f69·6e73·7461··ckage_aide_insta 
0003b720:·6c6c·6564·0a0a·2d20·6e61·6d65·3a20·456e··lled..-·name:·En 
0003b730:·7375·7265·2061·6964·6520·6973·2069·6e73··sure·aide·is·ins 
0003b740:·7461·6c6c·6564·0a20·2070·6163·6b61·6765··talled.··package 
0003b750:·3a0a·2020·2020·6e61·6d65·3a20·6169·6465··:.····name:·aide 
0003b760:·0a20·2020·2073·7461·7465·3a20·7072·6573··.····state:·pres 
0003b770:·656e·740a·2020·7768·656e·3a20·2722·6c69··ent.··when:·'"li 
0003b780:·6e75·782d·6261·7365·2220·696e·2061·6e73··nux-base"·in·ans 
0003b790:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
0003b7a0:·6765·7327·0a20·2074·6167·733a·0a20·202d··ges'.··tags:.··- 
0003b7b0:·2043·4a49·532d·352e·3130·2e31·2e33·0a20···CJIS-5.10.1.3.· 
0003b7c0:·202d·2044·4953·412d·5354·4947·2d55·4254···-·DISA-STIG-UBT 
0003b7d0:·552d·3230·2d30·3130·3435·300a·2020·2d20··U-20-010450.··-· 
0003b7e0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6 
0003b7f0:·2861·290a·2020·2d20·5043·492d·4453·532d··(a).··-·PCI-DSS- 
0003b800:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI 
0003b810:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.·· 
0003b820:·2d20·656e·6162·6c65·5f73·7472·6174·6567··-·enable_strateg 
0003b830:·790a·2020·2d20·6c6f·775f·636f·6d70·6c65··y.··-·low_comple 
0003b840:·7869·7479·0a20·202d·206c·6f77·5f64·6973··xity.··-·low_dis 
0003b850:·7275·7074·696f·6e0a·2020·2d20·6d65·6469··ruption.··-·medi 
0003b860:·756d·5f73·6576·6572·6974·790a·2020·2d20··um_severity.··-· 
0003b870:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed 
Max diff block lines reached; 19506805/19526153 bytes (99.90%) of diff not shown.
1.68 MB
html2text {}
Max HTML report size reached
1.31 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-standard.html
    
Offset 16554, 783 lines modifiedOffset 16554, 783 lines modified
00040a90:·7461·2d74·6172·6765·743d·2223·6964·6d31··ta-target="#idm100040a90:·7461·2d74·6172·6765·743d·2223·6964·6d31··ta-target="#idm1
00040aa0:·3130·3237·2220·7461·6269·6e64·6578·3d22··1027"·tabindex="00040aa0:·3130·3237·2220·7461·6269·6e64·6578·3d22··1027"·tabindex="
00040ab0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"00040ab0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
00040ac0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="00040ac0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
00040ad0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac00040ad0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
00040ae0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal00040ae0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
Diff chunk too large, falling back to line-by-line diff (769 lines added, 769 lines removed)
00040af0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme00040af0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
00040b00:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·00040b00:·6469·6174·696f·6e20·5368·656c·6c20·7363··diation·Shell·sc
00040b10:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><00040b10:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
00040b20:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p00040b20:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
00040b30:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co00040b30:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
00040b40:·6c6c·6170·7365·2220·6964·3d22·6964·6d31··llapse"·id="idm100040b40:·7073·6522·2069·643d·2269·646d·3131·3032··pse"·id="idm1102
00040b50:·3130·3237·223e·3c74·6162·6c65·2063·6c61··1027"><table·cla00040b50:·3722·3e3c·7072·653e·3c63·6f64·653e·2320··7"><pre><code>#·
00040b60:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-00040b60:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
00040b70:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo00040b70:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
00040b80:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con00040b80:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
00040b90:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>00040b90:·726d·730a·6966·2064·706b·672d·7175·6572··rms.if·dpkg-quer
00040ba0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>00040ba0:·7920·2d2d·7368·6f77·202d·2d73·686f·7766··y·--show·--showf
00040bb0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr00040bb0:·6f72·6d61·743d·2724·7b64·623a·5374·6174··ormat='${db:Stat
00040bc0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt00040bc0:·7573·2d53·7461·7475·737d·0a27·2027·6c69··us-Status}.'·'li
00040bd0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6d·6564··ion:</th><td>med00040bd0:·6e75·782d·6261·7365·2720·3226·6774·3b2f··nux-base'·2&gt;/
00040be0:·6975·6d3c·2f74·643e·3c2f·7472·3e3c·7472··ium</td></tr><tr00040be0:·6465·762f·6e75·6c6c·207c·2067·7265·7020··dev/null·|·grep·
00040bf0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th00040bf0:·2d71·205e·696e·7374·616c·6c65·6420·2661··-q·^installed·&a
00040c00:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><00040c00:·6d70·3b26·616d·703b·2064·706b·672d·7175··mp;&amp;·dpkg-qu
00040c10:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra00040c10:·6572·7920·2d2d·7368·6f77·202d·2d73·686f··ery·--show·--sho
00040c20:·7465·6779·3a3c·2f74·683e·3c74·643e·636f··tegy:</th><td>co00040c20:·7766·6f72·6d61·743d·2724·7b64·623a·5374··wformat='${db:St
00040c30:·6e66·6967·7572·653c·2f74·643e·3c2f·7472··nfigure</td></tr00040c30:·6174·7573·2d53·7461·7475·737d·5c6e·2720··atus-Status}\n'·
00040c40:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c00040c40:·2772·7379·736c·6f67·2720·3226·6774·3b2f··'rsyslog'·2&gt;/
00040c50:·6f64·653e·2d20·6e61·6d65·3a20·4761·7468··ode>-·name:·Gath00040c50:·6465·762f·6e75·6c6c·207c·2067·7265·7020··dev/null·|·grep·
00040c60:·6572·2074·6865·2070·6163·6b61·6765·2066··er·the·package·f00040c60:·2d71·2027·5e69·6e73·7461·6c6c·6564·273b··-q·'^installed';
00040c70:·6163·7473·0a20·2070·6163·6b61·6765·5f66··acts.··package_f00040c70:·2074·6865·6e0a·0a23·204c·6973·7420·6f66···then..#·List·of
00040c80:·6163·7473·3a0a·2020·2020·6d61·6e61·6765··acts:.····manage00040c80:·206c·6f67·2066·696c·6520·7061·7468·7320···log·file·paths·
00040c90:·723a·2061·7574·6f0a·2020·7461·6773·3a0a··r:·auto.··tags:.00040c90:·746f·2062·6520·696e·7370·6563·7465·6420··to·be·inspected·
00040ca0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-00040ca0:·666f·7220·636f·7272·6563·7420·7065·726d··for·correct·perm
00040cb0:·4143·2d36·2831·290a·2020·2d20·4e49·5354··AC-6(1).··-·NIST00040cb0:·6973·7369·6f6e·730a·2320·2a20·5072·696d··issions.#·*·Prim
00040cc0:·2d38·3030·2d35·332d·434d·2d36·2861·290a··-800-53-CM-6(a).00040cc0:·6172·696c·7920·696e·7370·6563·7420·6c6f··arily·inspect·lo
00040cd0:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-00040cd0:·6720·6669·6c65·2070·6174·6873·206c·6973··g·file·paths·lis
00040ce0:·3130·2e35·2e31·0a20·202d·2050·4349·2d44··10.5.1.··-·PCI-D00040ce0:·7465·6420·696e·202f·6574·632f·7273·7973··ted·in·/etc/rsys
00040cf0:·5353·2d52·6571·2d31·302e·352e·320a·2020··SS-Req-10.5.2.··00040cf0:·6c6f·672e·636f·6e66·0a52·5359·534c·4f47··log.conf.RSYSLOG
00040d00:·2d20·5043·492d·4453·5376·342d·3130·2e33··-·PCI-DSSv4-10.300040d00:·5f45·5443·5f43·4f4e·4649·473d·222f·6574··_ETC_CONFIG="/et
00040d10:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-100040d10:·632f·7273·7973·6c6f·672e·636f·6e66·220a··c/rsyslog.conf".
00040d20:·302e·332e·320a·2020·2d20·636f·6e66·6967··0.3.2.··-·config00040d20:·2320·2a20·416e·6420·616c·736f·2074·6865··#·*·And·also·the
00040d30:·7572·655f·7374·7261·7465·6779·0a20·202d··ure_strategy.··-00040d30:·206c·6f67·2066·696c·6520·7061·7468·7320···log·file·paths·
00040d40:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity.00040d40:·6c69·7374·6564·2061·6674·6572·2072·7379··listed·after·rsy
00040d50:·2020·2d20·6d65·6469·756d·5f64·6973·7275····-·medium_disru00040d50:·736c·6f67·2773·2024·496e·636c·7564·6543··slog's·$IncludeC
00040d60:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium00040d60:·6f6e·6669·6720·6469·7265·6374·6976·650a··onfig·directive.
00040d70:·5f73·6576·6572·6974·790a·2020·2d20·6e6f··_severity.··-·no00040d70:·2320·2020·2873·746f·7265·2074·6865·2072··#···(store·the·r
00040d80:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·00040d80:·6573·756c·7420·696e·746f·2061·7272·6179··esult·into·array
00040d90:·202d·2072·7379·736c·6f67·5f66·696c·6573···-·rsyslog_files00040d90:·2066·6f72·2074·6865·2063·6173·6520·7468···for·the·case·th
00040da0:·5f67·726f·7570·6f77·6e65·7273·6869·700a··_groupownership.00040da0:·6572·6527·7320·7368·656c·6c20·676c·6f62··ere's·shell·glob
00040db0:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·00040db0:·2075·7365·6420·6173·2076·616c·7565·206f···used·as·value·o
00040dc0:·4c6f·6720·4669·6c65·7320·4172·6520·4f77··Log·Files·Are·Ow00040dc0:·6620·496e·636c·7564·6543·6f6e·6669·6729··f·IncludeConfig)
00040dd0:·6e65·6420·4279·2041·7070·726f·7072·6961··ned·By·Appropria00040dd0:·0a72·6561·6461·7272·6179·202d·7420·4f4c··.readarray·-t·OL
00040de0:·7465·2047·726f·7570·202d·2053·6574·2072··te·Group·-·Set·r00040de0:·445f·494e·4320·266c·743b·2026·6c74·3b28··D_INC·&lt;·&lt;(
00040df0:·7379·736c·6f67·206c·6f67·6669·6c65·2063··syslog·logfile·c00040df0:·6772·6570·202d·6520·225c·2449·6e63·6c75··grep·-e·"\$Inclu
00040e00:·6f6e·6669·6775·7261·7469·6f6e·0a20·2020··onfiguration.···00040e00:·6465·436f·6e66·6967·5b5b·3a73·7061·6365··deConfig[[:space
00040e10:·2066·6163·7473·0a20·2061·6e73·6962·6c65···facts.··ansible00040e10:·3a5d·5d5c·2b5b·5e5b·3a73·7061·6365·3a5d··:]]\+[^[:space:]
00040e20:·2e62·7569·6c74·696e·2e73·6574·5f66·6163··.builtin.set_fac00040e20:·3b5d·5c2b·2220·2f65·7463·2f72·7379·736c··;]\+"·/etc/rsysl
00040e30:·743a·0a20·2020·2072·7379·736c·6f67·5f65··t:.····rsyslog_e00040e30:·6f67·2e63·6f6e·6620·7c20·6375·7420·2d64··og.conf·|·cut·-d
00040e40:·7463·5f63·6f6e·6669·673a·202f·6574·632f··tc_config:·/etc/00040e40:·2027·2027·202d·6620·3229·0a72·6561·6461···'·'·-f·2).reada
00040e50:·7273·7973·6c6f·672e·636f·6e66·0a20·2077··rsyslog.conf.··w00040e50:·7272·6179·202d·7420·5253·5953·4c4f·475f··rray·-t·RSYSLOG_
00040e60:·6865·6e3a·0a20·202d·2027·226c·696e·7578··hen:.··-·'"linux00040e60:·494e·434c·5544·455f·434f·4e46·4947·2026··INCLUDE_CONFIG·&
00040e70:·2d62·6173·6522·2069·6e20·616e·7369·626c··-base"·in·ansibl00040e70:·6c74·3b20·266c·743b·2866·6f72·2049·4e43··lt;·&lt;(for·INC
00040e80:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages00040e80:·5041·5448·2069·6e20·2224·7b4f·4c44·5f49··PATH·in·"${OLD_I
00040e90:·270a·2020·2d20·2722·7273·7973·6c6f·6722··'.··-·'"rsyslog"00040e90:·4e43·5b40·5d7d·223b·2064·6f20·6576·616c··NC[@]}";·do·eval
00040ea0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact00040ea0:·2070·7269·6e74·6620·2725·735c·5c6e·2720···printf·'%s\\n'·
00040eb0:·732e·7061·636b·6167·6573·270a·2020·7461··s.packages'.··ta00040eb0:·2224·7b49·4e43·5041·5448·7d22·3b20·646f··"${INCPATH}";·do
00040ec0:·6773·3a0a·2020·2d20·4e49·5354·2d38·3030··gs:.··-·NIST-80000040ec0:·6e65·290a·7265·6164·6172·7261·7920·2d74··ne).readarray·-t
00040ed0:·2d35·332d·4143·2d36·2831·290a·2020·2d20··-53-AC-6(1).··-·00040ed0:·204e·4557·5f49·4e43·2026·6c74·3b20·266c···NEW_INC·&lt;·&l
00040ee0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-600040ee0:·743b·2873·6564·202d·6e20·272f·5e5c·732a··t;(sed·-n·'/^\s*
00040ef0:·2861·290a·2020·2d20·5043·492d·4453·532d··(a).··-·PCI-DSS-00040ef0:·696e·636c·7564·6528·2f2c·2f29·2f49·7027··include(/,/)/Ip'
00040f00:·5265·712d·3130·2e35·2e31·0a20·202d·2050··Req-10.5.1.··-·P00040f00:·202f·6574·632f·7273·7973·6c6f·672e·636f···/etc/rsyslog.co
00040f10:·4349·2d44·5353·2d52·6571·2d31·302e·352e··CI-DSS-Req-10.5.00040f10:·6e66·207c·2073·6564·202d·6e20·2773·402e··nf·|·sed·-n·'s@.
00040f20:·320a·2020·2d20·5043·492d·4453·5376·342d··2.··-·PCI-DSSv4-00040f20:·2a66·696c·655c·732a·3d5c·732a·225c·285b··*file\s*=\s*"\([
00040f30:·3130·2e33·0a20·202d·2050·4349·2d44·5353··10.3.··-·PCI-DSS00040f30:·2f5b·3a61·6c6e·756d·3a5d·5b3a·7075·6e63··/[:alnum:][:punc
00040f40:·7634·2d31·302e·332e·320a·2020·2d20·636f··v4-10.3.2.··-·co00040f40:·743a·5d5d·2a5c·2922·2e2a·405c·3140·4970··t:]]*\)".*@\1@Ip
00040f50:·6e66·6967·7572·655f·7374·7261·7465·6779··nfigure_strategy00040f50:·2729·0a72·6561·6461·7272·6179·202d·7420··').readarray·-t·
00040f60:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex00040f60:·5253·5953·4c4f·475f·494e·434c·5544·4520··RSYSLOG_INCLUDE·
00040f70:·6974·790a·2020·2d20·6d65·6469·756d·5f64··ity.··-·medium_d00040f70:·266c·743b·2026·6c74·3b28·666f·7220·494e··&lt;·&lt;(for·IN
00040f80:·6973·7275·7074·696f·6e0a·2020·2d20·6d65··isruption.··-·me00040f80:·4350·4154·4820·696e·2022·247b·4e45·575f··CPATH·in·"${NEW_
00040f90:·6469·756d·5f73·6576·6572·6974·790a·2020··dium_severity.··00040f90:·494e·435b·405d·7d22·3b20·646f·2065·7661··INC[@]}";·do·eva
00040fa0:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need00040fa0:·6c20·7072·696e·7466·2027·2573·5c5c·6e27··l·printf·'%s\\n'
00040fb0:·6564·0a20·202d·2072·7379·736c·6f67·5f66··ed.··-·rsyslog_f00040fb0:·2022·247b·494e·4350·4154·487d·223b·2064···"${INCPATH}";·d
00040fc0:·696c·6573·5f67·726f·7570·6f77·6e65·7273··iles_groupowners00040fc0:·6f6e·6529·0a0a·2320·4465·636c·6172·6520··one)..#·Declare·
00040fd0:·6869·700a·0a2d·206e·616d·653a·2045·6e73··hip..-·name:·Ens00040fd0:·616e·2061·7272·6179·2074·6f20·686f·6c64··an·array·to·hold
00040fe0:·7572·6520·4c6f·6720·4669·6c65·7320·4172··ure·Log·Files·Ar00040fe0:·2074·6865·2066·696e·616c·206c·6973·7420···the·final·list·
00040ff0:·6520·4f77·6e65·6420·4279·2041·7070·726f··e·Owned·By·Appro00040ff0:·6f66·2064·6966·6665·7265·6e74·206c·6f67··of·different·log
00041000:·7072·6961·7465·2047·726f·7570·202d·2047··priate·Group·-·G00041000:·2066·696c·6520·7061·7468·730a·6465·636c···file·paths.decl
00041010:·6574·2049·6e63·6c75·6465·436f·6e66·6967··et·IncludeConfig00041010:·6172·6520·2d61·204c·4f47·5f46·494c·455f··are·-a·LOG_FILE_
00041020:·2064·6972·6563·7469·7665·0a20·2061·6e73···directive.··ans00041020:·5041·5448·530a·0a23·2041·7272·6179·2074··PATHS..#·Array·t
00041030:·6962·6c65·2e62·7569·6c74·696e·2e73·6865··ible.builtin.she00041030:·6f20·686f·6c64·2061·6c6c·2072·7379·736c··o·hold·all·rsysl
00041040:·6c6c·3a20·7c0a·2020·2020·7365·7420·2d6f··ll:·|.····set·-o00041040:·6f67·2063·6f6e·6669·6720·656e·7472·6965··og·config·entrie
00041050:·2070·6970·6566·6169·6c0a·2020·2020·6772···pipefail.····gr00041050:·730a·5253·5953·4c4f·475f·434f·4e46·4947··s.RSYSLOG_CONFIG
00041060:·6570·202d·6520·2724·496e·636c·7564·6543··ep·-e·'$IncludeC00041060:·533d·2829·0a52·5359·534c·4f47·5f43·4f4e··S=().RSYSLOG_CON
00041070:·6f6e·6669·6727·207b·7b20·7273·7973·6c6f··onfig'·{{·rsyslo00041070:·4649·4753·3d28·2224·7b52·5359·534c·4f47··FIGS=("${RSYSLOG
00041080:·675f·6574·635f·636f·6e66·6967·207d·7d20··g_etc_config·}}·00041080:·5f45·5443·5f43·4f4e·4649·477d·2220·2224··_ETC_CONFIG}"·"$
00041090:·7c20·6375·7420·2d64·2027·2027·202d·6620··|·cut·-d·'·'·-f·00041090:·7b52·5359·534c·4f47·5f49·4e43·4c55·4445··{RSYSLOG_INCLUDE
000410a0:·3220·7c7c·2074·7275·650a·2020·7265·6769··2·||·true.··regi000410a0:·5f43·4f4e·4649·475b·405d·7d22·2022·247b··_CONFIG[@]}"·"${
000410b0:·7374·6572·3a20·7273·7973·6c6f·675f·6f6c··ster:·rsyslog_ol000410b0:·5253·5953·4c4f·475f·494e·434c·5544·455b··RSYSLOG_INCLUDE[
000410c0:·645f·696e·630a·2020·6368·616e·6765·645f··d_inc.··changed_000410c0:·405d·7d22·290a·0a23·2047·6574·2066·756c··@]}")..#·Get·ful
000410d0:·7768·656e·3a20·6661·6c73·650a·2020·7768··when:·false.··wh000410d0:·6c20·6c69·7374·206f·6620·6669·6c65·7320··l·list·of·files·
000410e0:·656e·3a0a·2020·2d20·2722·6c69·6e75·782d··en:.··-·'"linux-000410e0:·746f·2062·6520·6368·6563·6b65·640a·2320··to·be·checked.#·
000410f0:·6261·7365·2220·696e·2061·6e73·6962·6c65··base"·in·ansible000410f0:·5253·5953·4c4f·475f·434f·4e46·4947·5320··RSYSLOG_CONFIGS·
00041100:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'00041100:·6d61·7920·636f·6e74·6169·6e20·676c·6f62··may·contain·glob
00041110:·0a20·202d·2027·2272·7379·736c·6f67·2220··.··-·'"rsyslog"·00041110:·7320·7375·6368·2061·730a·2320·2f65·7463··s·such·as.#·/etc
00041120:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts00041120:·2f72·7379·736c·6f67·2e64·2f2a·2e63·6f6e··/rsyslog.d/*.con
00041130:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag00041130:·6620·2f65·7463·2f72·7379·736c·6f67·2e64··f·/etc/rsyslog.d
00041140:·733a·0a20·202d·204e·4953·542d·3830·302d··s:.··-·NIST-800-00041140:·2f2a·2e66·7275·6c65·0a23·2053·6f2c·206c··/*.frule.#·So,·l
00041150:·3533·2d41·432d·3628·3129·0a20·202d·204e··53-AC-6(1).··-·N00041150:·6f6f·7020·6f76·6572·2074·6865·2065·6e74··oop·over·the·ent
00041160:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(00041160:·7269·6573·2069·6e20·5253·5953·4c4f·475f··ries·in·RSYSLOG_
00041170:·6129·0a20·202d·2050·4349·2d44·5353·2d52··a).··-·PCI-DSS-R00041170:·434f·4e46·4947·5320·616e·6420·7573·6520··CONFIGS·and·use·
00041180:·6571·2d31·302e·352e·310a·2020·2d20·5043··eq-10.5.1.··-·PC00041180:·6669·6e64·2074·6f20·6765·7420·7468·6520··find·to·get·the·
00041190:·492d·4453·532d·5265·712d·3130·2e35·2e32··I-DSS-Req-10.5.200041190:·6c69·7374·206f·6620·696e·636c·7564·6564··list·of·included
000411a0:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1000411a0:·2066·696c·6573·2e0a·5253·5953·4c4f·475f···files..RSYSLOG_
000411b0:·302e·330a·2020·2d20·5043·492d·4453·5376··0.3.··-·PCI-DSSv000411b0:·434f·4e46·4947·5f46·494c·4553·3d28·290a··CONFIG_FILES=().
000411c0:·342d·3130·2e33·2e32·0a20·202d·2063·6f6e··4-10.3.2.··-·con000411c0:·666f·7220·454e·5452·5920·696e·2022·247b··for·ENTRY·in·"${
000411d0:·6669·6775·7265·5f73·7472·6174·6567·790a··figure_strategy.000411d0:·5253·5953·4c4f·475f·434f·4e46·4947·535b··RSYSLOG_CONFIGS[
000411e0:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi000411e0:·405d·7d22·0a64·6f0a·0923·2049·6620·6469··@]}".do..#·If·di
000411f0:·7479·0a20·202d·206d·6564·6975·6d5f·6469··ty.··-·medium_di000411f0:·7265·6374·6f72·792c·2072·7379·736c·6f67··rectory,·rsyslog
00041200:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med00041200:·2077·696c·6c20·7365·6172·6368·2066·6f72···will·search·for
00041210:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··-00041210:·2063·6f6e·6669·6720·6669·6c65·7320·696e···config·files·in
00041220:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede00041220:·2072·6563·7572·7369·7665·6c79·2e0a·0923···recursively...#
00041230:·640a·2020·2d20·7273·7973·6c6f·675f·6669··d.··-·rsyslog_fi00041230:·2048·6f77·6576·6572·2c20·6669·6c65·7320···However,·files·
00041240:·6c65·735f·6772·6f75·706f·776e·6572·7368··les_groupownersh00041240:·696e·2068·6964·6465·6e20·7375·622d·6469··in·hidden·sub-di
00041250:·6970·0a0a·2d20·6e61·6d65·3a20·456e·7375··ip..-·name:·Ensu00041250:·7265·6374·6f72·6965·7320·6f72·2068·6964··rectories·or·hid
00041260:·7265·204c·6f67·2046·696c·6573·2041·7265··re·Log·Files·Are00041260:·6465·6e20·6669·6c65·7320·7769·6c6c·2062··den·files·will·b
Max diff block lines reached; 1121344/1228046 bytes (91.31%) of diff not shown.
139 KB
html2text {}
    
Offset 289, 14 lines modifiedOffset 289, 140 lines modified
289 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······007-3·R2.1,·CIP-007-3·R2.2,·CIP-007-3·R2.3,·CIP-007-289 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······007-3·R2.1,·CIP-007-3·R2.2,·CIP-007-3·R2.3,·CIP-007-
290 ···························3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2290 ···························3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2
291 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)291 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)
292 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5292 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5
293 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.5.1,·Req-10.5.2293 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.5.1,·Req-10.5.2
294 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R71294 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R71
295 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.3.2,·10.3295 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.3.2,·10.3
 296 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 297 #·Remediation·is·applicable·only·in·certain·platforms
 298 if·dpkg-query·--show·--showformat='${db:Status-Status}
 299 '·'linux-base'·2>/dev/null·|·grep·-q·^installed·&&·dpkg-query·--show·--
 300 showformat='${db:Status-Status}\n'·'rsyslog'·2>/dev/null·|·grep·-q·'^installed';
 301 then
  
 302 #·List·of·log·file·paths·to·be·inspected·for·correct·permissions
 303 #·*·Primarily·inspect·log·file·paths·listed·in·/etc/rsyslog.conf
 304 RSYSLOG_ETC_CONFIG="/etc/rsyslog.conf"
 305 #·*·And·also·the·log·file·paths·listed·after·rsyslog's·$IncludeConfig·directive
 306 #···(store·the·result·into·array·for·the·case·there's·shell·glob·used·as·value·of
 307 IncludeConfig)
 308 readarray·-t·OLD_INC·<·<(grep·-e·"\$IncludeConfig[[:space:]]\+[^[:space:];]\+"·/
 309 etc/rsyslog.conf·|·cut·-d·'·'·-f·2)
 310 readarray·-t·RSYSLOG_INCLUDE_CONFIG·<·<(for·INCPATH·in·"${OLD_INC[@]}";·do·eval
 311 printf·'%s\\n'·"${INCPATH}";·done)
 312 readarray·-t·NEW_INC·<·<(sed·-n·'/^\s*include(/,/)/Ip'·/etc/rsyslog.conf·|·sed·-
 313 n·'s@.*file\s*=\s*"\([/[:alnum:][:punct:]]*\)".*@\1@Ip')
 314 readarray·-t·RSYSLOG_INCLUDE·<·<(for·INCPATH·in·"${NEW_INC[@]}";·do·eval·printf
 315 '%s\\n'·"${INCPATH}";·done)
  
 316 #·Declare·an·array·to·hold·the·final·list·of·different·log·file·paths
 317 declare·-a·LOG_FILE_PATHS
  
 318 #·Array·to·hold·all·rsyslog·config·entries
 319 RSYSLOG_CONFIGS=()
 320 RSYSLOG_CONFIGS=("${RSYSLOG_ETC_CONFIG}"·"${RSYSLOG_INCLUDE_CONFIG[@]}"·"$
 321 {RSYSLOG_INCLUDE[@]}")
  
 322 #·Get·full·list·of·files·to·be·checked
 323 #·RSYSLOG_CONFIGS·may·contain·globs·such·as
 324 #·/etc/rsyslog.d/*.conf·/etc/rsyslog.d/*.frule
 325 #·So,·loop·over·the·entries·in·RSYSLOG_CONFIGS·and·use·find·to·get·the·list·of
 326 included·files.
 327 RSYSLOG_CONFIG_FILES=()
 328 for·ENTRY·in·"${RSYSLOG_CONFIGS[@]}"
 329 do
 330 »       #·If·directory,·rsyslog·will·search·for·config·files·in·recursively.
 331 »       #·However,·files·in·hidden·sub-directories·or·hidden·files·will·be·ignored.
 332 »       if·[·-d·"${ENTRY}"·]
 333 »       then
 334 »       »       readarray·-t·FINDOUT·<·<(find·"${ENTRY}"·-not·-path·'*/.*'·-type·f)
 335 »       »       RSYSLOG_CONFIG_FILES+=("${FINDOUT[@]}")
 336 »       elif·[·-f·"${ENTRY}"·]
 337 »       then
 338 »       »       RSYSLOG_CONFIG_FILES+=("${ENTRY}")
 339 »       else
 340 »       »       echo·"Invalid·include·object:·${ENTRY}"
 341 »       fi
 342 done
  
 343 #·Browse·each·file·selected·above·as·containing·paths·of·log·files
 344 #·('/etc/rsyslog.conf'·and·'/etc/rsyslog.d/*.conf'·in·the·default·configuration)
 345 for·LOG_FILE·in·"${RSYSLOG_CONFIG_FILES[@]}"
 346 do
 347 »       #·From·each·of·these·files·extract·just·particular·log·file·path(s),·thus:
 348 »       #·*·Ignore·lines·starting·with·space·('·'),·comment·('#"),·or·variable·syntax
 349 ('$')·characters,
 350 »       #·*·Ignore·empty·lines,
 351 »       #·*·Strip·quotes·and·closing·brackets·from·paths.
 352 »       #·*·Ignore·paths·that·match·/dev|/etc.*\.conf,·as·those·are·paths,·but·likely
 353 not·log·files
 354 »       #·*·From·the·remaining·valid·rows·select·only·fields·constituting·a·log·file
 355 path
 356 »       #·Text·file·column·is·understood·to·represent·a·log·file·path·if·and·only·if·all
 357 of·the
 358 »       #·following·are·met:
 359 »       #·*·it·contains·at·least·one·slash·'/'·character,
 360 »       #·*·it·is·preceded·by·space
 361 »       #·*·it·doesn't·contain·space·('·'),·colon·(':'),·and·semicolon·(';')·characters
 362 »       #·Search·log·file·for·path(s)·only·in·case·it·exists!
 363 »       if·[[·-f·"${LOG_FILE}"·]]
 364 »       then
 365 »       »       NORMALIZED_CONFIG_FILE_LINES=$(sed·-e·"/^[#|$]/d"·"${LOG_FILE}")
 366 »       »       LINES_WITH_PATHS=$(grep·'[^/]*\s\+\S*/\S\+$'·<<<·"$
 367 {NORMALIZED_CONFIG_FILE_LINES}")
 368 »       »       FILTERED_PATHS=$(awk·'{if(NF>=2&&($NF~/^\//||$NF~/^-\//)){sub(/^-\//,"/
 369 ",$NF);print·$NF}}'·<<<·"${LINES_WITH_PATHS}")
 370 »       »       CLEANED_PATHS=$(sed·-e·"s/[\"')]//g;·/\\/etc.*\.conf/d;·/\\/dev\\//d"·<<<·"$
 371 {FILTERED_PATHS}")
 372 »       »       MATCHED_ITEMS=$(sed·-e·"/^$/d"·<<<·"${CLEANED_PATHS}")
 373 »       »       #·Since·above·sed·command·might·return·more·than·one·item·(delimited·by
 374 newline),·split
 375 »       »       #·the·particular·matches·entries·into·new·array·specific·for·this·log·file
 376 »       »       readarray·-t·ARRAY_FOR_LOG_FILE·<<<·"$MATCHED_ITEMS"
 377 »       »       #·Concatenate·the·two·arrays·-·previous·content·of·$LOG_FILE_PATHS·array·with
 378 »       »       #·items·from·newly·created·array·for·this·log·file
 379 »       »       LOG_FILE_PATHS+=("${ARRAY_FOR_LOG_FILE[@]}")
 380 »       »       #·Delete·the·temporary·array
 381 »       »       unset·ARRAY_FOR_LOG_FILE
 382 »       fi
 383 done
  
 384 #·Check·for·RainerScript·action·log·format·which·might·be·also·multiline·so·grep
 385 regex·is·a·bit
 386 #·curly:
 387 #·extract·possibly·multiline·action·omfile·expressions
 388 #·extract·File="logfile"·expression
 389 #·match·only·"logfile"·expression
 390 for·LOG_FILE·in·"${RSYSLOG_CONFIG_FILES[@]}"
 391 do
 392 »       ACTION_OMFILE_LINES=$(grep·-iozP·"action\s*\(\s*type\s*=\s*\"omfile\"[^\)]*\)"
 393 "${LOG_FILE}")
 394 »       OMFILE_LINES=$(echo·"${ACTION_OMFILE_LINES}"|·grep·-iaoP·"\bFile\s*=\s*\"([/[:
 395 alnum:][:punct:]]*)\"\s*\)")
 396 »       LOG_FILE_PATHS+=("$(echo·"${OMFILE_LINES}"|·grep·-oE·"\"([/[:alnum:][:punct:
 397 ]]*)\""|tr·-d·"\"")")
 398 done
  
 399 #·Ensure·the·correct·attribute·if·file·exists
 400 FILE_CMD="chgrp"
 401 for·LOG_FILE_PATH·in·"${LOG_FILE_PATHS[@]}"
 402 do
 403 »       #·Sanity·check·-·if·particular·$LOG_FILE_PATH·is·empty·string,·skip·it·from
 404 further·processing
 405 »       if·[·-z·"$LOG_FILE_PATH"·]
 406 »       then
 407 »       »       continue
 408 »       fi
Max diff block lines reached; 136347/141993 bytes (96.02%) of diff not shown.
16.9 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-stig.html
    
Offset 15117, 150 lines modifiedOffset 15117, 150 lines modified
0003b0c0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003b0c0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003b0d0:·6d32·3736·3422·2074·6162·696e·6465·783d··m2764"·tabindex=0003b0d0:·6d32·3736·3422·2074·6162·696e·6465·783d··m2764"·tabindex=
0003b0e0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003b0e0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003b0f0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003b0f0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003b100:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003b100:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003b110:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003b110:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
0003b120:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003b120:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
0003b130:·6564·6961·7469·6f6e·204f·5342·7569·6c64··ediation·OSBuild0003b130:·6564·6961·7469·6f6e·2053·6865·6c6c·2073··ediation·Shell·s
 0003b140:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br
 0003b150:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
 0003b160:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
 0003b170:·6170·7365·2220·6964·3d22·6964·6d32·3736··apse"·id="idm276
 0003b180:·3422·3e3c·7461·626c·6520·636c·6173·733d··4"><table·class=
 0003b190:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
 0003b1a0:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
0003b140:·2042·6c75·6570·7269·6e74·2073·6e69·7070···Blueprint·snipp 
0003b150:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d 
0003b160:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003b170:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003b180:·6522·2069·643d·2269·646d·3237·3634·223e··e"·id="idm2764"> 
0003b190:·3c70·7265·3e3c·636f·6465·3e0a·5b5b·7061··<pre><code>.[[pa 
0003b1a0:·636b·6167·6573·5d5d·0a6e·616d·6520·3d20··ckages]].name·=· 
0003b1b0:·2261·6964·6522·0a76·6572·7369·6f6e·203d··"aide".version·= 
0003b1c0:·2022·2a22·0a3c·2f63·6f64·653e·3c2f·7072···"*".</code></pr 
0003b1d0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003b1e0:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003b1f0:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003b200:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003b210:·6172·6765·743d·2223·6964·6d32·3736·3522··arget="#idm2765" 
0003b220:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003b230:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003b240:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003b250:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003b260:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003b270:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003b280:·6f6e·2041·6e73·6962·6c65·2073·6e69·7070··on·Ansible·snipp 
0003b290:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d 
0003b2a0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003b2b0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003b2c0:·6522·2069·643d·2269·646d·3237·3635·223e··e"·id="idm2765"> 
0003b2d0:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta 
0003b2e0:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe 
0003b2f0:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered0003b1b0:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
0003b300:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed 
0003b310:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple0003b1c0:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
 0003b1d0:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
 0003b1e0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003b1f0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003b320:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo0003b200:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
0003b330:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b340:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</ 
0003b350:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b360:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo 
0003b370:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals 
0003b380:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><0003b210:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
 0003b220:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
 0003b230:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
 0003b240:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
 0003b250:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
 0003b260:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
 0003b270:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
 0003b280:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
 0003b290:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
 0003b2a0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
 0003b2b0:·0a69·6620·6470·6b67·2d71·7565·7279·202d··.if·dpkg-query·-
 0003b2c0:·2d73·686f·7720·2d2d·7368·6f77·666f·726d··-show·--showform
 0003b2d0:·6174·3d27·247b·6462·3a53·7461·7475·732d··at='${db:Status-
 0003b2e0:·5374·6174·7573·7d0a·2720·276c·696e·7578··Status}.'·'linux
 0003b2f0:·2d62·6173·6527·2032·2667·743b·2f64·6576··-base'·2&gt;/dev
 0003b300:·2f6e·756c·6c20·7c20·6772·6570·202d·7120··/null·|·grep·-q·
 0003b310:·5e69·6e73·7461·6c6c·6564·3b20·7468·656e··^installed;·then
 0003b320:·0a0a·4445·4249·414e·5f46·524f·4e54·454e··..DEBIAN_FRONTEN
 0003b330:·443d·6e6f·6e69·6e74·6572·6163·7469·7665··D=noninteractive
 0003b340:·2061·7074·2d67·6574·2069·6e73·7461·6c6c···apt-get·install
 0003b350:·202d·7920·2261·6964·6522·0a0a·656c·7365···-y·"aide"..else
 0003b360:·0a20·2020·2026·6774·3b26·616d·703b·3220··.····&gt;&amp;2·
 0003b370:·6563·686f·2027·5265·6d65·6469·6174·696f··echo·'Remediatio
 0003b380:·6e20·6973·206e·6f74·2061·7070·6c69·6361··n·is·not·applica
 0003b390:·626c·652c·206e·6f74·6869·6e67·2077·6173··ble,·nothing·was
 0003b3a0:·2064·6f6e·6527·0a66·690a·3c2f·636f·6465···done'.fi.</code
0003b390:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th 
0003b3a0:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td> 
0003b3b0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
0003b3c0:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:· 
0003b3d0:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa 
0003b3e0:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa 
0003b3f0:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma 
0003b400:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta 
0003b410:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.1 
0003b420:·302e·312e·330a·2020·2d20·4449·5341·2d53··0.1.3.··-·DISA-S 
0003b430:·5449·472d·5542·5455·2d32·302d·3031·3034··TIG-UBTU-20-0104 
0003b440:·3530·0a20·202d·204e·4953·542d·3830·302d··50.··-·NIST-800- 
0003b450:·3533·2d43·4d2d·3628·6129·0a20·202d·2050··53-CM-6(a).··-·P 
0003b460:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5. 
0003b470:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-11 
0003b480:·2e35·2e32·0a20·202d·2065·6e61·626c·655f··.5.2.··-·enable_ 
0003b490:·7374·7261·7465·6779·0a20·202d·206c·6f77··strategy.··-·low 
0003b4a0:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-· 
0003b4b0:·6c6f·775f·6469·7372·7570·7469·6f6e·0a20··low_disruption.· 
0003b4c0:·202d·206d·6564·6975·6d5f·7365·7665·7269···-·medium_severi 
0003b4d0:·7479·0a20·202d·206e·6f5f·7265·626f·6f74··ty.··-·no_reboot 
0003b4e0:·5f6e·6565·6465·640a·2020·2d20·7061·636b··_needed.··-·pack 
0003b4f0:·6167·655f·6169·6465·5f69·6e73·7461·6c6c··age_aide_install 
0003b500:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu 
0003b510:·7265·2061·6964·6520·6973·2069·6e73·7461··re·aide·is·insta 
0003b520:·6c6c·6564·0a20·2070·6163·6b61·6765·3a0a··lled.··package:. 
0003b530:·2020·2020·6e61·6d65·3a20·6169·6465·0a20······name:·aide.· 
0003b540:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen 
0003b550:·740a·2020·7768·656e·3a20·2722·6c69·6e75··t.··when:·'"linu 
0003b560:·782d·6261·7365·2220·696e·2061·6e73·6962··x-base"·in·ansib 
0003b570:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
0003b580:·7327·0a20·2074·6167·733a·0a20·202d·2043··s'.··tags:.··-·C 
0003b590:·4a49·532d·352e·3130·2e31·2e33·0a20·202d··JIS-5.10.1.3.··- 
0003b5a0:·2044·4953·412d·5354·4947·2d55·4254·552d···DISA-STIG-UBTU- 
0003b5b0:·3230·2d30·3130·3435·300a·2020·2d20·4e49··20-010450.··-·NI 
0003b5c0:·5354·2d38·3030·2d35·332d·434d·2d36·2861··ST-800-53-CM-6(a 
0003b5d0:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re 
0003b5e0:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D 
0003b5f0:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-· 
0003b600:·656e·6162·6c65·5f73·7472·6174·6567·790a··enable_strategy. 
0003b610:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi 
0003b620:·7479·0a20·202d·206c·6f77·5f64·6973·7275··ty.··-·low_disru 
0003b630:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium 
0003b640:·5f73·6576·6572·6974·790a·2020·2d20·6e6f··_severity.··-·no 
0003b650:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.· 
0003b660:·202d·2070·6163·6b61·6765·5f61·6964·655f···-·package_aide_ 
0003b670:·696e·7374·616c·6c65·640a·3c2f·636f·6465··installed.</code 
Max diff block lines reached; 16552593/16571941 bytes (99.88%) of diff not shown.
1.09 MB
html2text {}
    
Offset 127, 19 lines modifiedOffset 127, 28 lines modified
127 include·install_aide127 include·install_aide
  
128 class·install_aide·{128 class·install_aide·{
129 ··package·{·'aide':129 ··package·{·'aide':
130 ····ensure·=>·'installed',130 ····ensure·=>·'installed',
131 ··}131 ··}
132 }132 }
133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 138 #·Remediation·is·applicable·only·in·certain·platforms
 139 if·dpkg-query·--show·--showformat='${db:Status-Status}
 140 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
134 [[packages]] 
135 name·=·"aide" 
136 version·=·"*"141 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 142 else
 143 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 144 fi
137 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
138 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
139 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
140 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
141 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
142 -·name:·Gather·the·package·facts150 -·name:·Gather·the·package·facts
143 ··package_facts:151 ··package_facts:
Offset 170, 28 lines modifiedOffset 179, 19 lines modified
170 ··-·PCI-DSSv4-11.5.2179 ··-·PCI-DSSv4-11.5.2
171 ··-·enable_strategy180 ··-·enable_strategy
172 ··-·low_complexity181 ··-·low_complexity
173 ··-·low_disruption182 ··-·low_disruption
174 ··-·medium_severity183 ··-·medium_severity
175 ··-·no_reboot_needed184 ··-·no_reboot_needed
176 ··-·package_aide_installed185 ··-·package_aide_installed
 186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
177 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
178 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
179 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
180 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
181 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
182 #·Remediation·is·applicable·only·in·certain·platforms 
183 if·dpkg-query·--show·--showformat='${db:Status-Status} 
184 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
185 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
186 else 
187 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
188 fi187 [[packages]]
 188 name·=·"aide"
 189 version·=·"*"
189 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*190 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
190 Run·the·following·command·to·generate·a·new·database:191 Run·the·following·command·to·generate·a·new·database:
191 $·sudo·aideinit192 $·sudo·aideinit
192 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the193 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the
193 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide.wrapper·(or·hashes·of·these·files),·in·a194 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide.wrapper·(or·hashes·of·these·files),·in·a
194 secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The195 secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The
195 newly-generated·database·can·be·installed·as·follows:196 newly-generated·database·can·be·installed·as·follows:
Offset 218, 14 lines modifiedOffset 218, 41 lines modified
218 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5218 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
219 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199219 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
220 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········UBTU-20-010450220 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········UBTU-20-010450
221 ············_\x8c_\x8i_\x8s············1.4.1221 ············_\x8c_\x8i_\x8s············1.4.1
222 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79222 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
223 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2223 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
224 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-238371r880913_rule224 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-238371r880913_rule
 225 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 226 #·Remediation·is·applicable·only·in·certain·platforms
 227 if·dpkg-query·--show·--showformat='${db:Status-Status}
 228 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
 229 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 230 AIDE_CONFIG=/etc/aide/aide.conf
 231 DEFAULT_DB_PATH=/var/lib/aide/aide.db
  
 232 #·Fix·db·path·in·the·config·file,·if·necessary
 233 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then
 234 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used.
 235 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s'
 236 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG}
 237 fi
  
 238 #·Fix·db·out·path·in·the·config·file,·if·necessary
 239 if·!·grep·-q·'^database_out=file:'·${AIDE_CONFIG};·then
 240 ····echo·"database_out=file:${DEFAULT_DB_PATH}.new"·>>·${AIDE_CONFIG}
 241 fi
  
 242 /usr/sbin/aideinit·-y·-f
  
 243 else
 244 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 245 fi
225 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8246 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
226 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low247 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
227 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low248 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
228 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false249 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
229 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict250 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
230 -·name:·Gather·the·package·facts251 -·name:·Gather·the·package·facts
231 ··package_facts:252 ··package_facts:
Offset 404, 41 lines modifiedOffset 431, 14 lines modified
404 ··-·PCI-DSSv4-11.5.2431 ··-·PCI-DSSv4-11.5.2
405 ··-·aide_build_database432 ··-·aide_build_database
406 ··-·low_complexity433 ··-·low_complexity
407 ··-·low_disruption434 ··-·low_disruption
408 ··-·medium_severity435 ··-·medium_severity
409 ··-·no_reboot_needed436 ··-·no_reboot_needed
410 ··-·restrict_strategy437 ··-·restrict_strategy
411 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
412 #·Remediation·is·applicable·only·in·certain·platforms 
413 if·dpkg-query·--show·--showformat='${db:Status-Status} 
414 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
415 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
416 AIDE_CONFIG=/etc/aide/aide.conf 
417 DEFAULT_DB_PATH=/var/lib/aide/aide.db 
  
418 #·Fix·db·path·in·the·config·file,·if·necessary 
419 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then 
420 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used. 
421 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s' 
422 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG} 
Max diff block lines reached; 1138447/1144115 bytes (99.50%) of diff not shown.
7.72 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level1_server.html
    
Offset 15160, 150 lines modifiedOffset 15160, 150 lines modified
0003b370:·2d74·6172·6765·743d·2223·6964·6d32·3932··-target="#idm2920003b370:·2d74·6172·6765·743d·2223·6964·6d32·3932··-target="#idm292
0003b380:·3622·2074·6162·696e·6465·783d·2230·2220··6"·tabindex="0"·0003b380:·3622·2074·6162·696e·6465·783d·2230·2220··6"·tabindex="0"·
0003b390:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003b390:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003b3a0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003b3a0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003b3b0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003b3b0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003b3c0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003b3c0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003b3d0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003b3d0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
 0003b3e0:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
 0003b3f0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
 0003b400:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
 0003b410:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
 0003b420:·2220·6964·3d22·6964·6d32·3932·3622·3e3c··"·id="idm2926"><
 0003b430:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
 0003b440:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
 0003b450:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
 0003b460:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
 0003b470:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
 0003b480:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
 0003b490:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003b4a0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
0003b3e0:·7469·6f6e·204f·5342·7569·6c64·2042·6c75··tion·OSBuild·Blu 
0003b3f0:·6570·7269·6e74·2073·6e69·7070·6574·20e2··eprint·snippet·. 
0003b400:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003b410:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003b420:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003b430:·643d·2269·646d·3239·3236·223e·3c70·7265··d="idm2926"><pre 
0003b440:·3e3c·636f·6465·3e0a·5b5b·7061·636b·6167··><code>.[[packag 
0003b450:·6573·5d5d·0a6e·616d·6520·3d20·2261·6964··es]].name·=·"aid 
0003b460:·6522·0a76·6572·7369·6f6e·203d·2022·2a22··e".version·=·"*" 
0003b470:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003b480:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003b490:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003b4a0:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003b4b0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
0003b4c0:·743d·2223·6964·6d32·3932·3722·2074·6162··t="#idm2927"·tab 
0003b4d0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003b4e0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003b4f0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003b500:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003b510:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003b520:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A 
0003b530:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·. 
0003b540:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003b550:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003b560:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003b570:·643d·2269·646d·3239·3237·223e·3c74·6162··d="idm2927"><tab 
0003b580:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003b590:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003b5a0:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003b5b0:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003b5c0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003b5d0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t0003b4b0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003b4c0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
 0003b4d0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
 0003b4e0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003b4f0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
 0003b500:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><
 0003b510:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
 0003b520:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
 0003b530:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
 0003b540:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
 0003b550:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
 0003b560:·6470·6b67·2d71·7565·7279·202d·2d73·686f··dpkg-query·--sho
 0003b570:·7720·2d2d·7368·6f77·666f·726d·6174·3d27··w·--showformat='
 0003b580:·247b·6462·3a53·7461·7475·732d·5374·6174··${db:Status-Stat
 0003b590:·7573·7d0a·2720·276c·696e·7578·2d62·6173··us}.'·'linux-bas
 0003b5a0:·6527·2032·2667·743b·2f64·6576·2f6e·756c··e'·2&gt;/dev/nul
 0003b5b0:·6c20·7c20·6772·6570·202d·7120·5e69·6e73··l·|·grep·-q·^ins
 0003b5c0:·7461·6c6c·6564·3b20·7468·656e·0a0a·4445··talled;·then..DE
 0003b5d0:·4249·414e·5f46·524f·4e54·454e·443d·6e6f··BIAN_FRONTEND=no
 0003b5e0:·6e69·6e74·6572·6163·7469·7665·2061·7074··ninteractive·apt
 0003b5f0:·2d67·6574·2069·6e73·7461·6c6c·202d·7920··-get·install·-y·
 0003b600:·2261·6964·6522·0a0a·656c·7365·0a20·2020··"aide"..else.···
 0003b610:·2026·6774·3b26·616d·703b·3220·6563·686f···&gt;&amp;2·echo
 0003b620:·2027·5265·6d65·6469·6174·696f·6e20·6973···'Remediation·is
 0003b630:·206e·6f74·2061·7070·6c69·6361·626c·652c···not·applicable,
 0003b640:·206e·6f74·6869·6e67·2077·6173·2064·6f6e···nothing·was·don
0003b5e0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003b5f0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003b600:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b610:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003b620:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003b630:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003b640:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003b650:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003b660:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003b670:·6f64·653e·2d20·6e61·6d65·3a20·4761·7468··ode>-·name:·Gath 
0003b680:·6572·2074·6865·2070·6163·6b61·6765·2066··er·the·package·f 
0003b690:·6163·7473·0a20·2070·6163·6b61·6765·5f66··acts.··package_f 
0003b6a0:·6163·7473·3a0a·2020·2020·6d61·6e61·6765··acts:.····manage 
0003b6b0:·723a·2061·7574·6f0a·2020·7461·6773·3a0a··r:·auto.··tags:. 
0003b6c0:·2020·2d20·434a·4953·2d35·2e31·302e·312e····-·CJIS-5.10.1. 
0003b6d0:·330a·2020·2d20·4449·5341·2d53·5449·472d··3.··-·DISA-STIG- 
0003b6e0:·5542·5455·2d32·322d·3635·3130·3130·0a20··UBTU-22-651010.· 
0003b6f0:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C 
0003b700:·4d2d·3628·6129·0a20·202d·2050·4349·2d44··M-6(a).··-·PCI-D 
0003b710:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-· 
0003b720:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.2 
0003b730:·0a20·202d·2065·6e61·626c·655f·7374·7261··.··-·enable_stra 
0003b740:·7465·6779·0a20·202d·206c·6f77·5f63·6f6d··tegy.··-·low_com 
0003b750:·706c·6578·6974·790a·2020·2d20·6c6f·775f··plexity.··-·low_ 
0003b760:·6469·7372·7570·7469·6f6e·0a20·202d·206d··disruption.··-·m 
0003b770:·6564·6975·6d5f·7365·7665·7269·7479·0a20··edium_severity.· 
0003b780:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee 
0003b790:·6465·640a·2020·2d20·7061·636b·6167·655f··ded.··-·package_ 
0003b7a0:·6169·6465·5f69·6e73·7461·6c6c·6564·0a0a··aide_installed.. 
0003b7b0:·2d20·6e61·6d65·3a20·456e·7375·7265·2061··-·name:·Ensure·a 
0003b7c0:·6964·6520·6973·2069·6e73·7461·6c6c·6564··ide·is·installed 
0003b7d0:·0a20·2070·6163·6b61·6765·3a0a·2020·2020··.··package:.···· 
0003b7e0:·6e61·6d65·3a20·6169·6465·0a20·2020·2073··name:·aide.····s 
0003b7f0:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.·· 
0003b800:·7768·656e·3a20·2722·6c69·6e75·782d·6261··when:·'"linux-ba 
0003b810:·7365·2220·696e·2061·6e73·6962·6c65·5f66··se"·in·ansible_f 
0003b820:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
0003b830:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS- 
0003b840:·352e·3130·2e31·2e33·0a20·202d·2044·4953··5.10.1.3.··-·DIS 
0003b850:·412d·5354·4947·2d55·4254·552d·3232·2d36··A-STIG-UBTU-22-6 
0003b860:·3531·3031·300a·2020·2d20·4e49·5354·2d38··51010.··-·NIST-8 
0003b870:·3030·2d35·332d·434d·2d36·2861·290a·2020··00-53-CM-6(a).·· 
0003b880:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-11 
0003b890:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv4 
0003b8a0:·2d31·312e·352e·320a·2020·2d20·656e·6162··-11.5.2.··-·enab 
0003b8b0:·6c65·5f73·7472·6174·6567·790a·2020·2d20··le_strategy.··-· 
0003b8c0:·6c6f·775f·636f·6d70·6c65·7869·7479·0a20··low_complexity.· 
0003b8d0:·202d·206c·6f77·5f64·6973·7275·7074·696f···-·low_disruptio 
0003b8e0:·6e0a·2020·2d20·6d65·6469·756d·5f73·6576··n.··-·medium_sev 
0003b8f0:·6572·6974·790a·2020·2d20·6e6f·5f72·6562··erity.··-·no_reb 
Max diff block lines reached; 7145887/7165235 bytes (99.73%) of diff not shown.
910 KB
html2text {}
    
Offset 137, 19 lines modifiedOffset 137, 28 lines modified
137 include·install_aide137 include·install_aide
  
138 class·install_aide·{138 class·install_aide·{
139 ··package·{·'aide':139 ··package·{·'aide':
140 ····ensure·=>·'installed',140 ····ensure·=>·'installed',
141 ··}141 ··}
142 }142 }
143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 148 #·Remediation·is·applicable·only·in·certain·platforms
 149 if·dpkg-query·--show·--showformat='${db:Status-Status}
 150 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
144 [[packages]] 
145 name·=·"aide" 
146 version·=·"*"151 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 152 else
 153 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 154 fi
147 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8155 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
148 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low156 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
149 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low157 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
150 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false158 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
151 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable159 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
152 -·name:·Gather·the·package·facts160 -·name:·Gather·the·package·facts
153 ··package_facts:161 ··package_facts:
Offset 180, 28 lines modifiedOffset 189, 19 lines modified
180 ··-·PCI-DSSv4-11.5.2189 ··-·PCI-DSSv4-11.5.2
181 ··-·enable_strategy190 ··-·enable_strategy
182 ··-·low_complexity191 ··-·low_complexity
183 ··-·low_disruption192 ··-·low_disruption
184 ··-·medium_severity193 ··-·medium_severity
185 ··-·no_reboot_needed194 ··-·no_reboot_needed
186 ··-·package_aide_installed195 ··-·package_aide_installed
 196 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
187 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
188 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
189 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
190 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
191 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
192 #·Remediation·is·applicable·only·in·certain·platforms 
193 if·dpkg-query·--show·--showformat='${db:Status-Status} 
194 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
195 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
196 else 
197 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
198 fi197 [[packages]]
 198 name·=·"aide"
 199 version·=·"*"
199 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*200 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
200 Run·the·following·command·to·generate·a·new·database:201 Run·the·following·command·to·generate·a·new·database:
201 $·sudo·aideinit202 $·sudo·aideinit
202 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the203 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the
203 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these204 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these
204 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their205 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
205 integrity.·The·newly-generated·database·can·be·installed·as·follows:206 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 228, 14 lines modifiedOffset 228, 41 lines modified
228 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5228 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
229 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199229 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
230 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········UBTU-22-651015230 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········UBTU-22-651015
231 ············_\x8c_\x8i_\x8s············1.3.1231 ············_\x8c_\x8i_\x8s············1.3.1
232 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79232 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
233 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2233 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
234 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-260583r958944_rule234 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-260583r958944_rule
 235 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 236 #·Remediation·is·applicable·only·in·certain·platforms
 237 if·dpkg-query·--show·--showformat='${db:Status-Status}
 238 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
 239 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 240 AIDE_CONFIG=/etc/aide/aide.conf
 241 DEFAULT_DB_PATH=/var/lib/aide/aide.db
  
 242 #·Fix·db·path·in·the·config·file,·if·necessary
 243 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then
 244 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used.
 245 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s'
 246 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG}
 247 fi
  
 248 #·Fix·db·out·path·in·the·config·file,·if·necessary
 249 if·!·grep·-q·'^database_out=file:'·${AIDE_CONFIG};·then
 250 ····echo·"database_out=file:${DEFAULT_DB_PATH}.new"·>>·${AIDE_CONFIG}
 251 fi
  
 252 /usr/sbin/aideinit·-y·-f
  
 253 else
 254 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 255 fi
235 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8256 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
236 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low257 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
237 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low258 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
238 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false259 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
239 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict260 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
240 -·name:·Gather·the·package·facts261 -·name:·Gather·the·package·facts
241 ··package_facts:262 ··package_facts:
Offset 414, 41 lines modifiedOffset 441, 14 lines modified
414 ··-·PCI-DSSv4-11.5.2441 ··-·PCI-DSSv4-11.5.2
415 ··-·aide_build_database442 ··-·aide_build_database
416 ··-·low_complexity443 ··-·low_complexity
417 ··-·low_disruption444 ··-·low_disruption
418 ··-·medium_severity445 ··-·medium_severity
419 ··-·no_reboot_needed446 ··-·no_reboot_needed
420 ··-·restrict_strategy447 ··-·restrict_strategy
421 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
422 #·Remediation·is·applicable·only·in·certain·platforms 
423 if·dpkg-query·--show·--showformat='${db:Status-Status} 
424 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
425 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
426 AIDE_CONFIG=/etc/aide/aide.conf 
427 DEFAULT_DB_PATH=/var/lib/aide/aide.db 
  
428 #·Fix·db·path·in·the·config·file,·if·necessary 
429 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then 
430 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used. 
431 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s' 
432 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG} 
Max diff block lines reached; 926284/931944 bytes (99.39%) of diff not shown.
7.57 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level1_workstation.html
    
Offset 15150, 150 lines modifiedOffset 15150, 150 lines modified
0003b2d0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe0003b2d0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003b2e0:·743d·2223·6964·6d32·3932·3622·2074·6162··t="#idm2926"·tab0003b2e0:·743d·2223·6964·6d32·3932·3622·2074·6162··t="#idm2926"·tab
0003b2f0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="0003b2f0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003b300:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp0003b300:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003b310:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti0003b310:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003b320:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to0003b320:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003b330:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#0003b330:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003b340:·2122·3e52·656d·6564·6961·7469·6f6e·204f··!">Remediation·O0003b340:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
 0003b350:·6865·6c6c·2073·6372·6970·7420·e287·b23c··hell·script·...<
 0003b360:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003b370:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003b380:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003b390:·6964·6d32·3932·3622·3e3c·7461·626c·6520··idm2926"><table·
 0003b3a0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 0003b3b0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 0003b3c0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 0003b3d0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 0003b3e0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
 0003b3f0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003b400:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 0003b410:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
0003b350:·5342·7569·6c64·2042·6c75·6570·7269·6e74··SBuild·Blueprint 
0003b360:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b370:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b380:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b390:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b3a0:·3239·3236·223e·3c70·7265·3e3c·636f·6465··2926"><pre><code 
0003b3b0:·3e0a·5b5b·7061·636b·6167·6573·5d5d·0a6e··>.[[packages]].n 
0003b3c0:·616d·6520·3d20·2261·6964·6522·0a76·6572··ame·=·"aide".ver 
0003b3d0:·7369·6f6e·203d·2022·2a22·0a3c·2f63·6f64··sion·=·"*".</cod 
0003b3e0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003b3f0:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003b400:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003b410:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003b420:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003b430:·6d32·3932·3722·2074·6162·696e·6465·783d··m2927"·tabindex= 
0003b440:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003b450:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003b460:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003b470:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003b480:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003b490:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible 
0003b4a0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b4b0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b4c0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b4d0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b4e0:·3239·3237·223e·3c74·6162·6c65·2063·6c61··2927"><table·cla 
0003b4f0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003b500:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003b510:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003b520:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003b530:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003b540:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b550:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003b560:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003b570:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b580:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b590:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b5a0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b5b0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b5c0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab0003b420:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003b430:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 0003b440:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 0003b450:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 0003b460:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
 0003b470:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
 0003b480:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
 0003b490:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
 0003b4a0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
 0003b4b0:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
 0003b4c0:·7466·6f72·6d73·0a69·6620·6470·6b67·2d71··tforms.if·dpkg-q
 0003b4d0:·7565·7279·202d·2d73·686f·7720·2d2d·7368··uery·--show·--sh
 0003b4e0:·6f77·666f·726d·6174·3d27·247b·6462·3a53··owformat='${db:S
 0003b4f0:·7461·7475·732d·5374·6174·7573·7d0a·2720··tatus-Status}.'·
 0003b500:·276c·696e·7578·2d62·6173·6527·2032·2667··'linux-base'·2&g
 0003b510:·743b·2f64·6576·2f6e·756c·6c20·7c20·6772··t;/dev/null·|·gr
 0003b520:·6570·202d·7120·5e69·6e73·7461·6c6c·6564··ep·-q·^installed
 0003b530:·3b20·7468·656e·0a0a·4445·4249·414e·5f46··;·then..DEBIAN_F
 0003b540:·524f·4e54·454e·443d·6e6f·6e69·6e74·6572··RONTEND=noninter
 0003b550:·6163·7469·7665·2061·7074·2d67·6574·2069··active·apt-get·i
 0003b560:·6e73·7461·6c6c·202d·7920·2261·6964·6522··nstall·-y·"aide"
 0003b570:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
 0003b580:·616d·703b·3220·6563·686f·2027·5265·6d65··amp;2·echo·'Reme
 0003b590:·6469·6174·696f·6e20·6973·206e·6f74·2061··diation·is·not·a
 0003b5a0:·7070·6c69·6361·626c·652c·206e·6f74·6869··pplicable,·nothi
 0003b5b0:·6e67·2077·6173·2064·6f6e·6527·0a66·690a··ng·was·done'.fi.
0003b5d0:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-· 
0003b5e0:·6e61·6d65·3a20·4761·7468·6572·2074·6865··name:·Gather·the 
0003b5f0:·2070·6163·6b61·6765·2066·6163·7473·0a20···package·facts.· 
0003b600:·2070·6163·6b61·6765·5f66·6163·7473·3a0a···package_facts:. 
0003b610:·2020·2020·6d61·6e61·6765·723a·2061·7574······manager:·aut 
0003b620:·6f0a·2020·7461·6773·3a0a·2020·2d20·434a··o.··tags:.··-·CJ 
0003b630:·4953·2d35·2e31·302e·312e·330a·2020·2d20··IS-5.10.1.3.··-· 
0003b640:·4449·5341·2d53·5449·472d·5542·5455·2d32··DISA-STIG-UBTU-2 
0003b650:·322d·3635·3130·3130·0a20·202d·204e·4953··2-651010.··-·NIS 
0003b660:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a) 
0003b670:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req 
0003b680:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS 
0003b690:·5376·342d·3131·2e35·2e32·0a20·202d·2065··Sv4-11.5.2.··-·e 
0003b6a0:·6e61·626c·655f·7374·7261·7465·6779·0a20··nable_strategy.· 
0003b6b0:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit 
0003b6c0:·790a·2020·2d20·6c6f·775f·6469·7372·7570··y.··-·low_disrup 
0003b6d0:·7469·6f6e·0a20·202d·206d·6564·6975·6d5f··tion.··-·medium_ 
0003b6e0:·7365·7665·7269·7479·0a20·202d·206e·6f5f··severity.··-·no_ 
0003b6f0:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.·· 
0003b700:·2d20·7061·636b·6167·655f·6169·6465·5f69··-·package_aide_i 
0003b710:·6e73·7461·6c6c·6564·0a0a·2d20·6e61·6d65··nstalled..-·name 
0003b720:·3a20·456e·7375·7265·2061·6964·6520·6973··:·Ensure·aide·is 
0003b730:·2069·6e73·7461·6c6c·6564·0a20·2070·6163···installed.··pac 
0003b740:·6b61·6765·3a0a·2020·2020·6e61·6d65·3a20··kage:.····name:· 
0003b750:·6169·6465·0a20·2020·2073·7461·7465·3a20··aide.····state:· 
0003b760:·7072·6573·656e·740a·2020·7768·656e·3a20··present.··when:· 
0003b770:·2722·6c69·6e75·782d·6261·7365·2220·696e··'"linux-base"·in 
0003b780:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
0003b790:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags: 
0003b7a0:·0a20·202d·2043·4a49·532d·352e·3130·2e31··.··-·CJIS-5.10.1 
0003b7b0:·2e33·0a20·202d·2044·4953·412d·5354·4947··.3.··-·DISA-STIG 
0003b7c0:·2d55·4254·552d·3232·2d36·3531·3031·300a··-UBTU-22-651010. 
0003b7d0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53- 
0003b7e0:·434d·2d36·2861·290a·2020·2d20·5043·492d··CM-6(a).··-·PCI- 
0003b7f0:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··- 
0003b800:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5. 
0003b810:·320a·2020·2d20·656e·6162·6c65·5f73·7472··2.··-·enable_str 
0003b820:·6174·6567·790a·2020·2d20·6c6f·775f·636f··ategy.··-·low_co 
0003b830:·6d70·6c65·7869·7479·0a20·202d·206c·6f77··mplexity.··-·low 
0003b840:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-· 
0003b850:·6d65·6469·756d·5f73·6576·6572·6974·790a··medium_severity. 
Max diff block lines reached; 6997247/7016595 bytes (99.72%) of diff not shown.
895 KB
html2text {}
    
Offset 135, 19 lines modifiedOffset 135, 28 lines modified
135 include·install_aide135 include·install_aide
  
136 class·install_aide·{136 class·install_aide·{
137 ··package·{·'aide':137 ··package·{·'aide':
138 ····ensure·=>·'installed',138 ····ensure·=>·'installed',
139 ··}139 ··}
140 }140 }
141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 142 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 143 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 144 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 145 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 146 #·Remediation·is·applicable·only·in·certain·platforms
 147 if·dpkg-query·--show·--showformat='${db:Status-Status}
 148 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
142 [[packages]] 
143 name·=·"aide" 
144 version·=·"*"149 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 150 else
 151 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 152 fi
145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8153 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low154 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low155 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false156 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable157 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
150 -·name:·Gather·the·package·facts158 -·name:·Gather·the·package·facts
151 ··package_facts:159 ··package_facts:
Offset 178, 28 lines modifiedOffset 187, 19 lines modified
178 ··-·PCI-DSSv4-11.5.2187 ··-·PCI-DSSv4-11.5.2
179 ··-·enable_strategy188 ··-·enable_strategy
180 ··-·low_complexity189 ··-·low_complexity
181 ··-·low_disruption190 ··-·low_disruption
182 ··-·medium_severity191 ··-·medium_severity
183 ··-·no_reboot_needed192 ··-·no_reboot_needed
184 ··-·package_aide_installed193 ··-·package_aide_installed
 194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
185 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
186 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
187 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
188 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
189 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
190 #·Remediation·is·applicable·only·in·certain·platforms 
191 if·dpkg-query·--show·--showformat='${db:Status-Status} 
192 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
193 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
194 else 
195 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
196 fi195 [[packages]]
 196 name·=·"aide"
 197 version·=·"*"
197 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*198 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
198 Run·the·following·command·to·generate·a·new·database:199 Run·the·following·command·to·generate·a·new·database:
199 $·sudo·aideinit200 $·sudo·aideinit
200 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the201 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the
201 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these202 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these
202 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their203 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
203 integrity.·The·newly-generated·database·can·be·installed·as·follows:204 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 226, 14 lines modifiedOffset 226, 41 lines modified
226 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5226 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
227 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199227 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
228 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········UBTU-22-651015228 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········UBTU-22-651015
229 ············_\x8c_\x8i_\x8s············1.3.1229 ············_\x8c_\x8i_\x8s············1.3.1
230 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79230 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
231 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2231 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
232 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-260583r958944_rule232 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-260583r958944_rule
 233 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 234 #·Remediation·is·applicable·only·in·certain·platforms
 235 if·dpkg-query·--show·--showformat='${db:Status-Status}
 236 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
 237 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 238 AIDE_CONFIG=/etc/aide/aide.conf
 239 DEFAULT_DB_PATH=/var/lib/aide/aide.db
  
 240 #·Fix·db·path·in·the·config·file,·if·necessary
 241 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then
 242 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used.
 243 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s'
 244 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG}
 245 fi
  
 246 #·Fix·db·out·path·in·the·config·file,·if·necessary
 247 if·!·grep·-q·'^database_out=file:'·${AIDE_CONFIG};·then
 248 ····echo·"database_out=file:${DEFAULT_DB_PATH}.new"·>>·${AIDE_CONFIG}
 249 fi
  
 250 /usr/sbin/aideinit·-y·-f
  
 251 else
 252 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 253 fi
233 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8254 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
234 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low255 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
235 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low256 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
236 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false257 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
237 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict258 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
238 -·name:·Gather·the·package·facts259 -·name:·Gather·the·package·facts
239 ··package_facts:260 ··package_facts:
Offset 412, 41 lines modifiedOffset 439, 14 lines modified
412 ··-·PCI-DSSv4-11.5.2439 ··-·PCI-DSSv4-11.5.2
413 ··-·aide_build_database440 ··-·aide_build_database
414 ··-·low_complexity441 ··-·low_complexity
415 ··-·low_disruption442 ··-·low_disruption
416 ··-·medium_severity443 ··-·medium_severity
417 ··-·no_reboot_needed444 ··-·no_reboot_needed
418 ··-·restrict_strategy445 ··-·restrict_strategy
419 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
420 #·Remediation·is·applicable·only·in·certain·platforms 
421 if·dpkg-query·--show·--showformat='${db:Status-Status} 
422 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
423 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
424 AIDE_CONFIG=/etc/aide/aide.conf 
425 DEFAULT_DB_PATH=/var/lib/aide/aide.db 
  
426 #·Fix·db·path·in·the·config·file,·if·necessary 
427 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then 
428 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used. 
429 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s' 
430 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG} 
Max diff block lines reached; 910301/915961 bytes (99.38%) of diff not shown.
22.1 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level2_server.html
    
Offset 15167, 150 lines modifiedOffset 15167, 150 lines modified
0003b3e0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe0003b3e0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003b3f0:·743d·2223·6964·6d32·3932·3622·2074·6162··t="#idm2926"·tab0003b3f0:·743d·2223·6964·6d32·3932·3622·2074·6162··t="#idm2926"·tab
0003b400:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="0003b400:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003b410:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp0003b410:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003b420:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti0003b420:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003b430:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to0003b430:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003b440:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#0003b440:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003b450:·2122·3e52·656d·6564·6961·7469·6f6e·204f··!">Remediation·O0003b450:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
 0003b460:·6865·6c6c·2073·6372·6970·7420·e287·b23c··hell·script·...<
 0003b470:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003b480:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003b490:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003b4a0:·6964·6d32·3932·3622·3e3c·7461·626c·6520··idm2926"><table·
 0003b4b0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 0003b4c0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 0003b4d0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 0003b4e0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 0003b4f0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
 0003b500:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003b510:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 0003b520:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
0003b460:·5342·7569·6c64·2042·6c75·6570·7269·6e74··SBuild·Blueprint 
0003b470:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b480:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b490:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b4a0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b4b0:·3239·3236·223e·3c70·7265·3e3c·636f·6465··2926"><pre><code 
0003b4c0:·3e0a·5b5b·7061·636b·6167·6573·5d5d·0a6e··>.[[packages]].n 
0003b4d0:·616d·6520·3d20·2261·6964·6522·0a76·6572··ame·=·"aide".ver 
0003b4e0:·7369·6f6e·203d·2022·2a22·0a3c·2f63·6f64··sion·=·"*".</cod 
0003b4f0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003b500:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003b510:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003b520:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003b530:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003b540:·6d32·3932·3722·2074·6162·696e·6465·783d··m2927"·tabindex= 
0003b550:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003b560:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003b570:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003b580:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003b590:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003b5a0:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible 
0003b5b0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b5c0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b5d0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b5e0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b5f0:·3239·3237·223e·3c74·6162·6c65·2063·6c61··2927"><table·cla 
0003b600:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003b610:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003b620:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003b630:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003b640:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003b650:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b660:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003b670:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003b680:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b690:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b6a0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b6b0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b6c0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b6d0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab0003b530:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003b540:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 0003b550:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 0003b560:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 0003b570:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
 0003b580:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
 0003b590:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
 0003b5a0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
 0003b5b0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
 0003b5c0:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
 0003b5d0:·7466·6f72·6d73·0a69·6620·6470·6b67·2d71··tforms.if·dpkg-q
 0003b5e0:·7565·7279·202d·2d73·686f·7720·2d2d·7368··uery·--show·--sh
 0003b5f0:·6f77·666f·726d·6174·3d27·247b·6462·3a53··owformat='${db:S
 0003b600:·7461·7475·732d·5374·6174·7573·7d0a·2720··tatus-Status}.'·
 0003b610:·276c·696e·7578·2d62·6173·6527·2032·2667··'linux-base'·2&g
 0003b620:·743b·2f64·6576·2f6e·756c·6c20·7c20·6772··t;/dev/null·|·gr
 0003b630:·6570·202d·7120·5e69·6e73·7461·6c6c·6564··ep·-q·^installed
 0003b640:·3b20·7468·656e·0a0a·4445·4249·414e·5f46··;·then..DEBIAN_F
 0003b650:·524f·4e54·454e·443d·6e6f·6e69·6e74·6572··RONTEND=noninter
 0003b660:·6163·7469·7665·2061·7074·2d67·6574·2069··active·apt-get·i
 0003b670:·6e73·7461·6c6c·202d·7920·2261·6964·6522··nstall·-y·"aide"
 0003b680:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
 0003b690:·616d·703b·3220·6563·686f·2027·5265·6d65··amp;2·echo·'Reme
 0003b6a0:·6469·6174·696f·6e20·6973·206e·6f74·2061··diation·is·not·a
 0003b6b0:·7070·6c69·6361·626c·652c·206e·6f74·6869··pplicable,·nothi
 0003b6c0:·6e67·2077·6173·2064·6f6e·6527·0a66·690a··ng·was·done'.fi.
0003b6e0:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-· 
0003b6f0:·6e61·6d65·3a20·4761·7468·6572·2074·6865··name:·Gather·the 
0003b700:·2070·6163·6b61·6765·2066·6163·7473·0a20···package·facts.· 
0003b710:·2070·6163·6b61·6765·5f66·6163·7473·3a0a···package_facts:. 
0003b720:·2020·2020·6d61·6e61·6765·723a·2061·7574······manager:·aut 
0003b730:·6f0a·2020·7461·6773·3a0a·2020·2d20·434a··o.··tags:.··-·CJ 
0003b740:·4953·2d35·2e31·302e·312e·330a·2020·2d20··IS-5.10.1.3.··-· 
0003b750:·4449·5341·2d53·5449·472d·5542·5455·2d32··DISA-STIG-UBTU-2 
0003b760:·322d·3635·3130·3130·0a20·202d·204e·4953··2-651010.··-·NIS 
0003b770:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a) 
0003b780:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req 
0003b790:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS 
0003b7a0:·5376·342d·3131·2e35·2e32·0a20·202d·2065··Sv4-11.5.2.··-·e 
0003b7b0:·6e61·626c·655f·7374·7261·7465·6779·0a20··nable_strategy.· 
0003b7c0:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit 
0003b7d0:·790a·2020·2d20·6c6f·775f·6469·7372·7570··y.··-·low_disrup 
0003b7e0:·7469·6f6e·0a20·202d·206d·6564·6975·6d5f··tion.··-·medium_ 
0003b7f0:·7365·7665·7269·7479·0a20·202d·206e·6f5f··severity.··-·no_ 
0003b800:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.·· 
0003b810:·2d20·7061·636b·6167·655f·6169·6465·5f69··-·package_aide_i 
0003b820:·6e73·7461·6c6c·6564·0a0a·2d20·6e61·6d65··nstalled..-·name 
0003b830:·3a20·456e·7375·7265·2061·6964·6520·6973··:·Ensure·aide·is 
0003b840:·2069·6e73·7461·6c6c·6564·0a20·2070·6163···installed.··pac 
0003b850:·6b61·6765·3a0a·2020·2020·6e61·6d65·3a20··kage:.····name:· 
0003b860:·6169·6465·0a20·2020·2073·7461·7465·3a20··aide.····state:· 
0003b870:·7072·6573·656e·740a·2020·7768·656e·3a20··present.··when:· 
0003b880:·2722·6c69·6e75·782d·6261·7365·2220·696e··'"linux-base"·in 
0003b890:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
0003b8a0:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags: 
0003b8b0:·0a20·202d·2043·4a49·532d·352e·3130·2e31··.··-·CJIS-5.10.1 
0003b8c0:·2e33·0a20·202d·2044·4953·412d·5354·4947··.3.··-·DISA-STIG 
0003b8d0:·2d55·4254·552d·3232·2d36·3531·3031·300a··-UBTU-22-651010. 
0003b8e0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53- 
0003b8f0:·434d·2d36·2861·290a·2020·2d20·5043·492d··CM-6(a).··-·PCI- 
0003b900:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··- 
0003b910:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5. 
0003b920:·320a·2020·2d20·656e·6162·6c65·5f73·7472··2.··-·enable_str 
0003b930:·6174·6567·790a·2020·2d20·6c6f·775f·636f··ategy.··-·low_co 
0003b940:·6d70·6c65·7869·7479·0a20·202d·206c·6f77··mplexity.··-·low 
0003b950:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-· 
0003b960:·6d65·6469·756d·5f73·6576·6572·6974·790a··medium_severity. 
Max diff block lines reached; 21278805/21298153 bytes (99.91%) of diff not shown.
1.83 MB
html2text {}
Max HTML report size reached
22.1 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level2_workstation.html
    
Offset 15163, 150 lines modifiedOffset 15163, 150 lines modified
0003b3a0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003b3a0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003b3b0:·6964·6d32·3932·3622·2074·6162·696e·6465··idm2926"·tabinde0003b3b0:·6964·6d32·3932·3622·2074·6162·696e·6465··idm2926"·tabinde
0003b3c0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003b3c0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003b3d0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003b3d0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003b3e0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003b3e0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003b3f0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003b3f0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003b400:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003b400:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003b410:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui0003b410:·656d·6564·6961·7469·6f6e·2053·6865·6c6c··emediation·Shell
0003b420:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
0003b430:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b440:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b450:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b460:·7073·6522·2069·643d·2269·646d·3239·3236··pse"·id="idm29260003b420:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
 0003b430:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
 0003b440:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
 0003b450:·6c6c·6170·7365·2220·6964·3d22·6964·6d32··llapse"·id="idm2
 0003b460:·3932·3622·3e3c·7461·626c·6520·636c·6173··926"><table·clas
 0003b470:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
 0003b480:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
 0003b490:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
 0003b4a0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
 0003b4b0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
 0003b4c0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003b4d0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
 0003b4e0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
 0003b4f0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b500:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
 0003b510:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
 0003b520:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
 0003b530:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable
 0003b540:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
0003b470:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[0003b550:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R
 0003b560:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
 0003b570:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
 0003b580:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
 0003b590:·6d73·0a69·6620·6470·6b67·2d71·7565·7279··ms.if·dpkg-query
 0003b5a0:·202d·2d73·686f·7720·2d2d·7368·6f77·666f···--show·--showfo
 0003b5b0:·726d·6174·3d27·247b·6462·3a53·7461·7475··rmat='${db:Statu
 0003b5c0:·732d·5374·6174·7573·7d0a·2720·276c·696e··s-Status}.'·'lin
 0003b5d0:·7578·2d62·6173·6527·2032·2667·743b·2f64··ux-base'·2&gt;/d
 0003b5e0:·6576·2f6e·756c·6c20·7c20·6772·6570·202d··ev/null·|·grep·-
 0003b5f0:·7120·5e69·6e73·7461·6c6c·6564·3b20·7468··q·^installed;·th
 0003b600:·656e·0a0a·4445·4249·414e·5f46·524f·4e54··en..DEBIAN_FRONT
 0003b610:·454e·443d·6e6f·6e69·6e74·6572·6163·7469··END=noninteracti
 0003b620:·7665·2061·7074·2d67·6574·2069·6e73·7461··ve·apt-get·insta
 0003b630:·6c6c·202d·7920·2261·6964·6522·0a0a·656c··ll·-y·"aide"..el
 0003b640:·7365·0a20·2020·2026·6774·3b26·616d·703b··se.····&gt;&amp;
 0003b650:·3220·6563·686f·2027·5265·6d65·6469·6174··2·echo·'Remediat
 0003b660:·696f·6e20·6973·206e·6f74·2061·7070·6c69··ion·is·not·appli
 0003b670:·6361·626c·652c·206e·6f74·6869·6e67·2077··cable,·nothing·w
 0003b680:·6173·2064·6f6e·6527·0a66·690a·3c2f·636f··as·done'.fi.</co
0003b480:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name· 
0003b490:·3d20·2261·6964·6522·0a76·6572·7369·6f6e··=·"aide".version 
0003b4a0:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></ 
0003b4b0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003b4c0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003b4d0:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003b4e0:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003b4f0:·2d74·6172·6765·743d·2223·6964·6d32·3932··-target="#idm292 
0003b500:·3722·2074·6162·696e·6465·783d·2230·2220··7"·tabindex="0"· 
0003b510:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003b520:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003b530:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003b540:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003b550:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003b560:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni 
0003b570:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b580:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b590:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b5a0:·7073·6522·2069·643d·2269·646d·3239·3237··pse"·id="idm2927 
0003b5b0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003b5c0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003b5d0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003b5e0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003b5f0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003b600:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003b610:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b620:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003b630:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b640:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003b650:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003b660:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003b670:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003b680:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003b690:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003b6a0:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name 
0003b6b0:·3a20·4761·7468·6572·2074·6865·2070·6163··:·Gather·the·pac 
0003b6c0:·6b61·6765·2066·6163·7473·0a20·2070·6163··kage·facts.··pac 
0003b6d0:·6b61·6765·5f66·6163·7473·3a0a·2020·2020··kage_facts:.···· 
0003b6e0:·6d61·6e61·6765·723a·2061·7574·6f0a·2020··manager:·auto.·· 
0003b6f0:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5 
0003b700:·2e31·302e·312e·330a·2020·2d20·4449·5341··.10.1.3.··-·DISA 
0003b710:·2d53·5449·472d·5542·5455·2d32·322d·3635··-STIG-UBTU-22-65 
0003b720:·3130·3130·0a20·202d·204e·4953·542d·3830··1010.··-·NIST-80 
0003b730:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··- 
0003b740:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11. 
0003b750:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4- 
0003b760:·3131·2e35·2e32·0a20·202d·2065·6e61·626c··11.5.2.··-·enabl 
0003b770:·655f·7374·7261·7465·6779·0a20·202d·206c··e_strategy.··-·l 
0003b780:·6f77·5f63·6f6d·706c·6578·6974·790a·2020··ow_complexity.·· 
0003b790:·2d20·6c6f·775f·6469·7372·7570·7469·6f6e··-·low_disruption 
0003b7a0:·0a20·202d·206d·6564·6975·6d5f·7365·7665··.··-·medium_seve 
0003b7b0:·7269·7479·0a20·202d·206e·6f5f·7265·626f··rity.··-·no_rebo 
0003b7c0:·6f74·5f6e·6565·6465·640a·2020·2d20·7061··ot_needed.··-·pa 
0003b7d0:·636b·6167·655f·6169·6465·5f69·6e73·7461··ckage_aide_insta 
0003b7e0:·6c6c·6564·0a0a·2d20·6e61·6d65·3a20·456e··lled..-·name:·En 
0003b7f0:·7375·7265·2061·6964·6520·6973·2069·6e73··sure·aide·is·ins 
0003b800:·7461·6c6c·6564·0a20·2070·6163·6b61·6765··talled.··package 
0003b810:·3a0a·2020·2020·6e61·6d65·3a20·6169·6465··:.····name:·aide 
0003b820:·0a20·2020·2073·7461·7465·3a20·7072·6573··.····state:·pres 
0003b830:·656e·740a·2020·7768·656e·3a20·2722·6c69··ent.··when:·'"li 
0003b840:·6e75·782d·6261·7365·2220·696e·2061·6e73··nux-base"·in·ans 
0003b850:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
0003b860:·6765·7327·0a20·2074·6167·733a·0a20·202d··ges'.··tags:.··- 
0003b870:·2043·4a49·532d·352e·3130·2e31·2e33·0a20···CJIS-5.10.1.3.· 
0003b880:·202d·2044·4953·412d·5354·4947·2d55·4254···-·DISA-STIG-UBT 
0003b890:·552d·3232·2d36·3531·3031·300a·2020·2d20··U-22-651010.··-· 
0003b8a0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6 
0003b8b0:·2861·290a·2020·2d20·5043·492d·4453·532d··(a).··-·PCI-DSS- 
0003b8c0:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI 
0003b8d0:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.·· 
0003b8e0:·2d20·656e·6162·6c65·5f73·7472·6174·6567··-·enable_strateg 
0003b8f0:·790a·2020·2d20·6c6f·775f·636f·6d70·6c65··y.··-·low_comple 
0003b900:·7869·7479·0a20·202d·206c·6f77·5f64·6973··xity.··-·low_dis 
0003b910:·7275·7074·696f·6e0a·2020·2d20·6d65·6469··ruption.··-·medi 
0003b920:·756d·5f73·6576·6572·6974·790a·2020·2d20··um_severity.··-· 
0003b930:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed 
Max diff block lines reached; 21245637/21264985 bytes (99.91%) of diff not shown.
1.83 MB
html2text {}
Max HTML report size reached
1.31 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-standard.html
    
Offset 16531, 783 lines modifiedOffset 16531, 783 lines modified
00040920:·6574·3d22·2369·646d·3131·3631·3722·2074··et="#idm11617"·t00040920:·6574·3d22·2369·646d·3131·3631·3722·2074··et="#idm11617"·t
00040930:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role00040930:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
00040940:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e00040940:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
00040950:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·00040950:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
00040960:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·00040960:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
00040970:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=00040970:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
Diff chunk too large, falling back to line-by-line diff (769 lines added, 769 lines removed)
00040980:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation00040980:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
00040990:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet00040990:·2053·6865·6c6c·2073·6372·6970·7420·e287···Shell·script·..
000409a0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div000409a0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
000409b0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co000409b0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
000409c0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"000409c0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
000409d0:·2069·643d·2269·646d·3131·3631·3722·3e3c···id="idm11617"><000409d0:·3d22·6964·6d31·3136·3137·223e·3c70·7265··="idm11617"><pre
000409e0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab000409e0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000409f0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped000409f0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
00040a00:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·00040a00:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
00040a10:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"00040a10:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
00040a20:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex00040a20:·6470·6b67·2d71·7565·7279·202d·2d73·686f··dpkg-query·--sho
00040a30:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low00040a30:·7720·2d2d·7368·6f77·666f·726d·6174·3d27··w·--showformat='
00040a40:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t00040a40:·247b·6462·3a53·7461·7475·732d·5374·6174··${db:Status-Stat
00040a50:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t00040a50:·7573·7d0a·2720·276c·696e·7578·2d62·6173··us}.'·'linux-bas
00040a60:·683e·3c74·643e·6d65·6469·756d·3c2f·7464··h><td>medium</td00040a60:·6527·2032·2667·743b·2f64·6576·2f6e·756c··e'·2&gt;/dev/nul
00040a70:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re00040a70:·6c20·7c20·6772·6570·202d·7120·5e69·6e73··l·|·grep·-q·^ins
00040a80:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa00040a80:·7461·6c6c·6564·2026·616d·703b·2661·6d70··talled·&amp;&amp
00040a90:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr00040a90:·3b20·6470·6b67·2d71·7565·7279·202d·2d73··;·dpkg-query·--s
00040aa0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</00040aa0:·686f·7720·2d2d·7368·6f77·666f·726d·6174··how·--showformat
00040ab0:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure00040ab0:·3d27·247b·6462·3a53·7461·7475·732d·5374··='${db:Status-St
00040ac0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl00040ac0:·6174·7573·7d5c·6e27·2027·7273·7973·6c6f··atus}\n'·'rsyslo
00040ad0:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n00040ad0:·6727·2032·2667·743b·2f64·6576·2f6e·756c··g'·2&gt;/dev/nul
00040ae0:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the·00040ae0:·6c20·7c20·6772·6570·202d·7120·275e·696e··l·|·grep·-q·'^in
00040af0:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.··00040af0:·7374·616c·6c65·6427·3b20·7468·656e·0a0a··stalled';·then..
00040b00:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.·00040b00:·2320·4c69·7374·206f·6620·6c6f·6720·6669··#·List·of·log·fi
00040b10:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto00040b10:·6c65·2070·6174·6873·2074·6f20·6265·2069··le·paths·to·be·i
00040b20:·0a20·2074·6167·733a·0a20·202d·204e·4953··.··tags:.··-·NIS00040b20:·6e73·7065·6374·6564·2066·6f72·2063·6f72··nspected·for·cor
00040b30:·542d·3830·302d·3533·2d41·432d·3628·3129··T-800-53-AC-6(1)00040b30:·7265·6374·2070·6572·6d69·7373·696f·6e73··rect·permissions
00040b40:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-5300040b40:·0a23·202a·2050·7269·6d61·7269·6c79·2069··.#·*·Primarily·i
00040b50:·2d43·4d2d·3628·6129·0a20·202d·2050·4349··-CM-6(a).··-·PCI00040b50:·6e73·7065·6374·206c·6f67·2066·696c·6520··nspect·log·file·
00040b60:·2d44·5353·2d52·6571·2d31·302e·352e·310a··-DSS-Req-10.5.1.00040b60:·7061·7468·7320·6c69·7374·6564·2069·6e20··paths·listed·in·
00040b70:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-00040b70:·2f65·7463·2f72·7379·736c·6f67·2e63·6f6e··/etc/rsyslog.con
00040b80:·3130·2e35·2e32·0a20·202d·2050·4349·2d44··10.5.2.··-·PCI-D00040b80:·660a·5253·5953·4c4f·475f·4554·435f·434f··f.RSYSLOG_ETC_CO
00040b90:·5353·7634·2d31·302e·330a·2020·2d20·5043··SSv4-10.3.··-·PC00040b90:·4e46·4947·3d22·2f65·7463·2f72·7379·736c··NFIG="/etc/rsysl
00040ba0:·492d·4453·5376·342d·3130·2e33·2e32·0a20··I-DSSv4-10.3.2.·00040ba0:·6f67·2e63·6f6e·6622·0a23·202a·2041·6e64··og.conf".#·*·And
00040bb0:·202d·2063·6f6e·6669·6775·7265·5f73·7472···-·configure_str00040bb0:·2061·6c73·6f20·7468·6520·6c6f·6720·6669···also·the·log·fi
00040bc0:·6174·6567·790a·2020·2d20·6c6f·775f·636f··ategy.··-·low_co00040bc0:·6c65·2070·6174·6873·206c·6973·7465·6420··le·paths·listed·
00040bd0:·6d70·6c65·7869·7479·0a20·202d·206d·6564··mplexity.··-·med00040bd0:·6166·7465·7220·7273·7973·6c6f·6727·7320··after·rsyslog's·
00040be0:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·00040be0:·2449·6e63·6c75·6465·436f·6e66·6967·2064··$IncludeConfig·d
00040bf0:·202d·206d·6564·6975·6d5f·7365·7665·7269···-·medium_severi00040bf0:·6972·6563·7469·7665·0a23·2020·2028·7374··irective.#···(st
00040c00:·7479·0a20·202d·206e·6f5f·7265·626f·6f74··ty.··-·no_reboot00040c00:·6f72·6520·7468·6520·7265·7375·6c74·2069··ore·the·result·i
00040c10:·5f6e·6565·6465·640a·2020·2d20·7273·7973··_needed.··-·rsys00040c10:·6e74·6f20·6172·7261·7920·666f·7220·7468··nto·array·for·th
00040c20:·6c6f·675f·6669·6c65·735f·6772·6f75·706f··log_files_groupo00040c20:·6520·6361·7365·2074·6865·7265·2773·2073··e·case·there's·s
00040c30:·776e·6572·7368·6970·0a0a·2d20·6e61·6d65··wnership..-·name00040c30:·6865·6c6c·2067·6c6f·6220·7573·6564·2061··hell·glob·used·a
00040c40:·3a20·456e·7375·7265·204c·6f67·2046·696c··:·Ensure·Log·Fil00040c40:·7320·7661·6c75·6520·6f66·2049·6e63·6c75··s·value·of·Inclu
00040c50:·6573·2041·7265·204f·776e·6564·2042·7920··es·Are·Owned·By·00040c50:·6465·436f·6e66·6967·290a·7265·6164·6172··deConfig).readar
00040c60:·4170·7072·6f70·7269·6174·6520·4772·6f75··Appropriate·Grou00040c60:·7261·7920·2d74·204f·4c44·5f49·4e43·2026··ray·-t·OLD_INC·&
00040c70:·7020·2d20·5365·7420·7273·7973·6c6f·6720··p·-·Set·rsyslog·00040c70:·6c74·3b20·266c·743b·2867·7265·7020·2d65··lt;·&lt;(grep·-e
00040c80:·6c6f·6766·696c·6520·636f·6e66·6967·7572··logfile·configur00040c80:·2022·5c24·496e·636c·7564·6543·6f6e·6669···"\$IncludeConfi
00040c90:·6174·696f·6e0a·2020·2020·6661·6374·730a··ation.····facts.00040c90:·675b·5b3a·7370·6163·653a·5d5d·5c2b·5b5e··g[[:space:]]\+[^
00040ca0:·2020·616e·7369·626c·652e·6275·696c·7469····ansible.builti00040ca0:·5b3a·7370·6163·653a·5d3b·5d5c·2b22·202f··[:space:];]\+"·/
00040cb0:·6e2e·7365·745f·6661·6374·3a0a·2020·2020··n.set_fact:.····00040cb0:·6574·632f·7273·7973·6c6f·672e·636f·6e66··etc/rsyslog.conf
00040cc0:·7273·7973·6c6f·675f·6574·635f·636f·6e66··rsyslog_etc_conf00040cc0:·207c·2063·7574·202d·6420·2720·2720·2d66···|·cut·-d·'·'·-f
00040cd0:·6967·3a20·2f65·7463·2f72·7379·736c·6f67··ig:·/etc/rsyslog00040cd0:·2032·290a·7265·6164·6172·7261·7920·2d74···2).readarray·-t
00040ce0:·2e63·6f6e·660a·2020·7768·656e·3a0a·2020··.conf.··when:.··00040ce0:·2052·5359·534c·4f47·5f49·4e43·4c55·4445···RSYSLOG_INCLUDE
00040cf0:·2d20·2722·6c69·6e75·782d·6261·7365·2220··-·'"linux-base"·00040cf0:·5f43·4f4e·4649·4720·266c·743b·2026·6c74··_CONFIG·&lt;·&lt
00040d00:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts00040d00:·3b28·666f·7220·494e·4350·4154·4820·696e··;(for·INCPATH·in
00040d10:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'00040d10:·2022·247b·4f4c·445f·494e·435b·405d·7d22···"${OLD_INC[@]}"
00040d20:·2272·7379·736c·6f67·2220·696e·2061·6e73··"rsyslog"·in·ans00040d20:·3b20·646f·2065·7661·6c20·7072·696e·7466··;·do·eval·printf
00040d30:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa00040d30:·2027·2573·5c5c·6e27·2022·247b·494e·4350···'%s\\n'·"${INCP
00040d40:·6765·7327·0a20·2074·6167·733a·0a20·202d··ges'.··tags:.··-00040d40:·4154·487d·223b·2064·6f6e·6529·0a72·6561··ATH}";·done).rea
00040d50:·204e·4953·542d·3830·302d·3533·2d41·432d···NIST-800-53-AC-00040d50:·6461·7272·6179·202d·7420·4e45·575f·494e··darray·-t·NEW_IN
00040d60:·3628·3129·0a20·202d·204e·4953·542d·3830··6(1).··-·NIST-8000040d60:·4320·266c·743b·2026·6c74·3b28·7365·6420··C·&lt;·&lt;(sed·
00040d70:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··-00040d70:·2d6e·2027·2f5e·5c73·2a69·6e63·6c75·6465··-n·'/^\s*include
00040d80:·2050·4349·2d44·5353·2d52·6571·2d31·302e···PCI-DSS-Req-10.00040d80:·282f·2c2f·292f·4970·2720·2f65·7463·2f72··(/,/)/Ip'·/etc/r
00040d90:·352e·310a·2020·2d20·5043·492d·4453·532d··5.1.··-·PCI-DSS-00040d90:·7379·736c·6f67·2e63·6f6e·6620·7c20·7365··syslog.conf·|·se
00040da0:·5265·712d·3130·2e35·2e32·0a20·202d·2050··Req-10.5.2.··-·P00040da0:·6420·2d6e·2027·7340·2e2a·6669·6c65·5c73··d·-n·'s@.*file\s
00040db0:·4349·2d44·5353·7634·2d31·302e·330a·2020··CI-DSSv4-10.3.··00040db0:·2a3d·5c73·2a22·5c28·5b2f·5b3a·616c·6e75··*=\s*"\([/[:alnu
00040dc0:·2d20·5043·492d·4453·5376·342d·3130·2e33··-·PCI-DSSv4-10.300040dc0:·6d3a·5d5b·3a70·756e·6374·3a5d·5d2a·5c29··m:][:punct:]]*\)
00040dd0:·2e32·0a20·202d·2063·6f6e·6669·6775·7265··.2.··-·configure00040dd0:·222e·2a40·5c31·4049·7027·290a·7265·6164··".*@\1@Ip').read
00040de0:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo00040de0:·6172·7261·7920·2d74·2052·5359·534c·4f47··array·-t·RSYSLOG
00040df0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-00040df0:·5f49·4e43·4c55·4445·2026·6c74·3b20·266c··_INCLUDE·&lt;·&l
00040e00:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti00040e00:·743b·2866·6f72·2049·4e43·5041·5448·2069··t;(for·INCPATH·i
00040e10:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se00040e10:·6e20·2224·7b4e·4557·5f49·4e43·5b40·5d7d··n·"${NEW_INC[@]}
00040e20:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re00040e20:·223b·2064·6f20·6576·616c·2070·7269·6e74··";·do·eval·print
00040e30:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·00040e30:·6620·2725·735c·5c6e·2720·2224·7b49·4e43··f·'%s\\n'·"${INC
00040e40:·7273·7973·6c6f·675f·6669·6c65·735f·6772··rsyslog_files_gr00040e40:·5041·5448·7d22·3b20·646f·6e65·290a·0a23··PATH}";·done)..#
00040e50:·6f75·706f·776e·6572·7368·6970·0a0a·2d20··oupownership..-·00040e50:·2044·6563·6c61·7265·2061·6e20·6172·7261···Declare·an·arra
00040e60:·6e61·6d65·3a20·456e·7375·7265·204c·6f67··name:·Ensure·Log00040e60:·7920·746f·2068·6f6c·6420·7468·6520·6669··y·to·hold·the·fi
00040e70:·2046·696c·6573·2041·7265·204f·776e·6564···Files·Are·Owned00040e70:·6e61·6c20·6c69·7374·206f·6620·6469·6666··nal·list·of·diff
00040e80:·2042·7920·4170·7072·6f70·7269·6174·6520···By·Appropriate·00040e80:·6572·656e·7420·6c6f·6720·6669·6c65·2070··erent·log·file·p
00040e90:·4772·6f75·7020·2d20·4765·7420·496e·636c··Group·-·Get·Incl00040e90:·6174·6873·0a64·6563·6c61·7265·202d·6120··aths.declare·-a·
00040ea0:·7564·6543·6f6e·6669·6720·6469·7265·6374··udeConfig·direct00040ea0:·4c4f·475f·4649·4c45·5f50·4154·4853·0a0a··LOG_FILE_PATHS..
00040eb0:·6976·650a·2020·616e·7369·626c·652e·6275··ive.··ansible.bu00040eb0:·2320·4172·7261·7920·746f·2068·6f6c·6420··#·Array·to·hold·
00040ec0:·696c·7469·6e2e·7368·656c·6c3a·207c·0a20··iltin.shell:·|.·00040ec0:·616c·6c20·7273·7973·6c6f·6720·636f·6e66··all·rsyslog·conf
00040ed0:·2020·2073·6574·202d·6f20·7069·7065·6661·····set·-o·pipefa00040ed0:·6967·2065·6e74·7269·6573·0a52·5359·534c··ig·entries.RSYSL
00040ee0:·696c·0a20·2020·2067·7265·7020·2d65·2027··il.····grep·-e·'00040ee0:·4f47·5f43·4f4e·4649·4753·3d28·290a·5253··OG_CONFIGS=().RS
00040ef0:·2449·6e63·6c75·6465·436f·6e66·6967·2720··$IncludeConfig'·00040ef0:·5953·4c4f·475f·434f·4e46·4947·533d·2822··YSLOG_CONFIGS=("
00040f00:·7b7b·2072·7379·736c·6f67·5f65·7463·5f63··{{·rsyslog_etc_c00040f00:·247b·5253·5953·4c4f·475f·4554·435f·434f··${RSYSLOG_ETC_CO
00040f10:·6f6e·6669·6720·7d7d·207c·2063·7574·202d··onfig·}}·|·cut·-00040f10:·4e46·4947·7d22·2022·247b·5253·5953·4c4f··NFIG}"·"${RSYSLO
00040f20:·6420·2720·2720·2d66·2032·207c·7c20·7472··d·'·'·-f·2·||·tr00040f20:·475f·494e·434c·5544·455f·434f·4e46·4947··G_INCLUDE_CONFIG
00040f30:·7565·0a20·2072·6567·6973·7465·723a·2072··ue.··register:·r00040f30:·5b40·5d7d·2220·2224·7b52·5359·534c·4f47··[@]}"·"${RSYSLOG
00040f40:·7379·736c·6f67·5f6f·6c64·5f69·6e63·0a20··syslog_old_inc.·00040f40:·5f49·4e43·4c55·4445·5b40·5d7d·2229·0a0a··_INCLUDE[@]}")..
00040f50:·2063·6861·6e67·6564·5f77·6865·6e3a·2066···changed_when:·f00040f50:·2320·4765·7420·6675·6c6c·206c·6973·7420··#·Get·full·list·
00040f60:·616c·7365·0a20·2077·6865·6e3a·0a20·202d··alse.··when:.··-00040f60:·6f66·2066·696c·6573·2074·6f20·6265·2063··of·files·to·be·c
00040f70:·2027·226c·696e·7578·2d62·6173·6522·2069···'"linux-base"·i00040f70:·6865·636b·6564·0a23·2052·5359·534c·4f47··hecked.#·RSYSLOG
00040f80:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.00040f80:·5f43·4f4e·4649·4753·206d·6179·2063·6f6e··_CONFIGS·may·con
00040f90:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"00040f90:·7461·696e·2067·6c6f·6273·2073·7563·6820··tain·globs·such·
00040fa0:·7273·7973·6c6f·6722·2069·6e20·616e·7369··rsyslog"·in·ansi00040fa0:·6173·0a23·202f·6574·632f·7273·7973·6c6f··as.#·/etc/rsyslo
00040fb0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag00040fb0:·672e·642f·2a2e·636f·6e66·202f·6574·632f··g.d/*.conf·/etc/
00040fc0:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·00040fc0:·7273·7973·6c6f·672e·642f·2a2e·6672·756c··rsyslog.d/*.frul
00040fd0:·4e49·5354·2d38·3030·2d35·332d·4143·2d36··NIST-800-53-AC-600040fd0:·650a·2320·536f·2c20·6c6f·6f70·206f·7665··e.#·So,·loop·ove
00040fe0:·2831·290a·2020·2d20·4e49·5354·2d38·3030··(1).··-·NIST-80000040fe0:·7220·7468·6520·656e·7472·6965·7320·696e··r·the·entries·in
00040ff0:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-·00040ff0:·2052·5359·534c·4f47·5f43·4f4e·4649·4753···RSYSLOG_CONFIGS
00041000:·5043·492d·4453·532d·5265·712d·3130·2e35··PCI-DSS-Req-10.500041000:·2061·6e64·2075·7365·2066·696e·6420·746f···and·use·find·to
00041010:·2e31·0a20·202d·2050·4349·2d44·5353·2d52··.1.··-·PCI-DSS-R00041010:·2067·6574·2074·6865·206c·6973·7420·6f66···get·the·list·of
00041020:·6571·2d31·302e·352e·320a·2020·2d20·5043··eq-10.5.2.··-·PC00041020:·2069·6e63·6c75·6465·6420·6669·6c65·732e···included·files.
00041030:·492d·4453·5376·342d·3130·2e33·0a20·202d··I-DSSv4-10.3.··-00041030:·0a52·5359·534c·4f47·5f43·4f4e·4649·475f··.RSYSLOG_CONFIG_
00041040:·2050·4349·2d44·5353·7634·2d31·302e·332e···PCI-DSSv4-10.3.00041040:·4649·4c45·533d·2829·0a66·6f72·2045·4e54··FILES=().for·ENT
00041050:·320a·2020·2d20·636f·6e66·6967·7572·655f··2.··-·configure_00041050:·5259·2069·6e20·2224·7b52·5359·534c·4f47··RY·in·"${RSYSLOG
00041060:·7374·7261·7465·6779·0a20·202d·206c·6f77··strategy.··-·low00041060:·5f43·4f4e·4649·4753·5b40·5d7d·220a·646f··_CONFIGS[@]}".do
00041070:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·00041070:·0a09·2320·4966·2064·6972·6563·746f·7279··..#·If·directory
00041080:·6d65·6469·756d·5f64·6973·7275·7074·696f··medium_disruptio00041080:·2c20·7273·7973·6c6f·6720·7769·6c6c·2073··,·rsyslog·will·s
00041090:·6e0a·2020·2d20·6d65·6469·756d·5f73·6576··n.··-·medium_sev00041090:·6561·7263·6820·666f·7220·636f·6e66·6967··earch·for·config
000410a0:·6572·6974·790a·2020·2d20·6e6f·5f72·6562··erity.··-·no_reb000410a0:·2066·696c·6573·2069·6e20·7265·6375·7273···files·in·recurs
000410b0:·6f6f·745f·6e65·6564·6564·0a20·202d·2072··oot_needed.··-·r000410b0:·6976·656c·792e·0a09·2320·486f·7765·7665··ively...#·Howeve
000410c0:·7379·736c·6f67·5f66·696c·6573·5f67·726f··syslog_files_gro000410c0:·722c·2066·696c·6573·2069·6e20·6869·6464··r,·files·in·hidd
000410d0:·7570·6f77·6e65·7273·6869·700a·0a2d·206e··upownership..-·n000410d0:·656e·2073·7562·2d64·6972·6563·746f·7269··en·sub-directori
000410e0:·616d·653a·2045·6e73·7572·6520·4c6f·6720··ame:·Ensure·Log·000410e0:·6573·206f·7220·6869·6464·656e·2066·696c··es·or·hidden·fil
000410f0:·4669·6c65·7320·4172·6520·4f77·6e65·6420··Files·Are·Owned·000410f0:·6573·2077·696c·6c20·6265·2069·676e·6f72··es·will·be·ignor
Max diff block lines reached; 1121827/1228529 bytes (91.31%) of diff not shown.
142 KB
html2text {}
    
Offset 289, 14 lines modifiedOffset 289, 140 lines modified
289 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-007-3·R2.1,·CIP-007-3·R2.2,·CIP-007-3·R2.3,·CIP-289 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-007-3·R2.1,·CIP-007-3·R2.2,·CIP-007-3·R2.3,·CIP-
290 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2290 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2
291 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)291 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)
292 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5292 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5
293 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.5.1,·Req-10.5.2293 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.5.1,·Req-10.5.2
294 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R71294 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R71
295 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.3.2,·10.3295 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.3.2,·10.3
 296 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 297 #·Remediation·is·applicable·only·in·certain·platforms
 298 if·dpkg-query·--show·--showformat='${db:Status-Status}
 299 '·'linux-base'·2>/dev/null·|·grep·-q·^installed·&&·dpkg-query·--show·--
 300 showformat='${db:Status-Status}\n'·'rsyslog'·2>/dev/null·|·grep·-q·'^installed';
 301 then
  
 302 #·List·of·log·file·paths·to·be·inspected·for·correct·permissions
 303 #·*·Primarily·inspect·log·file·paths·listed·in·/etc/rsyslog.conf
 304 RSYSLOG_ETC_CONFIG="/etc/rsyslog.conf"
 305 #·*·And·also·the·log·file·paths·listed·after·rsyslog's·$IncludeConfig·directive
 306 #···(store·the·result·into·array·for·the·case·there's·shell·glob·used·as·value
 307 of·IncludeConfig)
 308 readarray·-t·OLD_INC·<·<(grep·-e·"\$IncludeConfig[[:space:]]\+[^[:space:];]\+"·/
 309 etc/rsyslog.conf·|·cut·-d·'·'·-f·2)
 310 readarray·-t·RSYSLOG_INCLUDE_CONFIG·<·<(for·INCPATH·in·"${OLD_INC[@]}";·do·eval
 311 printf·'%s\\n'·"${INCPATH}";·done)
 312 readarray·-t·NEW_INC·<·<(sed·-n·'/^\s*include(/,/)/Ip'·/etc/rsyslog.conf·|·sed·-
 313 n·'s@.*file\s*=\s*"\([/[:alnum:][:punct:]]*\)".*@\1@Ip')
 314 readarray·-t·RSYSLOG_INCLUDE·<·<(for·INCPATH·in·"${NEW_INC[@]}";·do·eval·printf
 315 '%s\\n'·"${INCPATH}";·done)
  
 316 #·Declare·an·array·to·hold·the·final·list·of·different·log·file·paths
 317 declare·-a·LOG_FILE_PATHS
  
 318 #·Array·to·hold·all·rsyslog·config·entries
 319 RSYSLOG_CONFIGS=()
 320 RSYSLOG_CONFIGS=("${RSYSLOG_ETC_CONFIG}"·"${RSYSLOG_INCLUDE_CONFIG[@]}"·"$
 321 {RSYSLOG_INCLUDE[@]}")
  
 322 #·Get·full·list·of·files·to·be·checked
 323 #·RSYSLOG_CONFIGS·may·contain·globs·such·as
 324 #·/etc/rsyslog.d/*.conf·/etc/rsyslog.d/*.frule
 325 #·So,·loop·over·the·entries·in·RSYSLOG_CONFIGS·and·use·find·to·get·the·list·of
 326 included·files.
 327 RSYSLOG_CONFIG_FILES=()
 328 for·ENTRY·in·"${RSYSLOG_CONFIGS[@]}"
 329 do
 330 »       #·If·directory,·rsyslog·will·search·for·config·files·in·recursively.
 331 »       #·However,·files·in·hidden·sub-directories·or·hidden·files·will·be·ignored.
 332 »       if·[·-d·"${ENTRY}"·]
 333 »       then
 334 »       »       readarray·-t·FINDOUT·<·<(find·"${ENTRY}"·-not·-path·'*/.*'·-type·f)
 335 »       »       RSYSLOG_CONFIG_FILES+=("${FINDOUT[@]}")
 336 »       elif·[·-f·"${ENTRY}"·]
 337 »       then
 338 »       »       RSYSLOG_CONFIG_FILES+=("${ENTRY}")
 339 »       else
 340 »       »       echo·"Invalid·include·object:·${ENTRY}"
 341 »       fi
 342 done
  
 343 #·Browse·each·file·selected·above·as·containing·paths·of·log·files
 344 #·('/etc/rsyslog.conf'·and·'/etc/rsyslog.d/*.conf'·in·the·default·configuration)
 345 for·LOG_FILE·in·"${RSYSLOG_CONFIG_FILES[@]}"
 346 do
 347 »       #·From·each·of·these·files·extract·just·particular·log·file·path(s),·thus:
 348 »       #·*·Ignore·lines·starting·with·space·('·'),·comment·('#"),·or·variable·syntax
 349 ('$')·characters,
 350 »       #·*·Ignore·empty·lines,
 351 »       #·*·Strip·quotes·and·closing·brackets·from·paths.
 352 »       #·*·Ignore·paths·that·match·/dev|/etc.*\.conf,·as·those·are·paths,·but·likely
 353 not·log·files
 354 »       #·*·From·the·remaining·valid·rows·select·only·fields·constituting·a·log·file
 355 path
 356 »       #·Text·file·column·is·understood·to·represent·a·log·file·path·if·and·only·if
 357 all·of·the
 358 »       #·following·are·met:
 359 »       #·*·it·contains·at·least·one·slash·'/'·character,
 360 »       #·*·it·is·preceded·by·space
 361 »       #·*·it·doesn't·contain·space·('·'),·colon·(':'),·and·semicolon·(';')·characters
 362 »       #·Search·log·file·for·path(s)·only·in·case·it·exists!
 363 »       if·[[·-f·"${LOG_FILE}"·]]
 364 »       then
 365 »       »       NORMALIZED_CONFIG_FILE_LINES=$(sed·-e·"/^[#|$]/d"·"${LOG_FILE}")
 366 »       »       LINES_WITH_PATHS=$(grep·'[^/]*\s\+\S*/\S\+$'·<<<·"$
 367 {NORMALIZED_CONFIG_FILE_LINES}")
 368 »       »       FILTERED_PATHS=$(awk·'{if(NF>=2&&($NF~/^\//||$NF~/^-\//)){sub(/^-\//,"/
 369 ",$NF);print·$NF}}'·<<<·"${LINES_WITH_PATHS}")
 370 »       »       CLEANED_PATHS=$(sed·-e·"s/[\"')]//g;·/\\/etc.*\.conf/d;·/\\/dev\\//d"·<<<·"$
 371 {FILTERED_PATHS}")
 372 »       »       MATCHED_ITEMS=$(sed·-e·"/^$/d"·<<<·"${CLEANED_PATHS}")
 373 »       »       #·Since·above·sed·command·might·return·more·than·one·item·(delimited·by
 374 newline),·split
 375 »       »       #·the·particular·matches·entries·into·new·array·specific·for·this·log·file
 376 »       »       readarray·-t·ARRAY_FOR_LOG_FILE·<<<·"$MATCHED_ITEMS"
 377 »       »       #·Concatenate·the·two·arrays·-·previous·content·of·$LOG_FILE_PATHS·array·with
 378 »       »       #·items·from·newly·created·array·for·this·log·file
 379 »       »       LOG_FILE_PATHS+=("${ARRAY_FOR_LOG_FILE[@]}")
 380 »       »       #·Delete·the·temporary·array
 381 »       »       unset·ARRAY_FOR_LOG_FILE
 382 »       fi
 383 done
  
 384 #·Check·for·RainerScript·action·log·format·which·might·be·also·multiline·so·grep
 385 regex·is·a·bit
 386 #·curly:
 387 #·extract·possibly·multiline·action·omfile·expressions
 388 #·extract·File="logfile"·expression
 389 #·match·only·"logfile"·expression
 390 for·LOG_FILE·in·"${RSYSLOG_CONFIG_FILES[@]}"
 391 do
 392 »       ACTION_OMFILE_LINES=$(grep·-iozP·"action\s*\(\s*type\s*=\s*\"omfile\"[^\)]*\)"
 393 "${LOG_FILE}")
 394 »       OMFILE_LINES=$(echo·"${ACTION_OMFILE_LINES}"|·grep·-iaoP·"\bFile\s*=\s*\"([/[:
 395 alnum:][:punct:]]*)\"\s*\)")
 396 »       LOG_FILE_PATHS+=("$(echo·"${OMFILE_LINES}"|·grep·-oE·"\"([/[:alnum:][:punct:
 397 ]]*)\""|tr·-d·"\"")")
 398 done
  
 399 #·Ensure·the·correct·attribute·if·file·exists
 400 FILE_CMD="chgrp"
 401 for·LOG_FILE_PATH·in·"${LOG_FILE_PATHS[@]}"
 402 do
 403 »       #·Sanity·check·-·if·particular·$LOG_FILE_PATH·is·empty·string,·skip·it·from
 404 further·processing
 405 »       if·[·-z·"$LOG_FILE_PATH"·]
 406 »       then
 407 »       »       continue
 408 »       fi
Max diff block lines reached; 140021/145671 bytes (96.12%) of diff not shown.
17.4 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-stig.html
    
Offset 15117, 150 lines modifiedOffset 15117, 150 lines modified
0003b0c0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003b0c0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b0d0:·3239·3236·2220·7461·6269·6e64·6578·3d22··2926"·tabindex="0003b0d0:·3239·3236·2220·7461·6269·6e64·6578·3d22··2926"·tabindex="
0003b0e0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003b0e0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b0f0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003b0f0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b100:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003b100:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b110:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003b110:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003b120:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003b120:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003b130:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild·0003b130:·6469·6174·696f·6e20·5368·656c·6c20·7363··diation·Shell·sc
 0003b140:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
 0003b150:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
 0003b160:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
 0003b170:·7073·6522·2069·643d·2269·646d·3239·3236··pse"·id="idm2926
 0003b180:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
 0003b190:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
 0003b1a0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
 0003b1b0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
 0003b1c0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
 0003b1d0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
 0003b1e0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003b1f0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
0003b140:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003b150:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b160:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b170:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b180:·2220·6964·3d22·6964·6d32·3932·3622·3e3c··"·id="idm2926">< 
0003b190:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac 
0003b1a0:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·" 
0003b1b0:·6169·6465·220a·7665·7273·696f·6e20·3d20··aide".version·=· 
0003b1c0:·222a·220a·3c2f·636f·6465·3e3c·2f70·7265··"*".</code></pre 
0003b1d0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b1e0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b1f0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b200:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b210:·7267·6574·3d22·2369·646d·3239·3237·2220··rget="#idm2927"· 
0003b220:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003b230:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003b240:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003b250:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003b260:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003b270:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003b280:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe 
0003b290:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b2a0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b2b0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b2c0:·2220·6964·3d22·6964·6d32·3932·3722·3e3c··"·id="idm2927">< 
0003b2d0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003b2e0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003b2f0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003b300:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003b310:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003b320:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low0003b200:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
0003b330:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003b210:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
 0003b220:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
 0003b230:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
 0003b240:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
 0003b250:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t
 0003b260:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
 0003b270:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
 0003b280:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
 0003b290:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
 0003b2a0:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
 0003b2b0:·6966·2064·706b·672d·7175·6572·7920·2d2d··if·dpkg-query·--
 0003b2c0:·7368·6f77·202d·2d73·686f·7766·6f72·6d61··show·--showforma
 0003b2d0:·743d·2724·7b64·623a·5374·6174·7573·2d53··t='${db:Status-S
 0003b2e0:·7461·7475·737d·0a27·2027·6c69·6e75·782d··tatus}.'·'linux-
 0003b2f0:·6261·7365·2720·3226·6774·3b2f·6465·762f··base'·2&gt;/dev/
 0003b300:·6e75·6c6c·207c·2067·7265·7020·2d71·205e··null·|·grep·-q·^
 0003b310:·696e·7374·616c·6c65·643b·2074·6865·6e0a··installed;·then.
 0003b320:·0a44·4542·4941·4e5f·4652·4f4e·5445·4e44··.DEBIAN_FRONTEND
 0003b330:·3d6e·6f6e·696e·7465·7261·6374·6976·6520··=noninteractive·
 0003b340:·6170·742d·6765·7420·696e·7374·616c·6c20··apt-get·install·
 0003b350:·2d79·2022·6169·6465·220a·0a65·6c73·650a··-y·"aide"..else.
 0003b360:·2020·2020·2667·743b·2661·6d70·3b32·2065······&gt;&amp;2·e
 0003b370:·6368·6f20·2752·656d·6564·6961·7469·6f6e··cho·'Remediation
 0003b380:·2069·7320·6e6f·7420·6170·706c·6963·6162···is·not·applicab
 0003b390:·6c65·2c20·6e6f·7468·696e·6720·7761·7320··le,·nothing·was·
 0003b3a0:·646f·6e65·270a·6669·0a3c·2f63·6f64·653e··done'.fi.</code>
0003b340:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b350:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b360:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b370:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b380:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b390:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b3a0:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b3b0:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b3c0:·3e3c·636f·6465·3e2d·206e·616d·653a·2047··><code>-·name:·G 
0003b3d0:·6174·6865·7220·7468·6520·7061·636b·6167··ather·the·packag 
0003b3e0:·6520·6661·6374·730a·2020·7061·636b·6167··e·facts.··packag 
0003b3f0:·655f·6661·6374·733a·0a20·2020·206d·616e··e_facts:.····man 
0003b400:·6167·6572·3a20·6175·746f·0a20·2074·6167··ager:·auto.··tag 
0003b410:·733a·0a20·202d·2043·4a49·532d·352e·3130··s:.··-·CJIS-5.10 
0003b420:·2e31·2e33·0a20·202d·2044·4953·412d·5354··.1.3.··-·DISA-ST 
0003b430:·4947·2d55·4254·552d·3232·2d36·3531·3031··IG-UBTU-22-65101 
0003b440:·300a·2020·2d20·4e49·5354·2d38·3030·2d35··0.··-·NIST-800-5 
0003b450:·332d·434d·2d36·2861·290a·2020·2d20·5043··3-CM-6(a).··-·PC 
0003b460:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.· 
0003b470:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11. 
0003b480:·352e·320a·2020·2d20·656e·6162·6c65·5f73··5.2.··-·enable_s 
0003b490:·7472·6174·6567·790a·2020·2d20·6c6f·775f··trategy.··-·low_ 
0003b4a0:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l 
0003b4b0:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.·· 
0003b4c0:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit 
0003b4d0:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_ 
0003b4e0:·6e65·6564·6564·0a20·202d·2070·6163·6b61··needed.··-·packa 
0003b4f0:·6765·5f61·6964·655f·696e·7374·616c·6c65··ge_aide_installe 
0003b500:·640a·0a2d·206e·616d·653a·2045·6e73·7572··d..-·name:·Ensur 
0003b510:·6520·6169·6465·2069·7320·696e·7374·616c··e·aide·is·instal 
0003b520:·6c65·640a·2020·7061·636b·6167·653a·0a20··led.··package:.· 
0003b530:·2020·206e·616d·653a·2061·6964·650a·2020·····name:·aide.·· 
0003b540:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present 
0003b550:·0a20·2077·6865·6e3a·2027·226c·696e·7578··.··when:·'"linux 
0003b560:·2d62·6173·6522·2069·6e20·616e·7369·626c··-base"·in·ansibl 
0003b570:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
0003b580:·270a·2020·7461·6773·3a0a·2020·2d20·434a··'.··tags:.··-·CJ 
0003b590:·4953·2d35·2e31·302e·312e·330a·2020·2d20··IS-5.10.1.3.··-· 
0003b5a0:·4449·5341·2d53·5449·472d·5542·5455·2d32··DISA-STIG-UBTU-2 
0003b5b0:·322d·3635·3130·3130·0a20·202d·204e·4953··2-651010.··-·NIS 
0003b5c0:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a) 
0003b5d0:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req 
0003b5e0:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS 
0003b5f0:·5376·342d·3131·2e35·2e32·0a20·202d·2065··Sv4-11.5.2.··-·e 
0003b600:·6e61·626c·655f·7374·7261·7465·6779·0a20··nable_strategy.· 
0003b610:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit 
0003b620:·790a·2020·2d20·6c6f·775f·6469·7372·7570··y.··-·low_disrup 
0003b630:·7469·6f6e·0a20·202d·206d·6564·6975·6d5f··tion.··-·medium_ 
0003b640:·7365·7665·7269·7479·0a20·202d·206e·6f5f··severity.··-·no_ 
0003b650:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.·· 
Max diff block lines reached; 17000508/17019856 bytes (99.89%) of diff not shown.
1.15 MB
html2text {}
    
Offset 127, 19 lines modifiedOffset 127, 28 lines modified
127 include·install_aide127 include·install_aide
  
128 class·install_aide·{128 class·install_aide·{
129 ··package·{·'aide':129 ··package·{·'aide':
130 ····ensure·=>·'installed',130 ····ensure·=>·'installed',
131 ··}131 ··}
132 }132 }
133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 138 #·Remediation·is·applicable·only·in·certain·platforms
 139 if·dpkg-query·--show·--showformat='${db:Status-Status}
 140 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
134 [[packages]] 
135 name·=·"aide" 
136 version·=·"*"141 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 142 else
 143 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 144 fi
137 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
138 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
139 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
140 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
141 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
142 -·name:·Gather·the·package·facts150 -·name:·Gather·the·package·facts
143 ··package_facts:151 ··package_facts:
Offset 170, 28 lines modifiedOffset 179, 19 lines modified
170 ··-·PCI-DSSv4-11.5.2179 ··-·PCI-DSSv4-11.5.2
171 ··-·enable_strategy180 ··-·enable_strategy
172 ··-·low_complexity181 ··-·low_complexity
173 ··-·low_disruption182 ··-·low_disruption
174 ··-·medium_severity183 ··-·medium_severity
175 ··-·no_reboot_needed184 ··-·no_reboot_needed
176 ··-·package_aide_installed185 ··-·package_aide_installed
 186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
177 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
178 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
179 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
180 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
181 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
182 #·Remediation·is·applicable·only·in·certain·platforms 
183 if·dpkg-query·--show·--showformat='${db:Status-Status} 
184 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
185 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
186 else 
187 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
188 fi187 [[packages]]
 188 name·=·"aide"
 189 version·=·"*"
189 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*190 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
190 Run·the·following·command·to·generate·a·new·database:191 Run·the·following·command·to·generate·a·new·database:
191 $·sudo·aideinit192 $·sudo·aideinit
192 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the193 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the
193 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure194 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure
194 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-195 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-
195 generated·database·can·be·installed·as·follows:196 generated·database·can·be·installed·as·follows:
Offset 218, 14 lines modifiedOffset 218, 41 lines modified
218 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5218 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
219 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199219 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
220 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········UBTU-22-651015220 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········UBTU-22-651015
221 ············_\x8c_\x8i_\x8s············1.3.1221 ············_\x8c_\x8i_\x8s············1.3.1
222 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79222 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
223 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2223 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
224 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-260583r958944_rule224 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-260583r958944_rule
 225 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 226 #·Remediation·is·applicable·only·in·certain·platforms
 227 if·dpkg-query·--show·--showformat='${db:Status-Status}
 228 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
 229 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 230 AIDE_CONFIG=/etc/aide/aide.conf
 231 DEFAULT_DB_PATH=/var/lib/aide/aide.db
  
 232 #·Fix·db·path·in·the·config·file,·if·necessary
 233 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then
 234 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used.
 235 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s'
 236 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG}
 237 fi
  
 238 #·Fix·db·out·path·in·the·config·file,·if·necessary
 239 if·!·grep·-q·'^database_out=file:'·${AIDE_CONFIG};·then
 240 ····echo·"database_out=file:${DEFAULT_DB_PATH}.new"·>>·${AIDE_CONFIG}
 241 fi
  
 242 /usr/sbin/aideinit·-y·-f
  
 243 else
 244 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 245 fi
225 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8246 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
226 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low247 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
227 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low248 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
228 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false249 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
229 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict250 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
230 -·name:·Gather·the·package·facts251 -·name:·Gather·the·package·facts
231 ··package_facts:252 ··package_facts:
Offset 404, 41 lines modifiedOffset 431, 14 lines modified
404 ··-·PCI-DSSv4-11.5.2431 ··-·PCI-DSSv4-11.5.2
405 ··-·aide_build_database432 ··-·aide_build_database
406 ··-·low_complexity433 ··-·low_complexity
407 ··-·low_disruption434 ··-·low_disruption
408 ··-·medium_severity435 ··-·medium_severity
409 ··-·no_reboot_needed436 ··-·no_reboot_needed
410 ··-·restrict_strategy437 ··-·restrict_strategy
411 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
412 #·Remediation·is·applicable·only·in·certain·platforms 
413 if·dpkg-query·--show·--showformat='${db:Status-Status} 
414 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
415 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
416 AIDE_CONFIG=/etc/aide/aide.conf 
417 DEFAULT_DB_PATH=/var/lib/aide/aide.db 
  
418 #·Fix·db·path·in·the·config·file,·if·necessary 
419 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then 
420 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used. 
421 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s' 
422 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG} 
Max diff block lines reached; 1199974/1205635 bytes (99.53%) of diff not shown.
9.69 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2404-guide-cis_level1_server.html
    
Offset 15130, 146 lines modifiedOffset 15130, 146 lines modified
0003b190:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003b190:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003b1a0:·6964·6d32·3537·3022·2074·6162·696e·6465··idm2570"·tabinde0003b1a0:·6964·6d32·3537·3022·2074·6162·696e·6465··idm2570"·tabinde
0003b1b0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003b1b0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003b1c0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003b1c0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003b1d0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003b1d0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003b1e0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003b1e0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003b1f0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003b1f0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003b200:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui0003b200:·656d·6564·6961·7469·6f6e·2053·6865·6c6c··emediation·Shell
0003b210:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
0003b220:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b230:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b240:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b250:·7073·6522·2069·643d·2269·646d·3235·3730··pse"·id="idm25700003b210:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
 0003b220:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
 0003b230:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
 0003b240:·6c6c·6170·7365·2220·6964·3d22·6964·6d32··llapse"·id="idm2
 0003b250:·3537·3022·3e3c·7461·626c·6520·636c·6173··570"><table·clas
 0003b260:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
 0003b270:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
 0003b280:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
 0003b290:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
 0003b2a0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
 0003b2b0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003b2c0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
 0003b2d0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
 0003b2e0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b2f0:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
 0003b300:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
 0003b310:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
 0003b320:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable
 0003b330:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
0003b260:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[0003b340:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R
0003b270:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name· 
0003b280:·3d20·2261·6964·6522·0a76·6572·7369·6f6e··=·"aide".version 
0003b290:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></0003b350:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
 0003b360:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
 0003b370:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
 0003b380:·6d73·0a69·6620·6470·6b67·2d71·7565·7279··ms.if·dpkg-query
 0003b390:·202d·2d73·686f·7720·2d2d·7368·6f77·666f···--show·--showfo
 0003b3a0:·726d·6174·3d27·247b·6462·3a53·7461·7475··rmat='${db:Statu
 0003b3b0:·732d·5374·6174·7573·7d0a·2720·276c·696e··s-Status}.'·'lin
 0003b3c0:·7578·2d62·6173·6527·2032·2667·743b·2f64··ux-base'·2&gt;/d
 0003b3d0:·6576·2f6e·756c·6c20·7c20·6772·6570·202d··ev/null·|·grep·-
 0003b3e0:·7120·5e69·6e73·7461·6c6c·6564·3b20·7468··q·^installed;·th
 0003b3f0:·656e·0a0a·4445·4249·414e·5f46·524f·4e54··en..DEBIAN_FRONT
 0003b400:·454e·443d·6e6f·6e69·6e74·6572·6163·7469··END=noninteracti
 0003b410:·7665·2061·7074·2d67·6574·2069·6e73·7461··ve·apt-get·insta
 0003b420:·6c6c·202d·7920·2261·6964·6522·0a0a·656c··ll·-y·"aide"..el
 0003b430:·7365·0a20·2020·2026·6774·3b26·616d·703b··se.····&gt;&amp;
 0003b440:·3220·6563·686f·2027·5265·6d65·6469·6174··2·echo·'Remediat
 0003b450:·696f·6e20·6973·206e·6f74·2061·7070·6c69··ion·is·not·appli
 0003b460:·6361·626c·652c·206e·6f74·6869·6e67·2077··cable,·nothing·w
 0003b470:·6173·2064·6f6e·6527·0a66·690a·3c2f·636f··as·done'.fi.</co
 0003b480:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
 0003b490:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
 0003b4a0:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
 0003b4b0:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
 0003b4c0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
 0003b4d0:·646d·3235·3731·2220·7461·6269·6e64·6578··dm2571"·tabindex
 0003b4e0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
 0003b4f0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
 0003b500:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
 0003b510:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
 0003b520:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
 0003b530:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl
 0003b540:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a
 0003b550:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003b560:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003b570:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003b580:·6d32·3537·3122·3e3c·7461·626c·6520·636c··m2571"><table·cl
 0003b590:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
 0003b5a0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
 0003b5b0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
 0003b5c0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
 0003b5d0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
 0003b5e0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003b5f0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
 0003b600:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
 0003b610:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003b620:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
 0003b630:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
 0003b640:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
 0003b650:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab
 0003b660:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta
 0003b670:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-
 0003b680:·206e·616d·653a·2047·6174·6865·7220·7468···name:·Gather·th
 0003b690:·6520·7061·636b·6167·6520·6661·6374·730a··e·package·facts.
 0003b6a0:·2020·7061·636b·6167·655f·6661·6374·733a····package_facts:
 0003b6b0:·0a20·2020·206d·616e·6167·6572·3a20·6175··.····manager:·au
 0003b6c0:·746f·0a20·2074·6167·733a·0a20·202d·2043··to.··tags:.··-·C
 0003b6d0:·4a49·532d·352e·3130·2e31·2e33·0a20·202d··JIS-5.10.1.3.··-
 0003b6e0:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
 0003b6f0:·3628·6129·0a20·202d·2050·4349·2d44·5353··6(a).··-·PCI-DSS
 0003b700:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC
 0003b710:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·
 0003b720:·202d·2065·6e61·626c·655f·7374·7261·7465···-·enable_strate
 0003b730:·6779·0a20·202d·206c·6f77·5f63·6f6d·706c··gy.··-·low_compl
 0003b740:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di
 0003b750:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med
 0003b760:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··-
 0003b770:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede
 0003b780:·640a·2020·2d20·7061·636b·6167·655f·6169··d.··-·package_ai
 0003b790:·6465·5f69·6e73·7461·6c6c·6564·0a0a·2d20··de_installed..-·
 0003b7a0:·6e61·6d65·3a20·456e·7375·7265·2061·6964··name:·Ensure·aid
 0003b7b0:·6520·6973·2069·6e73·7461·6c6c·6564·0a20··e·is·installed.·
 0003b7c0:·2070·6163·6b61·6765·3a0a·2020·2020·6e61···package:.····na
 0003b7d0:·6d65·3a20·6169·6465·0a20·2020·2073·7461··me:·aide.····sta
 0003b7e0:·7465·3a20·7072·6573·656e·740a·2020·7768··te:·present.··wh
 0003b7f0:·656e·3a20·2722·6c69·6e75·782d·6261·7365··en:·'"linux-base
 0003b800:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 0003b810:·7473·2e70·6163·6b61·6765·7327·0a20·2074··ts.packages'.··t
 0003b820:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
 0003b830:·3130·2e31·2e33·0a20·202d·204e·4953·542d··10.1.3.··-·NIST-
 0003b840:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·
 0003b850:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1
 0003b860:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv
 0003b870:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena
 0003b880:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··-
 0003b890:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity.
 0003b8a0:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti
 0003b8b0:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se
 0003b8c0:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re
 0003b8d0:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·
 0003b8e0:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins
 0003b8f0:·7461·6c6c·6564·0a3c·2f63·6f64·653e·3c2f··talled.</code></
0003b2a0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla0003b900:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
0003b2b0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ0003b910:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
Max diff block lines reached; 8977542/8996338 bytes (99.79%) of diff not shown.
1.11 MB
html2text {}
    
Offset 133, 19 lines modifiedOffset 133, 28 lines modified
133 include·install_aide133 include·install_aide
  
134 class·install_aide·{134 class·install_aide·{
135 ··package·{·'aide':135 ··package·{·'aide':
136 ····ensure·=>·'installed',136 ····ensure·=>·'installed',
137 ··}137 ··}
138 }138 }
139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 140 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 141 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 142 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 143 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 144 #·Remediation·is·applicable·only·in·certain·platforms
 145 if·dpkg-query·--show·--showformat='${db:Status-Status}
 146 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
140 [[packages]] 
141 name·=·"aide" 
142 version·=·"*"147 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 148 else
 149 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 150 fi
143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low152 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low153 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false154 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable155 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
148 -·name:·Gather·the·package·facts156 -·name:·Gather·the·package·facts
149 ··package_facts:157 ··package_facts:
Offset 174, 28 lines modifiedOffset 183, 19 lines modified
174 ··-·PCI-DSSv4-11.5.2183 ··-·PCI-DSSv4-11.5.2
175 ··-·enable_strategy184 ··-·enable_strategy
176 ··-·low_complexity185 ··-·low_complexity
177 ··-·low_disruption186 ··-·low_disruption
178 ··-·medium_severity187 ··-·medium_severity
179 ··-·no_reboot_needed188 ··-·no_reboot_needed
180 ··-·package_aide_installed189 ··-·package_aide_installed
 190 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
181 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
182 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
183 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
184 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
185 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
186 #·Remediation·is·applicable·only·in·certain·platforms 
187 if·dpkg-query·--show·--showformat='${db:Status-Status} 
188 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
189 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
190 else 
191 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
192 fi191 [[packages]]
 192 name·=·"aide"
 193 version·=·"*"
193 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*194 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
194 Run·the·following·command·to·generate·a·new·database:195 Run·the·following·command·to·generate·a·new·database:
195 $·sudo·aideinit196 $·sudo·aideinit
196 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the197 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the
197 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure·location198 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure·location
198 (such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can199 (such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can
199 be·installed·as·follows:200 be·installed·as·follows:
Offset 220, 14 lines modifiedOffset 220, 41 lines modified
220 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)220 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
221 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3221 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
222 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5222 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
223 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199223 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
224 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79224 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
225 ············_\x8c_\x8i_\x8s············6.3.1225 ············_\x8c_\x8i_\x8s············6.3.1
226 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2226 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 227 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 228 #·Remediation·is·applicable·only·in·certain·platforms
 229 if·dpkg-query·--show·--showformat='${db:Status-Status}
 230 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
 231 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 232 AIDE_CONFIG=/etc/aide/aide.conf
 233 DEFAULT_DB_PATH=/var/lib/aide/aide.db
  
 234 #·Fix·db·path·in·the·config·file,·if·necessary
 235 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then
 236 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used.
 237 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s'
 238 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG}
 239 fi
  
 240 #·Fix·db·out·path·in·the·config·file,·if·necessary
 241 if·!·grep·-q·'^database_out=file:'·${AIDE_CONFIG};·then
 242 ····echo·"database_out=file:${DEFAULT_DB_PATH}.new"·>>·${AIDE_CONFIG}
 243 fi
  
 244 /usr/sbin/aideinit·-y·-f
  
 245 else
 246 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 247 fi
227 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8248 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
228 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low249 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
229 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low250 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
230 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false251 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
231 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict252 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
232 -·name:·Gather·the·package·facts253 -·name:·Gather·the·package·facts
233 ··package_facts:254 ··package_facts:
Offset 397, 41 lines modifiedOffset 424, 14 lines modified
397 ··-·PCI-DSSv4-11.5.2424 ··-·PCI-DSSv4-11.5.2
398 ··-·aide_build_database425 ··-·aide_build_database
399 ··-·low_complexity426 ··-·low_complexity
400 ··-·low_disruption427 ··-·low_disruption
401 ··-·medium_severity428 ··-·medium_severity
402 ··-·no_reboot_needed429 ··-·no_reboot_needed
403 ··-·restrict_strategy430 ··-·restrict_strategy
404 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
405 #·Remediation·is·applicable·only·in·certain·platforms 
406 if·dpkg-query·--show·--showformat='${db:Status-Status} 
407 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
408 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
409 AIDE_CONFIG=/etc/aide/aide.conf 
410 DEFAULT_DB_PATH=/var/lib/aide/aide.db 
  
411 #·Fix·db·path·in·the·config·file,·if·necessary 
412 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then 
413 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used. 
414 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s' 
415 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG} 
Max diff block lines reached; 1153551/1159247 bytes (99.51%) of diff not shown.
9.44 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2404-guide-cis_level1_workstation.html
    
Offset 15122, 146 lines modifiedOffset 15122, 146 lines modified
0003b110:·6574·3d22·2369·646d·3235·3730·2220·7461··et="#idm2570"·ta0003b110:·6574·3d22·2369·646d·3235·3730·2220·7461··et="#idm2570"·ta
0003b120:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003b120:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b130:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003b130:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b140:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003b140:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b150:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003b150:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b160:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003b160:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003b170:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003b170:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b180:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
0003b190:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003b1a0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b1b0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b1c0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b1d0:·6d32·3537·3022·3e3c·7072·653e·3c63·6f64··m2570"><pre><cod 
0003b1e0:·653e·0a5b·5b70·6163·6b61·6765·735d·5d0a··e>.[[packages]]. 
0003b1f0:·6e61·6d65·203d·2022·6169·6465·220a·7665··name·=·"aide".ve 
0003b200:·7273·696f·6e20·3d20·222a·220a·3c2f·636f··rsion·=·"*".</co0003b180:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
 0003b190:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
 0003b1a0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
 0003b1b0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
 0003b1c0:·2269·646d·3235·3730·223e·3c74·6162·6c65··"idm2570"><table
 0003b1d0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
 0003b1e0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
 0003b1f0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
 0003b200:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
 0003b210:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
 0003b220:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003b230:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
 0003b240:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
 0003b250:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003b260:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
 0003b270:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
 0003b280:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
 0003b290:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e
 0003b2a0:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><
 0003b2b0:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
 0003b2c0:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
 0003b2d0:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
 0003b2e0:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
 0003b2f0:·6174·666f·726d·730a·6966·2064·706b·672d··atforms.if·dpkg-
 0003b300:·7175·6572·7920·2d2d·7368·6f77·202d·2d73··query·--show·--s
 0003b310:·686f·7766·6f72·6d61·743d·2724·7b64·623a··howformat='${db:
 0003b320:·5374·6174·7573·2d53·7461·7475·737d·0a27··Status-Status}.'
 0003b330:·2027·6c69·6e75·782d·6261·7365·2720·3226···'linux-base'·2&
 0003b340:·6774·3b2f·6465·762f·6e75·6c6c·207c·2067··gt;/dev/null·|·g
 0003b350:·7265·7020·2d71·205e·696e·7374·616c·6c65··rep·-q·^installe
 0003b360:·643b·2074·6865·6e0a·0a44·4542·4941·4e5f··d;·then..DEBIAN_
 0003b370:·4652·4f4e·5445·4e44·3d6e·6f6e·696e·7465··FRONTEND=noninte
 0003b380:·7261·6374·6976·6520·6170·742d·6765·7420··ractive·apt-get·
 0003b390:·696e·7374·616c·6c20·2d79·2022·6169·6465··install·-y·"aide
 0003b3a0:·220a·0a65·6c73·650a·2020·2020·2667·743b··"..else.····&gt;
 0003b3b0:·2661·6d70·3b32·2065·6368·6f20·2752·656d··&amp;2·echo·'Rem
 0003b3c0:·6564·6961·7469·6f6e·2069·7320·6e6f·7420··ediation·is·not·
 0003b3d0:·6170·706c·6963·6162·6c65·2c20·6e6f·7468··applicable,·noth
 0003b3e0:·696e·6720·7761·7320·646f·6e65·270a·6669··ing·was·done'.fi
 0003b3f0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
 0003b400:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
 0003b410:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
 0003b420:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
 0003b430:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
 0003b440:·743d·2223·6964·6d32·3537·3122·2074·6162··t="#idm2571"·tab
 0003b450:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
 0003b460:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
 0003b470:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
 0003b480:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
 0003b490:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
 0003b4a0:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A
 0003b4b0:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·.
 0003b4c0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
 0003b4d0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
 0003b4e0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
 0003b4f0:·643d·2269·646d·3235·3731·223e·3c74·6162··d="idm2571"><tab
 0003b500:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 0003b510:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 0003b520:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 0003b530:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 0003b540:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
 0003b550:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003b560:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003b570:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
 0003b580:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003b590:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003b5a0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
 0003b5b0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 0003b5c0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003b5d0:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr
 0003b5e0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
 0003b5f0:·6f64·653e·2d20·6e61·6d65·3a20·4761·7468··ode>-·name:·Gath
 0003b600:·6572·2074·6865·2070·6163·6b61·6765·2066··er·the·package·f
 0003b610:·6163·7473·0a20·2070·6163·6b61·6765·5f66··acts.··package_f
 0003b620:·6163·7473·3a0a·2020·2020·6d61·6e61·6765··acts:.····manage
 0003b630:·723a·2061·7574·6f0a·2020·7461·6773·3a0a··r:·auto.··tags:.
 0003b640:·2020·2d20·434a·4953·2d35·2e31·302e·312e····-·CJIS-5.10.1.
 0003b650:·330a·2020·2d20·4e49·5354·2d38·3030·2d35··3.··-·NIST-800-5
 0003b660:·332d·434d·2d36·2861·290a·2020·2d20·5043··3-CM-6(a).··-·PC
 0003b670:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.·
 0003b680:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11.
 0003b690:·352e·320a·2020·2d20·656e·6162·6c65·5f73··5.2.··-·enable_s
 0003b6a0:·7472·6174·6567·790a·2020·2d20·6c6f·775f··trategy.··-·low_
 0003b6b0:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l
 0003b6c0:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.··
 0003b6d0:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit
 0003b6e0:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_
 0003b6f0:·6e65·6564·6564·0a20·202d·2070·6163·6b61··needed.··-·packa
 0003b700:·6765·5f61·6964·655f·696e·7374·616c·6c65··ge_aide_installe
 0003b710:·640a·0a2d·206e·616d·653a·2045·6e73·7572··d..-·name:·Ensur
 0003b720:·6520·6169·6465·2069·7320·696e·7374·616c··e·aide·is·instal
 0003b730:·6c65·640a·2020·7061·636b·6167·653a·0a20··led.··package:.·
 0003b740:·2020·206e·616d·653a·2061·6964·650a·2020·····name:·aide.··
 0003b750:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present
 0003b760:·0a20·2077·6865·6e3a·2027·226c·696e·7578··.··when:·'"linux
 0003b770:·2d62·6173·6522·2069·6e20·616e·7369·626c··-base"·in·ansibl
 0003b780:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 0003b790:·270a·2020·7461·6773·3a0a·2020·2d20·434a··'.··tags:.··-·CJ
 0003b7a0:·4953·2d35·2e31·302e·312e·330a·2020·2d20··IS-5.10.1.3.··-·
 0003b7b0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
 0003b7c0:·2861·290a·2020·2d20·5043·492d·4453·532d··(a).··-·PCI-DSS-
 0003b7d0:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI
 0003b7e0:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.··
 0003b7f0:·2d20·656e·6162·6c65·5f73·7472·6174·6567··-·enable_strateg
 0003b800:·790a·2020·2d20·6c6f·775f·636f·6d70·6c65··y.··-·low_comple
 0003b810:·7869·7479·0a20·202d·206c·6f77·5f64·6973··xity.··-·low_dis
 0003b820:·7275·7074·696f·6e0a·2020·2d20·6d65·6469··ruption.··-·medi
 0003b830:·756d·5f73·6576·6572·6974·790a·2020·2d20··um_severity.··-·
 0003b840:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed
 0003b850:·0a20·202d·2070·6163·6b61·6765·5f61·6964··.··-·package_aid
 0003b860:·655f·696e·7374·616c·6c65·640a·3c2f·636f··e_installed.</co
0003b210:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><0003b870:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
Max diff block lines reached; 8744873/8763669 bytes (99.79%) of diff not shown.
1.08 MB
html2text {}
    
Offset 132, 19 lines modifiedOffset 132, 28 lines modified
132 include·install_aide132 include·install_aide
  
133 class·install_aide·{133 class·install_aide·{
134 ··package·{·'aide':134 ··package·{·'aide':
135 ····ensure·=>·'installed',135 ····ensure·=>·'installed',
136 ··}136 ··}
137 }137 }
138 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8138 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 139 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 140 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 141 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 142 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 143 #·Remediation·is·applicable·only·in·certain·platforms
 144 if·dpkg-query·--show·--showformat='${db:Status-Status}
 145 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
139 [[packages]] 
140 name·=·"aide" 
141 version·=·"*"146 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 147 else
 148 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 149 fi
142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8150 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low151 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low152 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false153 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable154 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
147 -·name:·Gather·the·package·facts155 -·name:·Gather·the·package·facts
148 ··package_facts:156 ··package_facts:
Offset 173, 28 lines modifiedOffset 182, 19 lines modified
173 ··-·PCI-DSSv4-11.5.2182 ··-·PCI-DSSv4-11.5.2
174 ··-·enable_strategy183 ··-·enable_strategy
175 ··-·low_complexity184 ··-·low_complexity
176 ··-·low_disruption185 ··-·low_disruption
177 ··-·medium_severity186 ··-·medium_severity
178 ··-·no_reboot_needed187 ··-·no_reboot_needed
179 ··-·package_aide_installed188 ··-·package_aide_installed
 189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
180 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
181 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
182 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
183 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
184 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
185 #·Remediation·is·applicable·only·in·certain·platforms 
186 if·dpkg-query·--show·--showformat='${db:Status-Status} 
187 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
188 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
189 else 
190 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
191 fi190 [[packages]]
 191 name·=·"aide"
 192 version·=·"*"
192 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*193 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
193 Run·the·following·command·to·generate·a·new·database:194 Run·the·following·command·to·generate·a·new·database:
194 $·sudo·aideinit195 $·sudo·aideinit
195 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the196 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the
196 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure·location197 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure·location
197 (such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can198 (such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can
198 be·installed·as·follows:199 be·installed·as·follows:
Offset 219, 14 lines modifiedOffset 219, 41 lines modified
219 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)219 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
220 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3220 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
221 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5221 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
222 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199222 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
223 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79223 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
224 ············_\x8c_\x8i_\x8s············6.3.1224 ············_\x8c_\x8i_\x8s············6.3.1
225 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2225 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 226 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 227 #·Remediation·is·applicable·only·in·certain·platforms
 228 if·dpkg-query·--show·--showformat='${db:Status-Status}
 229 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
 230 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 231 AIDE_CONFIG=/etc/aide/aide.conf
 232 DEFAULT_DB_PATH=/var/lib/aide/aide.db
  
 233 #·Fix·db·path·in·the·config·file,·if·necessary
 234 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then
 235 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used.
 236 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s'
 237 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG}
 238 fi
  
 239 #·Fix·db·out·path·in·the·config·file,·if·necessary
 240 if·!·grep·-q·'^database_out=file:'·${AIDE_CONFIG};·then
 241 ····echo·"database_out=file:${DEFAULT_DB_PATH}.new"·>>·${AIDE_CONFIG}
 242 fi
  
 243 /usr/sbin/aideinit·-y·-f
  
 244 else
 245 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 246 fi
226 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8247 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
227 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low248 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
228 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low249 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
229 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false250 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
230 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict251 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
231 -·name:·Gather·the·package·facts252 -·name:·Gather·the·package·facts
232 ··package_facts:253 ··package_facts:
Offset 396, 41 lines modifiedOffset 423, 14 lines modified
396 ··-·PCI-DSSv4-11.5.2423 ··-·PCI-DSSv4-11.5.2
397 ··-·aide_build_database424 ··-·aide_build_database
398 ··-·low_complexity425 ··-·low_complexity
399 ··-·low_disruption426 ··-·low_disruption
400 ··-·medium_severity427 ··-·medium_severity
401 ··-·no_reboot_needed428 ··-·no_reboot_needed
402 ··-·restrict_strategy429 ··-·restrict_strategy
403 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
404 #·Remediation·is·applicable·only·in·certain·platforms 
405 if·dpkg-query·--show·--showformat='${db:Status-Status} 
406 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
407 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
408 AIDE_CONFIG=/etc/aide/aide.conf 
409 DEFAULT_DB_PATH=/var/lib/aide/aide.db 
  
410 #·Fix·db·path·in·the·config·file,·if·necessary 
411 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then 
412 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used. 
413 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s' 
414 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG} 
Max diff block lines reached; 1125975/1131671 bytes (99.50%) of diff not shown.
20.5 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2404-guide-cis_level2_server.html
    
Offset 15165, 146 lines modifiedOffset 15165, 146 lines modified
0003b3c0:·2d74·6172·6765·743d·2223·6964·6d32·3537··-target="#idm2570003b3c0:·2d74·6172·6765·743d·2223·6964·6d32·3537··-target="#idm257
0003b3d0:·3022·2074·6162·696e·6465·783d·2230·2220··0"·tabindex="0"·0003b3d0:·3022·2074·6162·696e·6465·783d·2230·2220··0"·tabindex="0"·
0003b3e0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003b3e0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003b3f0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003b3f0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003b400:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003b400:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003b410:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003b410:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003b420:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003b420:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003b430:·7469·6f6e·204f·5342·7569·6c64·2042·6c75··tion·OSBuild·Blu 
0003b440:·6570·7269·6e74·2073·6e69·7070·6574·20e2··eprint·snippet·. 
0003b450:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003b460:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003b470:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003b480:·643d·2269·646d·3235·3730·223e·3c70·7265··d="idm2570"><pre 
0003b490:·3e3c·636f·6465·3e0a·5b5b·7061·636b·6167··><code>.[[packag 
0003b4a0:·6573·5d5d·0a6e·616d·6520·3d20·2261·6964··es]].name·=·"aid 
0003b4b0:·6522·0a76·6572·7369·6f6e·203d·2022·2a22··e".version·=·"*"0003b430:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
 0003b440:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
 0003b450:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
 0003b460:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
 0003b470:·2220·6964·3d22·6964·6d32·3537·3022·3e3c··"·id="idm2570"><
 0003b480:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
 0003b490:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
 0003b4a0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
 0003b4b0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
 0003b4c0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
 0003b4d0:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
 0003b4e0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003b4f0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
 0003b500:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003b510:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
 0003b520:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
 0003b530:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003b540:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
 0003b550:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><
 0003b560:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
 0003b570:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
 0003b580:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
 0003b590:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
 0003b5a0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
 0003b5b0:·6470·6b67·2d71·7565·7279·202d·2d73·686f··dpkg-query·--sho
 0003b5c0:·7720·2d2d·7368·6f77·666f·726d·6174·3d27··w·--showformat='
 0003b5d0:·247b·6462·3a53·7461·7475·732d·5374·6174··${db:Status-Stat
 0003b5e0:·7573·7d0a·2720·276c·696e·7578·2d62·6173··us}.'·'linux-bas
 0003b5f0:·6527·2032·2667·743b·2f64·6576·2f6e·756c··e'·2&gt;/dev/nul
 0003b600:·6c20·7c20·6772·6570·202d·7120·5e69·6e73··l·|·grep·-q·^ins
 0003b610:·7461·6c6c·6564·3b20·7468·656e·0a0a·4445··talled;·then..DE
 0003b620:·4249·414e·5f46·524f·4e54·454e·443d·6e6f··BIAN_FRONTEND=no
 0003b630:·6e69·6e74·6572·6163·7469·7665·2061·7074··ninteractive·apt
 0003b640:·2d67·6574·2069·6e73·7461·6c6c·202d·7920··-get·install·-y·
 0003b650:·2261·6964·6522·0a0a·656c·7365·0a20·2020··"aide"..else.···
 0003b660:·2026·6774·3b26·616d·703b·3220·6563·686f···&gt;&amp;2·echo
 0003b670:·2027·5265·6d65·6469·6174·696f·6e20·6973···'Remediation·is
 0003b680:·206e·6f74·2061·7070·6c69·6361·626c·652c···not·applicable,
 0003b690:·206e·6f74·6869·6e67·2077·6173·2064·6f6e···nothing·was·don
 0003b6a0:·6527·0a66·690a·3c2f·636f·6465·3e3c·2f70··e'.fi.</code></p
 0003b6b0:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas
 0003b6c0:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe
 0003b6d0:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle=
 0003b6e0:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data-
 0003b6f0:·7461·7267·6574·3d22·2369·646d·3235·3731··target="#idm2571
 0003b700:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
 0003b710:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
 0003b720:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
 0003b730:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
 0003b740:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
 0003b750:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
 0003b760:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip
 0003b770:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><
 0003b780:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
 0003b790:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
 0003b7a0:·7365·2220·6964·3d22·6964·6d32·3537·3122··se"·id="idm2571"
 0003b7b0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
 0003b7c0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
 0003b7d0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
 0003b7e0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
 0003b7f0:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
 0003b800:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
 0003b810:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003b820:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
 0003b830:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003b840:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
 0003b850:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
 0003b860:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
 0003b870:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
 0003b880:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td
 0003b890:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
 0003b8a0:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
 0003b8b0:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
 0003b8c0:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
 0003b8d0:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
 0003b8e0:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
 0003b8f0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
 0003b900:·3130·2e31·2e33·0a20·202d·204e·4953·542d··10.1.3.··-·NIST-
 0003b910:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·
 0003b920:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1
 0003b930:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv
 0003b940:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena
 0003b950:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··-
 0003b960:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity.
 0003b970:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti
 0003b980:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se
 0003b990:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re
 0003b9a0:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·
 0003b9b0:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins
 0003b9c0:·7461·6c6c·6564·0a0a·2d20·6e61·6d65·3a20··talled..-·name:·
 0003b9d0:·456e·7375·7265·2061·6964·6520·6973·2069··Ensure·aide·is·i
 0003b9e0:·6e73·7461·6c6c·6564·0a20·2070·6163·6b61··nstalled.··packa
 0003b9f0:·6765·3a0a·2020·2020·6e61·6d65·3a20·6169··ge:.····name:·ai
 0003ba00:·6465·0a20·2020·2073·7461·7465·3a20·7072··de.····state:·pr
 0003ba10:·6573·656e·740a·2020·7768·656e·3a20·2722··esent.··when:·'"
 0003ba20:·6c69·6e75·782d·6261·7365·2220·696e·2061··linux-base"·in·a
 0003ba30:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 0003ba40:·6b61·6765·7327·0a20·2074·6167·733a·0a20··kages'.··tags:.·
 0003ba50:·202d·2043·4a49·532d·352e·3130·2e31·2e33···-·CJIS-5.10.1.3
 0003ba60:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
 0003ba70:·2d43·4d2d·3628·6129·0a20·202d·2050·4349··-CM-6(a).··-·PCI
 0003ba80:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··
 0003ba90:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.5
 0003baa0:·2e32·0a20·202d·2065·6e61·626c·655f·7374··.2.··-·enable_st
 0003bab0:·7261·7465·6779·0a20·202d·206c·6f77·5f63··rategy.··-·low_c
 0003bac0:·6f6d·706c·6578·6974·790a·2020·2d20·6c6f··omplexity.··-·lo
 0003bad0:·775f·6469·7372·7570·7469·6f6e·0a20·202d··w_disruption.··-
 0003bae0:·206d·6564·6975·6d5f·7365·7665·7269·7479···medium_severity
 0003baf0:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n
 0003bb00:·6565·6465·640a·2020·2d20·7061·636b·6167··eeded.··-·packag
 0003bb10:·655f·6169·6465·5f69·6e73·7461·6c6c·6564··e_aide_installed
0003b4c0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></0003bb20:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
Max diff block lines reached; 19539573/19558369 bytes (99.90%) of diff not shown.
1.85 MB
html2text {}
Max HTML report size reached
20.4 MB
./usr/share/doc/ssg-debderived/ssg-ubuntu2404-guide-cis_level2_workstation.html
    
Offset 15161, 146 lines modifiedOffset 15161, 146 lines modified
0003b380:·612d·7461·7267·6574·3d22·2369·646d·3235··a-target="#idm250003b380:·612d·7461·7267·6574·3d22·2369·646d·3235··a-target="#idm25
0003b390:·3730·2220·7461·6269·6e64·6578·3d22·3022··70"·tabindex="0"0003b390:·3730·2220·7461·6269·6e64·6578·3d22·3022··70"·tabindex="0"
0003b3a0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a0003b3a0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003b3b0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa0003b3b0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003b3c0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti0003b3c0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003b3d0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·0003b3d0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003b3e0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi0003b3e0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
0003b3f0:·6174·696f·6e20·4f53·4275·696c·6420·426c··ation·OSBuild·Bl 
0003b400:·7565·7072·696e·7420·736e·6970·7065·7420··ueprint·snippet· 
0003b410:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003b420:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003b430:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003b440:·6964·3d22·6964·6d32·3537·3022·3e3c·7072··id="idm2570"><pr 
0003b450:·653e·3c63·6f64·653e·0a5b·5b70·6163·6b61··e><code>.[[packa 
0003b460:·6765·735d·5d0a·6e61·6d65·203d·2022·6169··ges]].name·=·"ai 
0003b470:·6465·220a·7665·7273·696f·6e20·3d20·222a··de".version·=·"*0003b3f0:·6174·696f·6e20·5368·656c·6c20·7363·7269··ation·Shell·scri
 0003b400:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
 0003b410:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
 0003b420:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
 0003b430:·6522·2069·643d·2269·646d·3235·3730·223e··e"·id="idm2570">
 0003b440:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
 0003b450:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
 0003b460:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
 0003b470:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
 0003b480:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
 0003b490:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo
 0003b4a0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003b4b0:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
 0003b4c0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003b4d0:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo
 0003b4e0:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals
 0003b4f0:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><
 0003b500:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
 0003b510:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td>
 0003b520:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
 0003b530:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
 0003b540:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
 0003b550:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
 0003b560:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
 0003b570:·2064·706b·672d·7175·6572·7920·2d2d·7368···dpkg-query·--sh
 0003b580:·6f77·202d·2d73·686f·7766·6f72·6d61·743d··ow·--showformat=
 0003b590:·2724·7b64·623a·5374·6174·7573·2d53·7461··'${db:Status-Sta
 0003b5a0:·7475·737d·0a27·2027·6c69·6e75·782d·6261··tus}.'·'linux-ba
 0003b5b0:·7365·2720·3226·6774·3b2f·6465·762f·6e75··se'·2&gt;/dev/nu
 0003b5c0:·6c6c·207c·2067·7265·7020·2d71·205e·696e··ll·|·grep·-q·^in
 0003b5d0:·7374·616c·6c65·643b·2074·6865·6e0a·0a44··stalled;·then..D
 0003b5e0:·4542·4941·4e5f·4652·4f4e·5445·4e44·3d6e··EBIAN_FRONTEND=n
 0003b5f0:·6f6e·696e·7465·7261·6374·6976·6520·6170··oninteractive·ap
 0003b600:·742d·6765·7420·696e·7374·616c·6c20·2d79··t-get·install·-y
 0003b610:·2022·6169·6465·220a·0a65·6c73·650a·2020···"aide"..else.··
 0003b620:·2020·2667·743b·2661·6d70·3b32·2065·6368····&gt;&amp;2·ech
 0003b630:·6f20·2752·656d·6564·6961·7469·6f6e·2069··o·'Remediation·i
 0003b640:·7320·6e6f·7420·6170·706c·6963·6162·6c65··s·not·applicable
 0003b650:·2c20·6e6f·7468·696e·6720·7761·7320·646f··,·nothing·was·do
 0003b660:·6e65·270a·6669·0a3c·2f63·6f64·653e·3c2f··ne'.fi.</code></
 0003b670:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
 0003b680:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
 0003b690:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
 0003b6a0:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
 0003b6b0:·2d74·6172·6765·743d·2223·6964·6d32·3537··-target="#idm257
 0003b6c0:·3122·2074·6162·696e·6465·783d·2230·2220··1"·tabindex="0"·
 0003b6d0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
 0003b6e0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
 0003b6f0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
 0003b700:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
 0003b710:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
 0003b720:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni
 0003b730:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>
 0003b740:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
 0003b750:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
 0003b760:·7073·6522·2069·643d·2269·646d·3235·3731··pse"·id="idm2571
 0003b770:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
 0003b780:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
 0003b790:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
 0003b7a0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
 0003b7b0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
 0003b7c0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
 0003b7d0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003b7e0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
 0003b7f0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003b800:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
 0003b810:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
 0003b820:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
 0003b830:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
 0003b840:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t
 0003b850:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
 0003b860:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name
 0003b870:·3a20·4761·7468·6572·2074·6865·2070·6163··:·Gather·the·pac
 0003b880:·6b61·6765·2066·6163·7473·0a20·2070·6163··kage·facts.··pac
 0003b890:·6b61·6765·5f66·6163·7473·3a0a·2020·2020··kage_facts:.····
 0003b8a0:·6d61·6e61·6765·723a·2061·7574·6f0a·2020··manager:·auto.··
 0003b8b0:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5
 0003b8c0:·2e31·302e·312e·330a·2020·2d20·4e49·5354··.10.1.3.··-·NIST
 0003b8d0:·2d38·3030·2d35·332d·434d·2d36·2861·290a··-800-53-CM-6(a).
 0003b8e0:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-
 0003b8f0:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS
 0003b900:·7634·2d31·312e·352e·320a·2020·2d20·656e··v4-11.5.2.··-·en
 0003b910:·6162·6c65·5f73·7472·6174·6567·790a·2020··able_strategy.··
 0003b920:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity
 0003b930:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt
 0003b940:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s
 0003b950:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r
 0003b960:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-
 0003b970:·2070·6163·6b61·6765·5f61·6964·655f·696e···package_aide_in
 0003b980:·7374·616c·6c65·640a·0a2d·206e·616d·653a··stalled..-·name:
 0003b990:·2045·6e73·7572·6520·6169·6465·2069·7320···Ensure·aide·is·
 0003b9a0:·696e·7374·616c·6c65·640a·2020·7061·636b··installed.··pack
 0003b9b0:·6167·653a·0a20·2020·206e·616d·653a·2061··age:.····name:·a
 0003b9c0:·6964·650a·2020·2020·7374·6174·653a·2070··ide.····state:·p
 0003b9d0:·7265·7365·6e74·0a20·2077·6865·6e3a·2027··resent.··when:·'
 0003b9e0:·226c·696e·7578·2d62·6173·6522·2069·6e20··"linux-base"·in·
 0003b9f0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 0003ba00:·636b·6167·6573·270a·2020·7461·6773·3a0a··ckages'.··tags:.
 0003ba10:·2020·2d20·434a·4953·2d35·2e31·302e·312e····-·CJIS-5.10.1.
 0003ba20:·330a·2020·2d20·4e49·5354·2d38·3030·2d35··3.··-·NIST-800-5
 0003ba30:·332d·434d·2d36·2861·290a·2020·2d20·5043··3-CM-6(a).··-·PC
 0003ba40:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.·
 0003ba50:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11.
 0003ba60:·352e·320a·2020·2d20·656e·6162·6c65·5f73··5.2.··-·enable_s
 0003ba70:·7472·6174·6567·790a·2020·2d20·6c6f·775f··trategy.··-·low_
 0003ba80:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l
 0003ba90:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.··
 0003baa0:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit
 0003bab0:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_
 0003bac0:·6e65·6564·6564·0a20·202d·2070·6163·6b61··needed.··-·packa
 0003bad0:·6765·5f61·6964·655f·696e·7374·616c·6c65··ge_aide_installe
0003b480:·220a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··".</code></pre><0003bae0:·640a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··d.</code></pre><
Max diff block lines reached; 19478761/19497557 bytes (99.90%) of diff not shown.
1.84 MB
html2text {}
Max HTML report size reached
2.39 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds.xml
2.39 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds.xml
Max HTML report size reached
658 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ocil.xml
658 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ocil.xml
Ordering differences only
    
Offset 3, 4831 lines modifiedOffset 3, 4578 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1"> 
11 ······<ocil:title>Configure·auditd·max_log_file_action·Upon·Reaching·Maximum·Log·Size</ocil:title>10 ····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_shadow_ocil:questionnaire:1">
 11 ······<ocil:title>Verify·Group·Who·Owns·Backup·shadow·File</ocil:title>
12 ······<ocil:actions>12 ······<ocil:actions>
13 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_shadow_action:testaction:1</ocil:test_action_ref>
14 ······</ocil:actions>14 ······</ocil:actions>
15 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
16 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_page_poisoning_zero_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_keepalive_0_ocil:questionnaire:1">
17 ······<ocil:title>Use·zero·for·poisoning·instead·of·debugging·value</ocil:title>17 ······<ocil:title>Set·SSH·Client·Alive·Count·Max·to·zero</ocil:title>
18 ······<ocil:actions>18 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-kernel_config_page_poisoning_zero_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-sshd_set_keepalive_0_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>20 ······</ocil:actions>
21 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-sshd_enable_gssapi_auth_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-package_openldap-servers_removed_ocil:questionnaire:1">
23 ······<ocil:title>Enable·GSSAPI·Authentication</ocil:title>23 ······<ocil:title>Uninstall·openldap-servers·Package</ocil:title>
24 ······<ocil:actions>24 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-sshd_enable_gssapi_auth_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-package_openldap-servers_removed_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>26 ······</ocil:actions>
27 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_group_ocil:questionnaire:1"> 
29 ······<ocil:title>Verify·Group·Who·Owns·group·File</ocil:title>28 ····<ocil:questionnaire·id="ocil:ssg-securetty_root_login_console_only_ocil:questionnaire:1">
 29 ······<ocil:title>Restrict·Virtual·Console·Root·Logins</ocil:title>
30 ······<ocil:actions>30 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_group_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-securetty_root_login_console_only_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>32 ······</ocil:actions>
33 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-partition_for_dev_shm_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_chown_ocil:questionnaire:1">
35 ······<ocil:title>Ensure·/dev/shm·is·configured</ocil:title>35 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·chown</ocil:title>
36 ······<ocil:actions>36 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-partition_for_dev_shm_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_chown_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>38 ······</ocil:actions>
39 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-sudo_require_authentication_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_settimeofday_ocil:questionnaire:1">
41 ······<ocil:title>Ensure·Users·Re-Authenticate·for·Privilege·Escalation·-·sudo</ocil:title>41 ······<ocil:title>Record·attempts·to·alter·time·through·settimeofday</ocil:title>
42 ······<ocil:actions>42 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-sudo_require_authentication_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-audit_rules_time_settimeofday_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>44 ······</ocil:actions>
45 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-package_openssh-server_installed_ocil:questionnaire:1"> 
47 ······<ocil:title>Install·the·OpenSSH·Server·Package</ocil:title>46 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_umount2_ocil:questionnaire:1">
 47 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·umount2</ocil:title>
48 ······<ocil:actions>48 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-package_openssh-server_installed_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_umount2_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>50 ······</ocil:actions>
51 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_systemmap_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-partition_for_var_ocil:questionnaire:1">
53 ······<ocil:title>Verify·Permissions·on·System.map·Files</ocil:title>53 ······<ocil:title>Ensure·/var·Located·On·Separate·Partition</ocil:title>
54 ······<ocil:actions>54 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-file_permissions_systemmap_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-partition_for_var_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>56 ······</ocil:actions>
57 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_passwd_ocil:questionnaire:1">
59 ······<ocil:title>Verify·Only·Root·Has·UID·0</ocil:title>59 ······<ocil:title>Verify·Permissions·on·passwd·File</ocil:title>
60 ······<ocil:actions>60 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_passwd_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>62 ······</ocil:actions>
63 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_stime_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_binfmt_misc_ocil:questionnaire:1">
65 ······<ocil:title>Record·Attempts·to·Alter·Time·Through·stime</ocil:title>65 ······<ocil:title>Disable·kernel·support·for·MISC·binaries</ocil:title>
66 ······<ocil:actions>66 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-audit_rules_time_stime_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-kernel_config_binfmt_misc_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>68 ······</ocil:actions>
69 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_user_known_hosts_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-service_sshd_disabled_ocil:questionnaire:1">
71 ······<ocil:title>Disable·SSH·Support·for·User·Known·Hosts</ocil:title>71 ······<ocil:title>Disable·SSH·Server·If·Possible</ocil:title>
72 ······<ocil:actions>72 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_user_known_hosts_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-service_sshd_disabled_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>74 ······</ocil:actions>
75 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_syn_cookies_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-grub2_l1tf_argument_ocil:questionnaire:1">
77 ······<ocil:title>Enable·TCP/IP·syncookie·support</ocil:title>77 ······<ocil:title>Configure·L1·Terminal·Fault·mitigations</ocil:title>
78 ······<ocil:actions>78 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-kernel_config_syn_cookies_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-grub2_l1tf_argument_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>80 ······</ocil:actions>
81 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_shared_media_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-file_ownership_var_log_audit_ocil:questionnaire:1">
83 ······<ocil:title>Configure·Sending·and·Accepting·Shared·Media·Redirects·for·All·IPv4·Interfaces</ocil:title>83 ······<ocil:title>System·Audit·Logs·Must·Be·Owned·By·Root</ocil:title>
84 ······<ocil:actions>84 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_shared_media_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-file_ownership_var_log_audit_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>86 ······</ocil:actions>
87 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_chown_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchown_ocil:questionnaire:1">
89 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·chown</ocil:title>89 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchown</ocil:title>
90 ······<ocil:actions>90 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_chown_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchown_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>92 ······</ocil:actions>
93 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-selinux_not_disabled_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-auditd_local_events_ocil:questionnaire:1">
95 ······<ocil:title>Ensure·SELinux·is·Not·Disabled</ocil:title>95 ······<ocil:title>Include·Local·Events·in·Audit·Logs</ocil:title>
96 ······<ocil:actions>96 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-selinux_not_disabled_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-auditd_local_events_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>98 ······</ocil:actions>
99 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_randomize_memory_ocil:questionnaire:1">100 ····<ocil:questionnaire·id="ocil:ssg-auditd_log_format_ocil:questionnaire:1">
101 ······<ocil:title>Randomize·the·kernel·memory·sections</ocil:title>101 ······<ocil:title>Resolve·information·before·writing·to·audit·logs</ocil:title>
102 ······<ocil:actions>102 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-kernel_config_randomize_memory_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-auditd_log_format_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>104 ······</ocil:actions>
105 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-dir_perms_world_writable_sticky_bits_ocil:questionnaire:1"> 
107 ······<ocil:title>Verify·that·All·World-Writable·Directories·Have·Sticky·Bits·Set</ocil:title>106 ····<ocil:questionnaire·id="ocil:ssg-kernel_module_rds_disabled_ocil:questionnaire:1">
 107 ······<ocil:title>Disable·RDS·Support</ocil:title>
108 ······<ocil:actions>108 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-dir_perms_world_writable_sticky_bits_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-kernel_module_rds_disabled_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>110 ······</ocil:actions>
111 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-no_all_squash_exports_ocil:questionnaire:1">112 ····<ocil:questionnaire·id="ocil:ssg-package_chrony_installed_ocil:questionnaire:1">
113 ······<ocil:title>Ensure·All-Squashing·Disabled·On·All·Exports</ocil:title>113 ······<ocil:title>The·Chrony·package·is·installed</ocil:title>
114 ······<ocil:actions>114 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-no_all_squash_exports_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-package_chrony_installed_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>116 ······</ocil:actions>
117 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-dir_permissions_library_dirs_ocil:questionnaire:1">118 ····<ocil:questionnaire·id="ocil:ssg-service_systemd-journald_enabled_ocil:questionnaire:1">
119 ······<ocil:title>Verify·that·Shared·Library·Directories·Have·Restrictive·Permissions</ocil:title>119 ······<ocil:title>Enable·systemd-journald·Service</ocil:title>
120 ······<ocil:actions>120 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-dir_permissions_library_dirs_action:testaction:1</ocil:test_action_ref>121 ········<ocil:test_action_ref>ocil:ssg-service_systemd-journald_enabled_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>122 ······</ocil:actions>
123 ····</ocil:questionnaire>123 ····</ocil:questionnaire>
124 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_gssapi_auth_ocil:questionnaire:1">124 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_binary_dirs_ocil:questionnaire:1">
125 ······<ocil:title>Disable·GSSAPI·Authentication</ocil:title>125 ······<ocil:title>Verify·that·System·Executables·Have·Restrictive·Permissions</ocil:title>
Max diff block lines reached; 660774/673407 bytes (98.12%) of diff not shown.
1.68 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1604-xccdf.xml
1.68 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1604-xccdf.xml
Max HTML report size reached
2.51 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds.xml
2.51 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds.xml
Max HTML report size reached
692 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ocil.xml
692 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ocil.xml
Ordering differences only
    
Offset 3, 3101 lines modifiedOffset 3, 3101 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_ia32_emulation_ocil:questionnaire:1"> 
11 ······<ocil:title>Disable·IA32·emulation</ocil:title> 
12 ······<ocil:actions> 
13 ········<ocil:test_action_ref>ocil:ssg-kernel_config_ia32_emulation_action:testaction:1</ocil:test_action_ref> 
14 ······</ocil:actions> 
15 ····</ocil:questionnaire> 
16 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_sg_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_gshadow_ocil:questionnaire:1">
17 ······<ocil:title>Enable·checks·on·scatter-gather·(SG)·table·operations</ocil:title>11 ······<ocil:title>Verify·Group·Who·Owns·gshadow·File</ocil:title>
18 ······<ocil:actions>12 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-kernel_config_debug_sg_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_gshadow_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>14 ······</ocil:actions>
21 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_gshadow_ocil:questionnaire:1"> 
23 ······<ocil:title>Verify·Permissions·on·Backup·gshadow·File</ocil:title>16 ····<ocil:questionnaire·id="ocil:ssg-accounts_root_path_dirs_no_write_ocil:questionnaire:1">
 17 ······<ocil:title>Ensure·that·Root's·Path·Does·Not·Include·World·or·Group-Writable·Directories</ocil:title>
24 ······<ocil:actions>18 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-accounts_root_path_dirs_no_write_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>20 ······</ocil:actions>
27 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_idle_timeout_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_unlink_ocil:questionnaire:1">
29 ······<ocil:title>Set·SSH·Client·Alive·Interval</ocil:title>23 ······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·unlink</ocil:title>
30 ······<ocil:actions>24 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-sshd_set_idle_timeout_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_unlink_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>26 ······</ocil:actions>
33 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-grub2_rng_core_default_quality_argument_ocil:questionnaire:1"> 
35 ······<ocil:title>Configure·the·confidence·in·TPM·for·entropy</ocil:title>28 ····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_gshadow_ocil:questionnaire:1">
 29 ······<ocil:title>Verify·User·Who·Owns·gshadow·File</ocil:title>
36 ······<ocil:actions>30 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-grub2_rng_core_default_quality_argument_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-file_owner_etc_gshadow_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>32 ······</ocil:actions>
39 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1"> 
41 ······<ocil:title>Add·noexec·Option·to·/var/tmp</ocil:title>34 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lremovexattr_ocil:questionnaire:1">
 35 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·lremovexattr</ocil:title>
42 ······<ocil:actions>36 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_lremovexattr_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>38 ······</ocil:actions>
45 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_tcp_forwarding_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
47 ······<ocil:title>Disable·SSH·TCP·Forwarding</ocil:title>41 ······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·rename</ocil:title>
48 ······<ocil:actions>42 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_tcp_forwarding_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>44 ······</ocil:actions>
51 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1"> 
53 ······<ocil:title>Configure·auditd·max_log_file_action·Upon·Reaching·Maximum·Log·Size</ocil:title>46 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_group_ocil:questionnaire:1">
 47 ······<ocil:title>Verify·Permissions·on·group·File</ocil:title>
54 ······<ocil:actions>48 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_group_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>50 ······</ocil:actions>
57 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_space_left_action_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_ia32_emulation_ocil:questionnaire:1">
59 ······<ocil:title>Configure·auditd·space_left·Action·on·Low·Disk·Space</ocil:title>53 ······<ocil:title>Disable·IA32·emulation</ocil:title>
60 ······<ocil:actions>54 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-kernel_config_ia32_emulation_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>56 ······</ocil:actions>
63 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_disk_full_action_ocil:questionnaire:1"> 
65 ······<ocil:title>Configure·auditd·Disk·Full·Action·when·Disk·Space·Is·Full</ocil:title>58 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_hash_ocil:questionnaire:1">
 59 ······<ocil:title>Specify·the·hash·to·use·when·signing·modules</ocil:title>
66 ······<ocil:actions>60 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-auditd_data_disk_full_action_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_hash_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>62 ······</ocil:actions>
69 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-securetty_root_login_console_only_ocil:questionnaire:1"> 
71 ······<ocil:title>Restrict·Virtual·Console·Root·Logins</ocil:title>64 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_group_ocil:questionnaire:1">
 65 ······<ocil:title>Verify·Group·Who·Owns·Backup·group·File</ocil:title>
72 ······<ocil:actions>66 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-securetty_root_login_console_only_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_group_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>68 ······</ocil:actions>
75 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-package_syslogng_installed_ocil:questionnaire:1"> 
77 ······<ocil:title>Ensure·syslog-ng·is·Installed</ocil:title>70 ····<ocil:questionnaire·id="ocil:ssg-sudoers_no_command_negation_ocil:questionnaire:1">
 71 ······<ocil:title>Don't·define·allowed·commands·in·sudoers·by·means·of·exclusion</ocil:title>
78 ······<ocil:actions>72 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-package_syslogng_installed_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-sudoers_no_command_negation_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>74 ······</ocil:actions>
81 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-accounts_minimum_age_login_defs_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-mount_option_tmp_nodev_ocil:questionnaire:1">
83 ······<ocil:title>Set·Password·Minimum·Age</ocil:title>77 ······<ocil:title>Add·nodev·Option·to·/tmp</ocil:title>
84 ······<ocil:actions>78 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-accounts_minimum_age_login_defs_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-mount_option_tmp_nodev_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>80 ······</ocil:actions>
87 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lremovexattr_ocil:questionnaire:1"> 
89 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·lremovexattr</ocil:title>82 ····<ocil:questionnaire·id="ocil:ssg-package_openssh-server_installed_ocil:questionnaire:1">
 83 ······<ocil:title>Install·the·OpenSSH·Server·Package</ocil:title>
90 ······<ocil:actions>84 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_lremovexattr_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-package_openssh-server_installed_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>86 ······</ocil:actions>
93 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_randomize_base_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-kernel_module_rds_disabled_ocil:questionnaire:1">
95 ······<ocil:title>Randomize·the·address·of·the·kernel·image·(KASLR)</ocil:title>89 ······<ocil:title>Disable·RDS·Support</ocil:title>
96 ······<ocil:actions>90 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-kernel_config_randomize_base_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-kernel_module_rds_disabled_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>92 ······</ocil:actions>
99 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-service_rsyslog_enabled_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-partition_for_var_tmp_ocil:questionnaire:1">
101 ······<ocil:title>Enable·rsyslog·Service</ocil:title>95 ······<ocil:title>Ensure·/var/tmp·Located·On·Separate·Partition</ocil:title>
102 ······<ocil:actions>96 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-service_rsyslog_enabled_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-partition_for_var_tmp_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>98 ······</ocil:actions>
105 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-selinux_not_disabled_ocil:questionnaire:1">100 ····<ocil:questionnaire·id="ocil:ssg-accounts_minimum_age_login_defs_ocil:questionnaire:1">
107 ······<ocil:title>Ensure·SELinux·is·Not·Disabled</ocil:title>101 ······<ocil:title>Set·Password·Minimum·Age</ocil:title>
108 ······<ocil:actions>102 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-selinux_not_disabled_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-accounts_minimum_age_login_defs_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>104 ······</ocil:actions>
111 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-auditd_overflow_action_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_compat_vdso_ocil:questionnaire:1">
113 ······<ocil:title>Appropriate·Action·Must·be·Setup·When·the·Internal·Audit·Event·Queue·is·Full</ocil:title>107 ······<ocil:title>Disable·the·32-bit·vDSO</ocil:title>
114 ······<ocil:actions>108 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-auditd_overflow_action_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-kernel_config_compat_vdso_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>110 ······</ocil:actions>
117 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-audit_privileged_commands_reboot_ocil:questionnaire:1">112 ····<ocil:questionnaire·id="ocil:ssg-no_rsh_trust_files_ocil:questionnaire:1">
119 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·reboot</ocil:title>113 ······<ocil:title>Remove·Rsh·Trust·Files</ocil:title>
120 ······<ocil:actions>114 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-audit_privileged_commands_reboot_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-no_rsh_trust_files_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 696718/708771 bytes (98.30%) of diff not shown.
1.77 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml
1.77 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml
Max HTML report size reached
5.18 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml
5.18 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml
Max HTML report size reached
1.31 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ocil.xml
1.31 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ocil.xml
Ordering differences only
    
Offset 3, 9523 lines modifiedOffset 3, 9426 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-sshd_use_strong_kex_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-dir_permissions_library_dirs_ocil:questionnaire:1">
11 ······<ocil:title>Use·Only·Strong·Key·Exchange·algorithms</ocil:title>11 ······<ocil:title>Verify·that·Shared·Library·Directories·Have·Restrictive·Permissions</ocil:title>
12 ······<ocil:actions>12 ······<ocil:actions>
13 ········<ocil:test_action_ref>ocil:ssg-sshd_use_strong_kex_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-dir_permissions_library_dirs_action:testaction:1</ocil:test_action_ref>
14 ······</ocil:actions>14 ······</ocil:actions>
15 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
16 ····<ocil:questionnaire·id="ocil:ssg-bios_enable_execution_restrictions_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_dmesg_restrict_ocil:questionnaire:1">
17 ······<ocil:title>Enable·NX·or·XD·Support·in·the·BIOS</ocil:title>17 ······<ocil:title>Restrict·Access·to·Kernel·Message·Buffer</ocil:title>
18 ······<ocil:actions>18 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-bios_enable_execution_restrictions_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_dmesg_restrict_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>20 ······</ocil:actions>
21 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-mount_option_home_nodev_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-account_unique_name_ocil:questionnaire:1">
23 ······<ocil:title>Add·nodev·Option·to·/home</ocil:title>23 ······<ocil:title>Ensure·All·Accounts·on·the·System·Have·Unique·Names</ocil:title>
24 ······<ocil:actions>24 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-mount_option_home_nodev_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-account_unique_name_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>26 ······</ocil:actions>
27 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_openat_ocil:questionnaire:1"> 
29 ······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·openat</ocil:title>28 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_systemmap_ocil:questionnaire:1">
 29 ······<ocil:title>Verify·Permissions·on·System.map·Files</ocil:title>
30 ······<ocil:actions>30 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_openat_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-file_permissions_systemmap_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>32 ······</ocil:actions>
33 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_gpasswd_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-sudo_custom_logfile_ocil:questionnaire:1">
35 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·gpasswd</ocil:title>35 ······<ocil:title>Ensure·Sudo·Logfile·Exists·-·sudo·logfile</ocil:title>
36 ······<ocil:actions>36 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_gpasswd_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-sudo_custom_logfile_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>38 ······</ocil:actions>
39 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-service_kdump_disabled_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
41 ······<ocil:title>Disable·KDump·Kernel·Crash·Analyzer·(kdump)</ocil:title>41 ······<ocil:title>Verify·User·Who·Owns·/var/log·Directory</ocil:title>
42 ······<ocil:actions>42 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-service_kdump_disabled_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>44 ······</ocil:actions>
45 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_difok_ocil:questionnaire:1"> 
47 ······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Minimum·Different·Characters</ocil:title>46 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_admin_space_left_action_ocil:questionnaire:1">
 47 ······<ocil:title>Configure·auditd·admin_space_left·Action·on·Low·Disk·Space</ocil:title>
48 ······<ocil:actions>48 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_difok_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_admin_space_left_action_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>50 ······</ocil:actions>
51 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-group_unique_name_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_sshd_config_ocil:questionnaire:1">
53 ······<ocil:title>Ensure·All·Groups·on·the·System·Have·Unique·Group·Names</ocil:title>53 ······<ocil:title>Verify·Group·Who·Owns·SSH·Server·config·file</ocil:title>
54 ······<ocil:actions>54 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-group_unique_name_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_sshd_config_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>56 ······</ocil:actions>
57 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_hash_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-sudoers_explicit_command_args_ocil:questionnaire:1">
59 ······<ocil:title>Specify·the·hash·to·use·when·signing·modules</ocil:title>59 ······<ocil:title>Explicit·arguments·in·sudo·specifications</ocil:title>
60 ······<ocil:actions>60 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_hash_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-sudoers_explicit_command_args_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>62 ······</ocil:actions>
63 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-kernel_module_sctp_disabled_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-kernel_module_ipv6_option_disabled_ocil:questionnaire:1">
65 ······<ocil:title>Disable·SCTP·Support</ocil:title>65 ······<ocil:title>Disable·IPv6·Networking·Support·Automatic·Loading</ocil:title>
66 ······<ocil:actions>66 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-kernel_module_sctp_disabled_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-kernel_module_ipv6_option_disabled_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>68 ······</ocil:actions>
69 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_stime_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_randomize_va_space_ocil:questionnaire:1">
71 ······<ocil:title>Record·Attempts·to·Alter·Time·Through·stime</ocil:title>71 ······<ocil:title>Enable·Randomized·Layout·of·Virtual·Address·Space</ocil:title>
72 ······<ocil:actions>72 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-audit_rules_time_stime_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_randomize_va_space_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>74 ······</ocil:actions>
75 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_gshadow_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-group_unique_id_ocil:questionnaire:1">
77 ······<ocil:title>Verify·Group·Who·Owns·gshadow·File</ocil:title>77 ······<ocil:title>Ensure·All·Groups·on·the·System·Have·Unique·Group·ID</ocil:title>
78 ······<ocil:actions>78 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_gshadow_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-group_unique_id_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>80 ······</ocil:actions>
81 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_passwd_ocil:questionnaire:1"> 
83 ······<ocil:title>Verify·User·Who·Owns·Backup·passwd·File</ocil:title>82 ····<ocil:questionnaire·id="ocil:ssg-kernel_module_uvcvideo_disabled_ocil:questionnaire:1">
 83 ······<ocil:title>Disable·the·uvcvideo·module</ocil:title>
84 ······<ocil:actions>84 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-kernel_module_uvcvideo_disabled_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>86 ······</ocil:actions>
87 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_var_log_ocil:questionnaire:1">
89 ······<ocil:title>Require·modules·to·be·validly·signed</ocil:title>89 ······<ocil:title>Verify·Group·Who·Owns·/var/log·Directory</ocil:title>
90 ······<ocil:actions>90 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_var_log_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>92 ······</ocil:actions>
93 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-account_use_centralized_automated_auth_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-grub2_audit_argument_ocil:questionnaire:1">
95 ······<ocil:title>Use·Centralized·and·Automated·Authentication</ocil:title>95 ······<ocil:title>Enable·Auditing·for·Processes·Which·Start·Prior·to·the·Audit·Daemon</ocil:title>
96 ······<ocil:actions>96 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-account_use_centralized_automated_auth_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-grub2_audit_argument_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>98 ······</ocil:actions>
99 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_var_log_audit_ocil:questionnaire:1"> 
101 ······<ocil:title>System·Audit·Logs·Must·Have·Mode·0640·or·Less·Permissive</ocil:title>100 ····<ocil:questionnaire·id="ocil:ssg-coredump_disable_backtraces_ocil:questionnaire:1">
 101 ······<ocil:title>Disable·core·dump·backtraces</ocil:title>
102 ······<ocil:actions>102 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-file_permissions_var_log_audit_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-coredump_disable_backtraces_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>104 ······</ocil:actions>
105 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_icmp_ignore_bogus_error_responses_ocil:questionnaire:1"> 
107 ······<ocil:title>Enable·Kernel·Parameter·to·Ignore·Bogus·ICMP·Error·Responses·on·IPv4·Interfaces</ocil:title>106 ····<ocil:questionnaire·id="ocil:ssg-sudo_require_authentication_ocil:questionnaire:1">
 107 ······<ocil:title>Ensure·Users·Re-Authenticate·for·Privilege·Escalation·-·sudo</ocil:title>
108 ······<ocil:actions>108 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_icmp_ignore_bogus_error_responses_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-sudo_require_authentication_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>110 ······</ocil:actions>
111 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-accounts_password_last_change_is_in_past_ocil:questionnaire:1"> 
113 ······<ocil:title>Ensure·all·users·last·password·change·date·is·in·the·past</ocil:title>112 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_ocil:questionnaire:1">
 113 ······<ocil:title>Configure·auditd·Max·Log·File·Size</ocil:title>
114 ······<ocil:actions>114 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-accounts_password_last_change_is_in_past_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>116 ······</ocil:actions>
117 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-sudoers_no_root_target_ocil:questionnaire:1">118 ····<ocil:questionnaire·id="ocil:ssg-disable_users_coredumps_ocil:questionnaire:1">
119 ······<ocil:title>Don't·target·root·user·in·the·sudoers·file</ocil:title>119 ······<ocil:title>Disable·Core·Dumps·for·All·Users</ocil:title>
120 ······<ocil:actions>120 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-sudoers_no_root_target_action:testaction:1</ocil:test_action_ref>121 ········<ocil:test_action_ref>ocil:ssg-disable_users_coredumps_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>122 ······</ocil:actions>
123 ····</ocil:questionnaire>123 ····</ocil:questionnaire>
Max diff block lines reached; 1357391/1370137 bytes (99.07%) of diff not shown.
3.77 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-xccdf.xml
3.77 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-xccdf.xml
Max HTML report size reached
5.44 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds.xml
5.44 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds.xml
Max HTML report size reached
1.36 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ocil.xml
1.36 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ocil.xml
Ordering differences only
    
Offset 3, 7176 lines modifiedOffset 3, 7176 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_shadow_ocil:questionnaire:1"> 
11 ······<ocil:title>Verify·Permissions·on·shadow·File</ocil:title> 
12 ······<ocil:actions> 
13 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_shadow_action:testaction:1</ocil:test_action_ref> 
14 ······</ocil:actions> 
15 ····</ocil:questionnaire> 
16 ····<ocil:questionnaire·id="ocil:ssg-sudo_add_use_pty_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_networkconfig_modification_ocil:questionnaire:1">
17 ······<ocil:title>Ensure·Only·Users·Logged·In·To·Real·tty·Can·Execute·Sudo·-·sudo·use_pty</ocil:title>11 ······<ocil:title>Record·Events·that·Modify·the·System's·Network·Environment</ocil:title>
18 ······<ocil:actions>12 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-sudo_add_use_pty_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-audit_rules_networkconfig_modification_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>14 ······</ocil:actions>
21 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-no_rsh_trust_files_ocil:questionnaire:1">
23 ······<ocil:title>Harden·SSH·client·Crypto·Policy</ocil:title>17 ······<ocil:title>Remove·Rsh·Trust·Files</ocil:title>
24 ······<ocil:actions>18 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-no_rsh_trust_files_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>20 ······</ocil:actions>
27 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_group_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_cron_monthly_ocil:questionnaire:1">
29 ······<ocil:title>Verify·Group·Who·Owns·group·File</ocil:title>23 ······<ocil:title>Verify·Permissions·on·cron.monthly</ocil:title>
30 ······<ocil:actions>24 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_group_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-file_permissions_cron_monthly_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>26 ······</ocil:actions>
33 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-accounts_logon_fail_delay_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-rsyslog_remote_loghost_ocil:questionnaire:1">
35 ······<ocil:title>Ensure·the·Logon·Failure·Delay·is·Set·Correctly·in·login.defs</ocil:title>29 ······<ocil:title>Ensure·Logs·Sent·To·Remote·Host</ocil:title>
36 ······<ocil:actions>30 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-accounts_logon_fail_delay_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-rsyslog_remote_loghost_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>32 ······</ocil:actions>
39 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_systemmap_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_audit_rulesd_ocil:questionnaire:1">
41 ······<ocil:title>Verify·Permissions·on·System.map·Files</ocil:title>35 ······<ocil:title>Verify·Permissions·on·/etc/audit/rules.d/*.rules</ocil:title>
42 ······<ocil:actions>36 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-file_permissions_systemmap_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_audit_rulesd_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>38 ······</ocil:actions>
45 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_opasswd_ocil:questionnaire:1"> 
47 ······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/security/opasswd</ocil:title>40 ····<ocil:questionnaire·id="ocil:ssg-mount_option_var_log_audit_nodev_ocil:questionnaire:1">
 41 ······<ocil:title>Add·nodev·Option·to·/var/log/audit</ocil:title>
48 ······<ocil:actions>42 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_opasswd_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-mount_option_var_log_audit_nodev_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>44 ······</ocil:actions>
51 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-package_nftables_installed_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-auditd_overflow_action_ocil:questionnaire:1">
53 ······<ocil:title>Install·nftables·Package</ocil:title>47 ······<ocil:title>Appropriate·Action·Must·be·Setup·When·the·Internal·Audit·Event·Queue·is·Full</ocil:title>
54 ······<ocil:actions>48 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-package_nftables_installed_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-auditd_overflow_action_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>50 ······</ocil:actions>
57 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-rsyslog_filecreatemode_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-nftables_rules_permanent_ocil:questionnaire:1">
59 ······<ocil:title>Ensure·rsyslog·Default·File·Permissions·Configured</ocil:title>53 ······<ocil:title>Ensure·nftables·Rules·are·Permanent</ocil:title>
60 ······<ocil:actions>54 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-rsyslog_filecreatemode_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-nftables_rules_permanent_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>56 ······</ocil:actions>
63 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_arp_filter_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-package_cups_removed_ocil:questionnaire:1">
65 ······<ocil:title>Configure·ARP·filtering·for·All·IPv4·Interfaces</ocil:title>59 ······<ocil:title>Uninstall·CUPS·Package</ocil:title>
66 ······<ocil:actions>60 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_arp_filter_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-package_cups_removed_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>62 ······</ocil:actions>
69 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_sshd_config_ocil:questionnaire:1"> 
71 ······<ocil:title>Verify·Group·Who·Owns·SSH·Server·config·file</ocil:title>64 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_accept_source_route_ocil:questionnaire:1">
 65 ······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·IPv4·Interfaces·by·Default</ocil:title>
72 ······<ocil:actions>66 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_sshd_config_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_accept_source_route_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>68 ······</ocil:actions>
75 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_tcp_forwarding_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-rsyslog_files_ownership_ocil:questionnaire:1">
77 ······<ocil:title>Disable·SSH·TCP·Forwarding</ocil:title>71 ······<ocil:title>Ensure·Log·Files·Are·Owned·By·Appropriate·User</ocil:title>
78 ······<ocil:actions>72 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_tcp_forwarding_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-rsyslog_files_ownership_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>74 ······</ocil:actions>
81 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_silent_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_maxstartups_ocil:questionnaire:1">
83 ······<ocil:title>Do·Not·Show·System·Messages·When·Unsuccessful·Logon·Attempts·Occur</ocil:title>77 ······<ocil:title>Ensure·SSH·MaxStartups·is·configured</ocil:title>
84 ······<ocil:actions>78 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-accounts_passwords_pam_faillock_silent_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-sshd_set_maxstartups_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>80 ······</ocil:actions>
87 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_num_logs_ocil:questionnaire:1"> 
89 ······<ocil:title>Configure·auditd·Number·of·Logs·Retained</ocil:title>82 ····<ocil:questionnaire·id="ocil:ssg-accounts_user_dot_no_world_writable_programs_ocil:questionnaire:1">
 83 ······<ocil:title>User·Initialization·Files·Must·Not·Run·World-Writable·Programs</ocil:title>
90 ······<ocil:actions>84 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_num_logs_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-accounts_user_dot_no_world_writable_programs_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>86 ······</ocil:actions>
93 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_shadow_ocil:questionnaire:1"> 
95 ······<ocil:title>Verify·Permissions·on·Backup·shadow·File</ocil:title>88 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_accept_ra_ocil:questionnaire:1">
 89 ······<ocil:title>Configure·Accepting·Router·Advertisements·on·All·IPv6·Interfaces</ocil:title>
96 ······<ocil:actions>90 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_shadow_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_accept_ra_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>92 ······</ocil:actions>
99 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_ip_forward_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_route_localnet_ocil:questionnaire:1">
101 ······<ocil:title>Disable·Kernel·Parameter·for·IP·Forwarding·on·IPv4·Interfaces</ocil:title>95 ······<ocil:title>Prevent·Routing·External·Traffic·to·Local·Loopback·on·All·IPv4·Interfaces</ocil:title>
102 ······<ocil:actions>96 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_ip_forward_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_route_localnet_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>98 ······</ocil:actions>
105 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-mount_option_var_log_audit_nodev_ocil:questionnaire:1"> 
107 ······<ocil:title>Add·nodev·Option·to·/var/log/audit</ocil:title>100 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_gshadow_ocil:questionnaire:1">
 101 ······<ocil:title>Verify·Group·Who·Owns·Backup·gshadow·File</ocil:title>
108 ······<ocil:actions>102 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-mount_option_var_log_audit_nodev_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>104 ······</ocil:actions>
111 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_motd_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-package_openssh-server_installed_ocil:questionnaire:1">
113 ······<ocil:title>Verify·ownership·of·Message·of·the·Day·Banner</ocil:title>107 ······<ocil:title>Install·the·OpenSSH·Server·Package</ocil:title>
114 ······<ocil:actions>108 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-file_owner_etc_motd_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-package_openssh-server_installed_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>110 ······</ocil:actions>
117 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-service_ufw_enabled_ocil:questionnaire:1"> 
119 ······<ocil:title>Verify·ufw·Enabled</ocil:title>112 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_pam_timestamp_check_ocil:questionnaire:1">
 113 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·pam_timestamp_check</ocil:title>
120 ······<ocil:actions>114 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-service_ufw_enabled_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_pam_timestamp_check_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>116 ······</ocil:actions>
123 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
Max diff block lines reached; 1414529/1427140 bytes (99.12%) of diff not shown.
3.84 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-xccdf.xml
3.84 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-xccdf.xml
Max HTML report size reached
3.69 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2404-ds.xml
3.69 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2404-ds.xml
Max HTML report size reached
881 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2404-ocil.xml
881 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2404-ocil.xml
Ordering differences only
    
Offset 3, 3735 lines modifiedOffset 3, 3735 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1"> 
11 ······<ocil:title>Ensure·auditd·Collects·Information·on·Kernel·Module·Unloading·-·delete_module</ocil:title> 
12 ······<ocil:actions> 
13 ········<ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref> 
14 ······</ocil:actions> 
15 ····</ocil:questionnaire> 
16 ····<ocil:questionnaire·id="ocil:ssg-service_slapd_disabled_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
17 ······<ocil:title>Disable·LDAP·Server·(slapd)</ocil:title>11 ······<ocil:title>Verify·Permissions·on·Backup·passwd·File</ocil:title>
18 ······<ocil:actions>12 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-service_slapd_disabled_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>14 ······</ocil:actions>
21 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-package_audit-audispd-plugins_installed_ocil:questionnaire:1"> 
23 ······<ocil:title>Ensure·the·default·plugins·for·the·audit·dispatcher·are·Installed</ocil:title>16 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_accept_redirects_ocil:questionnaire:1">
 17 ······<ocil:title>Disable·Accepting·ICMP·Redirects·for·All·IPv6·Interfaces</ocil:title>
24 ······<ocil:actions>18 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-package_audit-audispd-plugins_installed_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_accept_redirects_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>20 ······</ocil:actions>
27 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_truncate_ocil:questionnaire:1"> 
29 ······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·truncate</ocil:title>22 ····<ocil:questionnaire·id="ocil:ssg-mount_option_var_nosuid_ocil:questionnaire:1">
 23 ······<ocil:title>Add·nosuid·Option·to·/var</ocil:title>
30 ······<ocil:actions>24 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_truncate_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-mount_option_var_nosuid_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>26 ······</ocil:actions>
33 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_ocil:questionnaire:1"> 
35 ······<ocil:title>Enable·Kernel·Parameter·to·Use·Reverse·Path·Filtering·on·all·IPv4·Interfaces</ocil:title>28 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_setxattr_ocil:questionnaire:1">
 29 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·setxattr</ocil:title>
36 ······<ocil:actions>30 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_setxattr_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>32 ······</ocil:actions>
39 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_group_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
41 ······<ocil:title>Verify·Permissions·on·group·File</ocil:title>35 ······<ocil:title>Configure·auditd·mail_acct·Action·on·Low·Disk·Space</ocil:title>
42 ······<ocil:actions>36 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_group_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>38 ······</ocil:actions>
45 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-partition_for_var_log_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_login_events_faillock_ocil:questionnaire:1">
47 ······<ocil:title>Ensure·/var/log·Located·On·Separate·Partition</ocil:title>41 ······<ocil:title>Record·Attempts·to·Alter·Logon·and·Logout·Events·-·faillock</ocil:title>
48 ······<ocil:actions>42 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-partition_for_var_log_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-audit_rules_login_events_faillock_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>44 ······</ocil:actions>
51 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_passwd_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-package_bind_removed_ocil:questionnaire:1">
53 ······<ocil:title>Verify·Permissions·on·passwd·File</ocil:title>47 ······<ocil:title>Uninstall·bind·Package</ocil:title>
54 ······<ocil:actions>48 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_passwd_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-package_bind_removed_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>50 ······</ocil:actions>
57 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_shadow_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-grub2_uefi_password_ocil:questionnaire:1">
59 ······<ocil:title>Verify·Group·Who·Owns·shadow·File</ocil:title>53 ······<ocil:title>Set·the·UEFI·Boot·Loader·Password</ocil:title>
60 ······<ocil:actions>54 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_shadow_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-grub2_uefi_password_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>56 ······</ocil:actions>
63 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_renameat_ocil:questionnaire:1"> 
65 ······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·renameat</ocil:title>58 ····<ocil:questionnaire·id="ocil:ssg-journald_forward_to_syslog_ocil:questionnaire:1">
 59 ······<ocil:title>Ensure·journald·is·configured·to·send·logs·to·rsyslog</ocil:title>
66 ······<ocil:actions>60 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_renameat_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-journald_forward_to_syslog_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>62 ······</ocil:actions>
69 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-file_ownership_audit_binaries_ocil:questionnaire:1"> 
71 ······<ocil:title>Verify·that·audit·tools·are·owned·by·root</ocil:title>64 ····<ocil:questionnaire·id="ocil:ssg-package_cron_installed_ocil:questionnaire:1">
 65 ······<ocil:title>Install·the·cron·service</ocil:title>
72 ······<ocil:actions>66 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-file_ownership_audit_binaries_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-package_cron_installed_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>68 ······</ocil:actions>
75 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_openat_ocil:questionnaire:1"> 
77 ······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·openat</ocil:title>70 ····<ocil:questionnaire·id="ocil:ssg-accounts_tmout_ocil:questionnaire:1">
 71 ······<ocil:title>Set·Interactive·Session·Timeout</ocil:title>
78 ······<ocil:actions>72 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_openat_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-accounts_tmout_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>74 ······</ocil:actions>
81 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_randomize_va_space_ocil:questionnaire:1">
83 ······<ocil:title>Configure·auditd·Disk·Error·Action·on·Disk·Error</ocil:title>77 ······<ocil:title>Enable·Randomized·Layout·of·Virtual·Address·Space</ocil:title>
84 ······<ocil:actions>78 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_randomize_va_space_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>80 ······</ocil:actions>
87 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-set_ip6tables_default_rule_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-partition_for_dev_shm_ocil:questionnaire:1">
89 ······<ocil:title>Set·Default·ip6tables·Policy·for·Incoming·Packets</ocil:title>83 ······<ocil:title>Ensure·/dev/shm·is·configured</ocil:title>
90 ······<ocil:actions>84 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-set_ip6tables_default_rule_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-partition_for_dev_shm_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>86 ······</ocil:actions>
93 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_cron_monthly_ocil:questionnaire:1"> 
95 ······<ocil:title>Verify·Permissions·on·cron.monthly</ocil:title>88 ····<ocil:questionnaire·id="ocil:ssg-mount_option_var_log_audit_noexec_ocil:questionnaire:1">
 89 ······<ocil:title>Add·noexec·Option·to·/var/log/audit</ocil:title>
96 ······<ocil:actions>90 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-file_permissions_cron_monthly_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-mount_option_var_log_audit_noexec_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>92 ······</ocil:actions>
99 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_chmod_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_keepalive_ocil:questionnaire:1">
101 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·chmod</ocil:title>95 ······<ocil:title>Set·SSH·Client·Alive·Count·Max</ocil:title>
102 ······<ocil:actions>96 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_chmod_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-sshd_set_keepalive_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>98 ······</ocil:actions>
105 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-package_rsyslog_installed_ocil:questionnaire:1">100 ····<ocil:questionnaire·id="ocil:ssg-package_talk_removed_ocil:questionnaire:1">
107 ······<ocil:title>Ensure·rsyslog·is·Installed</ocil:title>101 ······<ocil:title>Uninstall·talk·Package</ocil:title>
108 ······<ocil:actions>102 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-package_rsyslog_installed_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-package_talk_removed_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>104 ······</ocil:actions>
111 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-package_chrony_installed_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_ocredit_ocil:questionnaire:1">
113 ······<ocil:title>The·Chrony·package·is·installed</ocil:title>107 ······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Minimum·Special·Characters</ocil:title>
114 ······<ocil:actions>108 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-package_chrony_installed_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_ocredit_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>110 ······</ocil:actions>
117 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_passwd_ocil:questionnaire:1">112 ····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_issue_net_ocil:questionnaire:1">
119 ······<ocil:title>Verify·User·Who·Owns·Backup·passwd·File</ocil:title>113 ······<ocil:title>Verify·ownership·of·System·Login·Banner·for·Remote·Connections</ocil:title>
120 ······<ocil:actions>114 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-file_owner_etc_issue_net_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>116 ······</ocil:actions>
Max diff block lines reached; 889611/901791 bytes (98.65%) of diff not shown.
2.74 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2404-xccdf.xml
2.74 MB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2404-xccdf.xml
Max HTML report size reached
67.8 MB
ssg-debian_0.1.76-1_all.deb
452 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary1 -rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary
2 -rw-r--r--···0········0········0·····1980·2025-03-01·08:08:00.000000·control.tar.xz2 -rw-r--r--···0········0········0·····1976·2025-03-01·08:08:00.000000·control.tar.xz
3 -rw-r--r--···0········0········0··1230320·2025-03-01·08:08:00.000000·data.tar.xz3 -rw-r--r--···0········0········0··1228060·2025-03-01·08:08:00.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
67.8 MB
data.tar.xz
67.8 MB
data.tar
1.14 MB
./usr/share/doc/ssg-debian/ssg-debian11-guide-anssi_np_nt28_average.html
    
Offset 15996, 146 lines modifiedOffset 15996, 146 lines modified
0003e7b0:·6765·743d·2223·6964·6d31·3935·3722·2074··get="#idm1957"·t0003e7b0:·6765·743d·2223·6964·6d31·3935·3722·2074··get="#idm1957"·t
0003e7c0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003e7c0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003e7d0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003e7d0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003e7e0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003e7e0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003e7f0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003e7f0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003e800:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003e800:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003e810:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003e810:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
 0003e820:·2053·6865·6c6c·2073·6372·6970·7420·e287···Shell·script·..
 0003e830:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
 0003e840:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
 0003e850:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
 0003e860:·3d22·6964·6d31·3935·3722·3e3c·7461·626c··="idm1957"><tabl
 0003e870:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
 0003e880:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
 0003e890:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
 0003e8a0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
 0003e8b0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
 0003e8c0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003e8d0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di
 0003e8e0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t
 0003e8f0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
 0003e900:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</
 0003e910:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td
 0003e920:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
 0003e930:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
 0003e940:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t
 0003e950:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 0003e960:·636f·6465·3e0a·666f·7220·6620·696e·202f··code>.for·f·in·/
 0003e970:·6574·632f·7375·646f·6572·7320·2f65·7463··etc/sudoers·/etc
 0003e980:·2f73·7564·6f65·7273·2e64·2f2a·203b·2064··/sudoers.d/*·;·d
 0003e990:·6f0a·2020·6966·205b·2021·202d·6520·2224··o.··if·[·!·-e·"$
 0003e9a0:·6622·205d·203b·2074·6865·6e0a·2020·2020··f"·]·;·then.····
 0003e9b0:·636f·6e74·696e·7565·0a20·2066·690a·2020··continue.··fi.··
 0003e9c0:·6d61·7463·6869·6e67·5f6c·6973·743d·2428··matching_list=$(
 0003e9d0:·6772·6570·202d·5020·275e·283f·2123·292e··grep·-P·'^(?!#).
 0003e9e0:·2a5b·5c73·5d2b·5c21·6175·7468·656e·7469··*[\s]+\!authenti
 0003e9f0:·6361·7465·2e2a·2427·2024·6620·7c20·756e··cate.*$'·$f·|·un
 0003ea00:·6971·2029·0a20·2069·6620·2120·7465·7374··iq·).··if·!·test
 0003ea10:·202d·7a20·2224·6d61·7463·6869·6e67·5f6c···-z·"$matching_l
 0003ea20:·6973·7422·3b20·7468·656e·0a20·2020·2077··ist";·then.····w
 0003ea30:·6869·6c65·2049·4653·3d20·7265·6164·202d··hile·IFS=·read·-
 0003ea40:·7220·656e·7472·793b·2064·6f0a·2020·2020··r·entry;·do.····
 0003ea50:·2020·2320·636f·6d6d·656e·7420·6f75·7420····#·comment·out·
 0003ea60:·2221·6175·7468·656e·7469·6361·7465·2220··"!authenticate"·
 0003ea70:·6d61·7463·6865·7320·746f·2070·7265·7365··matches·to·prese
 0003ea80:·7276·6520·7573·6572·2064·6174·610a·2020··rve·user·data.··
 0003ea90:·2020·2020·7365·6420·2d69·2022·732f·5e24······sed·-i·"s/^$
 0003eaa0:·7b65·6e74·7279·7d24·2f23·2026·616d·703b··{entry}$/#·&amp;
 0003eab0:·2f67·2220·2466·0a20·2020·2064·6f6e·6520··/g"·$f.····done·
 0003eac0:·266c·743b·266c·743b·266c·743b·2022·246d··&lt;&lt;&lt;·"$m
 0003ead0:·6174·6368·696e·675f·6c69·7374·220a·0a20··atching_list"..·
 0003eae0:·2020·202f·7573·722f·7362·696e·2f76·6973·····/usr/sbin/vis
 0003eaf0:·7564·6f20·2d63·6620·2466·2026·616d·703b··udo·-cf·$f·&amp;
 0003eb00:·2667·743b·202f·6465·762f·6e75·6c6c·207c··&gt;·/dev/null·|
 0003eb10:·7c20·6563·686f·2022·4661·696c·2074·6f20··|·echo·"Fail·to·
 0003eb20:·7661·6c69·6461·7465·2024·6620·7769·7468··validate·$f·with
 0003eb30:·2076·6973·7564·6f22·0a20·2066·690a·646f···visudo".··fi.do
 0003eb40:·6e65·0a3c·2f63·6f64·653e·3c2f·7072·653e··ne.</code></pre>
 0003eb50:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="
 0003eb60:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"
 0003eb70:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co
 0003eb80:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar
 0003eb90:·6765·743d·2223·6964·6d31·3935·3822·2074··get="#idm1958"·t
 0003eba0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
 0003ebb0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
 0003ebc0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
 0003ebd0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
 0003ebe0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
 0003ebf0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003e820:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet0003ec00:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet
0003e830:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div0003ec10:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003e840:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0003ec20:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003e850:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"0003ec30:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003e860:·2069·643d·2269·646d·3139·3537·223e·3c74···id="idm1957"><t0003ec40:·2069·643d·2269·646d·3139·3538·223e·3c74···id="idm1958"><t
0003e870:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl0003ec50:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
0003e880:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·0003ec60:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
0003e890:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t0003ec70:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
0003e8a0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">0003ec80:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
0003e8b0:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003e8c0:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003e8d0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003e8e0:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003e8f0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003e900:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003e910:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003e920:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003e930:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003e940:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td> 
0003e950:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
0003e960:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:· 
0003e970:·4669·6e64·202f·6574·632f·7375·646f·6572··Find·/etc/sudoer 
0003e980:·732e·642f·2066·696c·6573·0a20·2061·6e73··s.d/·files.··ans 
0003e990:·6962·6c65·2e62·7569·6c74·696e·2e66·696e··ible.builtin.fin 
0003e9a0:·643a·0a20·2020·2070·6174·6873·3a0a·2020··d:.····paths:.·· 
0003e9b0:·2020·2d20·2f65·7463·2f73·7564·6f65·7273····-·/etc/sudoers 
0003e9c0:·2e64·2f0a·2020·7265·6769·7374·6572·3a20··.d/.··register:· 
0003e9d0:·7375·646f·6572·730a·2020·7461·6773·3a0a··sudoers.··tags:. 
0003e9e0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53- 
0003e9f0:·434d·2d36·2861·290a·2020·2d20·4e49·5354··CM-6(a).··-·NIST 
0003ea00:·2d38·3030·2d35·332d·4941·2d31·310a·2020··-800-53-IA-11.·· 
0003ea10:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity 
0003ea20:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt 
0003ea30:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s 
0003ea40:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r 
0003ea50:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··- 
0003ea60:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate 
0003ea70:·6779·0a20·202d·2073·7564·6f5f·7265·6d6f··gy.··-·sudo_remo 
0003ea80:·7665·5f6e·6f5f·6175·7468·656e·7469·6361··ve_no_authentica 
0003ea90:·7465·0a0a·2d20·6e61·6d65·3a20·5265·6d6f··te..-·name:·Remo 
0003eaa0:·7665·206c·696e·6573·2063·6f6e·7461·696e··ve·lines·contain 
0003eab0:·696e·6720·2161·7574·6865·6e74·6963·6174··ing·!authenticat 
0003eac0:·6520·6672·6f6d·2073·7564·6f65·7273·2066··e·from·sudoers·f 
0003ead0:·696c·6573·0a20·2061·6e73·6962·6c65·2e62··iles.··ansible.b 
0003eae0:·7569·6c74·696e·2e72·6570·6c61·6365·3a0a··uiltin.replace:. 
0003eaf0:·2020·2020·7265·6765·7870·3a20·285e·283f······regexp:·(^(? 
0003eb00:·2123·292e·2a5b·5c73·5d2b·5c21·6175·7468··!#).*[\s]+\!auth 
0003eb10:·656e·7469·6361·7465·2e2a·2429·0a20·2020··enticate.*$).··· 
0003eb20:·2072·6570·6c61·6365·3a20·2723·205c·6726···replace:·'#·\g& 
0003eb30:·6c74·3b31·2667·743b·270a·2020·2020·7061··lt;1&gt;'.····pa 
0003eb40:·7468·3a20·277b·7b20·6974·656d·2e70·6174··th:·'{{·item.pat 
0003eb50:·6820·7d7d·270a·2020·2020·7661·6c69·6461··h·}}'.····valida 
0003eb60:·7465·3a20·2f75·7372·2f73·6269·6e2f·7669··te:·/usr/sbin/vi 
0003eb70:·7375·646f·202d·6366·2025·730a·2020·7769··sudo·-cf·%s.··wi 
0003eb80:·7468·5f69·7465·6d73·3a0a·2020·2d20·7061··th_items:.··-·pa 
0003eb90:·7468·3a20·2f65·7463·2f73·7564·6f65·7273··th:·/etc/sudoers 
0003eba0:·0a20·202d·2027·7b7b·2073·7564·6f65·7273··.··-·'{{·sudoers 
0003ebb0:·2e66·696c·6573·207d·7d27·0a20·2074·6167··.files·}}'.··tag 
Max diff block lines reached; 1047624/1066420 bytes (98.24%) of diff not shown.
125 KB
html2text {}
    
Offset 227, 14 lines modifiedOffset 227, 35 lines modified
227 ···························1.7,·SR·1.8,·SR·1.9227 ···························1.7,·SR·1.8,·SR·1.9
228 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,228 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
229 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3229 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
230 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)230 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
231 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7231 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
232 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,232 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
233 ···························SRG-OS-000373-GPOS-00158233 ···························SRG-OS-000373-GPOS-00158
 234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 235 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 236 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 237 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 238 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 239 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 240 ··if·[·!·-e·"$f"·]·;·then
 241 ····continue
 242 ··fi
 243 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 244 ··if·!·test·-z·"$matching_list";·then
 245 ····while·IFS=·read·-r·entry;·do
 246 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 247 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 248 ····done·<<<·"$matching_list"
  
 249 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 250 visudo"
 251 ··fi
 252 done
234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8253 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
235 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low254 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
236 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low255 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
237 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false256 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
238 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict257 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
239 -·name:·Find·/etc/sudoers.d/·files258 -·name:·Find·/etc/sudoers.d/·files
240 ··ansible.builtin.find:259 ··ansible.builtin.find:
Offset 265, 35 lines modifiedOffset 286, 14 lines modified
265 ··-·NIST-800-53-IA-11286 ··-·NIST-800-53-IA-11
266 ··-·low_complexity287 ··-·low_complexity
267 ··-·low_disruption288 ··-·low_disruption
268 ··-·medium_severity289 ··-·medium_severity
269 ··-·no_reboot_needed290 ··-·no_reboot_needed
270 ··-·restrict_strategy291 ··-·restrict_strategy
271 ··-·sudo_remove_no_authenticate292 ··-·sudo_remove_no_authenticate
272 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
273 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
274 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
275 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
276 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
277 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
278 ··if·[·!·-e·"$f"·]·;·then 
279 ····continue 
280 ··fi 
281 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
282 ··if·!·test·-z·"$matching_list";·then 
283 ····while·IFS=·read·-r·entry;·do 
284 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
285 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
286 ····done·<<<·"$matching_list" 
  
287 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
288 visudo" 
289 ··fi 
290 done 
291 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o293 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
292 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*294 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
293 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using295 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
294 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure296 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
295 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any297 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
296 sudo·configuration·snippets·in·/etc/sudoers.d/.298 sudo·configuration·snippets·in·/etc/sudoers.d/.
297 ············Without·re-authentication,·users·may·access·resources·or·perform299 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 314, 14 lines modifiedOffset 314, 35 lines modified
314 ···························1.7,·SR·1.8,·SR·1.9314 ···························1.7,·SR·1.8,·SR·1.9
315 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,315 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
316 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3316 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
317 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)317 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
318 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7318 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
319 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,319 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
320 ···························SRG-OS-000373-GPOS-00158320 ···························SRG-OS-000373-GPOS-00158
 321 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 322 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 323 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 324 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 325 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 326 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 327 ··if·[·!·-e·"$f"·]·;·then
 328 ····continue
 329 ··fi
 330 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 331 ··if·!·test·-z·"$matching_list";·then
 332 ····while·IFS=·read·-r·entry;·do
 333 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 334 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 335 ····done·<<<·"$matching_list"
  
 336 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 337 visudo"
 338 ··fi
 339 done
321 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8340 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
322 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low341 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
323 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low342 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
324 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false343 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
325 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict344 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
326 -·name:·Find·/etc/sudoers.d/·files345 -·name:·Find·/etc/sudoers.d/·files
327 ··ansible.builtin.find:346 ··ansible.builtin.find:
Offset 352, 35 lines modifiedOffset 373, 14 lines modified
352 ··-·NIST-800-53-IA-11373 ··-·NIST-800-53-IA-11
353 ··-·low_complexity374 ··-·low_complexity
354 ··-·low_disruption375 ··-·low_disruption
355 ··-·medium_severity376 ··-·medium_severity
356 ··-·no_reboot_needed377 ··-·no_reboot_needed
357 ··-·restrict_strategy378 ··-·restrict_strategy
358 ··-·sudo_remove_nopasswd379 ··-·sudo_remove_nopasswd
359 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
360 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
361 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
362 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
363 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
364 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
365 ··if·[·!·-e·"$f"·]·;·then 
366 ····continue 
367 ··fi 
368 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
369 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 122495/127943 bytes (95.74%) of diff not shown.
1.27 MB
./usr/share/doc/ssg-debian/ssg-debian11-guide-anssi_np_nt28_high.html
    
Offset 16016, 146 lines modifiedOffset 16016, 146 lines modified
0003e8f0:·2d74·6172·6765·743d·2223·6964·6d31·3935··-target="#idm1950003e8f0:·2d74·6172·6765·743d·2223·6964·6d31·3935··-target="#idm195
0003e900:·3722·2074·6162·696e·6465·783d·2230·2220··7"·tabindex="0"·0003e900:·3722·2074·6162·696e·6465·783d·2230·2220··7"·tabindex="0"·
0003e910:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003e910:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003e920:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003e920:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003e930:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003e930:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003e940:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003e940:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003e950:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003e950:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
 0003e960:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
 0003e970:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
 0003e980:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
 0003e990:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
 0003e9a0:·2220·6964·3d22·6964·6d31·3935·3722·3e3c··"·id="idm1957"><
 0003e9b0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
 0003e9c0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
 0003e9d0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
 0003e9e0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
 0003e9f0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
 0003ea00:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
 0003ea10:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003ea20:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
 0003ea30:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003ea40:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
 0003ea50:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
 0003ea60:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003ea70:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
 0003ea80:·3c74·643e·7265·7374·7269·6374·3c2f·7464··<td>restrict</td
 0003ea90:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
 0003eaa0:·7265·3e3c·636f·6465·3e0a·666f·7220·6620··re><code>.for·f·
 0003eab0:·696e·202f·6574·632f·7375·646f·6572·7320··in·/etc/sudoers·
 0003eac0:·2f65·7463·2f73·7564·6f65·7273·2e64·2f2a··/etc/sudoers.d/*
 0003ead0:·203b·2064·6f0a·2020·6966·205b·2021·202d···;·do.··if·[·!·-
 0003eae0:·6520·2224·6622·205d·203b·2074·6865·6e0a··e·"$f"·]·;·then.
 0003eaf0:·2020·2020·636f·6e74·696e·7565·0a20·2066······continue.··f
 0003eb00:·690a·2020·6d61·7463·6869·6e67·5f6c·6973··i.··matching_lis
 0003eb10:·743d·2428·6772·6570·202d·5020·275e·283f··t=$(grep·-P·'^(?
 0003eb20:·2123·292e·2a5b·5c73·5d2b·5c21·6175·7468··!#).*[\s]+\!auth
 0003eb30:·656e·7469·6361·7465·2e2a·2427·2024·6620··enticate.*$'·$f·
 0003eb40:·7c20·756e·6971·2029·0a20·2069·6620·2120··|·uniq·).··if·!·
 0003eb50:·7465·7374·202d·7a20·2224·6d61·7463·6869··test·-z·"$matchi
 0003eb60:·6e67·5f6c·6973·7422·3b20·7468·656e·0a20··ng_list";·then.·
 0003eb70:·2020·2077·6869·6c65·2049·4653·3d20·7265·····while·IFS=·re
 0003eb80:·6164·202d·7220·656e·7472·793b·2064·6f0a··ad·-r·entry;·do.
 0003eb90:·2020·2020·2020·2320·636f·6d6d·656e·7420········#·comment·
 0003eba0:·6f75·7420·2221·6175·7468·656e·7469·6361··out·"!authentica
 0003ebb0:·7465·2220·6d61·7463·6865·7320·746f·2070··te"·matches·to·p
 0003ebc0:·7265·7365·7276·6520·7573·6572·2064·6174··reserve·user·dat
 0003ebd0:·610a·2020·2020·2020·7365·6420·2d69·2022··a.······sed·-i·"
 0003ebe0:·732f·5e24·7b65·6e74·7279·7d24·2f23·2026··s/^${entry}$/#·&
 0003ebf0:·616d·703b·2f67·2220·2466·0a20·2020·2064··amp;/g"·$f.····d
 0003ec00:·6f6e·6520·266c·743b·266c·743b·266c·743b··one·&lt;&lt;&lt;
 0003ec10:·2022·246d·6174·6368·696e·675f·6c69·7374···"$matching_list
 0003ec20:·220a·0a20·2020·202f·7573·722f·7362·696e··"..····/usr/sbin
 0003ec30:·2f76·6973·7564·6f20·2d63·6620·2466·2026··/visudo·-cf·$f·&
 0003ec40:·616d·703b·2667·743b·202f·6465·762f·6e75··amp;&gt;·/dev/nu
 0003ec50:·6c6c·207c·7c20·6563·686f·2022·4661·696c··ll·||·echo·"Fail
 0003ec60:·2074·6f20·7661·6c69·6461·7465·2024·6620···to·validate·$f·
 0003ec70:·7769·7468·2076·6973·7564·6f22·0a20·2066··with·visudo".··f
 0003ec80:·690a·646f·6e65·0a3c·2f63·6f64·653e·3c2f··i.done.</code></
 0003ec90:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
 0003eca0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
 0003ecb0:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
 0003ecc0:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
 0003ecd0:·2d74·6172·6765·743d·2223·6964·6d31·3935··-target="#idm195
 0003ece0:·3822·2074·6162·696e·6465·783d·2230·2220··8"·tabindex="0"·
 0003ecf0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
 0003ed00:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
 0003ed10:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
 0003ed20:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
 0003ed30:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003e960:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni0003ed40:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni
0003e970:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003ed50:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>
0003e980:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003ed60:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003e990:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003ed70:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003e9a0:·7073·6522·2069·643d·2269·646d·3139·3537··pse"·id="idm19570003ed80:·7073·6522·2069·643d·2269·646d·3139·3538··pse"·id="idm1958
0003e9b0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="0003ed90:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003e9c0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003e9d0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003e9e0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003e9f0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003ea00:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003ea10:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003ea20:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003ea30:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003ea40:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003ea50:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003ea60:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003ea70:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003ea80:·7468·3e3c·7464·3e72·6573·7472·6963·743c··th><td>restrict< 
0003ea90:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003eaa0:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na 
0003eab0:·6d65·3a20·4669·6e64·202f·6574·632f·7375··me:·Find·/etc/su 
0003eac0:·646f·6572·732e·642f·2066·696c·6573·0a20··doers.d/·files.· 
0003ead0:·2061·6e73·6962·6c65·2e62·7569·6c74·696e···ansible.builtin 
0003eae0:·2e66·696e·643a·0a20·2020·2070·6174·6873··.find:.····paths 
0003eaf0:·3a0a·2020·2020·2d20·2f65·7463·2f73·7564··:.····-·/etc/sud 
0003eb00:·6f65·7273·2e64·2f0a·2020·7265·6769·7374··oers.d/.··regist 
0003eb10:·6572·3a20·7375·646f·6572·730a·2020·7461··er:·sudoers.··ta 
0003eb20:·6773·3a0a·2020·2d20·4e49·5354·2d38·3030··gs:.··-·NIST-800 
0003eb30:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-· 
0003eb40:·4e49·5354·2d38·3030·2d35·332d·4941·2d31··NIST-800-53-IA-1 
0003eb50:·310a·2020·2d20·6c6f·775f·636f·6d70·6c65··1.··-·low_comple 
0003eb60:·7869·7479·0a20·202d·206c·6f77·5f64·6973··xity.··-·low_dis 
0003eb70:·7275·7074·696f·6e0a·2020·2d20·6d65·6469··ruption.··-·medi 
0003eb80:·756d·5f73·6576·6572·6974·790a·2020·2d20··um_severity.··-· 
0003eb90:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed 
0003eba0:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st 
0003ebb0:·7261·7465·6779·0a20·202d·2073·7564·6f5f··rategy.··-·sudo_ 
0003ebc0:·7265·6d6f·7665·5f6e·6f5f·6175·7468·656e··remove_no_authen 
0003ebd0:·7469·6361·7465·0a0a·2d20·6e61·6d65·3a20··ticate..-·name:· 
0003ebe0:·5265·6d6f·7665·206c·696e·6573·2063·6f6e··Remove·lines·con 
0003ebf0:·7461·696e·696e·6720·2161·7574·6865·6e74··taining·!authent 
0003ec00:·6963·6174·6520·6672·6f6d·2073·7564·6f65··icate·from·sudoe 
0003ec10:·7273·2066·696c·6573·0a20·2061·6e73·6962··rs·files.··ansib 
0003ec20:·6c65·2e62·7569·6c74·696e·2e72·6570·6c61··le.builtin.repla 
0003ec30:·6365·3a0a·2020·2020·7265·6765·7870·3a20··ce:.····regexp:· 
0003ec40:·285e·283f·2123·292e·2a5b·5c73·5d2b·5c21··(^(?!#).*[\s]+\! 
0003ec50:·6175·7468·656e·7469·6361·7465·2e2a·2429··authenticate.*$) 
0003ec60:·0a20·2020·2072·6570·6c61·6365·3a20·2723··.····replace:·'# 
0003ec70:·205c·6726·6c74·3b31·2667·743b·270a·2020···\g&lt;1&gt;'.·· 
0003ec80:·2020·7061·7468·3a20·277b·7b20·6974·656d····path:·'{{·item 
0003ec90:·2e70·6174·6820·7d7d·270a·2020·2020·7661··.path·}}'.····va 
0003eca0:·6c69·6461·7465·3a20·2f75·7372·2f73·6269··lidate:·/usr/sbi 
0003ecb0:·6e2f·7669·7375·646f·202d·6366·2025·730a··n/visudo·-cf·%s. 
0003ecc0:·2020·7769·7468·5f69·7465·6d73·3a0a·2020····with_items:.·· 
0003ecd0:·2d20·7061·7468·3a20·2f65·7463·2f73·7564··-·path:·/etc/sud 
0003ece0:·6f65·7273·0a20·202d·2027·7b7b·2073·7564··oers.··-·'{{·sud 
0003ecf0:·6f65·7273·2e66·696c·6573·207d·7d27·0a20··oers.files·}}'.· 
Max diff block lines reached; 1167548/1186344 bytes (98.42%) of diff not shown.
137 KB
html2text {}
    
Offset 231, 14 lines modifiedOffset 231, 35 lines modified
231 ···························1.7,·SR·1.8,·SR·1.9231 ···························1.7,·SR·1.8,·SR·1.9
232 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,232 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
233 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3233 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
234 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)234 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
235 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7235 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
236 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,236 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
237 ···························SRG-OS-000373-GPOS-00158237 ···························SRG-OS-000373-GPOS-00158
 238 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 239 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 240 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 241 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 242 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 243 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 244 ··if·[·!·-e·"$f"·]·;·then
 245 ····continue
 246 ··fi
 247 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 248 ··if·!·test·-z·"$matching_list";·then
 249 ····while·IFS=·read·-r·entry;·do
 250 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 251 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 252 ····done·<<<·"$matching_list"
  
 253 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 254 visudo"
 255 ··fi
 256 done
238 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8257 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
239 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low258 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
240 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low259 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
241 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false260 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
242 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict261 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
243 -·name:·Find·/etc/sudoers.d/·files262 -·name:·Find·/etc/sudoers.d/·files
244 ··ansible.builtin.find:263 ··ansible.builtin.find:
Offset 269, 35 lines modifiedOffset 290, 14 lines modified
269 ··-·NIST-800-53-IA-11290 ··-·NIST-800-53-IA-11
270 ··-·low_complexity291 ··-·low_complexity
271 ··-·low_disruption292 ··-·low_disruption
272 ··-·medium_severity293 ··-·medium_severity
273 ··-·no_reboot_needed294 ··-·no_reboot_needed
274 ··-·restrict_strategy295 ··-·restrict_strategy
275 ··-·sudo_remove_no_authenticate296 ··-·sudo_remove_no_authenticate
276 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
277 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
278 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
279 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
280 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
281 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
282 ··if·[·!·-e·"$f"·]·;·then 
283 ····continue 
284 ··fi 
285 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
286 ··if·!·test·-z·"$matching_list";·then 
287 ····while·IFS=·read·-r·entry;·do 
288 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
289 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
290 ····done·<<<·"$matching_list" 
  
291 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
292 visudo" 
293 ··fi 
294 done 
295 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o297 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
296 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*298 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
297 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using299 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
298 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure300 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
299 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any301 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
300 sudo·configuration·snippets·in·/etc/sudoers.d/.302 sudo·configuration·snippets·in·/etc/sudoers.d/.
301 ············Without·re-authentication,·users·may·access·resources·or·perform303 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 318, 14 lines modifiedOffset 318, 35 lines modified
318 ···························1.7,·SR·1.8,·SR·1.9318 ···························1.7,·SR·1.8,·SR·1.9
319 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,319 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
320 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3320 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
321 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)321 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
322 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7322 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
323 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,323 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
324 ···························SRG-OS-000373-GPOS-00158324 ···························SRG-OS-000373-GPOS-00158
 325 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 326 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 327 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 328 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 329 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 330 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 331 ··if·[·!·-e·"$f"·]·;·then
 332 ····continue
 333 ··fi
 334 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 335 ··if·!·test·-z·"$matching_list";·then
 336 ····while·IFS=·read·-r·entry;·do
 337 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 338 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 339 ····done·<<<·"$matching_list"
  
 340 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 341 visudo"
 342 ··fi
 343 done
325 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8344 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
326 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low345 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
327 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low346 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
328 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false347 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
329 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict348 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
330 -·name:·Find·/etc/sudoers.d/·files349 -·name:·Find·/etc/sudoers.d/·files
331 ··ansible.builtin.find:350 ··ansible.builtin.find:
Offset 356, 35 lines modifiedOffset 377, 14 lines modified
356 ··-·NIST-800-53-IA-11377 ··-·NIST-800-53-IA-11
357 ··-·low_complexity378 ··-·low_complexity
358 ··-·low_disruption379 ··-·low_disruption
359 ··-·medium_severity380 ··-·medium_severity
360 ··-·no_reboot_needed381 ··-·no_reboot_needed
361 ··-·restrict_strategy382 ··-·restrict_strategy
362 ··-·sudo_remove_nopasswd383 ··-·sudo_remove_nopasswd
363 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
364 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
365 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
366 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
367 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
368 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
369 ··if·[·!·-e·"$f"·]·;·then 
370 ····continue 
371 ··fi 
372 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
373 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 135164/140612 bytes (96.13%) of diff not shown.
373 KB
./usr/share/doc/ssg-debian/ssg-debian11-guide-anssi_np_nt28_minimal.html
    
Offset 14776, 146 lines modifiedOffset 14776, 146 lines modified
00039b70:·7461·2d74·6172·6765·743d·2223·6964·6d31··ta-target="#idm100039b70:·7461·2d74·6172·6765·743d·2223·6964·6d31··ta-target="#idm1
00039b80:·3935·3722·2074·6162·696e·6465·783d·2230··957"·tabindex="000039b80:·3935·3722·2074·6162·696e·6465·783d·2230··957"·tabindex="0
00039b90:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·00039b90:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
00039ba0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f00039ba0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
00039bb0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act00039bb0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
00039bc0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"00039bc0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
00039bd0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed00039bd0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 00039be0:·6961·7469·6f6e·2053·6865·6c6c·2073·6372··iation·Shell·scr
 00039bf0:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br><
 00039c00:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
 00039c10:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
 00039c20:·7365·2220·6964·3d22·6964·6d31·3935·3722··se"·id="idm1957"
 00039c30:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
 00039c40:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
 00039c50:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
 00039c60:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
 00039c70:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
 00039c80:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
 00039c90:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 00039ca0:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
 00039cb0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 00039cc0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
 00039cd0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
 00039ce0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
 00039cf0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
 00039d00:·683e·3c74·643e·7265·7374·7269·6374·3c2f··h><td>restrict</
 00039d10:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
 00039d20:·3c70·7265·3e3c·636f·6465·3e0a·666f·7220··<pre><code>.for·
 00039d30:·6620·696e·202f·6574·632f·7375·646f·6572··f·in·/etc/sudoer
 00039d40:·7320·2f65·7463·2f73·7564·6f65·7273·2e64··s·/etc/sudoers.d
 00039d50:·2f2a·203b·2064·6f0a·2020·6966·205b·2021··/*·;·do.··if·[·!
 00039d60:·202d·6520·2224·6622·205d·203b·2074·6865···-e·"$f"·]·;·the
 00039d70:·6e0a·2020·2020·636f·6e74·696e·7565·0a20··n.····continue.·
 00039d80:·2066·690a·2020·6d61·7463·6869·6e67·5f6c···fi.··matching_l
 00039d90:·6973·743d·2428·6772·6570·202d·5020·275e··ist=$(grep·-P·'^
 00039da0:·283f·2123·292e·2a5b·5c73·5d2b·5c21·6175··(?!#).*[\s]+\!au
 00039db0:·7468·656e·7469·6361·7465·2e2a·2427·2024··thenticate.*$'·$
 00039dc0:·6620·7c20·756e·6971·2029·0a20·2069·6620··f·|·uniq·).··if·
 00039dd0:·2120·7465·7374·202d·7a20·2224·6d61·7463··!·test·-z·"$matc
 00039de0:·6869·6e67·5f6c·6973·7422·3b20·7468·656e··hing_list";·then
 00039df0:·0a20·2020·2077·6869·6c65·2049·4653·3d20··.····while·IFS=·
 00039e00:·7265·6164·202d·7220·656e·7472·793b·2064··read·-r·entry;·d
 00039e10:·6f0a·2020·2020·2020·2320·636f·6d6d·656e··o.······#·commen
 00039e20:·7420·6f75·7420·2221·6175·7468·656e·7469··t·out·"!authenti
 00039e30:·6361·7465·2220·6d61·7463·6865·7320·746f··cate"·matches·to
 00039e40:·2070·7265·7365·7276·6520·7573·6572·2064···preserve·user·d
 00039e50:·6174·610a·2020·2020·2020·7365·6420·2d69··ata.······sed·-i
 00039e60:·2022·732f·5e24·7b65·6e74·7279·7d24·2f23···"s/^${entry}$/#
 00039e70:·2026·616d·703b·2f67·2220·2466·0a20·2020···&amp;/g"·$f.···
 00039e80:·2064·6f6e·6520·266c·743b·266c·743b·266c···done·&lt;&lt;&l
 00039e90:·743b·2022·246d·6174·6368·696e·675f·6c69··t;·"$matching_li
 00039ea0:·7374·220a·0a20·2020·202f·7573·722f·7362··st"..····/usr/sb
 00039eb0:·696e·2f76·6973·7564·6f20·2d63·6620·2466··in/visudo·-cf·$f
 00039ec0:·2026·616d·703b·2667·743b·202f·6465·762f···&amp;&gt;·/dev/
 00039ed0:·6e75·6c6c·207c·7c20·6563·686f·2022·4661··null·||·echo·"Fa
 00039ee0:·696c·2074·6f20·7661·6c69·6461·7465·2024··il·to·validate·$
 00039ef0:·6620·7769·7468·2076·6973·7564·6f22·0a20··f·with·visudo".·
 00039f00:·2066·690a·646f·6e65·0a3c·2f63·6f64·653e···fi.done.</code>
 00039f10:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
 00039f20:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
 00039f30:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
 00039f40:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
 00039f50:·7461·2d74·6172·6765·743d·2223·6964·6d31··ta-target="#idm1
 00039f60:·3935·3822·2074·6162·696e·6465·783d·2230··958"·tabindex="0
 00039f70:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
 00039f80:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
 00039f90:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
 00039fa0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
 00039fb0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
00039be0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s00039fc0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s
00039bf0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b00039fd0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b
00039c00:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa00039fe0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
00039c10:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col00039ff0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
00039c20:·6c61·7073·6522·2069·643d·2269·646d·3139··lapse"·id="idm19 
00039c30:·3537·223e·3c74·6162·6c65·2063·6c61·7373··57"><table·class 
00039c40:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
00039c50:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord 
00039c60:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
00039c70:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
00039c80:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
00039c90:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
00039ca0:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
00039cb0:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
00039cc0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
00039cd0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
00039ce0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
00039cf0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
00039d00:·3c2f·7468·3e3c·7464·3e72·6573·7472·6963··</th><td>restric 
00039d10:·743c·2f74·643e·3c2f·7472·3e3c·2f74·6162··t</td></tr></tab 
00039d20:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-· 
00039d30:·6e61·6d65·3a20·4669·6e64·202f·6574·632f··name:·Find·/etc/ 
00039d40:·7375·646f·6572·732e·642f·2066·696c·6573··sudoers.d/·files 
00039d50:·0a20·2061·6e73·6962·6c65·2e62·7569·6c74··.··ansible.built 
00039d60:·696e·2e66·696e·643a·0a20·2020·2070·6174··in.find:.····pat 
00039d70:·6873·3a0a·2020·2020·2d20·2f65·7463·2f73··hs:.····-·/etc/s 
00039d80:·7564·6f65·7273·2e64·2f0a·2020·7265·6769··udoers.d/.··regi 
00039d90:·7374·6572·3a20·7375·646f·6572·730a·2020··ster:·sudoers.·· 
00039da0:·7461·6773·3a0a·2020·2d20·4e49·5354·2d38··tags:.··-·NIST-8 
00039db0:·3030·2d35·332d·434d·2d36·2861·290a·2020··00-53-CM-6(a).·· 
00039dc0:·2d20·4e49·5354·2d38·3030·2d35·332d·4941··-·NIST-800-53-IA 
00039dd0:·2d31·310a·2020·2d20·6c6f·775f·636f·6d70··-11.··-·low_comp 
00039de0:·6c65·7869·7479·0a20·202d·206c·6f77·5f64··lexity.··-·low_d 
00039df0:·6973·7275·7074·696f·6e0a·2020·2d20·6d65··isruption.··-·me 
00039e00:·6469·756d·5f73·6576·6572·6974·790a·2020··dium_severity.·· 
00039e10:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need 
00039e20:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_ 
00039e30:·7374·7261·7465·6779·0a20·202d·2073·7564··strategy.··-·sud 
00039e40:·6f5f·7265·6d6f·7665·5f6e·6f5f·6175·7468··o_remove_no_auth 
00039e50:·656e·7469·6361·7465·0a0a·2d20·6e61·6d65··enticate..-·name 
00039e60:·3a20·5265·6d6f·7665·206c·696e·6573·2063··:·Remove·lines·c 
00039e70:·6f6e·7461·696e·696e·6720·2161·7574·6865··ontaining·!authe 
00039e80:·6e74·6963·6174·6520·6672·6f6d·2073·7564··nticate·from·sud 
00039e90:·6f65·7273·2066·696c·6573·0a20·2061·6e73··oers·files.··ans 
00039ea0:·6962·6c65·2e62·7569·6c74·696e·2e72·6570··ible.builtin.rep 
00039eb0:·6c61·6365·3a0a·2020·2020·7265·6765·7870··lace:.····regexp 
00039ec0:·3a20·285e·283f·2123·292e·2a5b·5c73·5d2b··:·(^(?!#).*[\s]+ 
00039ed0:·5c21·6175·7468·656e·7469·6361·7465·2e2a··\!authenticate.* 
00039ee0:·2429·0a20·2020·2072·6570·6c61·6365·3a20··$).····replace:· 
00039ef0:·2723·205c·6726·6c74·3b31·2667·743b·270a··'#·\g&lt;1&gt;'. 
00039f00:·2020·2020·7061·7468·3a20·277b·7b20·6974······path:·'{{·it 
00039f10:·656d·2e70·6174·6820·7d7d·270a·2020·2020··em.path·}}'.···· 
00039f20:·7661·6c69·6461·7465·3a20·2f75·7372·2f73··validate:·/usr/s 
00039f30:·6269·6e2f·7669·7375·646f·202d·6366·2025··bin/visudo·-cf·% 
00039f40:·730a·2020·7769·7468·5f69·7465·6d73·3a0a··s.··with_items:. 
00039f50:·2020·2d20·7061·7468·3a20·2f65·7463·2f73····-·path:·/etc/s 
00039f60:·7564·6f65·7273·0a20·202d·2027·7b7b·2073··udoers.··-·'{{·s 
00039f70:·7564·6f65·7273·2e66·696c·6573·207d·7d27··udoers.files·}}' 
Max diff block lines reached; 317848/336644 bytes (94.42%) of diff not shown.
44.2 KB
html2text {}
    
Offset 91, 14 lines modifiedOffset 91, 35 lines modified
91 ···························1.7,·SR·1.8,·SR·1.991 ···························1.7,·SR·1.8,·SR·1.9
92 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,92 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
93 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.393 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
94 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)94 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
95 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-795 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
96 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,96 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
97 ···························SRG-OS-000373-GPOS-0015897 ···························SRG-OS-000373-GPOS-00158
 98 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 99 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 100 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 101 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 102 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 103 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 104 ··if·[·!·-e·"$f"·]·;·then
 105 ····continue
 106 ··fi
 107 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 108 ··if·!·test·-z·"$matching_list";·then
 109 ····while·IFS=·read·-r·entry;·do
 110 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 111 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 112 ····done·<<<·"$matching_list"
  
 113 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 114 visudo"
 115 ··fi
 116 done
98 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8117 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
99 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low118 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
100 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low119 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
101 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false120 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
102 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict121 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
103 -·name:·Find·/etc/sudoers.d/·files122 -·name:·Find·/etc/sudoers.d/·files
104 ··ansible.builtin.find:123 ··ansible.builtin.find:
Offset 129, 35 lines modifiedOffset 150, 14 lines modified
129 ··-·NIST-800-53-IA-11150 ··-·NIST-800-53-IA-11
130 ··-·low_complexity151 ··-·low_complexity
131 ··-·low_disruption152 ··-·low_disruption
132 ··-·medium_severity153 ··-·medium_severity
133 ··-·no_reboot_needed154 ··-·no_reboot_needed
134 ··-·restrict_strategy155 ··-·restrict_strategy
135 ··-·sudo_remove_no_authenticate156 ··-·sudo_remove_no_authenticate
136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
141 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
142 ··if·[·!·-e·"$f"·]·;·then 
143 ····continue 
144 ··fi 
145 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
146 ··if·!·test·-z·"$matching_list";·then 
147 ····while·IFS=·read·-r·entry;·do 
148 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
149 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
150 ····done·<<<·"$matching_list" 
  
151 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
152 visudo" 
153 ··fi 
154 done 
155 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o157 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
156 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*158 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
157 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using159 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
158 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure160 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
159 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any161 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
160 sudo·configuration·snippets·in·/etc/sudoers.d/.162 sudo·configuration·snippets·in·/etc/sudoers.d/.
161 ············Without·re-authentication,·users·may·access·resources·or·perform163 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 178, 14 lines modifiedOffset 178, 35 lines modified
178 ···························1.7,·SR·1.8,·SR·1.9178 ···························1.7,·SR·1.8,·SR·1.9
179 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,179 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
180 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3180 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
181 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)181 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
182 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7182 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
183 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,183 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
184 ···························SRG-OS-000373-GPOS-00158184 ···························SRG-OS-000373-GPOS-00158
 185 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 186 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 187 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 188 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 189 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 190 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 191 ··if·[·!·-e·"$f"·]·;·then
 192 ····continue
 193 ··fi
 194 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 195 ··if·!·test·-z·"$matching_list";·then
 196 ····while·IFS=·read·-r·entry;·do
 197 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 198 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 199 ····done·<<<·"$matching_list"
  
 200 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 201 visudo"
 202 ··fi
 203 done
185 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8204 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
186 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low205 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
187 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low206 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
188 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false207 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
189 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict208 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
190 -·name:·Find·/etc/sudoers.d/·files209 -·name:·Find·/etc/sudoers.d/·files
191 ··ansible.builtin.find:210 ··ansible.builtin.find:
Offset 216, 35 lines modifiedOffset 237, 14 lines modified
216 ··-·NIST-800-53-IA-11237 ··-·NIST-800-53-IA-11
217 ··-·low_complexity238 ··-·low_complexity
218 ··-·low_disruption239 ··-·low_disruption
219 ··-·medium_severity240 ··-·medium_severity
220 ··-·no_reboot_needed241 ··-·no_reboot_needed
221 ··-·restrict_strategy242 ··-·restrict_strategy
222 ··-·sudo_remove_nopasswd243 ··-·sudo_remove_nopasswd
223 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
224 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
225 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
226 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
227 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
228 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
229 ··if·[·!·-e·"$f"·]·;·then 
230 ····continue 
231 ··fi 
232 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
233 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 39750/45195 bytes (87.95%) of diff not shown.
1.22 MB
./usr/share/doc/ssg-debian/ssg-debian11-guide-anssi_np_nt28_restrictive.html
    
Offset 16006, 146 lines modifiedOffset 16006, 146 lines modified
0003e850:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003e850:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003e860:·2223·6964·6d31·3935·3722·2074·6162·696e··"#idm1957"·tabin0003e860:·2223·6964·6d31·3935·3722·2074·6162·696e··"#idm1957"·tabin
0003e870:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003e870:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003e880:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003e880:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003e890:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003e890:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003e8a0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003e8a0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003e8b0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003e8b0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
 0003e8c0:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
 0003e8d0:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
 0003e8e0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003e8f0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003e900:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003e910:·6d31·3935·3722·3e3c·7461·626c·6520·636c··m1957"><table·cl
 0003e920:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
 0003e930:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
 0003e940:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
 0003e950:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
 0003e960:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
 0003e970:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003e980:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
 0003e990:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
 0003e9a0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003e9b0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
 0003e9c0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
 0003e9d0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
 0003e9e0:·6779·3a3c·2f74·683e·3c74·643e·7265·7374··gy:</th><td>rest
 0003e9f0:·7269·6374·3c2f·7464·3e3c·2f74·723e·3c2f··rict</td></tr></
 0003ea00:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
 0003ea10:·3e0a·666f·7220·6620·696e·202f·6574·632f··>.for·f·in·/etc/
 0003ea20:·7375·646f·6572·7320·2f65·7463·2f73·7564··sudoers·/etc/sud
 0003ea30:·6f65·7273·2e64·2f2a·203b·2064·6f0a·2020··oers.d/*·;·do.··
 0003ea40:·6966·205b·2021·202d·6520·2224·6622·205d··if·[·!·-e·"$f"·]
 0003ea50:·203b·2074·6865·6e0a·2020·2020·636f·6e74···;·then.····cont
 0003ea60:·696e·7565·0a20·2066·690a·2020·6d61·7463··inue.··fi.··matc
 0003ea70:·6869·6e67·5f6c·6973·743d·2428·6772·6570··hing_list=$(grep
 0003ea80:·202d·5020·275e·283f·2123·292e·2a5b·5c73···-P·'^(?!#).*[\s
 0003ea90:·5d2b·5c21·6175·7468·656e·7469·6361·7465··]+\!authenticate
 0003eaa0:·2e2a·2427·2024·6620·7c20·756e·6971·2029··.*$'·$f·|·uniq·)
 0003eab0:·0a20·2069·6620·2120·7465·7374·202d·7a20··.··if·!·test·-z·
 0003eac0:·2224·6d61·7463·6869·6e67·5f6c·6973·7422··"$matching_list"
 0003ead0:·3b20·7468·656e·0a20·2020·2077·6869·6c65··;·then.····while
 0003eae0:·2049·4653·3d20·7265·6164·202d·7220·656e···IFS=·read·-r·en
 0003eaf0:·7472·793b·2064·6f0a·2020·2020·2020·2320··try;·do.······#·
 0003eb00:·636f·6d6d·656e·7420·6f75·7420·2221·6175··comment·out·"!au
 0003eb10:·7468·656e·7469·6361·7465·2220·6d61·7463··thenticate"·matc
 0003eb20:·6865·7320·746f·2070·7265·7365·7276·6520··hes·to·preserve·
 0003eb30:·7573·6572·2064·6174·610a·2020·2020·2020··user·data.······
 0003eb40:·7365·6420·2d69·2022·732f·5e24·7b65·6e74··sed·-i·"s/^${ent
 0003eb50:·7279·7d24·2f23·2026·616d·703b·2f67·2220··ry}$/#·&amp;/g"·
 0003eb60:·2466·0a20·2020·2064·6f6e·6520·266c·743b··$f.····done·&lt;
 0003eb70:·266c·743b·266c·743b·2022·246d·6174·6368··&lt;&lt;·"$match
 0003eb80:·696e·675f·6c69·7374·220a·0a20·2020·202f··ing_list"..····/
 0003eb90:·7573·722f·7362·696e·2f76·6973·7564·6f20··usr/sbin/visudo·
 0003eba0:·2d63·6620·2466·2026·616d·703b·2667·743b··-cf·$f·&amp;&gt;
 0003ebb0:·202f·6465·762f·6e75·6c6c·207c·7c20·6563···/dev/null·||·ec
 0003ebc0:·686f·2022·4661·696c·2074·6f20·7661·6c69··ho·"Fail·to·vali
 0003ebd0:·6461·7465·2024·6620·7769·7468·2076·6973··date·$f·with·vis
 0003ebe0:·7564·6f22·0a20·2066·690a·646f·6e65·0a3c··udo".··fi.done.<
 0003ebf0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
 0003ec00:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
 0003ec10:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
 0003ec20:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
 0003ec30:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
 0003ec40:·2223·6964·6d31·3935·3822·2074·6162·696e··"#idm1958"·tabin
 0003ec50:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
 0003ec60:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
 0003ec70:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
 0003ec80:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
 0003ec90:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003e8c0:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003eca0:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans
0003e8d0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...0003ecb0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...
0003e8e0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003ecc0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003e8f0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003ecd0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003e900:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003e910:·2269·646d·3139·3537·223e·3c74·6162·6c65··"idm1957"><table 
0003e920:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003e930:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003e940:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003e950:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003e960:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
0003e970:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003e980:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis 
0003e990:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td 
0003e9a0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003e9b0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
0003e9c0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003e9d0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003e9e0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r 
0003e9f0:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr 
0003ea00:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003ea10:·6f64·653e·2d20·6e61·6d65·3a20·4669·6e64··ode>-·name:·Find 
0003ea20:·202f·6574·632f·7375·646f·6572·732e·642f···/etc/sudoers.d/ 
0003ea30:·2066·696c·6573·0a20·2061·6e73·6962·6c65···files.··ansible 
0003ea40:·2e62·7569·6c74·696e·2e66·696e·643a·0a20··.builtin.find:.· 
0003ea50:·2020·2070·6174·6873·3a0a·2020·2020·2d20·····paths:.····-· 
0003ea60:·2f65·7463·2f73·7564·6f65·7273·2e64·2f0a··/etc/sudoers.d/. 
0003ea70:·2020·7265·6769·7374·6572·3a20·7375·646f····register:·sudo 
0003ea80:·6572·730a·2020·7461·6773·3a0a·2020·2d20··ers.··tags:.··-· 
0003ea90:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6 
0003eaa0:·2861·290a·2020·2d20·4e49·5354·2d38·3030··(a).··-·NIST-800 
0003eab0:·2d35·332d·4941·2d31·310a·2020·2d20·6c6f··-53-IA-11.··-·lo 
0003eac0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··- 
0003ead0:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption. 
0003eae0:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever 
0003eaf0:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo 
0003eb00:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res 
0003eb10:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.· 
0003eb20:·202d·2073·7564·6f5f·7265·6d6f·7665·5f6e···-·sudo_remove_n 
0003eb30:·6f5f·6175·7468·656e·7469·6361·7465·0a0a··o_authenticate.. 
0003eb40:·2d20·6e61·6d65·3a20·5265·6d6f·7665·206c··-·name:·Remove·l 
0003eb50:·696e·6573·2063·6f6e·7461·696e·696e·6720··ines·containing· 
0003eb60:·2161·7574·6865·6e74·6963·6174·6520·6672··!authenticate·fr 
0003eb70:·6f6d·2073·7564·6f65·7273·2066·696c·6573··om·sudoers·files 
0003eb80:·0a20·2061·6e73·6962·6c65·2e62·7569·6c74··.··ansible.built 
0003eb90:·696e·2e72·6570·6c61·6365·3a0a·2020·2020··in.replace:.···· 
0003eba0:·7265·6765·7870·3a20·285e·283f·2123·292e··regexp:·(^(?!#). 
0003ebb0:·2a5b·5c73·5d2b·5c21·6175·7468·656e·7469··*[\s]+\!authenti 
0003ebc0:·6361·7465·2e2a·2429·0a20·2020·2072·6570··cate.*$).····rep 
0003ebd0:·6c61·6365·3a20·2723·205c·6726·6c74·3b31··lace:·'#·\g&lt;1 
0003ebe0:·2667·743b·270a·2020·2020·7061·7468·3a20··&gt;'.····path:· 
0003ebf0:·277b·7b20·6974·656d·2e70·6174·6820·7d7d··'{{·item.path·}} 
0003ec00:·270a·2020·2020·7661·6c69·6461·7465·3a20··'.····validate:· 
0003ec10:·2f75·7372·2f73·6269·6e2f·7669·7375·646f··/usr/sbin/visudo 
0003ec20:·202d·6366·2025·730a·2020·7769·7468·5f69···-cf·%s.··with_i 
0003ec30:·7465·6d73·3a0a·2020·2d20·7061·7468·3a20··tems:.··-·path:· 
0003ec40:·2f65·7463·2f73·7564·6f65·7273·0a20·202d··/etc/sudoers.··- 
0003ec50:·2027·7b7b·2073·7564·6f65·7273·2e66·696c···'{{·sudoers.fil 
Max diff block lines reached; 1123636/1142432 bytes (98.35%) of diff not shown.
133 KB
html2text {}
    
Offset 229, 14 lines modifiedOffset 229, 35 lines modified
229 ···························1.7,·SR·1.8,·SR·1.9229 ···························1.7,·SR·1.8,·SR·1.9
230 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,230 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
231 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3231 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
232 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)232 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
233 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7233 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
234 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,234 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
235 ···························SRG-OS-000373-GPOS-00158235 ···························SRG-OS-000373-GPOS-00158
 236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 237 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 238 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 239 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 240 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 241 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 242 ··if·[·!·-e·"$f"·]·;·then
 243 ····continue
 244 ··fi
 245 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 246 ··if·!·test·-z·"$matching_list";·then
 247 ····while·IFS=·read·-r·entry;·do
 248 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 249 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 250 ····done·<<<·"$matching_list"
  
 251 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 252 visudo"
 253 ··fi
 254 done
236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8255 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
237 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low256 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
238 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low257 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
239 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false258 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
240 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict259 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
241 -·name:·Find·/etc/sudoers.d/·files260 -·name:·Find·/etc/sudoers.d/·files
242 ··ansible.builtin.find:261 ··ansible.builtin.find:
Offset 267, 35 lines modifiedOffset 288, 14 lines modified
267 ··-·NIST-800-53-IA-11288 ··-·NIST-800-53-IA-11
268 ··-·low_complexity289 ··-·low_complexity
269 ··-·low_disruption290 ··-·low_disruption
270 ··-·medium_severity291 ··-·medium_severity
271 ··-·no_reboot_needed292 ··-·no_reboot_needed
272 ··-·restrict_strategy293 ··-·restrict_strategy
273 ··-·sudo_remove_no_authenticate294 ··-·sudo_remove_no_authenticate
274 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
275 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
276 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
277 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
278 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
279 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
280 ··if·[·!·-e·"$f"·]·;·then 
281 ····continue 
282 ··fi 
283 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
284 ··if·!·test·-z·"$matching_list";·then 
285 ····while·IFS=·read·-r·entry;·do 
286 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
287 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
288 ····done·<<<·"$matching_list" 
  
289 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
290 visudo" 
291 ··fi 
292 done 
293 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o295 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
294 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*296 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
295 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using297 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
296 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure298 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
297 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any299 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
298 sudo·configuration·snippets·in·/etc/sudoers.d/.300 sudo·configuration·snippets·in·/etc/sudoers.d/.
299 ············Without·re-authentication,·users·may·access·resources·or·perform301 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 316, 14 lines modifiedOffset 316, 35 lines modified
316 ···························1.7,·SR·1.8,·SR·1.9316 ···························1.7,·SR·1.8,·SR·1.9
317 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,317 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
318 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3318 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
319 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)319 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
320 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7320 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
321 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,321 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
322 ···························SRG-OS-000373-GPOS-00158322 ···························SRG-OS-000373-GPOS-00158
 323 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 324 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 325 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 326 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 327 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 328 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 329 ··if·[·!·-e·"$f"·]·;·then
 330 ····continue
 331 ··fi
 332 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 333 ··if·!·test·-z·"$matching_list";·then
 334 ····while·IFS=·read·-r·entry;·do
 335 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 336 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 337 ····done·<<<·"$matching_list"
  
 338 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 339 visudo"
 340 ··fi
 341 done
323 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8342 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
324 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low343 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
325 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low344 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
326 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false345 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
327 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict346 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
328 -·name:·Find·/etc/sudoers.d/·files347 -·name:·Find·/etc/sudoers.d/·files
329 ··ansible.builtin.find:348 ··ansible.builtin.find:
Offset 354, 35 lines modifiedOffset 375, 14 lines modified
354 ··-·NIST-800-53-IA-11375 ··-·NIST-800-53-IA-11
355 ··-·low_complexity376 ··-·low_complexity
356 ··-·low_disruption377 ··-·low_disruption
357 ··-·medium_severity378 ··-·medium_severity
358 ··-·no_reboot_needed379 ··-·no_reboot_needed
359 ··-·restrict_strategy380 ··-·restrict_strategy
360 ··-·sudo_remove_nopasswd381 ··-·sudo_remove_nopasswd
361 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
362 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
363 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
364 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
365 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
366 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
367 ··if·[·!·-e·"$f"·]·;·then 
368 ····continue 
369 ··fi 
370 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
371 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 130444/135892 bytes (95.99%) of diff not shown.
1.16 MB
./usr/share/doc/ssg-debian/ssg-debian11-guide-standard.html
    
Offset 16213, 777 lines modifiedOffset 16213, 777 lines modified
0003f540:·6172·6765·743d·2223·6964·6d35·3037·3022··arget="#idm5070"0003f540:·6172·6765·743d·2223·6964·6d35·3037·3022··arget="#idm5070"
0003f550:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003f550:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003f560:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003f560:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003f570:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003f570:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003f580:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003f580:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003f590:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003f590:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
Diff chunk too large, falling back to line-by-line diff (763 lines added, 763 lines removed)
0003f5a0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003f5a0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003f5b0:·6f6e·2041·6e73·6962·6c65·2073·6e69·7070··on·Ansible·snipp0003f5b0:·6f6e·2053·6865·6c6c·2073·6372·6970·7420··on·Shell·script·
0003f5c0:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d0003f5c0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
0003f5d0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-0003f5d0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
0003f5e0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps0003f5e0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
0003f5f0:·6522·2069·643d·2269·646d·3530·3730·223e··e"·id="idm5070">0003f5f0:·6964·3d22·6964·6d35·3037·3022·3e3c·7072··id="idm5070"><pr
0003f600:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta0003f600:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
0003f610:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe0003f610:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
0003f620:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered0003f620:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
0003f630:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed0003f630:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
0003f640:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple0003f640:·2064·706b·672d·7175·6572·7920·2d2d·7368···dpkg-query·--sh
0003f650:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo0003f650:·6f77·202d·2d73·686f·7766·6f72·6d61·743d··ow·--showformat=
0003f660:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><0003f660:·2724·7b64·623a·5374·6174·7573·2d53·7461··'${db:Status-Sta
0003f670:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</0003f670:·7475·737d·0a27·2027·6c69·6e75·782d·6261··tus}.'·'linux-ba
0003f680:·7468·3e3c·7464·3e6d·6564·6975·6d3c·2f74··th><td>medium</t0003f680:·7365·2720·3226·6774·3b2f·6465·762f·6e75··se'·2&gt;/dev/nu
0003f690:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R0003f690:·6c6c·207c·2067·7265·7020·2d71·205e·696e··ll·|·grep·-q·^in
0003f6a0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f0003f6a0:·7374·616c·6c65·6420·2661·6d70·3b26·616d··stalled·&amp;&am
0003f6b0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t0003f6b0:·703b·2064·706b·672d·7175·6572·7920·2d2d··p;·dpkg-query·--
0003f6c0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0003f6c0:·7368·6f77·202d·2d73·686f·7766·6f72·6d61··show·--showforma
0003f6d0:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur0003f6d0:·743d·2724·7b64·623a·5374·6174·7573·2d53··t='${db:Status-S
0003f6e0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab0003f6e0:·7461·7475·737d·5c6e·2720·2772·7379·736c··tatus}\n'·'rsysl
0003f6f0:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-·0003f6f0:·6f67·2720·3226·6774·3b2f·6465·762f·6e75··og'·2&gt;/dev/nu
0003f700:·6e61·6d65·3a20·4761·7468·6572·2074·6865··name:·Gather·the0003f700:·6c6c·207c·2067·7265·7020·2d71·2027·5e69··ll·|·grep·-q·'^i
0003f710:·2070·6163·6b61·6765·2066·6163·7473·0a20···package·facts.·0003f710:·6e73·7461·6c6c·6564·273b·2074·6865·6e0a··nstalled';·then.
0003f720:·2070·6163·6b61·6765·5f66·6163·7473·3a0a···package_facts:.0003f720:·0a23·204c·6973·7420·6f66·206c·6f67·2066··.#·List·of·log·f
0003f730:·2020·2020·6d61·6e61·6765·723a·2061·7574······manager:·aut0003f730:·696c·6520·7061·7468·7320·746f·2062·6520··ile·paths·to·be·
0003f740:·6f0a·2020·7461·6773·3a0a·2020·2d20·4e49··o.··tags:.··-·NI0003f740:·696e·7370·6563·7465·6420·666f·7220·636f··inspected·for·co
0003f750:·5354·2d38·3030·2d35·332d·4143·2d36·2831··ST-800-53-AC-6(10003f750:·7272·6563·7420·7065·726d·6973·7369·6f6e··rrect·permission
0003f760:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003f760:·730a·2320·2a20·5072·696d·6172·696c·7920··s.#·*·Primarily·
0003f770:·332d·434d·2d36·2861·290a·2020·2d20·5043··3-CM-6(a).··-·PC0003f770:·696e·7370·6563·7420·6c6f·6720·6669·6c65··inspect·log·file
0003f780:·492d·4453·532d·5265·712d·3130·2e35·2e31··I-DSS-Req-10.5.10003f780:·2070·6174·6873·206c·6973·7465·6420·696e···paths·listed·in
0003f790:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003f790:·202f·6574·632f·7273·7973·6c6f·672e·636f···/etc/rsyslog.co
0003f7a0:·2d31·302e·352e·320a·2020·2d20·5043·492d··-10.5.2.··-·PCI-0003f7a0:·6e66·0a52·5359·534c·4f47·5f45·5443·5f43··nf.RSYSLOG_ETC_C
0003f7b0:·4453·5376·342d·3130·2e33·0a20·202d·2050··DSSv4-10.3.··-·P0003f7b0:·4f4e·4649·473d·222f·6574·632f·7273·7973··ONFIG="/etc/rsys
0003f7c0:·4349·2d44·5353·7634·2d31·302e·332e·320a··CI-DSSv4-10.3.2.0003f7c0:·6c6f·672e·636f·6e66·220a·2320·2a20·416e··log.conf".#·*·An
0003f7d0:·2020·2d20·636f·6e66·6967·7572·655f·7374····-·configure_st0003f7d0:·6420·616c·736f·2074·6865·206c·6f67·2066··d·also·the·log·f
0003f7e0:·7261·7465·6779·0a20·202d·206c·6f77·5f63··rategy.··-·low_c0003f7e0:·696c·6520·7061·7468·7320·6c69·7374·6564··ile·paths·listed
0003f7f0:·6f6d·706c·6578·6974·790a·2020·2d20·6d65··omplexity.··-·me0003f7f0:·2061·6674·6572·2072·7379·736c·6f67·2773···after·rsyslog's
0003f800:·6469·756d·5f64·6973·7275·7074·696f·6e0a··dium_disruption.0003f800:·2024·496e·636c·7564·6543·6f6e·6669·6720···$IncludeConfig·
0003f810:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever0003f810:·6469·7265·6374·6976·650a·2320·2020·2873··directive.#···(s
0003f820:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo0003f820:·746f·7265·2074·6865·2072·6573·756c·7420··tore·the·result·
0003f830:·745f·6e65·6564·6564·0a20·202d·2072·7379··t_needed.··-·rsy0003f830:·696e·746f·2061·7272·6179·2066·6f72·2074··into·array·for·t
0003f840:·736c·6f67·5f66·696c·6573·5f67·726f·7570··slog_files_group0003f840:·6865·2063·6173·6520·7468·6572·6527·7320··he·case·there's·
0003f850:·6f77·6e65·7273·6869·700a·0a2d·206e·616d··ownership..-·nam0003f850:·7368·656c·6c20·676c·6f62·2075·7365·6420··shell·glob·used·
0003f860:·653a·2045·6e73·7572·6520·4c6f·6720·4669··e:·Ensure·Log·Fi0003f860:·6173·2076·616c·7565·206f·6620·496e·636c··as·value·of·Incl
0003f870:·6c65·7320·4172·6520·4f77·6e65·6420·4279··les·Are·Owned·By0003f870:·7564·6543·6f6e·6669·6729·0a72·6561·6461··udeConfig).reada
0003f880:·2041·7070·726f·7072·6961·7465·2047·726f···Appropriate·Gro0003f880:·7272·6179·202d·7420·4f4c·445f·494e·4320··rray·-t·OLD_INC·
0003f890:·7570·202d·2053·6574·2072·7379·736c·6f67··up·-·Set·rsyslog0003f890:·266c·743b·2026·6c74·3b28·6772·6570·202d··&lt;·&lt;(grep·-
0003f8a0:·206c·6f67·6669·6c65·2063·6f6e·6669·6775···logfile·configu0003f8a0:·6520·225c·2449·6e63·6c75·6465·436f·6e66··e·"\$IncludeConf
0003f8b0:·7261·7469·6f6e·0a20·2020·2066·6163·7473··ration.····facts0003f8b0:·6967·5b5b·3a73·7061·6365·3a5d·5d5c·2b5b··ig[[:space:]]\+[
0003f8c0:·0a20·2061·6e73·6962·6c65·2e62·7569·6c74··.··ansible.built0003f8c0:·5e5b·3a73·7061·6365·3a5d·3b5d·5c2b·2220··^[:space:];]\+"·
0003f8d0:·696e·2e73·6574·5f66·6163·743a·0a20·2020··in.set_fact:.···0003f8d0:·2f65·7463·2f72·7379·736c·6f67·2e63·6f6e··/etc/rsyslog.con
0003f8e0:·2072·7379·736c·6f67·5f65·7463·5f63·6f6e···rsyslog_etc_con0003f8e0:·6620·7c20·6375·7420·2d64·2027·2027·202d··f·|·cut·-d·'·'·-
0003f8f0:·6669·673a·202f·6574·632f·7273·7973·6c6f··fig:·/etc/rsyslo0003f8f0:·6620·3229·0a72·6561·6461·7272·6179·202d··f·2).readarray·-
0003f900:·672e·636f·6e66·0a20·2077·6865·6e3a·0a20··g.conf.··when:.·0003f900:·7420·5253·5953·4c4f·475f·494e·434c·5544··t·RSYSLOG_INCLUD
0003f910:·202d·2027·226c·696e·7578·2d62·6173·6522···-·'"linux-base"0003f910:·455f·434f·4e46·4947·2026·6c74·3b20·266c··E_CONFIG·&lt;·&l
0003f920:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003f920:·743b·2866·6f72·2049·4e43·5041·5448·2069··t;(for·INCPATH·i
0003f930:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·0003f930:·6e20·2224·7b4f·4c44·5f49·4e43·5b40·5d7d··n·"${OLD_INC[@]}
0003f940:·2722·7273·7973·6c6f·6722·2069·6e20·616e··'"rsyslog"·in·an0003f940:·223b·2064·6f20·6576·616c·2070·7269·6e74··";·do·eval·print
0003f950:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003f950:·6620·2725·735c·5c6e·2720·2224·7b49·4e43··f·'%s\\n'·"${INC
0003f960:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··0003f960:·5041·5448·7d22·3b20·646f·6e65·290a·7265··PATH}";·done).re
0003f970:·2d20·4e49·5354·2d38·3030·2d35·332d·4143··-·NIST-800-53-AC0003f970:·6164·6172·7261·7920·2d74·204e·4557·5f49··adarray·-t·NEW_I
0003f980:·2d36·2831·290a·2020·2d20·4e49·5354·2d38··-6(1).··-·NIST-80003f980:·4e43·2026·6c74·3b20·266c·743b·2873·6564··NC·&lt;·&lt;(sed
0003f990:·3030·2d35·332d·434d·2d36·2861·290a·2020··00-53-CM-6(a).··0003f990:·202d·6e20·272f·5e5c·732a·696e·636c·7564···-n·'/^\s*includ
0003f9a0:·2d20·5043·492d·4453·532d·5265·712d·3130··-·PCI-DSS-Req-100003f9a0:·6528·2f2c·2f29·2f49·7027·202f·6574·632f··e(/,/)/Ip'·/etc/
0003f9b0:·2e35·2e31·0a20·202d·2050·4349·2d44·5353··.5.1.··-·PCI-DSS0003f9b0:·7273·7973·6c6f·672e·636f·6e66·207c·2073··rsyslog.conf·|·s
0003f9c0:·2d52·6571·2d31·302e·352e·320a·2020·2d20··-Req-10.5.2.··-·0003f9c0:·6564·202d·6e20·2773·402e·2a66·696c·655c··ed·-n·'s@.*file\
0003f9d0:·5043·492d·4453·5376·342d·3130·2e33·0a20··PCI-DSSv4-10.3.·0003f9d0:·732a·3d5c·732a·225c·285b·2f5b·3a61·6c6e··s*=\s*"\([/[:aln
0003f9e0:·202d·2050·4349·2d44·5353·7634·2d31·302e···-·PCI-DSSv4-10.0003f9e0:·756d·3a5d·5b3a·7075·6e63·743a·5d5d·2a5c··um:][:punct:]]*\
0003f9f0:·332e·320a·2020·2d20·636f·6e66·6967·7572··3.2.··-·configur0003f9f0:·2922·2e2a·405c·3140·4970·2729·0a72·6561··)".*@\1@Ip').rea
0003fa00:·655f·7374·7261·7465·6779·0a20·202d·206c··e_strategy.··-·l0003fa00:·6461·7272·6179·202d·7420·5253·5953·4c4f··darray·-t·RSYSLO
0003fa10:·6f77·5f63·6f6d·706c·6578·6974·790a·2020··ow_complexity.··0003fa10:·475f·494e·434c·5544·4520·266c·743b·2026··G_INCLUDE·&lt;·&
0003fa20:·2d20·6d65·6469·756d·5f64·6973·7275·7074··-·medium_disrupt0003fa20:·6c74·3b28·666f·7220·494e·4350·4154·4820··lt;(for·INCPATH·
0003fa30:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s0003fa30:·696e·2022·247b·4e45·575f·494e·435b·405d··in·"${NEW_INC[@]
0003fa40:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r0003fa40:·7d22·3b20·646f·2065·7661·6c20·7072·696e··}";·do·eval·prin
0003fa50:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-0003fa50:·7466·2027·2573·5c5c·6e27·2022·247b·494e··tf·'%s\\n'·"${IN
0003fa60:·2072·7379·736c·6f67·5f66·696c·6573·5f67···rsyslog_files_g0003fa60:·4350·4154·487d·223b·2064·6f6e·6529·0a0a··CPATH}";·done)..
0003fa70:·726f·7570·6f77·6e65·7273·6869·700a·0a2d··roupownership..-0003fa70:·2320·4465·636c·6172·6520·616e·2061·7272··#·Declare·an·arr
0003fa80:·206e·616d·653a·2045·6e73·7572·6520·4c6f···name:·Ensure·Lo0003fa80:·6179·2074·6f20·686f·6c64·2074·6865·2066··ay·to·hold·the·f
0003fa90:·6720·4669·6c65·7320·4172·6520·4f77·6e65··g·Files·Are·Owne0003fa90:·696e·616c·206c·6973·7420·6f66·2064·6966··inal·list·of·dif
0003faa0:·6420·4279·2041·7070·726f·7072·6961·7465··d·By·Appropriate0003faa0:·6665·7265·6e74·206c·6f67·2066·696c·6520··ferent·log·file·
0003fab0:·2047·726f·7570·202d·2047·6574·2049·6e63···Group·-·Get·Inc0003fab0:·7061·7468·730a·6465·636c·6172·6520·2d61··paths.declare·-a
0003fac0:·6c75·6465·436f·6e66·6967·2064·6972·6563··ludeConfig·direc0003fac0:·204c·4f47·5f46·494c·455f·5041·5448·530a···LOG_FILE_PATHS.
0003fad0:·7469·7665·0a20·2061·6e73·6962·6c65·2e62··tive.··ansible.b0003fad0:·0a23·2041·7272·6179·2074·6f20·686f·6c64··.#·Array·to·hold
0003fae0:·7569·6c74·696e·2e73·6865·6c6c·3a20·7c0a··uiltin.shell:·|.0003fae0:·2061·6c6c·2072·7379·736c·6f67·2063·6f6e···all·rsyslog·con
0003faf0:·2020·2020·6772·6570·202d·6520·2724·496e······grep·-e·'$In0003faf0:·6669·6720·656e·7472·6965·730a·5253·5953··fig·entries.RSYS
0003fb00:·636c·7564·6543·6f6e·6669·6727·207b·7b20··cludeConfig'·{{·0003fb00:·4c4f·475f·434f·4e46·4947·533d·2829·0a52··LOG_CONFIGS=().R
0003fb10:·7273·7973·6c6f·675f·6574·635f·636f·6e66··rsyslog_etc_conf0003fb10:·5359·534c·4f47·5f43·4f4e·4649·4753·3d28··SYSLOG_CONFIGS=(
0003fb20:·6967·207d·7d20·7c20·6375·7420·2d64·2027··ig·}}·|·cut·-d·'0003fb20:·2224·7b52·5359·534c·4f47·5f45·5443·5f43··"${RSYSLOG_ETC_C
0003fb30:·2027·202d·6620·3220·7c7c·2074·7275·650a···'·-f·2·||·true.0003fb30:·4f4e·4649·477d·2220·2224·7b52·5359·534c··ONFIG}"·"${RSYSL
0003fb40:·2020·7265·6769·7374·6572·3a20·7273·7973····register:·rsys0003fb40:·4f47·5f49·4e43·4c55·4445·5f43·4f4e·4649··OG_INCLUDE_CONFI
0003fb50:·6c6f·675f·6f6c·645f·696e·630a·2020·6368··log_old_inc.··ch0003fb50:·475b·405d·7d22·2022·247b·5253·5953·4c4f··G[@]}"·"${RSYSLO
0003fb60:·616e·6765·645f·7768·656e·3a20·6661·6c73··anged_when:·fals0003fb60:·475f·494e·434c·5544·455b·405d·7d22·290a··G_INCLUDE[@]}").
0003fb70:·650a·2020·7768·656e·3a0a·2020·2d20·2722··e.··when:.··-·'"0003fb70:·0a23·2047·6574·2066·756c·6c20·6c69·7374··.#·Get·full·list
0003fb80:·6c69·6e75·782d·6261·7365·2220·696e·2061··linux-base"·in·a0003fb80:·206f·6620·6669·6c65·7320·746f·2062·6520···of·files·to·be·
0003fb90:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003fb90:·6368·6563·6b65·640a·2320·5253·5953·4c4f··checked.#·RSYSLO
0003fba0:·6b61·6765·7327·0a20·202d·2027·2272·7379··kages'.··-·'"rsy0003fba0:·475f·434f·4e46·4947·5320·6d61·7920·636f··G_CONFIGS·may·co
0003fbb0:·736c·6f67·2220·696e·2061·6e73·6962·6c65··slog"·in·ansible0003fbb0:·6e74·6169·6e20·676c·6f62·7320·7375·6368··ntain·globs·such
0003fbc0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'0003fbc0:·2061·730a·2320·2f65·7463·2f72·7379·736c···as.#·/etc/rsysl
0003fbd0:·0a20·2074·6167·733a·0a20·202d·204e·4953··.··tags:.··-·NIS0003fbd0:·6f67·2e64·2f2a·2e63·6f6e·6620·2f65·7463··og.d/*.conf·/etc
0003fbe0:·542d·3830·302d·3533·2d41·432d·3628·3129··T-800-53-AC-6(1)0003fbe0:·2f72·7379·736c·6f67·2e64·2f2a·2e66·7275··/rsyslog.d/*.fru
0003fbf0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003fbf0:·6c65·0a23·2053·6f2c·206c·6f6f·7020·6f76··le.#·So,·loop·ov
0003fc00:·2d43·4d2d·3628·6129·0a20·202d·2050·4349··-CM-6(a).··-·PCI0003fc00:·6572·2074·6865·2065·6e74·7269·6573·2069··er·the·entries·i
0003fc10:·2d44·5353·2d52·6571·2d31·302e·352e·310a··-DSS-Req-10.5.1.0003fc10:·6e20·5253·5953·4c4f·475f·434f·4e46·4947··n·RSYSLOG_CONFIG
0003fc20:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-0003fc20:·5320·616e·6420·7573·6520·6669·6e64·2074··S·and·use·find·t
0003fc30:·3130·2e35·2e32·0a20·202d·2050·4349·2d44··10.5.2.··-·PCI-D0003fc30:·6f20·6765·7420·7468·6520·6c69·7374·206f··o·get·the·list·o
0003fc40:·5353·7634·2d31·302e·330a·2020·2d20·5043··SSv4-10.3.··-·PC0003fc40:·6620·696e·636c·7564·6564·2066·696c·6573··f·included·files
0003fc50:·492d·4453·5376·342d·3130·2e33·2e32·0a20··I-DSSv4-10.3.2.·0003fc50:·2e0a·5253·5953·4c4f·475f·434f·4e46·4947··..RSYSLOG_CONFIG
0003fc60:·202d·2063·6f6e·6669·6775·7265·5f73·7472···-·configure_str0003fc60:·5f46·494c·4553·3d28·290a·666f·7220·454e··_FILES=().for·EN
0003fc70:·6174·6567·790a·2020·2d20·6c6f·775f·636f··ategy.··-·low_co0003fc70:·5452·5920·696e·2022·247b·5253·5953·4c4f··TRY·in·"${RSYSLO
0003fc80:·6d70·6c65·7869·7479·0a20·202d·206d·6564··mplexity.··-·med0003fc80:·475f·434f·4e46·4947·535b·405d·7d22·0a64··G_CONFIGS[@]}".d
0003fc90:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·0003fc90:·6f0a·0923·2049·6620·6469·7265·6374·6f72··o..#·If·director
0003fca0:·202d·206d·6564·6975·6d5f·7365·7665·7269···-·medium_severi0003fca0:·792c·2072·7379·736c·6f67·2077·696c·6c20··y,·rsyslog·will·
0003fcb0:·7479·0a20·202d·206e·6f5f·7265·626f·6f74··ty.··-·no_reboot0003fcb0:·7365·6172·6368·2066·6f72·2063·6f6e·6669··search·for·confi
0003fcc0:·5f6e·6565·6465·640a·2020·2d20·7273·7973··_needed.··-·rsys0003fcc0:·6720·6669·6c65·7320·696e·2072·6563·7572··g·files·in·recur
0003fcd0:·6c6f·675f·6669·6c65·735f·6772·6f75·706f··log_files_groupo0003fcd0:·7369·7665·6c79·2e0a·0923·2048·6f77·6576··sively...#·Howev
0003fce0:·776e·6572·7368·6970·0a0a·2d20·6e61·6d65··wnership..-·name0003fce0:·6572·2c20·6669·6c65·7320·696e·2068·6964··er,·files·in·hid
0003fcf0:·3a20·456e·7375·7265·204c·6f67·2046·696c··:·Ensure·Log·Fil0003fcf0:·6465·6e20·7375·622d·6469·7265·6374·6f72··den·sub-director
0003fd00:·6573·2041·7265·204f·776e·6564·2042·7920··es·Are·Owned·By·0003fd00:·6965·7320·6f72·2068·6964·6465·6e20·6669··ies·or·hidden·fi
0003fd10:·4170·7072·6f70·7269·6174·6520·4772·6f75··Appropriate·Grou0003fd10:·6c65·7320·7769·6c6c·2062·6520·6967·6e6f··les·will·be·igno
Max diff block lines reached; 978652/1084526 bytes (90.24%) of diff not shown.
125 KB
html2text {}
    
Offset 258, 14 lines modifiedOffset 258, 142 lines modified
258 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-007-3·R2.1,·CIP-007-3·R2.2,·CIP-007-3·R2.3,·CIP-258 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-007-3·R2.1,·CIP-007-3·R2.2,·CIP-007-3·R2.3,·CIP-
259 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2259 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2
260 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)260 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)
261 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5261 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5
262 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.5.1,·Req-10.5.2262 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.5.1,·Req-10.5.2
263 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R71263 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R71
264 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.3.2,·10.3264 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.3.2,·10.3
 265 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 266 #·Remediation·is·applicable·only·in·certain·platforms
 267 if·dpkg-query·--show·--showformat='${db:Status-Status}
 268 '·'linux-base'·2>/dev/null·|·grep·-q·^installed·&&·dpkg-query·--show·--
 269 showformat='${db:Status-Status}\n'·'rsyslog'·2>/dev/null·|·grep·-
 270 q·'^installed';·then
  
 271 #·List·of·log·file·paths·to·be·inspected·for·correct·permissions
 272 #·*·Primarily·inspect·log·file·paths·listed·in·/etc/rsyslog.conf
 273 RSYSLOG_ETC_CONFIG="/etc/rsyslog.conf"
 274 #·*·And·also·the·log·file·paths·listed·after·rsyslog's·$IncludeConfig·directive
 275 #···(store·the·result·into·array·for·the·case·there's·shell·glob·used·as·value
 276 of·IncludeConfig)
 277 readarray·-t·OLD_INC·<·<(grep·-e·"\$IncludeConfig[[:space:]]\+[^[:space:];]\+"
 278 /etc/rsyslog.conf·|·cut·-d·'·'·-f·2)
 279 readarray·-t·RSYSLOG_INCLUDE_CONFIG·<·<(for·INCPATH·in·"${OLD_INC[@]}";·do·eval
 280 printf·'%s\\n'·"${INCPATH}";·done)
 281 readarray·-t·NEW_INC·<·<(sed·-n·'/^\s*include(/,/)/Ip'·/etc/rsyslog.conf·|·sed
 282 -n·'s@.*file\s*=\s*"\([/[:alnum:][:punct:]]*\)".*@\1@Ip')
 283 readarray·-t·RSYSLOG_INCLUDE·<·<(for·INCPATH·in·"${NEW_INC[@]}";·do·eval·printf
 284 '%s\\n'·"${INCPATH}";·done)
  
 285 #·Declare·an·array·to·hold·the·final·list·of·different·log·file·paths
 286 declare·-a·LOG_FILE_PATHS
  
 287 #·Array·to·hold·all·rsyslog·config·entries
 288 RSYSLOG_CONFIGS=()
 289 RSYSLOG_CONFIGS=("${RSYSLOG_ETC_CONFIG}"·"${RSYSLOG_INCLUDE_CONFIG[@]}"·"$
 290 {RSYSLOG_INCLUDE[@]}")
  
 291 #·Get·full·list·of·files·to·be·checked
 292 #·RSYSLOG_CONFIGS·may·contain·globs·such·as
 293 #·/etc/rsyslog.d/*.conf·/etc/rsyslog.d/*.frule
 294 #·So,·loop·over·the·entries·in·RSYSLOG_CONFIGS·and·use·find·to·get·the·list·of
 295 included·files.
 296 RSYSLOG_CONFIG_FILES=()
 297 for·ENTRY·in·"${RSYSLOG_CONFIGS[@]}"
 298 do
 299 »       #·If·directory,·rsyslog·will·search·for·config·files·in·recursively.
 300 »       #·However,·files·in·hidden·sub-directories·or·hidden·files·will·be·ignored.
 301 »       if·[·-d·"${ENTRY}"·]
 302 »       then
 303 »       »       readarray·-t·FINDOUT·<·<(find·"${ENTRY}"·-not·-path·'*/.*'·-type·f)
 304 »       »       RSYSLOG_CONFIG_FILES+=("${FINDOUT[@]}")
 305 »       elif·[·-f·"${ENTRY}"·]
 306 »       then
 307 »       »       RSYSLOG_CONFIG_FILES+=("${ENTRY}")
 308 »       else
 309 »       »       echo·"Invalid·include·object:·${ENTRY}"
 310 »       fi
 311 done
  
 312 #·Browse·each·file·selected·above·as·containing·paths·of·log·files
 313 #·('/etc/rsyslog.conf'·and·'/etc/rsyslog.d/*.conf'·in·the·default
 314 configuration)
 315 for·LOG_FILE·in·"${RSYSLOG_CONFIG_FILES[@]}"
 316 do
 317 »       #·From·each·of·these·files·extract·just·particular·log·file·path(s),·thus:
 318 »       #·*·Ignore·lines·starting·with·space·('·'),·comment·('#"),·or·variable·syntax
 319 ('$')·characters,
 320 »       #·*·Ignore·empty·lines,
 321 »       #·*·Strip·quotes·and·closing·brackets·from·paths.
 322 »       #·*·Ignore·paths·that·match·/dev|/etc.*\.conf,·as·those·are·paths,·but·likely
 323 not·log·files
 324 »       #·*·From·the·remaining·valid·rows·select·only·fields·constituting·a·log·file
 325 path
 326 »       #·Text·file·column·is·understood·to·represent·a·log·file·path·if·and·only·if
 327 all·of·the
 328 »       #·following·are·met:
 329 »       #·*·it·contains·at·least·one·slash·'/'·character,
 330 »       #·*·it·is·preceded·by·space
 331 »       #·*·it·doesn't·contain·space·('·'),·colon·(':'),·and·semicolon·(';')
 332 characters
 333 »       #·Search·log·file·for·path(s)·only·in·case·it·exists!
 334 »       if·[[·-f·"${LOG_FILE}"·]]
 335 »       then
 336 »       »       NORMALIZED_CONFIG_FILE_LINES=$(sed·-e·"/^[#|$]/d"·"${LOG_FILE}")
 337 »       »       LINES_WITH_PATHS=$(grep·'[^/]*\s\+\S*/\S\+$'·<<<·"$
 338 {NORMALIZED_CONFIG_FILE_LINES}")
 339 »       »       FILTERED_PATHS=$(awk·'{if(NF>=2&&($NF~/^\//||$NF~/^-\//)){sub(/^-\//,"/
 340 ",$NF);print·$NF}}'·<<<·"${LINES_WITH_PATHS}")
 341 »       »       CLEANED_PATHS=$(sed·-e·"s/[\"')]//g;·/\\/etc.*\.conf/d;·/\\/dev\\//d"·<<<·"$
 342 {FILTERED_PATHS}")
 343 »       »       MATCHED_ITEMS=$(sed·-e·"/^$/d"·<<<·"${CLEANED_PATHS}")
 344 »       »       #·Since·above·sed·command·might·return·more·than·one·item·(delimited·by
 345 newline),·split
 346 »       »       #·the·particular·matches·entries·into·new·array·specific·for·this·log·file
 347 »       »       readarray·-t·ARRAY_FOR_LOG_FILE·<<<·"$MATCHED_ITEMS"
 348 »       »       #·Concatenate·the·two·arrays·-·previous·content·of·$LOG_FILE_PATHS·array·with
 349 »       »       #·items·from·newly·created·array·for·this·log·file
 350 »       »       LOG_FILE_PATHS+=("${ARRAY_FOR_LOG_FILE[@]}")
 351 »       »       #·Delete·the·temporary·array
 352 »       »       unset·ARRAY_FOR_LOG_FILE
 353 »       fi
 354 done
  
 355 #·Check·for·RainerScript·action·log·format·which·might·be·also·multiline·so
 356 grep·regex·is·a·bit
 357 #·curly:
 358 #·extract·possibly·multiline·action·omfile·expressions
 359 #·extract·File="logfile"·expression
 360 #·match·only·"logfile"·expression
 361 for·LOG_FILE·in·"${RSYSLOG_CONFIG_FILES[@]}"
 362 do
 363 »       ACTION_OMFILE_LINES=$(grep·-iozP·"action\s*\(\s*type\s*=\s*\"omfile\"[^\)]*\)"
 364 "${LOG_FILE}")
 365 »       OMFILE_LINES=$(echo·"${ACTION_OMFILE_LINES}"|·grep·-iaoP·"\bFile\s*=\s*\"([/[:
 366 alnum:][:punct:]]*)\"\s*\)")
 367 »       LOG_FILE_PATHS+=("$(echo·"${OMFILE_LINES}"|·grep·-oE·"\"([/[:alnum:][:punct:
 368 ]]*)\""|tr·-d·"\"")")
 369 done
  
 370 #·Ensure·the·correct·attribute·if·file·exists
 371 FILE_CMD="chgrp"
 372 for·LOG_FILE_PATH·in·"${LOG_FILE_PATHS[@]}"
 373 do
 374 »       #·Sanity·check·-·if·particular·$LOG_FILE_PATH·is·empty·string,·skip·it·from
 375 further·processing
 376 »       if·[·-z·"$LOG_FILE_PATH"·]
 377 »       then
Max diff block lines reached; 121861/127512 bytes (95.57%) of diff not shown.
17.7 MB
./usr/share/doc/ssg-debian/ssg-debian12-guide-anssi_bp28_enhanced.html
    
Offset 15076, 146 lines modifiedOffset 15076, 146 lines modified
0003ae30:·6172·6765·743d·2223·6964·6d32·3638·3422··arget="#idm2684"0003ae30:·6172·6765·743d·2223·6964·6d32·3638·3422··arget="#idm2684"
0003ae40:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003ae40:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003ae50:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003ae50:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003ae60:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003ae60:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003ae70:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003ae70:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003ae80:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003ae80:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003ae90:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003ae90:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003aea0:·6f6e·204f·5342·7569·6c64·2042·6c75·6570··on·OSBuild·Bluep 
0003aeb0:·7269·6e74·2073·6e69·7070·6574·20e2·87b2··rint·snippet·... 
0003aec0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003aed0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003aee0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003aef0:·2269·646d·3236·3834·223e·3c70·7265·3e3c··"idm2684"><pre>< 
0003af00:·636f·6465·3e0a·5b5b·7061·636b·6167·6573··code>.[[packages 
0003af10:·5d5d·0a6e·616d·6520·3d20·2261·6964·6522··]].name·=·"aide" 
0003af20:·0a76·6572·7369·6f6e·203d·2022·2a22·0a3c··.version·=·"*".<0003aea0:·6f6e·2053·6865·6c6c·2073·6372·6970·7420··on·Shell·script·
 0003aeb0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
 0003aec0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
 0003aed0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
 0003aee0:·6964·3d22·6964·6d32·3638·3422·3e3c·7461··id="idm2684"><ta
 0003aef0:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
 0003af00:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
 0003af10:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
 0003af20:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
 0003af30:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
 0003af40:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</
 0003af50:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003af60:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th>
 0003af70:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
 0003af80:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:
 0003af90:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</
 0003afa0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003afb0:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
 0003afc0:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t
 0003afd0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 0003afe0:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
 0003aff0:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
 0003b000:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
 0003b010:·2070·6c61·7466·6f72·6d73·0a69·6620·6470···platforms.if·dp
 0003b020:·6b67·2d71·7565·7279·202d·2d73·686f·7720··kg-query·--show·
 0003b030:·2d2d·7368·6f77·666f·726d·6174·3d27·247b··--showformat='${
 0003b040:·6462·3a53·7461·7475·732d·5374·6174·7573··db:Status-Status
 0003b050:·7d0a·2720·276c·696e·7578·2d62·6173·6527··}.'·'linux-base'
 0003b060:·2032·2667·743b·2f64·6576·2f6e·756c·6c20···2&gt;/dev/null·
 0003b070:·7c20·6772·6570·202d·7120·5e69·6e73·7461··|·grep·-q·^insta
 0003b080:·6c6c·6564·3b20·7468·656e·0a0a·4445·4249··lled;·then..DEBI
 0003b090:·414e·5f46·524f·4e54·454e·443d·6e6f·6e69··AN_FRONTEND=noni
 0003b0a0:·6e74·6572·6163·7469·7665·2061·7074·2d67··nteractive·apt-g
 0003b0b0:·6574·2069·6e73·7461·6c6c·202d·7920·2261··et·install·-y·"a
 0003b0c0:·6964·6522·0a0a·656c·7365·0a20·2020·2026··ide"..else.····&
 0003b0d0:·6774·3b26·616d·703b·3220·6563·686f·2027··gt;&amp;2·echo·'
 0003b0e0:·5265·6d65·6469·6174·696f·6e20·6973·206e··Remediation·is·n
 0003b0f0:·6f74·2061·7070·6c69·6361·626c·652c·206e··ot·applicable,·n
 0003b100:·6f74·6869·6e67·2077·6173·2064·6f6e·6527··othing·was·done'
 0003b110:·0a66·690a·3c2f·636f·6465·3e3c·2f70·7265··.fi.</code></pre
 0003b120:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class=
 0003b130:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success
 0003b140:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c
 0003b150:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta
 0003b160:·7267·6574·3d22·2369·646d·3236·3835·2220··rget="#idm2685"·
 0003b170:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
 0003b180:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
 0003b190:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
 0003b1a0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
 0003b1b0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
 0003b1c0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
 0003b1d0:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe
 0003b1e0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
 0003b1f0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
 0003b200:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
 0003b210:·2220·6964·3d22·6964·6d32·3638·3522·3e3c··"·id="idm2685"><
 0003b220:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
 0003b230:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
 0003b240:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
 0003b250:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
 0003b260:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
 0003b270:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
 0003b280:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003b290:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
 0003b2a0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003b2b0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
 0003b2c0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
 0003b2d0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003b2e0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
 0003b2f0:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><
 0003b300:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
 0003b310:·3e3c·636f·6465·3e2d·206e·616d·653a·2047··><code>-·name:·G
 0003b320:·6174·6865·7220·7468·6520·7061·636b·6167··ather·the·packag
 0003b330:·6520·6661·6374·730a·2020·7061·636b·6167··e·facts.··packag
 0003b340:·655f·6661·6374·733a·0a20·2020·206d·616e··e_facts:.····man
 0003b350:·6167·6572·3a20·6175·746f·0a20·2074·6167··ager:·auto.··tag
 0003b360:·733a·0a20·202d·2043·4a49·532d·352e·3130··s:.··-·CJIS-5.10
 0003b370:·2e31·2e33·0a20·202d·204e·4953·542d·3830··.1.3.··-·NIST-80
 0003b380:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··-
 0003b390:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.
 0003b3a0:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-
 0003b3b0:·3131·2e35·2e32·0a20·202d·2065·6e61·626c··11.5.2.··-·enabl
 0003b3c0:·655f·7374·7261·7465·6779·0a20·202d·206c··e_strategy.··-·l
 0003b3d0:·6f77·5f63·6f6d·706c·6578·6974·790a·2020··ow_complexity.··
 0003b3e0:·2d20·6c6f·775f·6469·7372·7570·7469·6f6e··-·low_disruption
 0003b3f0:·0a20·202d·206d·6564·6975·6d5f·7365·7665··.··-·medium_seve
 0003b400:·7269·7479·0a20·202d·206e·6f5f·7265·626f··rity.··-·no_rebo
 0003b410:·6f74·5f6e·6565·6465·640a·2020·2d20·7061··ot_needed.··-·pa
 0003b420:·636b·6167·655f·6169·6465·5f69·6e73·7461··ckage_aide_insta
 0003b430:·6c6c·6564·0a0a·2d20·6e61·6d65·3a20·456e··lled..-·name:·En
 0003b440:·7375·7265·2061·6964·6520·6973·2069·6e73··sure·aide·is·ins
 0003b450:·7461·6c6c·6564·0a20·2070·6163·6b61·6765··talled.··package
 0003b460:·3a0a·2020·2020·6e61·6d65·3a20·6169·6465··:.····name:·aide
 0003b470:·0a20·2020·2073·7461·7465·3a20·7072·6573··.····state:·pres
 0003b480:·656e·740a·2020·7768·656e·3a20·2722·6c69··ent.··when:·'"li
 0003b490:·6e75·782d·6261·7365·2220·696e·2061·6e73··nux-base"·in·ans
 0003b4a0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 0003b4b0:·6765·7327·0a20·2074·6167·733a·0a20·202d··ges'.··tags:.··-
 0003b4c0:·2043·4a49·532d·352e·3130·2e31·2e33·0a20···CJIS-5.10.1.3.·
 0003b4d0:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C
 0003b4e0:·4d2d·3628·6129·0a20·202d·2050·4349·2d44··M-6(a).··-·PCI-D
 0003b4f0:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·
 0003b500:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.2
 0003b510:·0a20·202d·2065·6e61·626c·655f·7374·7261··.··-·enable_stra
 0003b520:·7465·6779·0a20·202d·206c·6f77·5f63·6f6d··tegy.··-·low_com
 0003b530:·706c·6578·6974·790a·2020·2d20·6c6f·775f··plexity.··-·low_
 0003b540:·6469·7372·7570·7469·6f6e·0a20·202d·206d··disruption.··-·m
 0003b550:·6564·6975·6d5f·7365·7665·7269·7479·0a20··edium_severity.·
 0003b560:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee
 0003b570:·6465·640a·2020·2d20·7061·636b·6167·655f··ded.··-·package_
 0003b580:·6169·6465·5f69·6e73·7461·6c6c·6564·0a3c··aide_installed.<
0003af30:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di0003b590:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
Max diff block lines reached; 16982297/17001093 bytes (99.89%) of diff not shown.
1.53 MB
html2text {}
    
Offset 125, 19 lines modifiedOffset 125, 28 lines modified
125 include·install_aide125 include·install_aide
  
126 class·install_aide·{126 class·install_aide·{
127 ··package·{·'aide':127 ··package·{·'aide':
128 ····ensure·=>·'installed',128 ····ensure·=>·'installed',
129 ··}129 ··}
130 }130 }
131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 136 #·Remediation·is·applicable·only·in·certain·platforms
 137 if·dpkg-query·--show·--showformat='${db:Status-Status}
 138 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
132 [[packages]] 
133 name·=·"aide" 
134 version·=·"*"139 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 140 else
 141 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 142 fi
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
140 -·name:·Gather·the·package·facts148 -·name:·Gather·the·package·facts
141 ··package_facts:149 ··package_facts:
Offset 166, 28 lines modifiedOffset 175, 19 lines modified
166 ··-·PCI-DSSv4-11.5.2175 ··-·PCI-DSSv4-11.5.2
167 ··-·enable_strategy176 ··-·enable_strategy
168 ··-·low_complexity177 ··-·low_complexity
169 ··-·low_disruption178 ··-·low_disruption
170 ··-·medium_severity179 ··-·medium_severity
171 ··-·no_reboot_needed180 ··-·no_reboot_needed
172 ··-·package_aide_installed181 ··-·package_aide_installed
 182 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
173 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
174 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
175 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
176 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
177 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
178 #·Remediation·is·applicable·only·in·certain·platforms 
179 if·dpkg-query·--show·--showformat='${db:Status-Status} 
180 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
181 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
182 else 
183 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
184 fi183 [[packages]]
 184 name·=·"aide"
 185 version·=·"*"
185 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*186 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
186 Run·the·following·command·to·generate·a·new·database:187 Run·the·following·command·to·generate·a·new·database:
187 $·sudo·aideinit188 $·sudo·aideinit
188 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the189 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the
189 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these190 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these
190 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their191 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
191 integrity.·The·newly-generated·database·can·be·installed·as·follows:192 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 211, 14 lines modifiedOffset 211, 41 lines modified
211 ···························A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.14.2.7,·A.15.2.1,·A.8.2.3211 ···························A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.14.2.7,·A.15.2.1,·A.8.2.3
212 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)212 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
213 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3213 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
214 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5214 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
215 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199215 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
216 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79216 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
217 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2217 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 218 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 219 #·Remediation·is·applicable·only·in·certain·platforms
 220 if·dpkg-query·--show·--showformat='${db:Status-Status}
 221 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
 222 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 223 AIDE_CONFIG=/etc/aide/aide.conf
 224 DEFAULT_DB_PATH=/var/lib/aide/aide.db
  
 225 #·Fix·db·path·in·the·config·file,·if·necessary
 226 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then
 227 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used.
 228 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s'
 229 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG}
 230 fi
  
 231 #·Fix·db·out·path·in·the·config·file,·if·necessary
 232 if·!·grep·-q·'^database_out=file:'·${AIDE_CONFIG};·then
 233 ····echo·"database_out=file:${DEFAULT_DB_PATH}.new"·>>·${AIDE_CONFIG}
 234 fi
  
 235 /usr/sbin/aideinit·-y·-f
  
 236 else
 237 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 238 fi
218 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8239 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
219 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low240 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
220 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low241 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
221 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false242 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
222 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict243 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
223 -·name:·Gather·the·package·facts244 -·name:·Gather·the·package·facts
224 ··package_facts:245 ··package_facts:
Offset 388, 41 lines modifiedOffset 415, 14 lines modified
388 ··-·PCI-DSSv4-11.5.2415 ··-·PCI-DSSv4-11.5.2
389 ··-·aide_build_database416 ··-·aide_build_database
390 ··-·low_complexity417 ··-·low_complexity
391 ··-·low_disruption418 ··-·low_disruption
392 ··-·medium_severity419 ··-·medium_severity
393 ··-·no_reboot_needed420 ··-·no_reboot_needed
394 ··-·restrict_strategy421 ··-·restrict_strategy
395 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
396 #·Remediation·is·applicable·only·in·certain·platforms 
397 if·dpkg-query·--show·--showformat='${db:Status-Status} 
398 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
399 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
400 AIDE_CONFIG=/etc/aide/aide.conf 
401 DEFAULT_DB_PATH=/var/lib/aide/aide.db 
  
402 #·Fix·db·path·in·the·config·file,·if·necessary 
403 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then 
404 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used. 
405 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s' 
406 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG} 
Max diff block lines reached; 1602709/1608328 bytes (99.65%) of diff not shown.
17.9 MB
./usr/share/doc/ssg-debian/ssg-debian12-guide-anssi_bp28_high.html
    
Offset 15081, 146 lines modifiedOffset 15081, 146 lines modified
0003ae80:·7461·7267·6574·3d22·2369·646d·3236·3834··target="#idm26840003ae80:·7461·7267·6574·3d22·2369·646d·3236·3834··target="#idm2684
0003ae90:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003ae90:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003aea0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003aea0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003aeb0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003aeb0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003aec0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003aec0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003aed0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003aed0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003aee0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003aee0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
0003aef0:·696f·6e20·4f53·4275·696c·6420·426c·7565··ion·OSBuild·Blue 
0003af00:·7072·696e·7420·736e·6970·7065·7420·e287··print·snippet·.. 
0003af10:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003af20:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003af30:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003af40:·3d22·6964·6d32·3638·3422·3e3c·7072·653e··="idm2684"><pre> 
0003af50:·3c63·6f64·653e·0a5b·5b70·6163·6b61·6765··<code>.[[package 
0003af60:·735d·5d0a·6e61·6d65·203d·2022·6169·6465··s]].name·=·"aide 
0003af70:·220a·7665·7273·696f·6e20·3d20·222a·220a··".version·=·"*".0003aef0:·696f·6e20·5368·656c·6c20·7363·7269·7074··ion·Shell·script
 0003af00:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
 0003af10:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
 0003af20:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
 0003af30:·2069·643d·2269·646d·3236·3834·223e·3c74···id="idm2684"><t
 0003af40:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
 0003af50:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
 0003af60:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
 0003af70:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
 0003af80:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
 0003af90:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<
 0003afa0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003afb0:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th
 0003afc0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003afd0:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
 0003afe0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
 0003aff0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b000:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
 0003b010:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></
 0003b020:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
 0003b030:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
 0003b040:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
 0003b050:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
 0003b060:·6e20·706c·6174·666f·726d·730a·6966·2064··n·platforms.if·d
 0003b070:·706b·672d·7175·6572·7920·2d2d·7368·6f77··pkg-query·--show
 0003b080:·202d·2d73·686f·7766·6f72·6d61·743d·2724···--showformat='$
 0003b090:·7b64·623a·5374·6174·7573·2d53·7461·7475··{db:Status-Statu
 0003b0a0:·737d·0a27·2027·6c69·6e75·782d·6261·7365··s}.'·'linux-base
 0003b0b0:·2720·3226·6774·3b2f·6465·762f·6e75·6c6c··'·2&gt;/dev/null
 0003b0c0:·207c·2067·7265·7020·2d71·205e·696e·7374···|·grep·-q·^inst
 0003b0d0:·616c·6c65·643b·2074·6865·6e0a·0a44·4542··alled;·then..DEB
 0003b0e0:·4941·4e5f·4652·4f4e·5445·4e44·3d6e·6f6e··IAN_FRONTEND=non
 0003b0f0:·696e·7465·7261·6374·6976·6520·6170·742d··interactive·apt-
 0003b100:·6765·7420·696e·7374·616c·6c20·2d79·2022··get·install·-y·"
 0003b110:·6169·6465·220a·0a65·6c73·650a·2020·2020··aide"..else.····
 0003b120:·2667·743b·2661·6d70·3b32·2065·6368·6f20··&gt;&amp;2·echo·
 0003b130:·2752·656d·6564·6961·7469·6f6e·2069·7320··'Remediation·is·
 0003b140:·6e6f·7420·6170·706c·6963·6162·6c65·2c20··not·applicable,·
 0003b150:·6e6f·7468·696e·6720·7761·7320·646f·6e65··nothing·was·done
 0003b160:·270a·6669·0a3c·2f63·6f64·653e·3c2f·7072··'.fi.</code></pr
 0003b170:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class
 0003b180:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes
 0003b190:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="
 0003b1a0:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t
 0003b1b0:·6172·6765·743d·2223·6964·6d32·3638·3522··arget="#idm2685"
 0003b1c0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
 0003b1d0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
 0003b1e0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
 0003b1f0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
 0003b200:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
 0003b210:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
 0003b220:·6f6e·2041·6e73·6962·6c65·2073·6e69·7070··on·Ansible·snipp
 0003b230:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d
 0003b240:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
 0003b250:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
 0003b260:·6522·2069·643d·2269·646d·3236·3835·223e··e"·id="idm2685">
 0003b270:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
 0003b280:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
 0003b290:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
 0003b2a0:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
 0003b2b0:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
 0003b2c0:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo
 0003b2d0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003b2e0:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
 0003b2f0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003b300:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo
 0003b310:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals
 0003b320:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><
 0003b330:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
 0003b340:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td>
 0003b350:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
 0003b360:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·
 0003b370:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa
 0003b380:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa
 0003b390:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma
 0003b3a0:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta
 0003b3b0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.1
 0003b3c0:·302e·312e·330a·2020·2d20·4e49·5354·2d38··0.1.3.··-·NIST-8
 0003b3d0:·3030·2d35·332d·434d·2d36·2861·290a·2020··00-53-CM-6(a).··
 0003b3e0:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-11
 0003b3f0:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv4
 0003b400:·2d31·312e·352e·320a·2020·2d20·656e·6162··-11.5.2.··-·enab
 0003b410:·6c65·5f73·7472·6174·6567·790a·2020·2d20··le_strategy.··-·
 0003b420:·6c6f·775f·636f·6d70·6c65·7869·7479·0a20··low_complexity.·
 0003b430:·202d·206c·6f77·5f64·6973·7275·7074·696f···-·low_disruptio
 0003b440:·6e0a·2020·2d20·6d65·6469·756d·5f73·6576··n.··-·medium_sev
 0003b450:·6572·6974·790a·2020·2d20·6e6f·5f72·6562··erity.··-·no_reb
 0003b460:·6f6f·745f·6e65·6564·6564·0a20·202d·2070··oot_needed.··-·p
 0003b470:·6163·6b61·6765·5f61·6964·655f·696e·7374··ackage_aide_inst
 0003b480:·616c·6c65·640a·0a2d·206e·616d·653a·2045··alled..-·name:·E
 0003b490:·6e73·7572·6520·6169·6465·2069·7320·696e··nsure·aide·is·in
 0003b4a0:·7374·616c·6c65·640a·2020·7061·636b·6167··stalled.··packag
 0003b4b0:·653a·0a20·2020·206e·616d·653a·2061·6964··e:.····name:·aid
 0003b4c0:·650a·2020·2020·7374·6174·653a·2070·7265··e.····state:·pre
 0003b4d0:·7365·6e74·0a20·2077·6865·6e3a·2027·226c··sent.··when:·'"l
 0003b4e0:·696e·7578·2d62·6173·6522·2069·6e20·616e··inux-base"·in·an
 0003b4f0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 0003b500:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··
 0003b510:·2d20·434a·4953·2d35·2e31·302e·312e·330a··-·CJIS-5.10.1.3.
 0003b520:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
 0003b530:·434d·2d36·2861·290a·2020·2d20·5043·492d··CM-6(a).··-·PCI-
 0003b540:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··-
 0003b550:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5.
 0003b560:·320a·2020·2d20·656e·6162·6c65·5f73·7472··2.··-·enable_str
 0003b570:·6174·6567·790a·2020·2d20·6c6f·775f·636f··ategy.··-·low_co
 0003b580:·6d70·6c65·7869·7479·0a20·202d·206c·6f77··mplexity.··-·low
 0003b590:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·
 0003b5a0:·6d65·6469·756d·5f73·6576·6572·6974·790a··medium_severity.
 0003b5b0:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne
 0003b5c0:·6564·6564·0a20·202d·2070·6163·6b61·6765··eded.··-·package
 0003b5d0:·5f61·6964·655f·696e·7374·616c·6c65·640a··_aide_installed.
0003af80:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d0003b5e0:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
Max diff block lines reached; 17158026/17176822 bytes (99.89%) of diff not shown.
1.56 MB
html2text {}
Max HTML report size reached
6.92 MB
./usr/share/doc/ssg-debian/ssg-debian12-guide-anssi_bp28_intermediary.html
    
Offset 15067, 146 lines modifiedOffset 15067, 146 lines modified
0003ada0:·7267·6574·3d22·2369·646d·3236·3834·2220··rget="#idm2684"·0003ada0:·7267·6574·3d22·2369·646d·3236·3834·2220··rget="#idm2684"·
0003adb0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003adb0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003adc0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003adc0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003add0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003add0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003ade0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003ade0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003adf0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003adf0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003ae00:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003ae00:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003ae10:·6e20·4f53·4275·696c·6420·426c·7565·7072··n·OSBuild·Bluepr 
0003ae20:·696e·7420·736e·6970·7065·7420·e287·b23c··int·snippet·...< 
0003ae30:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003ae40:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003ae50:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003ae60:·6964·6d32·3638·3422·3e3c·7072·653e·3c63··idm2684"><pre><c 
0003ae70:·6f64·653e·0a5b·5b70·6163·6b61·6765·735d··ode>.[[packages] 
0003ae80:·5d0a·6e61·6d65·203d·2022·6169·6465·220a··].name·=·"aide". 
0003ae90:·7665·7273·696f·6e20·3d20·222a·220a·3c2f··version·=·"*".</0003ae10:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
 0003ae20:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
 0003ae30:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
 0003ae40:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
 0003ae50:·643d·2269·646d·3236·3834·223e·3c74·6162··d="idm2684"><tab
 0003ae60:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 0003ae70:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 0003ae80:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 0003ae90:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 0003aea0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
 0003aeb0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003aec0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003aed0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
 0003aee0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003aef0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003af00:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
 0003af10:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 0003af20:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003af30:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr
 0003af40:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
 0003af50:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
 0003af60:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
 0003af70:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
 0003af80:·706c·6174·666f·726d·730a·6966·2064·706b··platforms.if·dpk
 0003af90:·672d·7175·6572·7920·2d2d·7368·6f77·202d··g-query·--show·-
 0003afa0:·2d73·686f·7766·6f72·6d61·743d·2724·7b64··-showformat='${d
 0003afb0:·623a·5374·6174·7573·2d53·7461·7475·737d··b:Status-Status}
 0003afc0:·0a27·2027·6c69·6e75·782d·6261·7365·2720··.'·'linux-base'·
 0003afd0:·3226·6774·3b2f·6465·762f·6e75·6c6c·207c··2&gt;/dev/null·|
 0003afe0:·2067·7265·7020·2d71·205e·696e·7374·616c···grep·-q·^instal
 0003aff0:·6c65·643b·2074·6865·6e0a·0a44·4542·4941··led;·then..DEBIA
 0003b000:·4e5f·4652·4f4e·5445·4e44·3d6e·6f6e·696e··N_FRONTEND=nonin
 0003b010:·7465·7261·6374·6976·6520·6170·742d·6765··teractive·apt-ge
 0003b020:·7420·696e·7374·616c·6c20·2d79·2022·6169··t·install·-y·"ai
 0003b030:·6465·220a·0a65·6c73·650a·2020·2020·2667··de"..else.····&g
 0003b040:·743b·2661·6d70·3b32·2065·6368·6f20·2752··t;&amp;2·echo·'R
 0003b050:·656d·6564·6961·7469·6f6e·2069·7320·6e6f··emediation·is·no
 0003b060:·7420·6170·706c·6963·6162·6c65·2c20·6e6f··t·applicable,·no
 0003b070:·7468·696e·6720·7761·7320·646f·6e65·270a··thing·was·done'.
 0003b080:·6669·0a3c·2f63·6f64·653e·3c2f·7072·653e··fi.</code></pre>
 0003b090:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="
 0003b0a0:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"
 0003b0b0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co
 0003b0c0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar
 0003b0d0:·6765·743d·2223·6964·6d32·3638·3522·2074··get="#idm2685"·t
 0003b0e0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
 0003b0f0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
 0003b100:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
 0003b110:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
 0003b120:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
 0003b130:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
 0003b140:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet
 0003b150:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
 0003b160:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
 0003b170:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
 0003b180:·2069·643d·2269·646d·3236·3835·223e·3c74···id="idm2685"><t
 0003b190:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
 0003b1a0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
 0003b1b0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
 0003b1c0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
 0003b1d0:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
 0003b1e0:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<
 0003b1f0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b200:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th
 0003b210:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003b220:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
 0003b230:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
 0003b240:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b250:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
 0003b260:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></
 0003b270:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
 0003b280:·3c63·6f64·653e·2d20·6e61·6d65·3a20·4761··<code>-·name:·Ga
 0003b290:·7468·6572·2074·6865·2070·6163·6b61·6765··ther·the·package
 0003b2a0:·2066·6163·7473·0a20·2070·6163·6b61·6765···facts.··package
 0003b2b0:·5f66·6163·7473·3a0a·2020·2020·6d61·6e61··_facts:.····mana
 0003b2c0:·6765·723a·2061·7574·6f0a·2020·7461·6773··ger:·auto.··tags
 0003b2d0:·3a0a·2020·2d20·434a·4953·2d35·2e31·302e··:.··-·CJIS-5.10.
 0003b2e0:·312e·330a·2020·2d20·4e49·5354·2d38·3030··1.3.··-·NIST-800
 0003b2f0:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-·
 0003b300:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.5
 0003b310:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1
 0003b320:·312e·352e·320a·2020·2d20·656e·6162·6c65··1.5.2.··-·enable
 0003b330:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo
 0003b340:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-
 0003b350:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption.
 0003b360:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever
 0003b370:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo
 0003b380:·745f·6e65·6564·6564·0a20·202d·2070·6163··t_needed.··-·pac
 0003b390:·6b61·6765·5f61·6964·655f·696e·7374·616c··kage_aide_instal
 0003b3a0:·6c65·640a·0a2d·206e·616d·653a·2045·6e73··led..-·name:·Ens
 0003b3b0:·7572·6520·6169·6465·2069·7320·696e·7374··ure·aide·is·inst
 0003b3c0:·616c·6c65·640a·2020·7061·636b·6167·653a··alled.··package:
 0003b3d0:·0a20·2020·206e·616d·653a·2061·6964·650a··.····name:·aide.
 0003b3e0:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
 0003b3f0:·6e74·0a20·2077·6865·6e3a·2027·226c·696e··nt.··when:·'"lin
 0003b400:·7578·2d62·6173·6522·2069·6e20·616e·7369··ux-base"·in·ansi
 0003b410:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 0003b420:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·
 0003b430:·434a·4953·2d35·2e31·302e·312e·330a·2020··CJIS-5.10.1.3.··
 0003b440:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM
 0003b450:·2d36·2861·290a·2020·2d20·5043·492d·4453··-6(a).··-·PCI-DS
 0003b460:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P
 0003b470:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.
 0003b480:·2020·2d20·656e·6162·6c65·5f73·7472·6174····-·enable_strat
 0003b490:·6567·790a·2020·2d20·6c6f·775f·636f·6d70··egy.··-·low_comp
 0003b4a0:·6c65·7869·7479·0a20·202d·206c·6f77·5f64··lexity.··-·low_d
 0003b4b0:·6973·7275·7074·696f·6e0a·2020·2d20·6d65··isruption.··-·me
 0003b4c0:·6469·756d·5f73·6576·6572·6974·790a·2020··dium_severity.··
 0003b4d0:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need
 0003b4e0:·6564·0a20·202d·2070·6163·6b61·6765·5f61··ed.··-·package_a
 0003b4f0:·6964·655f·696e·7374·616c·6c65·640a·3c2f··ide_installed.</
0003aea0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div0003b500:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div
Max diff block lines reached; 6364438/6383234 bytes (99.71%) of diff not shown.
850 KB
html2text {}
    
Offset 123, 19 lines modifiedOffset 123, 28 lines modified
123 include·install_aide123 include·install_aide
  
124 class·install_aide·{124 class·install_aide·{
125 ··package·{·'aide':125 ··package·{·'aide':
126 ····ensure·=>·'installed',126 ····ensure·=>·'installed',
127 ··}127 ··}
128 }128 }
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 134 #·Remediation·is·applicable·only·in·certain·platforms
 135 if·dpkg-query·--show·--showformat='${db:Status-Status}
 136 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
130 [[packages]] 
131 name·=·"aide" 
132 version·=·"*"137 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 138 else
 139 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 140 fi
133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low142 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low143 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false144 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable145 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
138 -·name:·Gather·the·package·facts146 -·name:·Gather·the·package·facts
139 ··package_facts:147 ··package_facts:
Offset 164, 28 lines modifiedOffset 173, 19 lines modified
164 ··-·PCI-DSSv4-11.5.2173 ··-·PCI-DSSv4-11.5.2
165 ··-·enable_strategy174 ··-·enable_strategy
166 ··-·low_complexity175 ··-·low_complexity
167 ··-·low_disruption176 ··-·low_disruption
168 ··-·medium_severity177 ··-·medium_severity
169 ··-·no_reboot_needed178 ··-·no_reboot_needed
170 ··-·package_aide_installed179 ··-·package_aide_installed
 180 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
171 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
172 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
173 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
174 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
175 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
176 #·Remediation·is·applicable·only·in·certain·platforms 
177 if·dpkg-query·--show·--showformat='${db:Status-Status} 
178 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
179 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
180 else 
181 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
182 fi181 [[packages]]
 182 name·=·"aide"
 183 version·=·"*"
183 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*184 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
184 Run·the·following·command·to·generate·a·new·database:185 Run·the·following·command·to·generate·a·new·database:
185 $·sudo·aideinit186 $·sudo·aideinit
186 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the187 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the
187 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these188 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these
188 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their189 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
189 integrity.·The·newly-generated·database·can·be·installed·as·follows:190 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 209, 14 lines modifiedOffset 209, 41 lines modified
209 ···························A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.14.2.7,·A.15.2.1,·A.8.2.3209 ···························A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.14.2.7,·A.15.2.1,·A.8.2.3
210 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)210 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
211 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3211 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
212 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5212 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
213 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199213 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
214 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79214 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
215 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2215 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 216 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 217 #·Remediation·is·applicable·only·in·certain·platforms
 218 if·dpkg-query·--show·--showformat='${db:Status-Status}
 219 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then
  
 220 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"
  
 221 AIDE_CONFIG=/etc/aide/aide.conf
 222 DEFAULT_DB_PATH=/var/lib/aide/aide.db
  
 223 #·Fix·db·path·in·the·config·file,·if·necessary
 224 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then
 225 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used.
 226 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s'
 227 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG}
 228 fi
  
 229 #·Fix·db·out·path·in·the·config·file,·if·necessary
 230 if·!·grep·-q·'^database_out=file:'·${AIDE_CONFIG};·then
 231 ····echo·"database_out=file:${DEFAULT_DB_PATH}.new"·>>·${AIDE_CONFIG}
 232 fi
  
 233 /usr/sbin/aideinit·-y·-f
  
 234 else
 235 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 236 fi
216 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8237 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
217 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low238 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
218 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low239 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
219 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false240 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
220 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict241 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
221 -·name:·Gather·the·package·facts242 -·name:·Gather·the·package·facts
222 ··package_facts:243 ··package_facts:
Offset 386, 41 lines modifiedOffset 413, 14 lines modified
386 ··-·PCI-DSSv4-11.5.2413 ··-·PCI-DSSv4-11.5.2
387 ··-·aide_build_database414 ··-·aide_build_database
388 ··-·low_complexity415 ··-·low_complexity
389 ··-·low_disruption416 ··-·low_disruption
390 ··-·medium_severity417 ··-·medium_severity
391 ··-·no_reboot_needed418 ··-·no_reboot_needed
392 ··-·restrict_strategy419 ··-·restrict_strategy
393 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
394 #·Remediation·is·applicable·only·in·certain·platforms 
395 if·dpkg-query·--show·--showformat='${db:Status-Status} 
396 '·'linux-base'·2>/dev/null·|·grep·-q·^installed;·then 
  
397 DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide" 
  
398 AIDE_CONFIG=/etc/aide/aide.conf 
399 DEFAULT_DB_PATH=/var/lib/aide/aide.db 
  
400 #·Fix·db·path·in·the·config·file,·if·necessary 
401 if·!·grep·-q·'^database=file:'·${AIDE_CONFIG};·then 
402 ····#·replace_or_append·gets·confused·by·'database=file'·as·a·key,·so·should·not·be·used. 
403 ····#replace_or_append·"${AIDE_CONFIG}"·'^database=file'·"${DEFAULT_DB_PATH}"·'@CCENUM@'·'%s:%s' 
404 ····echo·"database=file:${DEFAULT_DB_PATH}"·>>·${AIDE_CONFIG} 
Max diff block lines reached; 864796/870415 bytes (99.35%) of diff not shown.
581 KB
./usr/share/doc/ssg-debian/ssg-debian12-guide-anssi_bp28_minimal.html
    
Offset 15543, 417 lines modifiedOffset 15543, 417 lines modified
0003cb60:·7461·2d74·6172·6765·743d·2223·6964·6d34··ta-target="#idm40003cb60:·7461·2d74·6172·6765·743d·2223·6964·6d34··ta-target="#idm4
0003cb70:·3632·3522·2074·6162·696e·6465·783d·2230··625"·tabindex="00003cb70:·3632·3522·2074·6162·696e·6465·783d·2230··625"·tabindex="0
0003cb80:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·0003cb80:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003cb90:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f0003cb90:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003cba0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act0003cba0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003cbb0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"0003cbb0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
Diff chunk too large, falling back to line-by-line diff (403 lines added, 403 lines removed)
0003cbc0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed0003cbc0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
0003cbd0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s0003cbd0:·6961·7469·6f6e·2053·6865·6c6c·2073·6372··iation·Shell·scr
0003cbe0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b0003cbe0:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br><
0003cbf0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa0003cbf0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003cc00:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col0003cc00:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003cc10:·6c61·7073·6522·2069·643d·2269·646d·3436··lapse"·id="idm460003cc10:·7365·2220·6964·3d22·6964·6d34·3632·3522··se"·id="idm4625"
0003cc20:·3235·223e·3c74·6162·6c65·2063·6c61·7373··25"><table·class0003cc20:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
0003cc30:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st0003cc30:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
0003cc40:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord0003cc40:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
0003cc50:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde0003cc50:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
0003cc60:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co0003cc60:·730a·6966·2064·706b·672d·7175·6572·7920··s.if·dpkg-query·
0003cc70:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t0003cc70:·2d2d·7368·6f77·202d·2d73·686f·7766·6f72··--show·--showfor
0003cc80:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><0003cc80:·6d61·743d·2724·7b64·623a·5374·6174·7573··mat='${db:Status
0003cc90:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio0003cc90:·2d53·7461·7475·737d·5c6e·2720·276c·6962··-Status}\n'·'lib
0003cca0:·6e3a·3c2f·7468·3e3c·7464·3e6d·6564·6975··n:</th><td>mediu0003cca0:·7061·6d2d·7275·6e74·696d·6527·2032·2667··pam-runtime'·2&g
0003ccb0:·6d3c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··m</td></tr><tr><0003ccb0:·743b·2f64·6576·2f6e·756c·6c20·7c20·6772··t;/dev/null·|·gr
0003ccc0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><0003ccc0:·6570·202d·7120·275e·696e·7374·616c·6c65··ep·-q·'^installe
0003ccd0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t0003ccd0:·6427·3b20·7468·656e·0a0a·7661·725f·7061··d';·then..var_pa
0003cce0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate0003cce0:·7373·776f·7264·5f70·616d·5f75·6e69·785f··ssword_pam_unix_
0003ccf0:·6779·3a3c·2f74·683e·3c74·643e·636f·6e66··gy:</th><td>conf0003ccf0:·7265·6d65·6d62·6572·3d27·3c61·6262·7220··remember='<abbr·
0003cd00:·6967·7572·653c·2f74·643e·3c2f·7472·3e3c··igure</td></tr><0003cd00:·7469·746c·653d·2266·726f·6d20·5072·6f66··title="from·Prof
0003cd10:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod0003cd10:·696c·652f·7265·6669·6e65·2d76·616c·7565··ile/refine-value
0003cd20:·653e·2d20·6e61·6d65·3a20·4761·7468·6572··e>-·name:·Gather0003cd20:·3a20·7863·6364·665f·6f72·672e·7373·6770··:·xccdf_org.ssgp
0003cd30:·2074·6865·2070·6163·6b61·6765·2066·6163···the·package·fac0003cd30:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f76··roject.content_v
0003cd40:·7473·0a20·2070·6163·6b61·6765·5f66·6163··ts.··package_fac0003cd40:·616c·7565·5f76·6172·5f70·6173·7377·6f72··alue_var_passwor
0003cd50:·7473·3a0a·2020·2020·6d61·6e61·6765·723a··ts:.····manager:0003cd50:·645f·7061·6d5f·756e·6978·5f72·656d·656d··d_pam_unix_remem
0003cd60:·2061·7574·6f0a·2020·7461·6773·3a0a·2020···auto.··tags:.··0003cd60:·6265·7222·3e32·3c2f·6162·6272·3e27·0a0a··ber">2</abbr>'..
0003cd70:·2d20·434a·4953·2d35·2e36·2e32·2e31·2e31··-·CJIS-5.6.2.1.10003cd70:·0a0a·0a0a·0a69·6620·5b20·2d65·2022·2f65··.....if·[·-e·"/e
0003cd80:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170003cd80:·7463·2f70·616d·2e64·2f63·6f6d·6d6f·6e2d··tc/pam.d/common-
0003cd90:·312d·332e·352e·380a·2020·2d20·4e49·5354··1-3.5.8.··-·NIST0003cd90:·7061·7373·776f·7264·2220·5d20·3b20·7468··password"·]·;·th
0003cda0:·2d38·3030·2d35·332d·4941·2d35·2831·2928··-800-53-IA-5(1)(0003cda0:·656e·0a20·2020·2076·616c·7565·5265·6765··en.····valueRege
0003cdb0:·6529·0a20·202d·204e·4953·542d·3830·302d··e).··-·NIST-800-0003cdb0:·783d·2224·7661·725f·7061·7373·776f·7264··x="$var_password
0003cdc0:·3533·2d49·412d·3528·6629·0a20·202d·2050··53-IA-5(f).··-·P0003cdc0:·5f70·616d·5f75·6e69·785f·7265·6d65·6d62··_pam_unix_rememb
0003cdd0:·4349·2d44·5353·2d52·6571·2d38·2e32·2e35··CI-DSS-Req-8.2.50003cdd0:·6572·2220·6465·6661·756c·7456·616c·7565··er"·defaultValue
0003cde0:·0a20·202d·2050·4349·2d44·5353·7634·2d38··.··-·PCI-DSSv4-80003cde0:·3d22·2476·6172·5f70·6173·7377·6f72·645f··="$var_password_
0003cdf0:·2e33·0a20·202d·2050·4349·2d44·5353·7634··.3.··-·PCI-DSSv40003cdf0:·7061·6d5f·756e·6978·5f72·656d·656d·6265··pam_unix_remembe
0003ce00:·2d38·2e33·2e37·0a20·202d·2061·6363·6f75··-8.3.7.··-·accou0003ce00:·7222·0a20·2020·2023·206e·6f6e·2d65·6d70··r".····#·non-emp
0003ce10:·6e74·735f·7061·7373·776f·7264·5f70·616d··nts_password_pam0003ce10:·7479·2076·616c·7565·7320·6e65·6564·2074··ty·values·need·t
0003ce20:·5f75·6e69·785f·7265·6d65·6d62·6572·0a20··_unix_remember.·0003ce20:·6f20·6265·2070·7265·6365·6465·6420·6279··o·be·preceded·by
0003ce30:·202d·2063·6f6e·6669·6775·7265·5f73·7472···-·configure_str0003ce30:·2061·6e20·6571·7561·6c73·2073·6967·6e0a···an·equals·sign.
0003ce40:·6174·6567·790a·2020·2d20·6c6f·775f·636f··ategy.··-·low_co0003ce40:·2020·2020·5b20·2d6e·2022·247b·7661·6c75······[·-n·"${valu
0003ce50:·6d70·6c65·7869·7479·0a20·202d·206d·6564··mplexity.··-·med0003ce50:·6552·6567·6578·7d22·205d·2026·616d·703b··eRegex}"·]·&amp;
0003ce60:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·0003ce60:·2661·6d70·3b20·7661·6c75·6552·6567·6578··&amp;·valueRegex
0003ce70:·202d·206d·6564·6975·6d5f·7365·7665·7269···-·medium_severi0003ce70:·3d22·3d24·7b76·616c·7565·5265·6765·787d··="=${valueRegex}
0003ce80:·7479·0a20·202d·206e·6f5f·7265·626f·6f74··ty.··-·no_reboot0003ce80:·220a·2020·2020·2320·6164·6420·616e·2065··".····#·add·an·e
0003ce90:·5f6e·6565·6465·640a·2d20·6e61·6d65·3a20··_needed.-·name:·0003ce90:·7175·616c·7320·7369·676e·2074·6f20·6e6f··quals·sign·to·no
0003cea0:·5843·4344·4620·5661·6c75·6520·7661·725f··XCCDF·Value·var_0003cea0:·6e2d·656d·7074·7920·7661·6c75·6573·0a20··n-empty·values.·
0003ceb0:·7061·7373·776f·7264·5f70·616d·5f75·6e69··password_pam_uni0003ceb0:·2020·205b·202d·6e20·2224·7b64·6566·6175·····[·-n·"${defau
0003cec0:·785f·7265·6d65·6d62·6572·2023·2070·726f··x_remember·#·pro0003cec0:·6c74·5661·6c75·657d·2220·5d20·2661·6d70··ltValue}"·]·&amp
0003ced0:·6d6f·7465·2074·6f20·7661·7269·6162·6c65··mote·to·variable0003ced0:·3b26·616d·703b·2064·6566·6175·6c74·5661··;&amp;·defaultVa
0003cee0:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···0003cee0:·6c75·653d·223d·247b·6465·6661·756c·7456··lue="=${defaultV
0003cef0:·2076·6172·5f70·6173·7377·6f72·645f·7061···var_password_pa0003cef0:·616c·7565·7d22·0a0a·2020·2020·2320·6669··alue}"..····#·fi
0003cf00:·6d5f·756e·6978·5f72·656d·656d·6265·723a··m_unix_remember:0003cf00:·7820·2774·7970·6527·2069·6620·6974·2773··x·'type'·if·it's
0003cf10:·2021·2173·7472·203c·6162·6272·2074·6974···!!str·<abbr·tit0003cf10:·2077·726f·6e67·0a20·2020·2069·6620·6772···wrong.····if·gr
0003cf20:·6c65·3d22·6672·6f6d·2050·726f·6669·6c65··le="from·Profile0003cf20:·6570·202d·7120·2d50·2022·5e5c·5c73·2a28··ep·-q·-P·"^\\s*(
0003cf30:·2f72·6566·696e·652d·7661·6c75·653a·2078··/refine-value:·x0003cf30:·3f22·2721·2722·7061·7373·776f·7264·5c5c··?"'!'"password\\
0003cf40:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj0003cf40:·7329·5b5b·3a61·6c6e·756d·3a5d·5d2b·5c5c··s)[[:alnum:]]+\\
0003cf50:·6563·742e·636f·6e74·656e·745f·7661·6c75··ect.content_valu0003cf50:·732b·5b5b·3a61·6c6e·756d·3a5d·5d2b·5c5c··s+[[:alnum:]]+\\
0003cf60:·655f·7661·725f·7061·7373·776f·7264·5f70··e_var_password_p0003cf60:·732b·7061·6d5f·756e·6978·2e73·6f22·2026··s+pam_unix.so"·&
0003cf70:·616d·5f75·6e69·785f·7265·6d65·6d62·6572··am_unix_remember0003cf70:·6c74·3b20·222f·6574·632f·7061·6d2e·642f··lt;·"/etc/pam.d/
0003cf80:·223e·323c·2f61·6262·723e·0a20·2074·6167··">2</abbr>.··tag0003cf80:·636f·6d6d·6f6e·2d70·6173·7377·6f72·6422··common-password"
0003cf90:·733a·0a20·2020·202d·2061·6c77·6179·730a··s:.····-·always.0003cf90:·203b·2074·6865·6e0a·2020·2020·2020·2020···;·then.········
0003cfa0:·0a2d·206e·616d·653a·204c·696d·6974·2050··.-·name:·Limit·P0003cfa0:·7365·6420·2d2d·666f·6c6c·6f77·2d73·796d··sed·--follow-sym
0003cfb0:·6173·7377·6f72·6420·5265·7573·6520·2d20··assword·Reuse·-·0003cfb0:·6c69·6e6b·7320·2d69·202d·4520·2d65·2022··links·-i·-E·-e·"
0003cfc0:·4368·6563·6b20·6966·2074·6865·2072·6571··Check·if·the·req0003cfc0:·732f·5e28·5c5c·732a·295b·5b3a·616c·6e75··s/^(\\s*)[[:alnu
0003cfd0:·7569·7265·6420·5041·4d20·6d6f·6475·6c65··uired·PAM·module0003cfd0:·6d3a·5d5d·2b28·5c5c·732b·5b5b·3a61·6c6e··m:]]+(\\s+[[:aln
0003cfe0:·206f·7074·696f·6e20·6973·2070·7265·7365···option·is·prese0003cfe0:·756d·3a5d·5d2b·5c5c·732b·7061·6d5f·756e··um:]]+\\s+pam_un
0003cff0:·6e74·0a20·2020·2069·6e20·2f65·7463·2f70··nt.····in·/etc/p0003cff0:·6978·2e73·6f29·2f5c·5c31·7061·7373·776f··ix.so)/\\1passwo
0003d000:·616d·2e64·2f63·6f6d·6d6f·6e2d·7061·7373··am.d/common-pass0003d000:·7264·5c5c·322f·2220·222f·6574·632f·7061··rd\\2/"·"/etc/pa
0003d010:·776f·7264·0a20·2061·6e73·6962·6c65·2e62··word.··ansible.b0003d010:·6d2e·642f·636f·6d6d·6f6e·2d70·6173·7377··m.d/common-passw
0003d020:·7569·6c74·696e·2e6c·696e·6569·6e66·696c··uiltin.lineinfil0003d020:·6f72·6422·0a20·2020·2066·690a·0a20·2020··ord".····fi..···
0003d030:·653a·0a20·2020·2070·6174·683a·202f·6574··e:.····path:·/et0003d030:·2023·2066·6978·2027·636f·6e74·726f·6c27···#·fix·'control'
0003d040:·632f·7061·6d2e·642f·636f·6d6d·6f6e·2d70··c/pam.d/common-p0003d040:·2069·6620·6974·2773·2077·726f·6e67·0a20···if·it's·wrong.·
0003d050:·6173·7377·6f72·640a·2020·2020·7265·6765··assword.····rege0003d050:·2020·2069·6620·6772·6570·202d·7120·2d50·····if·grep·-q·-P
0003d060:·7870·3a20·5e5c·732a·7061·7373·776f·7264··xp:·^\s*password0003d060:·2022·5e5c·5c73·2a70·6173·7377·6f72·645c···"^\\s*password\
0003d070:·5c73·2b5c·5b73·7563·6365·7373·3d5b·412d··\s+\[success=[A-0003d070:·5c73·2b28·3f22·2721·2722·5c5b·7375·6363··\s+(?"'!'"\[succ
0003d080:·5a61·2d7a·302d·395d·2e2a·5c5d·5c73·2b70··Za-z0-9].*\]\s+p0003d080:·6573·733d·5b5b·3a61·6c6e·756d·3a5d·5d2e··ess=[[:alnum:]].
0003d090:·616d·5f75·6e69·782e·736f·5c73·2a2e·2a5c··am_unix.so\s*.*\0003d090:·2a5c·5d29·5b5b·3a61·6c6e·756d·3a5d·5d2b··*\])[[:alnum:]]+
0003d0a0:·7372·656d·656d·6265·725c·620a·2020·2020··sremember\b.····0003d0a0:·5c5c·732b·7061·6d5f·756e·6978·2e73·6f22··\\s+pam_unix.so"
0003d0b0:·7374·6174·653a·2061·6273·656e·740a·2020··state:·absent.··0003d0b0:·2026·6c74·3b20·222f·6574·632f·7061·6d2e···&lt;·"/etc/pam.
0003d0c0:·6368·6563·6b5f·6d6f·6465·3a20·7472·7565··check_mode:·true0003d0c0:·642f·636f·6d6d·6f6e·2d70·6173·7377·6f72··d/common-passwor
0003d0d0:·0a20·2063·6861·6e67·6564·5f77·6865·6e3a··.··changed_when:0003d0d0:·6422·203b·2074·6865·6e0a·2020·2020·2020··d"·;·then.······
0003d0e0:·2066·616c·7365·0a20·2072·6567·6973·7465···false.··registe0003d0e0:·2020·7365·6420·2d2d·666f·6c6c·6f77·2d73····sed·--follow-s
0003d0f0:·723a·2072·6573·756c·745f·7061·6d5f·6d6f··r:·result_pam_mo0003d0f0:·796d·6c69·6e6b·7320·2d69·202d·4520·2d65··ymlinks·-i·-E·-e
0003d100:·6475·6c65·5f72·656d·656d·6265·725f·6f70··dule_remember_op0003d100:·2022·732f·5e28·5c5c·732a·7061·7373·776f···"s/^(\\s*passwo
0003d110:·7469·6f6e·5f70·7265·7365·6e74·0a20·2077··tion_present.··w0003d110:·7264·5c5c·732b·295b·5b3a·616c·6e75·6d3a··rd\\s+)[[:alnum:
0003d120:·6865·6e3a·2027·226c·6962·7061·6d2d·7275··hen:·'"libpam-ru0003d120:·5d5d·2b28·5c5c·732b·7061·6d5f·756e·6978··]]+(\\s+pam_unix
0003d130:·6e74·696d·6522·2069·6e20·616e·7369·626c··ntime"·in·ansibl0003d130:·2e73·6f29·2f5c·5c31·5c5b·7375·6363·6573··.so)/\\1\[succes
0003d140:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003d140:·733d·5b5b·3a61·6c6e·756d·3a5d·5d2e·2a5c··s=[[:alnum:]].*\
0003d150:·270a·2020·7461·6773·3a0a·2020·2d20·434a··'.··tags:.··-·CJ0003d150:·5d5c·5c32·2f22·2022·2f65·7463·2f70·616d··]\\2/"·"/etc/pam
0003d160:·4953·2d35·2e36·2e32·2e31·2e31·0a20·202d··IS-5.6.2.1.1.··-0003d160:·2e64·2f63·6f6d·6d6f·6e2d·7061·7373·776f··.d/common-passwo
0003d170:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003d170:·7264·220a·2020·2020·6669·0a0a·2020·2020··rd".····fi..····
0003d180:·352e·380a·2020·2d20·4e49·5354·2d38·3030··5.8.··-·NIST-8000003d180:·2320·6669·7820·7468·6520·7661·6c75·6520··#·fix·the·value·
0003d190:·2d35·332d·4941·2d35·2831·2928·6529·0a20··-53-IA-5(1)(e).·0003d190:·666f·7220·276f·7074·696f·6e27·2069·6620··for·'option'·if·
0003d1a0:·202d·204e·4953·542d·3830·302d·3533·2d49···-·NIST-800-53-I0003d1a0:·6f6e·6520·6578·6973·7473·2062·7574·2064··one·exists·but·d
0003d1b0:·412d·3528·6629·0a20·202d·2050·4349·2d44··A-5(f).··-·PCI-D0003d1b0:·6f65·7320·6e6f·7420·6d61·7463·6820·2776··oes·not·match·'v
0003d1c0:·5353·2d52·6571·2d38·2e32·2e35·0a20·202d··SS-Req-8.2.5.··-0003d1c0:·616c·7565·5265·6765·7827·0a20·2020·2069··alueRegex'.····i
0003d1d0:·2050·4349·2d44·5353·7634·2d38·2e33·0a20···PCI-DSSv4-8.3.·0003d1d0:·6620·6772·6570·202d·7120·2d50·2022·5e5c··f·grep·-q·-P·"^\
0003d1e0:·202d·2050·4349·2d44·5353·7634·2d38·2e33···-·PCI-DSSv4-8.30003d1e0:·5c73·2a70·6173·7377·6f72·645c·5c73·2b5c··\s*password\\s+\
0003d1f0:·2e37·0a20·202d·2061·6363·6f75·6e74·735f··.7.··-·accounts_0003d1f0:·5b73·7563·6365·7373·3d5b·5b3a·616c·6e75··[success=[[:alnu
0003d200:·7061·7373·776f·7264·5f70·616d·5f75·6e69··password_pam_uni0003d200:·6d3a·5d5d·2e2a·5c5d·5c5c·732b·7061·6d5f··m:]].*\]\\s+pam_
0003d210:·785f·7265·6d65·6d62·6572·0a20·202d·2063··x_remember.··-·c0003d210:·756e·6978·2e73·6f28·5c5c·732e·2b29·3f5c··unix.so(\\s.+)?\
0003d220:·6f6e·6669·6775·7265·5f73·7472·6174·6567··onfigure_strateg0003d220:·5c73·2b72·656d·656d·6265·7228·3f22·2721··\s+remember(?"'!
0003d230:·790a·2020·2d20·6c6f·775f·636f·6d70·6c65··y.··-·low_comple0003d230:·2722·247b·7661·6c75·6552·6567·6578·7d28··'"${valueRegex}(
0003d240:·7869·7479·0a20·202d·206d·6564·6975·6d5f··xity.··-·medium_0003d240:·5c5c·737c·5c24·2929·2220·266c·743b·2022··\\s|\$))"·&lt;·"
0003d250:·6469·7372·7570·7469·6f6e·0a20·202d·206d··disruption.··-·m0003d250:·2f65·7463·2f70·616d·2e64·2f63·6f6d·6d6f··/etc/pam.d/commo
0003d260:·6564·6975·6d5f·7365·7665·7269·7479·0a20··edium_severity.·0003d260:·6e2d·7061·7373·776f·7264·2220·3b20·7468··n-password"·;·th
0003d270:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee0003d270:·656e·0a20·2020·2020·2020·2073·6564·202d··en.········sed·-
0003d280:·6465·640a·0a2d·206e·616d·653a·204c·696d··ded..-·name:·Lim0003d280:·2d66·6f6c·6c6f·772d·7379·6d6c·696e·6b73··-follow-symlinks
0003d290:·6974·2050·6173·7377·6f72·6420·5265·7573··it·Password·Reus0003d290:·202d·6920·2d45·202d·6520·2273·2f5e·285c···-i·-E·-e·"s/^(\
0003d2a0:·6520·2d20·456e·7375·7265·2074·6865·2022··e·-·Ensure·the·"0003d2a0:·5c73·2a70·6173·7377·6f72·645c·5c73·2b5c··\s*password\\s+\
0003d2b0:·7265·6d65·6d62·6572·2220·5041·4d20·6f70··remember"·PAM·op0003d2b0:·5b73·7563·6365·7373·3d5b·5b3a·616c·6e75··[success=[[:alnu
0003d2c0:·7469·6f6e·2066·6f72·2022·7061·6d5f·756e··tion·for·"pam_un0003d2c0:·6d3a·5d5d·2e2a·5c5d·5c5c·732b·7061·6d5f··m:]].*\]\\s+pam_
0003d2d0:·6978·2e73·6f22·0a20·2020·2069·7320·696e··ix.so".····is·in0003d2d0:·756e·6978·2e73·6f28·5c5c·732e·2b29·3f5c··unix.so(\\s.+)?\
0003d2e0:·636c·7564·6564·2069·6e20·2f65·7463·2f70··cluded·in·/etc/p0003d2e0:·5c73·2972·656d·656d·6265·723d·5b5e·5b3a··\s)remember=[^[:
0003d2f0:·616d·2e64·2f63·6f6d·6d6f·6e2d·7061·7373··am.d/common-pass0003d2f0:·7370·6163·653a·5d5d·2a2f·5c5c·3172·656d··space:]]*/\\1rem
0003d300:·776f·7264·0a20·2061·6e73·6962·6c65·2e62··word.··ansible.b0003d300:·656d·6265·7224·7b64·6566·6175·6c74·5661··ember${defaultVa
0003d310:·7569·6c74·696e·2e6c·696e·6569·6e66·696c··uiltin.lineinfil0003d310:·6c75·657d·2f22·2022·2f65·7463·2f70·616d··lue}/"·"/etc/pam
0003d320:·653a·0a20·2020·2070·6174·683a·202f·6574··e:.····path:·/et0003d320:·2e64·2f63·6f6d·6d6f·6e2d·7061·7373·776f··.d/common-passwo
0003d330:·632f·7061·6d2e·642f·636f·6d6d·6f6e·2d70··c/pam.d/common-p0003d330:·7264·220a·0a20·2020·2023·2061·6464·2027··rd"..····#·add·'
Max diff block lines reached; 455596/511790 bytes (89.02%) of diff not shown.
80.8 KB
html2text {}
    
Offset 177, 14 lines modifiedOffset 177, 76 lines modified
177 ···························A.9.3.1,·A.9.4.2,·A.9.4.3177 ···························A.9.3.1,·A.9.4.2,·A.9.4.3
178 ············_\x8n_\x8i_\x8s_\x8t···········IA-5(f),·IA-5(1)(e)178 ············_\x8n_\x8i_\x8s_\x8t···········IA-5(f),·IA-5(1)(e)
179 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-6,·PR.AC-7179 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-6,·PR.AC-7
180 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.2.5180 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.2.5
181 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000077-GPOS-00045181 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000077-GPOS-00045
182 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R31182 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R31
183 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········8.3.7,·8.3183 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········8.3.7,·8.3
 184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 185 #·Remediation·is·applicable·only·in·certain·platforms
 186 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'libpam-runtime'·2>/dev/null·|
 187 grep·-q·'^installed';·then
  
 188 var_password_pam_unix_remember='2'
  
  
  
  
  
  
 189 if·[·-e·"/etc/pam.d/common-password"·]·;·then
 190 ····valueRegex="$var_password_pam_unix_remember"
 191 defaultValue="$var_password_pam_unix_remember"
 192 ····#·non-empty·values·need·to·be·preceded·by·an·equals·sign
 193 ····[·-n·"${valueRegex}"·]·&&·valueRegex="=${valueRegex}"
 194 ····#·add·an·equals·sign·to·non-empty·values
 195 ····[·-n·"${defaultValue}"·]·&&·defaultValue="=${defaultValue}"
  
 196 ····#·fix·'type'·if·it's·wrong
 197 ····if·grep·-q·-P·"^\\s*(?"'!'"password\\s)[[:alnum:]]+\\s+[[:alnum:]]+\\s+pam_unix.so"·<·"/
 198 etc/pam.d/common-password"·;·then
 199 ········sed·--follow-symlinks·-i·-E·-e·"s/^(\\s*)[[:alnum:]]+(\\s+[[:alnum:
 200 ]]+\\s+pam_unix.so)/\\1password\\2/"·"/etc/pam.d/common-password"
 201 ····fi
  
 202 ····#·fix·'control'·if·it's·wrong
 203 ····if·grep·-q·-P·"^\\s*password\\s+(?"'!'"\[success=[[:alnum:]].*\])[[:alnum:
 204 ]]+\\s+pam_unix.so"·<·"/etc/pam.d/common-password"·;·then
 205 ········sed·--follow-symlinks·-i·-E·-e·"s/^(\\s*password\\s+)[[:alnum:]]+(\\s+pam_unix.so)/
 206 \\1\[success=[[:alnum:]].*\]\\2/"·"/etc/pam.d/common-password"
 207 ····fi
  
 208 ····#·fix·the·value·for·'option'·if·one·exists·but·does·not·match·'valueRegex'
 209 ····if·grep·-q·-P·"^\\s*password\\s+\[success=[[:alnum:]].*\]\\s+pam_unix.so
 210 (\\s.+)?\\s+remember(?"'!'"${valueRegex}(\\s|\$))"·<·"/etc/pam.d/common-password"·;·then
 211 ········sed·--follow-symlinks·-i·-E·-e·"s/^(\\s*password\\s+\[success=[[:alnum:
 212 ]].*\]\\s+pam_unix.so(\\s.+)?\\s)remember=[^[:space:]]*/\\1remember${defaultValue}/"·"/etc/
 213 pam.d/common-password"
  
 214 ····#·add·'option=default'·if·option·is·not·set
 215 ····elif·grep·-q·-E·"^\\s*password\\s+\[success=[[:alnum:]].*\]\\s+pam_unix.so"·<·"/etc/
 216 pam.d/common-password"·&&
 217 ············grep····-E·"^\\s*password\\s+\[success=[[:alnum:]].*\]\\s+pam_unix.so"·<·"/etc/
 218 pam.d/common-password"·|·grep·-q·-E·-v·"\\sremember(=|\\s|\$)"·;·then
  
 219 ········sed·--follow-symlinks·-i·-E·-e·"s/^(\\s*password\\s+\[success=[[:alnum:
 220 ]].*\]\\s+pam_unix.so[^\\n]*)/\\1·remember${defaultValue}/"·"/etc/pam.d/common-password"
 221 ····#·add·a·new·entry·if·none·exists
 222 ····elif·!·grep·-q·-P·"^\\s*password\\s+\[success=[[:alnum:]].*\]\\s+pam_unix.so
 223 (\\s.+)?\\s+remember${valueRegex}(\\s|\$)"·<·"/etc/pam.d/common-password"·;·then
 224 ········echo·"password·\[success=[[:alnum:]].*\]·pam_unix.so·remember${defaultValue}"·>>·"/
 225 etc/pam.d/common-password"
 226 ····fi
 227 else
 228 ····echo·"/etc/pam.d/common-password·doesn't·exist"·>&2
 229 fi
  
 230 else
 231 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 232 fi
184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8233 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
185 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low234 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
186 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium235 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
187 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false236 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
188 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure237 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
189 -·name:·Gather·the·package·facts238 -·name:·Gather·the·package·facts
190 ··package_facts:239 ··package_facts:
Offset 283, 76 lines modifiedOffset 345, 14 lines modified
283 ··-·PCI-DSSv4-8.3.7345 ··-·PCI-DSSv4-8.3.7
284 ··-·accounts_password_pam_unix_remember346 ··-·accounts_password_pam_unix_remember
285 ··-·configure_strategy347 ··-·configure_strategy
286 ··-·low_complexity348 ··-·low_complexity
287 ··-·medium_disruption349 ··-·medium_disruption
288 ··-·medium_severity350 ··-·medium_severity
289 ··-·no_reboot_needed351 ··-·no_reboot_needed
290 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
291 #·Remediation·is·applicable·only·in·certain·platforms 
292 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'libpam-runtime'·2>/dev/null·| 
293 grep·-q·'^installed';·then 
  
294 var_password_pam_unix_remember='2' 
  
  
  
  
  
  
295 if·[·-e·"/etc/pam.d/common-password"·]·;·then 
296 ····valueRegex="$var_password_pam_unix_remember" 
297 defaultValue="$var_password_pam_unix_remember" 
298 ····#·non-empty·values·need·to·be·preceded·by·an·equals·sign 
299 ····[·-n·"${valueRegex}"·]·&&·valueRegex="=${valueRegex}" 
300 ····#·add·an·equals·sign·to·non-empty·values 
301 ····[·-n·"${defaultValue}"·]·&&·defaultValue="=${defaultValue}" 
  
302 ····#·fix·'type'·if·it's·wrong 
303 ····if·grep·-q·-P·"^\\s*(?"'!'"password\\s)[[:alnum:]]+\\s+[[:alnum:]]+\\s+pam_unix.so"·<·"/ 
304 etc/pam.d/common-password"·;·then 
305 ········sed·--follow-symlinks·-i·-E·-e·"s/^(\\s*)[[:alnum:]]+(\\s+[[:alnum: 
306 ]]+\\s+pam_unix.so)/\\1password\\2/"·"/etc/pam.d/common-password" 
307 ····fi 
  
308 ····#·fix·'control'·if·it's·wrong 
309 ····if·grep·-q·-P·"^\\s*password\\s+(?"'!'"\[success=[[:alnum:]].*\])[[:alnum: 
310 ]]+\\s+pam_unix.so"·<·"/etc/pam.d/common-password"·;·then 
311 ········sed·--follow-symlinks·-i·-E·-e·"s/^(\\s*password\\s+)[[:alnum:]]+(\\s+pam_unix.so)/ 
312 \\1\[success=[[:alnum:]].*\]\\2/"·"/etc/pam.d/common-password" 
313 ····fi 
  
314 ····#·fix·the·value·for·'option'·if·one·exists·but·does·not·match·'valueRegex' 
315 ····if·grep·-q·-P·"^\\s*password\\s+\[success=[[:alnum:]].*\]\\s+pam_unix.so 
316 (\\s.+)?\\s+remember(?"'!'"${valueRegex}(\\s|\$))"·<·"/etc/pam.d/common-password"·;·then 
317 ········sed·--follow-symlinks·-i·-E·-e·"s/^(\\s*password\\s+\[success=[[:alnum: 
318 ]].*\]\\s+pam_unix.so(\\s.+)?\\s)remember=[^[:space:]]*/\\1remember${defaultValue}/"·"/etc/ 
319 pam.d/common-password" 
  
320 ····#·add·'option=default'·if·option·is·not·set 
321 ····elif·grep·-q·-E·"^\\s*password\\s+\[success=[[:alnum:]].*\]\\s+pam_unix.so"·<·"/etc/ 
Max diff block lines reached; 76093/82716 bytes (91.99%) of diff not shown.
1.14 MB
./usr/share/doc/ssg-debian/ssg-debian12-guide-anssi_np_nt28_average.html
    
Offset 15996, 146 lines modifiedOffset 15996, 146 lines modified
0003e7b0:·6765·743d·2223·6964·6d34·3033·3122·2074··get="#idm4031"·t0003e7b0:·6765·743d·2223·6964·6d34·3033·3122·2074··get="#idm4031"·t
0003e7c0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003e7c0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003e7d0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003e7d0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003e7e0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003e7e0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003e7f0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003e7f0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003e800:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003e800:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003e810:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003e810:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
 0003e820:·2053·6865·6c6c·2073·6372·6970·7420·e287···Shell·script·..
 0003e830:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
 0003e840:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
 0003e850:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
 0003e860:·3d22·6964·6d34·3033·3122·3e3c·7461·626c··="idm4031"><tabl
 0003e870:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
 0003e880:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
 0003e890:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
 0003e8a0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
 0003e8b0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
 0003e8c0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003e8d0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di
 0003e8e0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t
 0003e8f0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
 0003e900:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</
 0003e910:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td
 0003e920:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
 0003e930:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
 0003e940:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t
 0003e950:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 0003e960:·636f·6465·3e0a·666f·7220·6620·696e·202f··code>.for·f·in·/
 0003e970:·6574·632f·7375·646f·6572·7320·2f65·7463··etc/sudoers·/etc
 0003e980:·2f73·7564·6f65·7273·2e64·2f2a·203b·2064··/sudoers.d/*·;·d
 0003e990:·6f0a·2020·6966·205b·2021·202d·6520·2224··o.··if·[·!·-e·"$
 0003e9a0:·6622·205d·203b·2074·6865·6e0a·2020·2020··f"·]·;·then.····
 0003e9b0:·636f·6e74·696e·7565·0a20·2066·690a·2020··continue.··fi.··
 0003e9c0:·6d61·7463·6869·6e67·5f6c·6973·743d·2428··matching_list=$(
 0003e9d0:·6772·6570·202d·5020·275e·283f·2123·292e··grep·-P·'^(?!#).
 0003e9e0:·2a5b·5c73·5d2b·5c21·6175·7468·656e·7469··*[\s]+\!authenti
 0003e9f0:·6361·7465·2e2a·2427·2024·6620·7c20·756e··cate.*$'·$f·|·un
 0003ea00:·6971·2029·0a20·2069·6620·2120·7465·7374··iq·).··if·!·test
 0003ea10:·202d·7a20·2224·6d61·7463·6869·6e67·5f6c···-z·"$matching_l
 0003ea20:·6973·7422·3b20·7468·656e·0a20·2020·2077··ist";·then.····w
 0003ea30:·6869·6c65·2049·4653·3d20·7265·6164·202d··hile·IFS=·read·-
 0003ea40:·7220·656e·7472·793b·2064·6f0a·2020·2020··r·entry;·do.····
 0003ea50:·2020·2320·636f·6d6d·656e·7420·6f75·7420····#·comment·out·
 0003ea60:·2221·6175·7468·656e·7469·6361·7465·2220··"!authenticate"·
 0003ea70:·6d61·7463·6865·7320·746f·2070·7265·7365··matches·to·prese
 0003ea80:·7276·6520·7573·6572·2064·6174·610a·2020··rve·user·data.··
 0003ea90:·2020·2020·7365·6420·2d69·2022·732f·5e24······sed·-i·"s/^$
 0003eaa0:·7b65·6e74·7279·7d24·2f23·2026·616d·703b··{entry}$/#·&amp;
 0003eab0:·2f67·2220·2466·0a20·2020·2064·6f6e·6520··/g"·$f.····done·
 0003eac0:·266c·743b·266c·743b·266c·743b·2022·246d··&lt;&lt;&lt;·"$m
 0003ead0:·6174·6368·696e·675f·6c69·7374·220a·0a20··atching_list"..·
 0003eae0:·2020·202f·7573·722f·7362·696e·2f76·6973·····/usr/sbin/vis
 0003eaf0:·7564·6f20·2d63·6620·2466·2026·616d·703b··udo·-cf·$f·&amp;
 0003eb00:·2667·743b·202f·6465·762f·6e75·6c6c·207c··&gt;·/dev/null·|
 0003eb10:·7c20·6563·686f·2022·4661·696c·2074·6f20··|·echo·"Fail·to·
 0003eb20:·7661·6c69·6461·7465·2024·6620·7769·7468··validate·$f·with
 0003eb30:·2076·6973·7564·6f22·0a20·2066·690a·646f···visudo".··fi.do
 0003eb40:·6e65·0a3c·2f63·6f64·653e·3c2f·7072·653e··ne.</code></pre>
 0003eb50:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="
 0003eb60:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"
 0003eb70:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co
 0003eb80:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar
 0003eb90:·6765·743d·2223·6964·6d34·3033·3222·2074··get="#idm4032"·t
 0003eba0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
 0003ebb0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
 0003ebc0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
 0003ebd0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
 0003ebe0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
 0003ebf0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003e820:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet0003ec00:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet
0003e830:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div0003ec10:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003e840:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0003ec20:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003e850:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"0003ec30:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003e860:·2069·643d·2269·646d·3430·3331·223e·3c74···id="idm4031"><t0003ec40:·2069·643d·2269·646d·3430·3332·223e·3c74···id="idm4032"><t
0003e870:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl0003ec50:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
0003e880:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·0003ec60:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
0003e890:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t0003ec70:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
0003e8a0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">0003ec80:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
0003e8b0:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003e8c0:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003e8d0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003e8e0:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003e8f0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003e900:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003e910:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003e920:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003e930:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003e940:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td> 
0003e950:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
0003e960:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:· 
0003e970:·4669·6e64·202f·6574·632f·7375·646f·6572··Find·/etc/sudoer 
0003e980:·732e·642f·2066·696c·6573·0a20·2061·6e73··s.d/·files.··ans 
0003e990:·6962·6c65·2e62·7569·6c74·696e·2e66·696e··ible.builtin.fin 
0003e9a0:·643a·0a20·2020·2070·6174·6873·3a0a·2020··d:.····paths:.·· 
0003e9b0:·2020·2d20·2f65·7463·2f73·7564·6f65·7273····-·/etc/sudoers 
0003e9c0:·2e64·2f0a·2020·7265·6769·7374·6572·3a20··.d/.··register:· 
0003e9d0:·7375·646f·6572·730a·2020·7461·6773·3a0a··sudoers.··tags:. 
0003e9e0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53- 
0003e9f0:·434d·2d36·2861·290a·2020·2d20·4e49·5354··CM-6(a).··-·NIST 
0003ea00:·2d38·3030·2d35·332d·4941·2d31·310a·2020··-800-53-IA-11.·· 
0003ea10:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity 
0003ea20:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt 
0003ea30:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s 
0003ea40:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r 
0003ea50:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··- 
0003ea60:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate 
0003ea70:·6779·0a20·202d·2073·7564·6f5f·7265·6d6f··gy.··-·sudo_remo 
0003ea80:·7665·5f6e·6f5f·6175·7468·656e·7469·6361··ve_no_authentica 
0003ea90:·7465·0a0a·2d20·6e61·6d65·3a20·5265·6d6f··te..-·name:·Remo 
0003eaa0:·7665·206c·696e·6573·2063·6f6e·7461·696e··ve·lines·contain 
0003eab0:·696e·6720·2161·7574·6865·6e74·6963·6174··ing·!authenticat 
0003eac0:·6520·6672·6f6d·2073·7564·6f65·7273·2066··e·from·sudoers·f 
0003ead0:·696c·6573·0a20·2061·6e73·6962·6c65·2e62··iles.··ansible.b 
0003eae0:·7569·6c74·696e·2e72·6570·6c61·6365·3a0a··uiltin.replace:. 
0003eaf0:·2020·2020·7265·6765·7870·3a20·285e·283f······regexp:·(^(? 
0003eb00:·2123·292e·2a5b·5c73·5d2b·5c21·6175·7468··!#).*[\s]+\!auth 
0003eb10:·656e·7469·6361·7465·2e2a·2429·0a20·2020··enticate.*$).··· 
0003eb20:·2072·6570·6c61·6365·3a20·2723·205c·6726···replace:·'#·\g& 
0003eb30:·6c74·3b31·2667·743b·270a·2020·2020·7061··lt;1&gt;'.····pa 
0003eb40:·7468·3a20·277b·7b20·6974·656d·2e70·6174··th:·'{{·item.pat 
0003eb50:·6820·7d7d·270a·2020·2020·7661·6c69·6461··h·}}'.····valida 
0003eb60:·7465·3a20·2f75·7372·2f73·6269·6e2f·7669··te:·/usr/sbin/vi 
0003eb70:·7375·646f·202d·6366·2025·730a·2020·7769··sudo·-cf·%s.··wi 
0003eb80:·7468·5f69·7465·6d73·3a0a·2020·2d20·7061··th_items:.··-·pa 
0003eb90:·7468·3a20·2f65·7463·2f73·7564·6f65·7273··th:·/etc/sudoers 
0003eba0:·0a20·202d·2027·7b7b·2073·7564·6f65·7273··.··-·'{{·sudoers 
0003ebb0:·2e66·696c·6573·207d·7d27·0a20·2074·6167··.files·}}'.··tag 
Max diff block lines reached; 1049280/1068076 bytes (98.24%) of diff not shown.
125 KB
html2text {}
    
Offset 227, 14 lines modifiedOffset 227, 35 lines modified
227 ···························1.7,·SR·1.8,·SR·1.9227 ···························1.7,·SR·1.8,·SR·1.9
228 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,228 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
229 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3229 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
230 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)230 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
231 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7231 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
232 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,232 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
233 ···························SRG-OS-000373-GPOS-00158233 ···························SRG-OS-000373-GPOS-00158
 234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 235 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 236 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 237 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 238 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 239 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 240 ··if·[·!·-e·"$f"·]·;·then
 241 ····continue
 242 ··fi
 243 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 244 ··if·!·test·-z·"$matching_list";·then
 245 ····while·IFS=·read·-r·entry;·do
 246 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 247 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 248 ····done·<<<·"$matching_list"
  
 249 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 250 visudo"
 251 ··fi
 252 done
234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8253 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
235 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low254 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
236 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low255 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
237 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false256 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
238 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict257 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
239 -·name:·Find·/etc/sudoers.d/·files258 -·name:·Find·/etc/sudoers.d/·files
240 ··ansible.builtin.find:259 ··ansible.builtin.find:
Offset 265, 35 lines modifiedOffset 286, 14 lines modified
265 ··-·NIST-800-53-IA-11286 ··-·NIST-800-53-IA-11
266 ··-·low_complexity287 ··-·low_complexity
267 ··-·low_disruption288 ··-·low_disruption
268 ··-·medium_severity289 ··-·medium_severity
269 ··-·no_reboot_needed290 ··-·no_reboot_needed
270 ··-·restrict_strategy291 ··-·restrict_strategy
271 ··-·sudo_remove_no_authenticate292 ··-·sudo_remove_no_authenticate
272 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
273 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
274 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
275 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
276 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
277 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
278 ··if·[·!·-e·"$f"·]·;·then 
279 ····continue 
280 ··fi 
281 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
282 ··if·!·test·-z·"$matching_list";·then 
283 ····while·IFS=·read·-r·entry;·do 
284 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
285 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
286 ····done·<<<·"$matching_list" 
  
287 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
288 visudo" 
289 ··fi 
290 done 
291 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o293 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
292 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*294 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
293 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using295 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
294 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure296 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
295 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any297 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
296 sudo·configuration·snippets·in·/etc/sudoers.d/.298 sudo·configuration·snippets·in·/etc/sudoers.d/.
297 ············Without·re-authentication,·users·may·access·resources·or·perform299 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 314, 14 lines modifiedOffset 314, 35 lines modified
314 ···························1.7,·SR·1.8,·SR·1.9314 ···························1.7,·SR·1.8,·SR·1.9
315 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,315 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
316 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3316 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
317 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)317 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
318 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7318 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
319 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,319 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
320 ···························SRG-OS-000373-GPOS-00158320 ···························SRG-OS-000373-GPOS-00158
 321 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 322 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 323 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 324 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 325 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 326 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 327 ··if·[·!·-e·"$f"·]·;·then
 328 ····continue
 329 ··fi
 330 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 331 ··if·!·test·-z·"$matching_list";·then
 332 ····while·IFS=·read·-r·entry;·do
 333 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 334 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 335 ····done·<<<·"$matching_list"
  
 336 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 337 visudo"
 338 ··fi
 339 done
321 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8340 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
322 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low341 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
323 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low342 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
324 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false343 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
325 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict344 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
326 -·name:·Find·/etc/sudoers.d/·files345 -·name:·Find·/etc/sudoers.d/·files
327 ··ansible.builtin.find:346 ··ansible.builtin.find:
Offset 352, 35 lines modifiedOffset 373, 14 lines modified
352 ··-·NIST-800-53-IA-11373 ··-·NIST-800-53-IA-11
353 ··-·low_complexity374 ··-·low_complexity
354 ··-·low_disruption375 ··-·low_disruption
355 ··-·medium_severity376 ··-·medium_severity
356 ··-·no_reboot_needed377 ··-·no_reboot_needed
357 ··-·restrict_strategy378 ··-·restrict_strategy
358 ··-·sudo_remove_nopasswd379 ··-·sudo_remove_nopasswd
359 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
360 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
361 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
362 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
363 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
364 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
365 ··if·[·!·-e·"$f"·]·;·then 
366 ····continue 
367 ··fi 
368 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
369 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 122495/127943 bytes (95.74%) of diff not shown.
1.27 MB
./usr/share/doc/ssg-debian/ssg-debian12-guide-anssi_np_nt28_high.html
    
Offset 16016, 146 lines modifiedOffset 16016, 146 lines modified
0003e8f0:·2d74·6172·6765·743d·2223·6964·6d34·3033··-target="#idm4030003e8f0:·2d74·6172·6765·743d·2223·6964·6d34·3033··-target="#idm403
0003e900:·3122·2074·6162·696e·6465·783d·2230·2220··1"·tabindex="0"·0003e900:·3122·2074·6162·696e·6465·783d·2230·2220··1"·tabindex="0"·
0003e910:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003e910:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003e920:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003e920:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003e930:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003e930:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003e940:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003e940:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003e950:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003e950:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
 0003e960:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
 0003e970:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
 0003e980:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
 0003e990:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
 0003e9a0:·2220·6964·3d22·6964·6d34·3033·3122·3e3c··"·id="idm4031"><
 0003e9b0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
 0003e9c0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
 0003e9d0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
 0003e9e0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
 0003e9f0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
 0003ea00:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
 0003ea10:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003ea20:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
 0003ea30:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003ea40:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
 0003ea50:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
 0003ea60:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003ea70:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
 0003ea80:·3c74·643e·7265·7374·7269·6374·3c2f·7464··<td>restrict</td
 0003ea90:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
 0003eaa0:·7265·3e3c·636f·6465·3e0a·666f·7220·6620··re><code>.for·f·
 0003eab0:·696e·202f·6574·632f·7375·646f·6572·7320··in·/etc/sudoers·
 0003eac0:·2f65·7463·2f73·7564·6f65·7273·2e64·2f2a··/etc/sudoers.d/*
 0003ead0:·203b·2064·6f0a·2020·6966·205b·2021·202d···;·do.··if·[·!·-
 0003eae0:·6520·2224·6622·205d·203b·2074·6865·6e0a··e·"$f"·]·;·then.
 0003eaf0:·2020·2020·636f·6e74·696e·7565·0a20·2066······continue.··f
 0003eb00:·690a·2020·6d61·7463·6869·6e67·5f6c·6973··i.··matching_lis
 0003eb10:·743d·2428·6772·6570·202d·5020·275e·283f··t=$(grep·-P·'^(?
 0003eb20:·2123·292e·2a5b·5c73·5d2b·5c21·6175·7468··!#).*[\s]+\!auth
 0003eb30:·656e·7469·6361·7465·2e2a·2427·2024·6620··enticate.*$'·$f·
 0003eb40:·7c20·756e·6971·2029·0a20·2069·6620·2120··|·uniq·).··if·!·
 0003eb50:·7465·7374·202d·7a20·2224·6d61·7463·6869··test·-z·"$matchi
 0003eb60:·6e67·5f6c·6973·7422·3b20·7468·656e·0a20··ng_list";·then.·
 0003eb70:·2020·2077·6869·6c65·2049·4653·3d20·7265·····while·IFS=·re
 0003eb80:·6164·202d·7220·656e·7472·793b·2064·6f0a··ad·-r·entry;·do.
 0003eb90:·2020·2020·2020·2320·636f·6d6d·656e·7420········#·comment·
 0003eba0:·6f75·7420·2221·6175·7468·656e·7469·6361··out·"!authentica
 0003ebb0:·7465·2220·6d61·7463·6865·7320·746f·2070··te"·matches·to·p
 0003ebc0:·7265·7365·7276·6520·7573·6572·2064·6174··reserve·user·dat
 0003ebd0:·610a·2020·2020·2020·7365·6420·2d69·2022··a.······sed·-i·"
 0003ebe0:·732f·5e24·7b65·6e74·7279·7d24·2f23·2026··s/^${entry}$/#·&
 0003ebf0:·616d·703b·2f67·2220·2466·0a20·2020·2064··amp;/g"·$f.····d
 0003ec00:·6f6e·6520·266c·743b·266c·743b·266c·743b··one·&lt;&lt;&lt;
 0003ec10:·2022·246d·6174·6368·696e·675f·6c69·7374···"$matching_list
 0003ec20:·220a·0a20·2020·202f·7573·722f·7362·696e··"..····/usr/sbin
 0003ec30:·2f76·6973·7564·6f20·2d63·6620·2466·2026··/visudo·-cf·$f·&
 0003ec40:·616d·703b·2667·743b·202f·6465·762f·6e75··amp;&gt;·/dev/nu
 0003ec50:·6c6c·207c·7c20·6563·686f·2022·4661·696c··ll·||·echo·"Fail
 0003ec60:·2074·6f20·7661·6c69·6461·7465·2024·6620···to·validate·$f·
 0003ec70:·7769·7468·2076·6973·7564·6f22·0a20·2066··with·visudo".··f
 0003ec80:·690a·646f·6e65·0a3c·2f63·6f64·653e·3c2f··i.done.</code></
 0003ec90:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
 0003eca0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
 0003ecb0:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
 0003ecc0:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
 0003ecd0:·2d74·6172·6765·743d·2223·6964·6d34·3033··-target="#idm403
 0003ece0:·3222·2074·6162·696e·6465·783d·2230·2220··2"·tabindex="0"·
 0003ecf0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
 0003ed00:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
 0003ed10:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
 0003ed20:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
 0003ed30:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003e960:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni0003ed40:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni
0003e970:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003ed50:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>
0003e980:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003ed60:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003e990:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003ed70:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003e9a0:·7073·6522·2069·643d·2269·646d·3430·3331··pse"·id="idm40310003ed80:·7073·6522·2069·643d·2269·646d·3430·3332··pse"·id="idm4032
0003e9b0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="0003ed90:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003e9c0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003e9d0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003e9e0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003e9f0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003ea00:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003ea10:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003ea20:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003ea30:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003ea40:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003ea50:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003ea60:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003ea70:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003ea80:·7468·3e3c·7464·3e72·6573·7472·6963·743c··th><td>restrict< 
0003ea90:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003eaa0:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na 
0003eab0:·6d65·3a20·4669·6e64·202f·6574·632f·7375··me:·Find·/etc/su 
0003eac0:·646f·6572·732e·642f·2066·696c·6573·0a20··doers.d/·files.· 
0003ead0:·2061·6e73·6962·6c65·2e62·7569·6c74·696e···ansible.builtin 
0003eae0:·2e66·696e·643a·0a20·2020·2070·6174·6873··.find:.····paths 
0003eaf0:·3a0a·2020·2020·2d20·2f65·7463·2f73·7564··:.····-·/etc/sud 
0003eb00:·6f65·7273·2e64·2f0a·2020·7265·6769·7374··oers.d/.··regist 
0003eb10:·6572·3a20·7375·646f·6572·730a·2020·7461··er:·sudoers.··ta 
0003eb20:·6773·3a0a·2020·2d20·4e49·5354·2d38·3030··gs:.··-·NIST-800 
0003eb30:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-· 
0003eb40:·4e49·5354·2d38·3030·2d35·332d·4941·2d31··NIST-800-53-IA-1 
0003eb50:·310a·2020·2d20·6c6f·775f·636f·6d70·6c65··1.··-·low_comple 
0003eb60:·7869·7479·0a20·202d·206c·6f77·5f64·6973··xity.··-·low_dis 
0003eb70:·7275·7074·696f·6e0a·2020·2d20·6d65·6469··ruption.··-·medi 
0003eb80:·756d·5f73·6576·6572·6974·790a·2020·2d20··um_severity.··-· 
0003eb90:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed 
0003eba0:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st 
0003ebb0:·7261·7465·6779·0a20·202d·2073·7564·6f5f··rategy.··-·sudo_ 
0003ebc0:·7265·6d6f·7665·5f6e·6f5f·6175·7468·656e··remove_no_authen 
0003ebd0:·7469·6361·7465·0a0a·2d20·6e61·6d65·3a20··ticate..-·name:· 
0003ebe0:·5265·6d6f·7665·206c·696e·6573·2063·6f6e··Remove·lines·con 
0003ebf0:·7461·696e·696e·6720·2161·7574·6865·6e74··taining·!authent 
0003ec00:·6963·6174·6520·6672·6f6d·2073·7564·6f65··icate·from·sudoe 
0003ec10:·7273·2066·696c·6573·0a20·2061·6e73·6962··rs·files.··ansib 
0003ec20:·6c65·2e62·7569·6c74·696e·2e72·6570·6c61··le.builtin.repla 
0003ec30:·6365·3a0a·2020·2020·7265·6765·7870·3a20··ce:.····regexp:· 
0003ec40:·285e·283f·2123·292e·2a5b·5c73·5d2b·5c21··(^(?!#).*[\s]+\! 
0003ec50:·6175·7468·656e·7469·6361·7465·2e2a·2429··authenticate.*$) 
0003ec60:·0a20·2020·2072·6570·6c61·6365·3a20·2723··.····replace:·'# 
0003ec70:·205c·6726·6c74·3b31·2667·743b·270a·2020···\g&lt;1&gt;'.·· 
0003ec80:·2020·7061·7468·3a20·277b·7b20·6974·656d····path:·'{{·item 
0003ec90:·2e70·6174·6820·7d7d·270a·2020·2020·7661··.path·}}'.····va 
0003eca0:·6c69·6461·7465·3a20·2f75·7372·2f73·6269··lidate:·/usr/sbi 
0003ecb0:·6e2f·7669·7375·646f·202d·6366·2025·730a··n/visudo·-cf·%s. 
0003ecc0:·2020·7769·7468·5f69·7465·6d73·3a0a·2020····with_items:.·· 
0003ecd0:·2d20·7061·7468·3a20·2f65·7463·2f73·7564··-·path:·/etc/sud 
0003ece0:·6f65·7273·0a20·202d·2027·7b7b·2073·7564··oers.··-·'{{·sud 
0003ecf0:·6f65·7273·2e66·696c·6573·207d·7d27·0a20··oers.files·}}'.· 
Max diff block lines reached; 1167824/1186620 bytes (98.42%) of diff not shown.
137 KB
html2text {}
    
Offset 231, 14 lines modifiedOffset 231, 35 lines modified
231 ···························1.7,·SR·1.8,·SR·1.9231 ···························1.7,·SR·1.8,·SR·1.9
232 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,232 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
233 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3233 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
234 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)234 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
235 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7235 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
236 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,236 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
237 ···························SRG-OS-000373-GPOS-00158237 ···························SRG-OS-000373-GPOS-00158
 238 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 239 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 240 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 241 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 242 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 243 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 244 ··if·[·!·-e·"$f"·]·;·then
 245 ····continue
 246 ··fi
 247 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 248 ··if·!·test·-z·"$matching_list";·then
 249 ····while·IFS=·read·-r·entry;·do
 250 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 251 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 252 ····done·<<<·"$matching_list"
  
 253 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 254 visudo"
 255 ··fi
 256 done
238 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8257 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
239 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low258 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
240 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low259 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
241 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false260 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
242 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict261 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
243 -·name:·Find·/etc/sudoers.d/·files262 -·name:·Find·/etc/sudoers.d/·files
244 ··ansible.builtin.find:263 ··ansible.builtin.find:
Offset 269, 35 lines modifiedOffset 290, 14 lines modified
269 ··-·NIST-800-53-IA-11290 ··-·NIST-800-53-IA-11
270 ··-·low_complexity291 ··-·low_complexity
271 ··-·low_disruption292 ··-·low_disruption
272 ··-·medium_severity293 ··-·medium_severity
273 ··-·no_reboot_needed294 ··-·no_reboot_needed
274 ··-·restrict_strategy295 ··-·restrict_strategy
275 ··-·sudo_remove_no_authenticate296 ··-·sudo_remove_no_authenticate
276 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
277 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
278 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
279 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
280 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
281 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
282 ··if·[·!·-e·"$f"·]·;·then 
283 ····continue 
284 ··fi 
285 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
286 ··if·!·test·-z·"$matching_list";·then 
287 ····while·IFS=·read·-r·entry;·do 
288 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
289 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
290 ····done·<<<·"$matching_list" 
  
291 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
292 visudo" 
293 ··fi 
294 done 
295 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o297 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
296 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*298 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
297 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using299 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
298 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure300 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
299 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any301 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
300 sudo·configuration·snippets·in·/etc/sudoers.d/.302 sudo·configuration·snippets·in·/etc/sudoers.d/.
301 ············Without·re-authentication,·users·may·access·resources·or·perform303 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 318, 14 lines modifiedOffset 318, 35 lines modified
318 ···························1.7,·SR·1.8,·SR·1.9318 ···························1.7,·SR·1.8,·SR·1.9
319 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,319 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
320 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3320 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
321 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)321 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
322 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7322 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
323 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,323 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
324 ···························SRG-OS-000373-GPOS-00158324 ···························SRG-OS-000373-GPOS-00158
 325 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 326 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 327 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 328 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 329 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 330 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 331 ··if·[·!·-e·"$f"·]·;·then
 332 ····continue
 333 ··fi
 334 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 335 ··if·!·test·-z·"$matching_list";·then
 336 ····while·IFS=·read·-r·entry;·do
 337 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 338 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 339 ····done·<<<·"$matching_list"
  
 340 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 341 visudo"
 342 ··fi
 343 done
325 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8344 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
326 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low345 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
327 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low346 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
328 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false347 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
329 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict348 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
330 -·name:·Find·/etc/sudoers.d/·files349 -·name:·Find·/etc/sudoers.d/·files
331 ··ansible.builtin.find:350 ··ansible.builtin.find:
Offset 356, 35 lines modifiedOffset 377, 14 lines modified
356 ··-·NIST-800-53-IA-11377 ··-·NIST-800-53-IA-11
357 ··-·low_complexity378 ··-·low_complexity
358 ··-·low_disruption379 ··-·low_disruption
359 ··-·medium_severity380 ··-·medium_severity
360 ··-·no_reboot_needed381 ··-·no_reboot_needed
361 ··-·restrict_strategy382 ··-·restrict_strategy
362 ··-·sudo_remove_nopasswd383 ··-·sudo_remove_nopasswd
363 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
364 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
365 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
366 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
367 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
368 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
369 ··if·[·!·-e·"$f"·]·;·then 
370 ····continue 
371 ··fi 
372 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
373 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 135164/140612 bytes (96.13%) of diff not shown.
374 KB
./usr/share/doc/ssg-debian/ssg-debian12-guide-anssi_np_nt28_minimal.html
    
Offset 14776, 146 lines modifiedOffset 14776, 146 lines modified
00039b70:·7461·2d74·6172·6765·743d·2223·6964·6d34··ta-target="#idm400039b70:·7461·2d74·6172·6765·743d·2223·6964·6d34··ta-target="#idm4
00039b80:·3033·3122·2074·6162·696e·6465·783d·2230··031"·tabindex="000039b80:·3033·3122·2074·6162·696e·6465·783d·2230··031"·tabindex="0
00039b90:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·00039b90:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
00039ba0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f00039ba0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
00039bb0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act00039bb0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
00039bc0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"00039bc0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
00039bd0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed00039bd0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 00039be0:·6961·7469·6f6e·2053·6865·6c6c·2073·6372··iation·Shell·scr
 00039bf0:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br><
 00039c00:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
 00039c10:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
 00039c20:·7365·2220·6964·3d22·6964·6d34·3033·3122··se"·id="idm4031"
 00039c30:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
 00039c40:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
 00039c50:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
 00039c60:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
 00039c70:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
 00039c80:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
 00039c90:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 00039ca0:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
 00039cb0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 00039cc0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
 00039cd0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
 00039ce0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
 00039cf0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
 00039d00:·683e·3c74·643e·7265·7374·7269·6374·3c2f··h><td>restrict</
 00039d10:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
 00039d20:·3c70·7265·3e3c·636f·6465·3e0a·666f·7220··<pre><code>.for·
 00039d30:·6620·696e·202f·6574·632f·7375·646f·6572··f·in·/etc/sudoer
 00039d40:·7320·2f65·7463·2f73·7564·6f65·7273·2e64··s·/etc/sudoers.d
 00039d50:·2f2a·203b·2064·6f0a·2020·6966·205b·2021··/*·;·do.··if·[·!
 00039d60:·202d·6520·2224·6622·205d·203b·2074·6865···-e·"$f"·]·;·the
 00039d70:·6e0a·2020·2020·636f·6e74·696e·7565·0a20··n.····continue.·
 00039d80:·2066·690a·2020·6d61·7463·6869·6e67·5f6c···fi.··matching_l
 00039d90:·6973·743d·2428·6772·6570·202d·5020·275e··ist=$(grep·-P·'^
 00039da0:·283f·2123·292e·2a5b·5c73·5d2b·5c21·6175··(?!#).*[\s]+\!au
 00039db0:·7468·656e·7469·6361·7465·2e2a·2427·2024··thenticate.*$'·$
 00039dc0:·6620·7c20·756e·6971·2029·0a20·2069·6620··f·|·uniq·).··if·
 00039dd0:·2120·7465·7374·202d·7a20·2224·6d61·7463··!·test·-z·"$matc
 00039de0:·6869·6e67·5f6c·6973·7422·3b20·7468·656e··hing_list";·then
 00039df0:·0a20·2020·2077·6869·6c65·2049·4653·3d20··.····while·IFS=·
 00039e00:·7265·6164·202d·7220·656e·7472·793b·2064··read·-r·entry;·d
 00039e10:·6f0a·2020·2020·2020·2320·636f·6d6d·656e··o.······#·commen
 00039e20:·7420·6f75·7420·2221·6175·7468·656e·7469··t·out·"!authenti
 00039e30:·6361·7465·2220·6d61·7463·6865·7320·746f··cate"·matches·to
 00039e40:·2070·7265·7365·7276·6520·7573·6572·2064···preserve·user·d
 00039e50:·6174·610a·2020·2020·2020·7365·6420·2d69··ata.······sed·-i
 00039e60:·2022·732f·5e24·7b65·6e74·7279·7d24·2f23···"s/^${entry}$/#
 00039e70:·2026·616d·703b·2f67·2220·2466·0a20·2020···&amp;/g"·$f.···
 00039e80:·2064·6f6e·6520·266c·743b·266c·743b·266c···done·&lt;&lt;&l
 00039e90:·743b·2022·246d·6174·6368·696e·675f·6c69··t;·"$matching_li
 00039ea0:·7374·220a·0a20·2020·202f·7573·722f·7362··st"..····/usr/sb
 00039eb0:·696e·2f76·6973·7564·6f20·2d63·6620·2466··in/visudo·-cf·$f
 00039ec0:·2026·616d·703b·2667·743b·202f·6465·762f···&amp;&gt;·/dev/
 00039ed0:·6e75·6c6c·207c·7c20·6563·686f·2022·4661··null·||·echo·"Fa
 00039ee0:·696c·2074·6f20·7661·6c69·6461·7465·2024··il·to·validate·$
 00039ef0:·6620·7769·7468·2076·6973·7564·6f22·0a20··f·with·visudo".·
 00039f00:·2066·690a·646f·6e65·0a3c·2f63·6f64·653e···fi.done.</code>
 00039f10:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
 00039f20:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
 00039f30:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
 00039f40:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
 00039f50:·7461·2d74·6172·6765·743d·2223·6964·6d34··ta-target="#idm4
 00039f60:·3033·3222·2074·6162·696e·6465·783d·2230··032"·tabindex="0
 00039f70:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
 00039f80:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
 00039f90:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
 00039fa0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
 00039fb0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
00039be0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s00039fc0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s
00039bf0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b00039fd0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b
00039c00:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa00039fe0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
00039c10:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col00039ff0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
00039c20:·6c61·7073·6522·2069·643d·2269·646d·3430··lapse"·id="idm40 
00039c30:·3331·223e·3c74·6162·6c65·2063·6c61·7373··31"><table·class 
00039c40:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
00039c50:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord 
00039c60:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
00039c70:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
00039c80:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
00039c90:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
00039ca0:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
00039cb0:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
00039cc0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
00039cd0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
00039ce0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
00039cf0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
00039d00:·3c2f·7468·3e3c·7464·3e72·6573·7472·6963··</th><td>restric 
00039d10:·743c·2f74·643e·3c2f·7472·3e3c·2f74·6162··t</td></tr></tab 
00039d20:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-· 
00039d30:·6e61·6d65·3a20·4669·6e64·202f·6574·632f··name:·Find·/etc/ 
00039d40:·7375·646f·6572·732e·642f·2066·696c·6573··sudoers.d/·files 
00039d50:·0a20·2061·6e73·6962·6c65·2e62·7569·6c74··.··ansible.built 
00039d60:·696e·2e66·696e·643a·0a20·2020·2070·6174··in.find:.····pat 
00039d70:·6873·3a0a·2020·2020·2d20·2f65·7463·2f73··hs:.····-·/etc/s 
00039d80:·7564·6f65·7273·2e64·2f0a·2020·7265·6769··udoers.d/.··regi 
00039d90:·7374·6572·3a20·7375·646f·6572·730a·2020··ster:·sudoers.·· 
00039da0:·7461·6773·3a0a·2020·2d20·4e49·5354·2d38··tags:.··-·NIST-8 
00039db0:·3030·2d35·332d·434d·2d36·2861·290a·2020··00-53-CM-6(a).·· 
00039dc0:·2d20·4e49·5354·2d38·3030·2d35·332d·4941··-·NIST-800-53-IA 
00039dd0:·2d31·310a·2020·2d20·6c6f·775f·636f·6d70··-11.··-·low_comp 
00039de0:·6c65·7869·7479·0a20·202d·206c·6f77·5f64··lexity.··-·low_d 
00039df0:·6973·7275·7074·696f·6e0a·2020·2d20·6d65··isruption.··-·me 
00039e00:·6469·756d·5f73·6576·6572·6974·790a·2020··dium_severity.·· 
00039e10:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need 
00039e20:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_ 
00039e30:·7374·7261·7465·6779·0a20·202d·2073·7564··strategy.··-·sud 
00039e40:·6f5f·7265·6d6f·7665·5f6e·6f5f·6175·7468··o_remove_no_auth 
00039e50:·656e·7469·6361·7465·0a0a·2d20·6e61·6d65··enticate..-·name 
00039e60:·3a20·5265·6d6f·7665·206c·696e·6573·2063··:·Remove·lines·c 
00039e70:·6f6e·7461·696e·696e·6720·2161·7574·6865··ontaining·!authe 
00039e80:·6e74·6963·6174·6520·6672·6f6d·2073·7564··nticate·from·sud 
00039e90:·6f65·7273·2066·696c·6573·0a20·2061·6e73··oers·files.··ans 
00039ea0:·6962·6c65·2e62·7569·6c74·696e·2e72·6570··ible.builtin.rep 
00039eb0:·6c61·6365·3a0a·2020·2020·7265·6765·7870··lace:.····regexp 
00039ec0:·3a20·285e·283f·2123·292e·2a5b·5c73·5d2b··:·(^(?!#).*[\s]+ 
00039ed0:·5c21·6175·7468·656e·7469·6361·7465·2e2a··\!authenticate.* 
00039ee0:·2429·0a20·2020·2072·6570·6c61·6365·3a20··$).····replace:· 
00039ef0:·2723·205c·6726·6c74·3b31·2667·743b·270a··'#·\g&lt;1&gt;'. 
00039f00:·2020·2020·7061·7468·3a20·277b·7b20·6974······path:·'{{·it 
00039f10:·656d·2e70·6174·6820·7d7d·270a·2020·2020··em.path·}}'.···· 
00039f20:·7661·6c69·6461·7465·3a20·2f75·7372·2f73··validate:·/usr/s 
00039f30:·6269·6e2f·7669·7375·646f·202d·6366·2025··bin/visudo·-cf·% 
00039f40:·730a·2020·7769·7468·5f69·7465·6d73·3a0a··s.··with_items:. 
00039f50:·2020·2d20·7061·7468·3a20·2f65·7463·2f73····-·path:·/etc/s 
00039f60:·7564·6f65·7273·0a20·202d·2027·7b7b·2073··udoers.··-·'{{·s 
00039f70:·7564·6f65·7273·2e66·696c·6573·207d·7d27··udoers.files·}}' 
Max diff block lines reached; 318538/337334 bytes (94.43%) of diff not shown.
44.2 KB
html2text {}
    
Offset 91, 14 lines modifiedOffset 91, 35 lines modified
91 ···························1.7,·SR·1.8,·SR·1.991 ···························1.7,·SR·1.8,·SR·1.9
92 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,92 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
93 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.393 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
94 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)94 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
95 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-795 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
96 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,96 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
97 ···························SRG-OS-000373-GPOS-0015897 ···························SRG-OS-000373-GPOS-00158
 98 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 99 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 100 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 101 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 102 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 103 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 104 ··if·[·!·-e·"$f"·]·;·then
 105 ····continue
 106 ··fi
 107 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 108 ··if·!·test·-z·"$matching_list";·then
 109 ····while·IFS=·read·-r·entry;·do
 110 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 111 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 112 ····done·<<<·"$matching_list"
  
 113 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 114 visudo"
 115 ··fi
 116 done
98 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8117 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
99 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low118 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
100 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low119 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
101 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false120 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
102 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict121 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
103 -·name:·Find·/etc/sudoers.d/·files122 -·name:·Find·/etc/sudoers.d/·files
104 ··ansible.builtin.find:123 ··ansible.builtin.find:
Offset 129, 35 lines modifiedOffset 150, 14 lines modified
129 ··-·NIST-800-53-IA-11150 ··-·NIST-800-53-IA-11
130 ··-·low_complexity151 ··-·low_complexity
131 ··-·low_disruption152 ··-·low_disruption
132 ··-·medium_severity153 ··-·medium_severity
133 ··-·no_reboot_needed154 ··-·no_reboot_needed
134 ··-·restrict_strategy155 ··-·restrict_strategy
135 ··-·sudo_remove_no_authenticate156 ··-·sudo_remove_no_authenticate
136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
141 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
142 ··if·[·!·-e·"$f"·]·;·then 
143 ····continue 
144 ··fi 
145 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
146 ··if·!·test·-z·"$matching_list";·then 
147 ····while·IFS=·read·-r·entry;·do 
148 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
149 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
150 ····done·<<<·"$matching_list" 
  
151 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
152 visudo" 
153 ··fi 
154 done 
155 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o157 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
156 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*158 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
157 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using159 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
158 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure160 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
159 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any161 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
160 sudo·configuration·snippets·in·/etc/sudoers.d/.162 sudo·configuration·snippets·in·/etc/sudoers.d/.
161 ············Without·re-authentication,·users·may·access·resources·or·perform163 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 178, 14 lines modifiedOffset 178, 35 lines modified
178 ···························1.7,·SR·1.8,·SR·1.9178 ···························1.7,·SR·1.8,·SR·1.9
179 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,179 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
180 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3180 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
181 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)181 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
182 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7182 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
183 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,183 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
184 ···························SRG-OS-000373-GPOS-00158184 ···························SRG-OS-000373-GPOS-00158
 185 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 186 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 187 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 188 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 189 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 190 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 191 ··if·[·!·-e·"$f"·]·;·then
 192 ····continue
 193 ··fi
 194 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 195 ··if·!·test·-z·"$matching_list";·then
 196 ····while·IFS=·read·-r·entry;·do
 197 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 198 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 199 ····done·<<<·"$matching_list"
  
 200 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 201 visudo"
 202 ··fi
 203 done
185 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8204 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
186 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low205 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
187 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low206 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
188 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false207 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
189 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict208 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
190 -·name:·Find·/etc/sudoers.d/·files209 -·name:·Find·/etc/sudoers.d/·files
191 ··ansible.builtin.find:210 ··ansible.builtin.find:
Offset 216, 35 lines modifiedOffset 237, 14 lines modified
216 ··-·NIST-800-53-IA-11237 ··-·NIST-800-53-IA-11
217 ··-·low_complexity238 ··-·low_complexity
218 ··-·low_disruption239 ··-·low_disruption
219 ··-·medium_severity240 ··-·medium_severity
220 ··-·no_reboot_needed241 ··-·no_reboot_needed
221 ··-·restrict_strategy242 ··-·restrict_strategy
222 ··-·sudo_remove_nopasswd243 ··-·sudo_remove_nopasswd
223 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
224 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
225 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
226 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
227 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
228 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
229 ··if·[·!·-e·"$f"·]·;·then 
230 ····continue 
231 ··fi 
232 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
233 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 39750/45195 bytes (87.95%) of diff not shown.
1.22 MB
./usr/share/doc/ssg-debian/ssg-debian12-guide-anssi_np_nt28_restrictive.html
    
Offset 16006, 146 lines modifiedOffset 16006, 146 lines modified
0003e850:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003e850:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003e860:·2223·6964·6d34·3033·3122·2074·6162·696e··"#idm4031"·tabin0003e860:·2223·6964·6d34·3033·3122·2074·6162·696e··"#idm4031"·tabin
0003e870:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003e870:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003e880:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003e880:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003e890:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003e890:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003e8a0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003e8a0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003e8b0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003e8b0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
 0003e8c0:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
 0003e8d0:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
 0003e8e0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003e8f0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003e900:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003e910:·6d34·3033·3122·3e3c·7461·626c·6520·636c··m4031"><table·cl
 0003e920:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
 0003e930:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
 0003e940:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
 0003e950:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
 0003e960:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
 0003e970:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003e980:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
 0003e990:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
 0003e9a0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003e9b0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
 0003e9c0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
 0003e9d0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
 0003e9e0:·6779·3a3c·2f74·683e·3c74·643e·7265·7374··gy:</th><td>rest
 0003e9f0:·7269·6374·3c2f·7464·3e3c·2f74·723e·3c2f··rict</td></tr></
 0003ea00:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
 0003ea10:·3e0a·666f·7220·6620·696e·202f·6574·632f··>.for·f·in·/etc/
 0003ea20:·7375·646f·6572·7320·2f65·7463·2f73·7564··sudoers·/etc/sud
 0003ea30:·6f65·7273·2e64·2f2a·203b·2064·6f0a·2020··oers.d/*·;·do.··
 0003ea40:·6966·205b·2021·202d·6520·2224·6622·205d··if·[·!·-e·"$f"·]
 0003ea50:·203b·2074·6865·6e0a·2020·2020·636f·6e74···;·then.····cont
 0003ea60:·696e·7565·0a20·2066·690a·2020·6d61·7463··inue.··fi.··matc
 0003ea70:·6869·6e67·5f6c·6973·743d·2428·6772·6570··hing_list=$(grep
 0003ea80:·202d·5020·275e·283f·2123·292e·2a5b·5c73···-P·'^(?!#).*[\s
 0003ea90:·5d2b·5c21·6175·7468·656e·7469·6361·7465··]+\!authenticate
 0003eaa0:·2e2a·2427·2024·6620·7c20·756e·6971·2029··.*$'·$f·|·uniq·)
 0003eab0:·0a20·2069·6620·2120·7465·7374·202d·7a20··.··if·!·test·-z·
 0003eac0:·2224·6d61·7463·6869·6e67·5f6c·6973·7422··"$matching_list"
 0003ead0:·3b20·7468·656e·0a20·2020·2077·6869·6c65··;·then.····while
 0003eae0:·2049·4653·3d20·7265·6164·202d·7220·656e···IFS=·read·-r·en
 0003eaf0:·7472·793b·2064·6f0a·2020·2020·2020·2320··try;·do.······#·
 0003eb00:·636f·6d6d·656e·7420·6f75·7420·2221·6175··comment·out·"!au
 0003eb10:·7468·656e·7469·6361·7465·2220·6d61·7463··thenticate"·matc
 0003eb20:·6865·7320·746f·2070·7265·7365·7276·6520··hes·to·preserve·
 0003eb30:·7573·6572·2064·6174·610a·2020·2020·2020··user·data.······
 0003eb40:·7365·6420·2d69·2022·732f·5e24·7b65·6e74··sed·-i·"s/^${ent
 0003eb50:·7279·7d24·2f23·2026·616d·703b·2f67·2220··ry}$/#·&amp;/g"·
 0003eb60:·2466·0a20·2020·2064·6f6e·6520·266c·743b··$f.····done·&lt;
 0003eb70:·266c·743b·266c·743b·2022·246d·6174·6368··&lt;&lt;·"$match
 0003eb80:·696e·675f·6c69·7374·220a·0a20·2020·202f··ing_list"..····/
 0003eb90:·7573·722f·7362·696e·2f76·6973·7564·6f20··usr/sbin/visudo·
 0003eba0:·2d63·6620·2466·2026·616d·703b·2667·743b··-cf·$f·&amp;&gt;
 0003ebb0:·202f·6465·762f·6e75·6c6c·207c·7c20·6563···/dev/null·||·ec
 0003ebc0:·686f·2022·4661·696c·2074·6f20·7661·6c69··ho·"Fail·to·vali
 0003ebd0:·6461·7465·2024·6620·7769·7468·2076·6973··date·$f·with·vis
 0003ebe0:·7564·6f22·0a20·2066·690a·646f·6e65·0a3c··udo".··fi.done.<
 0003ebf0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
 0003ec00:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
 0003ec10:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
 0003ec20:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
 0003ec30:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
 0003ec40:·2223·6964·6d34·3033·3222·2074·6162·696e··"#idm4032"·tabin
 0003ec50:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
 0003ec60:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
 0003ec70:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
 0003ec80:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
 0003ec90:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003e8c0:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003eca0:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans
0003e8d0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...0003ecb0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...
0003e8e0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003ecc0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003e8f0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003ecd0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003e900:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003e910:·2269·646d·3430·3331·223e·3c74·6162·6c65··"idm4031"><table 
0003e920:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003e930:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003e940:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003e950:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003e960:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
0003e970:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003e980:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis 
0003e990:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td 
0003e9a0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003e9b0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
0003e9c0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003e9d0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003e9e0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r 
0003e9f0:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr 
0003ea00:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003ea10:·6f64·653e·2d20·6e61·6d65·3a20·4669·6e64··ode>-·name:·Find 
0003ea20:·202f·6574·632f·7375·646f·6572·732e·642f···/etc/sudoers.d/ 
0003ea30:·2066·696c·6573·0a20·2061·6e73·6962·6c65···files.··ansible 
0003ea40:·2e62·7569·6c74·696e·2e66·696e·643a·0a20··.builtin.find:.· 
0003ea50:·2020·2070·6174·6873·3a0a·2020·2020·2d20·····paths:.····-· 
0003ea60:·2f65·7463·2f73·7564·6f65·7273·2e64·2f0a··/etc/sudoers.d/. 
0003ea70:·2020·7265·6769·7374·6572·3a20·7375·646f····register:·sudo 
0003ea80:·6572·730a·2020·7461·6773·3a0a·2020·2d20··ers.··tags:.··-· 
0003ea90:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6 
0003eaa0:·2861·290a·2020·2d20·4e49·5354·2d38·3030··(a).··-·NIST-800 
0003eab0:·2d35·332d·4941·2d31·310a·2020·2d20·6c6f··-53-IA-11.··-·lo 
0003eac0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··- 
0003ead0:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption. 
0003eae0:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever 
0003eaf0:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo 
0003eb00:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res 
0003eb10:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.· 
0003eb20:·202d·2073·7564·6f5f·7265·6d6f·7665·5f6e···-·sudo_remove_n 
0003eb30:·6f5f·6175·7468·656e·7469·6361·7465·0a0a··o_authenticate.. 
0003eb40:·2d20·6e61·6d65·3a20·5265·6d6f·7665·206c··-·name:·Remove·l 
0003eb50:·696e·6573·2063·6f6e·7461·696e·696e·6720··ines·containing· 
0003eb60:·2161·7574·6865·6e74·6963·6174·6520·6672··!authenticate·fr 
0003eb70:·6f6d·2073·7564·6f65·7273·2066·696c·6573··om·sudoers·files 
0003eb80:·0a20·2061·6e73·6962·6c65·2e62·7569·6c74··.··ansible.built 
0003eb90:·696e·2e72·6570·6c61·6365·3a0a·2020·2020··in.replace:.···· 
0003eba0:·7265·6765·7870·3a20·285e·283f·2123·292e··regexp:·(^(?!#). 
0003ebb0:·2a5b·5c73·5d2b·5c21·6175·7468·656e·7469··*[\s]+\!authenti 
0003ebc0:·6361·7465·2e2a·2429·0a20·2020·2072·6570··cate.*$).····rep 
0003ebd0:·6c61·6365·3a20·2723·205c·6726·6c74·3b31··lace:·'#·\g&lt;1 
0003ebe0:·2667·743b·270a·2020·2020·7061·7468·3a20··&gt;'.····path:· 
0003ebf0:·277b·7b20·6974·656d·2e70·6174·6820·7d7d··'{{·item.path·}} 
0003ec00:·270a·2020·2020·7661·6c69·6461·7465·3a20··'.····validate:· 
0003ec10:·2f75·7372·2f73·6269·6e2f·7669·7375·646f··/usr/sbin/visudo 
0003ec20:·202d·6366·2025·730a·2020·7769·7468·5f69···-cf·%s.··with_i 
0003ec30:·7465·6d73·3a0a·2020·2d20·7061·7468·3a20··tems:.··-·path:· 
0003ec40:·2f65·7463·2f73·7564·6f65·7273·0a20·202d··/etc/sudoers.··- 
0003ec50:·2027·7b7b·2073·7564·6f65·7273·2e66·696c···'{{·sudoers.fil 
Max diff block lines reached; 1124740/1143536 bytes (98.36%) of diff not shown.
133 KB
html2text {}
    
Offset 229, 14 lines modifiedOffset 229, 35 lines modified
229 ···························1.7,·SR·1.8,·SR·1.9229 ···························1.7,·SR·1.8,·SR·1.9
230 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,230 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
231 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3231 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
232 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)232 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
233 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7233 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
234 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,234 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
235 ···························SRG-OS-000373-GPOS-00158235 ···························SRG-OS-000373-GPOS-00158
 236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 237 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 238 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 239 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 240 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 241 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 242 ··if·[·!·-e·"$f"·]·;·then
 243 ····continue
 244 ··fi
 245 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·)
 246 ··if·!·test·-z·"$matching_list";·then
 247 ····while·IFS=·read·-r·entry;·do
 248 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data
 249 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 250 ····done·<<<·"$matching_list"
  
 251 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 252 visudo"
 253 ··fi
 254 done
236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8255 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
237 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low256 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
238 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low257 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
239 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false258 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
240 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict259 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
241 -·name:·Find·/etc/sudoers.d/·files260 -·name:·Find·/etc/sudoers.d/·files
242 ··ansible.builtin.find:261 ··ansible.builtin.find:
Offset 267, 35 lines modifiedOffset 288, 14 lines modified
267 ··-·NIST-800-53-IA-11288 ··-·NIST-800-53-IA-11
268 ··-·low_complexity289 ··-·low_complexity
269 ··-·low_disruption290 ··-·low_disruption
270 ··-·medium_severity291 ··-·medium_severity
271 ··-·no_reboot_needed292 ··-·no_reboot_needed
272 ··-·restrict_strategy293 ··-·restrict_strategy
273 ··-·sudo_remove_no_authenticate294 ··-·sudo_remove_no_authenticate
274 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
275 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
276 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
277 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
278 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
279 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
280 ··if·[·!·-e·"$f"·]·;·then 
281 ····continue 
282 ··fi 
283 ··matching_list=$(grep·-P·'^(?!#).*[\s]+\!authenticate.*$'·$f·|·uniq·) 
284 ··if·!·test·-z·"$matching_list";·then 
285 ····while·IFS=·read·-r·entry;·do 
286 ······#·comment·out·"!authenticate"·matches·to·preserve·user·data 
287 ······sed·-i·"s/^${entry}$/#·&/g"·$f 
288 ····done·<<<·"$matching_list" 
  
289 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with 
290 visudo" 
291 ··fi 
292 done 
293 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o295 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·U\x8Us\x8se\x8er\x8rs\x8s·R\x8Re\x8e-\x8-A\x8Au\x8ut\x8th\x8he\x8en\x8nt\x8ti\x8ic\x8ca\x8at\x8te\x8e·f\x8fo\x8or\x8r·P\x8Pr\x8ri\x8iv\x8vi\x8il\x8le\x8eg\x8ge\x8e·E\x8Es\x8sc\x8ca\x8al\x8la\x8at\x8ti\x8io\x8on\x8n·-\x8-·s\x8su\x8ud\x8do\x8o
294 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*296 N\x8NO\x8OP\x8PA\x8AS\x8SS\x8SW\x8WD\x8D·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
295 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using297 The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using
296 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure298 sudo·without·having·to·authenticate.·This·should·be·disabled·by·making·sure
297 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any299 that·the·NOPASSWD·tag·does·not·exist·in·/etc/sudoers·configuration·file·or·any
298 sudo·configuration·snippets·in·/etc/sudoers.d/.300 sudo·configuration·snippets·in·/etc/sudoers.d/.
299 ············Without·re-authentication,·users·may·access·resources·or·perform301 ············Without·re-authentication,·users·may·access·resources·or·perform
Offset 316, 14 lines modifiedOffset 316, 35 lines modified
316 ···························1.7,·SR·1.8,·SR·1.9316 ···························1.7,·SR·1.8,·SR·1.9
317 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,317 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,·A.9.2.4,
318 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3318 ···························A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3
319 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)319 ············_\x8n_\x8i_\x8s_\x8t···········IA-11,·CM-6(a)
320 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7320 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-1,·PR.AC-7
321 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,321 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,
322 ···························SRG-OS-000373-GPOS-00158322 ···························SRG-OS-000373-GPOS-00158
 323 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 324 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 325 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 326 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 327 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
  
 328 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
 329 ··if·[·!·-e·"$f"·]·;·then
 330 ····continue
 331 ··fi
 332 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·)
 333 ··if·!·test·-z·"$matching_list";·then
 334 ····while·IFS=·read·-r·entry;·do
 335 ······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
 336 ······sed·-i·"s/^${entry}$/#·&/g"·$f
 337 ····done·<<<·"$matching_list"
  
 338 ····/usr/sbin/visudo·-cf·$f·&>·/dev/null·||·echo·"Fail·to·validate·$f·with
 339 visudo"
 340 ··fi
 341 done
323 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8342 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
324 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low343 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
325 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low344 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
326 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false345 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
327 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict346 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
328 -·name:·Find·/etc/sudoers.d/·files347 -·name:·Find·/etc/sudoers.d/·files
329 ··ansible.builtin.find:348 ··ansible.builtin.find:
Offset 354, 35 lines modifiedOffset 375, 14 lines modified
354 ··-·NIST-800-53-IA-11375 ··-·NIST-800-53-IA-11
355 ··-·low_complexity376 ··-·low_complexity
356 ··-·low_disruption377 ··-·low_disruption
357 ··-·medium_severity378 ··-·medium_severity
358 ··-·no_reboot_needed379 ··-·no_reboot_needed
359 ··-·restrict_strategy380 ··-·restrict_strategy
360 ··-·sudo_remove_nopasswd381 ··-·sudo_remove_nopasswd
361 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
362 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
363 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
364 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
365 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
  
366 for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do 
367 ··if·[·!·-e·"$f"·]·;·then 
368 ····continue 
369 ··fi 
370 ··matching_list=$(grep·-P·'^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'·$f·|·uniq·) 
371 ··if·!·test·-z·"$matching_list";·then 
Max diff block lines reached; 130444/135892 bytes (95.99%) of diff not shown.
1.16 MB
./usr/share/doc/ssg-debian/ssg-debian12-guide-standard.html
    
Offset 16213, 778 lines modifiedOffset 16213, 778 lines modified
0003f540:·7461·7267·6574·3d22·2369·646d·3130·3334··target="#idm10340003f540:·7461·7267·6574·3d22·2369·646d·3130·3334··target="#idm1034
0003f550:·3722·2074·6162·696e·6465·783d·2230·2220··7"·tabindex="0"·0003f550:·3722·2074·6162·696e·6465·783d·2230·2220··7"·tabindex="0"·
0003f560:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003f560:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003f570:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003f570:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003f580:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003f580:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003f590:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003f590:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
Diff chunk too large, falling back to line-by-line diff (764 lines added, 764 lines removed)
0003f5a0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003f5a0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003f5b0:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni0003f5b0:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
0003f5c0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003f5c0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003f5d0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003f5d0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003f5e0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003f5e0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003f5f0:·7073·6522·2069·643d·2269·646d·3130·3334··pse"·id="idm10340003f5f0:·2220·6964·3d22·6964·6d31·3033·3437·223e··"·id="idm10347">
0003f600:·3722·3e3c·7461·626c·6520·636c·6173·733d··7"><table·class=0003f600:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
0003f610:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str0003f610:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
0003f620:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde0003f620:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
0003f630:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden0003f630:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
0003f640:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com0003f640:·0a69·6620·6470·6b67·2d71·7565·7279·202d··.if·dpkg-query·-
0003f650:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td0003f650:·2d73·686f·7720·2d2d·7368·6f77·666f·726d··-show·--showform
0003f660:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t0003f660:·6174·3d27·247b·6462·3a53·7461·7475·732d··at='${db:Status-
0003f670:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption0003f670:·5374·6174·7573·7d0a·2720·276c·696e·7578··Status}.'·'linux
0003f680:·3a3c·2f74·683e·3c74·643e·6d65·6469·756d··:</th><td>medium0003f680:·2d62·6173·6527·2032·2667·743b·2f64·6576··-base'·2&gt;/dev
0003f690:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003f690:·2f6e·756c·6c20·7c20·6772·6570·202d·7120··/null·|·grep·-q·
0003f6a0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t0003f6a0:·5e69·6e73·7461·6c6c·6564·2026·616d·703b··^installed·&amp;
0003f6b0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr0003f6b0:·2661·6d70·3b20·6470·6b67·2d71·7565·7279··&amp;·dpkg-query
0003f6c0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg0003f6c0:·202d·2d73·686f·7720·2d2d·7368·6f77·666f···--show·--showfo
0003f6d0:·793a·3c2f·7468·3e3c·7464·3e63·6f6e·6669··y:</th><td>confi0003f6d0:·726d·6174·3d27·247b·6462·3a53·7461·7475··rmat='${db:Statu
0003f6e0:·6775·7265·3c2f·7464·3e3c·2f74·723e·3c2f··gure</td></tr></0003f6e0:·732d·5374·6174·7573·7d5c·6e27·2027·7273··s-Status}\n'·'rs
0003f6f0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code0003f6f0:·7973·6c6f·6727·2032·2667·743b·2f64·6576··yslog'·2&gt;/dev
0003f700:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather·0003f700:·2f6e·756c·6c20·7c20·6772·6570·202d·7120··/null·|·grep·-q·
0003f710:·7468·6520·7061·636b·6167·6520·6661·6374··the·package·fact0003f710:·275e·696e·7374·616c·6c65·6427·3b20·7468··'^installed';·th
0003f720:·730a·2020·7061·636b·6167·655f·6661·6374··s.··package_fact0003f720:·656e·0a0a·2320·4c69·7374·206f·6620·6c6f··en..#·List·of·lo
0003f730:·733a·0a20·2020·206d·616e·6167·6572·3a20··s:.····manager:·0003f730:·6720·6669·6c65·2070·6174·6873·2074·6f20··g·file·paths·to·
0003f740:·6175·746f·0a20·2074·6167·733a·0a20·202d··auto.··tags:.··-0003f740:·6265·2069·6e73·7065·6374·6564·2066·6f72··be·inspected·for
0003f750:·204e·4953·542d·3830·302d·3533·2d41·432d···NIST-800-53-AC-0003f750:·2063·6f72·7265·6374·2070·6572·6d69·7373···correct·permiss
0003f760:·3628·3129·0a20·202d·204e·4953·542d·3830··6(1).··-·NIST-800003f760:·696f·6e73·0a23·202a·2050·7269·6d61·7269··ions.#·*·Primari
0003f770:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··-0003f770:·6c79·2069·6e73·7065·6374·206c·6f67·2066··ly·inspect·log·f
0003f780:·2050·4349·2d44·5353·2d52·6571·2d31·302e···PCI-DSS-Req-10.0003f780:·696c·6520·7061·7468·7320·6c69·7374·6564··ile·paths·listed
0003f790:·352e·310a·2020·2d20·5043·492d·4453·532d··5.1.··-·PCI-DSS-0003f790:·2069·6e20·2f65·7463·2f72·7379·736c·6f67···in·/etc/rsyslog
0003f7a0:·5265·712d·3130·2e35·2e32·0a20·202d·2050··Req-10.5.2.··-·P0003f7a0:·2e63·6f6e·660a·5253·5953·4c4f·475f·4554··.conf.RSYSLOG_ET
0003f7b0:·4349·2d44·5353·7634·2d31·302e·330a·2020··CI-DSSv4-10.3.··0003f7b0:·435f·434f·4e46·4947·3d22·2f65·7463·2f72··C_CONFIG="/etc/r
0003f7c0:·2d20·5043·492d·4453·5376·342d·3130·2e33··-·PCI-DSSv4-10.30003f7c0:·7379·736c·6f67·2e63·6f6e·6622·0a23·202a··syslog.conf".#·*
0003f7d0:·2e32·0a20·202d·2063·6f6e·6669·6775·7265··.2.··-·configure0003f7d0:·2041·6e64·2061·6c73·6f20·7468·6520·6c6f···And·also·the·lo
0003f7e0:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo0003f7e0:·6720·6669·6c65·2070·6174·6873·206c·6973··g·file·paths·lis
0003f7f0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-0003f7f0:·7465·6420·6166·7465·7220·7273·7973·6c6f··ted·after·rsyslo
0003f800:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti0003f800:·6727·7320·2449·6e63·6c75·6465·436f·6e66··g's·$IncludeConf
0003f810:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se0003f810:·6967·2064·6972·6563·7469·7665·0a23·2020··ig·directive.#··
0003f820:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re0003f820:·2028·7374·6f72·6520·7468·6520·7265·7375···(store·the·resu
0003f830:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003f830:·6c74·2069·6e74·6f20·6172·7261·7920·666f··lt·into·array·fo
0003f840:·7273·7973·6c6f·675f·6669·6c65·735f·6772··rsyslog_files_gr0003f840:·7220·7468·6520·6361·7365·2074·6865·7265··r·the·case·there
0003f850:·6f75·706f·776e·6572·7368·6970·0a0a·2d20··oupownership..-·0003f850:·2773·2073·6865·6c6c·2067·6c6f·6220·7573··'s·shell·glob·us
0003f860:·6e61·6d65·3a20·456e·7375·7265·204c·6f67··name:·Ensure·Log0003f860:·6564·2061·7320·7661·6c75·6520·6f66·2049··ed·as·value·of·I
0003f870:·2046·696c·6573·2041·7265·204f·776e·6564···Files·Are·Owned0003f870:·6e63·6c75·6465·436f·6e66·6967·290a·7265··ncludeConfig).re
0003f880:·2042·7920·4170·7072·6f70·7269·6174·6520···By·Appropriate·0003f880:·6164·6172·7261·7920·2d74·204f·4c44·5f49··adarray·-t·OLD_I
0003f890:·4772·6f75·7020·2d20·5365·7420·7273·7973··Group·-·Set·rsys0003f890:·4e43·2026·6c74·3b20·266c·743b·2867·7265··NC·&lt;·&lt;(gre
0003f8a0:·6c6f·6720·6c6f·6766·696c·6520·636f·6e66··log·logfile·conf0003f8a0:·7020·2d65·2022·5c24·496e·636c·7564·6543··p·-e·"\$IncludeC
0003f8b0:·6967·7572·6174·696f·6e0a·2020·2020·6661··iguration.····fa0003f8b0:·6f6e·6669·675b·5b3a·7370·6163·653a·5d5d··onfig[[:space:]]
0003f8c0:·6374·730a·2020·616e·7369·626c·652e·6275··cts.··ansible.bu0003f8c0:·5c2b·5b5e·5b3a·7370·6163·653a·5d3b·5d5c··\+[^[:space:];]\
0003f8d0:·696c·7469·6e2e·7365·745f·6661·6374·3a0a··iltin.set_fact:.0003f8d0:·2b22·202f·6574·632f·7273·7973·6c6f·672e··+"·/etc/rsyslog.
0003f8e0:·2020·2020·7273·7973·6c6f·675f·6574·635f······rsyslog_etc_0003f8e0:·636f·6e66·207c·2063·7574·202d·6420·2720··conf·|·cut·-d·'·
0003f8f0:·636f·6e66·6967·3a20·2f65·7463·2f72·7379··config:·/etc/rsy0003f8f0:·2720·2d66·2032·290a·7265·6164·6172·7261··'·-f·2).readarra
0003f900:·736c·6f67·2e63·6f6e·660a·2020·7768·656e··slog.conf.··when0003f900:·7920·2d74·2052·5359·534c·4f47·5f49·4e43··y·-t·RSYSLOG_INC
0003f910:·3a0a·2020·2d20·2722·6c69·6e75·782d·6261··:.··-·'"linux-ba0003f910:·4c55·4445·5f43·4f4e·4649·4720·266c·743b··LUDE_CONFIG·&lt;
0003f920:·7365·2220·696e·2061·6e73·6962·6c65·5f66··se"·in·ansible_f0003f920:·2026·6c74·3b28·666f·7220·494e·4350·4154···&lt;(for·INCPAT
0003f930:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·0003f930:·4820·696e·2022·247b·4f4c·445f·494e·435b··H·in·"${OLD_INC[
0003f940:·202d·2027·2272·7379·736c·6f67·2220·696e···-·'"rsyslog"·in0003f940:·405d·7d22·3b20·646f·2065·7661·6c20·7072··@]}";·do·eval·pr
0003f950:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003f950:·696e·7466·2027·2573·5c5c·6e27·2022·247b··intf·'%s\\n'·"${
0003f960:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags:0003f960:·494e·4350·4154·487d·223b·2064·6f6e·6529··INCPATH}";·done)
0003f970:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003f970:·0a72·6561·6461·7272·6179·202d·7420·4e45··.readarray·-t·NE
0003f980:·2d41·432d·3628·3129·0a20·202d·204e·4953··-AC-6(1).··-·NIS0003f980:·575f·494e·4320·266c·743b·2026·6c74·3b28··W_INC·&lt;·&lt;(
0003f990:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a)0003f990:·7365·6420·2d6e·2027·2f5e·5c73·2a69·6e63··sed·-n·'/^\s*inc
0003f9a0:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003f9a0:·6c75·6465·282f·2c2f·292f·4970·2720·2f65··lude(/,/)/Ip'·/e
0003f9b0:·2d31·302e·352e·310a·2020·2d20·5043·492d··-10.5.1.··-·PCI-0003f9b0:·7463·2f72·7379·736c·6f67·2e63·6f6e·6620··tc/rsyslog.conf·
0003f9c0:·4453·532d·5265·712d·3130·2e35·2e32·0a20··DSS-Req-10.5.2.·0003f9c0:·7c20·7365·6420·2d6e·2027·7340·2e2a·6669··|·sed·-n·'s@.*fi
0003f9d0:·202d·2050·4349·2d44·5353·7634·2d31·302e···-·PCI-DSSv4-10.0003f9d0:·6c65·5c73·2a3d·5c73·2a22·5c28·5b2f·5b3a··le\s*=\s*"\([/[:
0003f9e0:·330a·2020·2d20·5043·492d·4453·5376·342d··3.··-·PCI-DSSv4-0003f9e0:·616c·6e75·6d3a·5d5b·3a70·756e·6374·3a5d··alnum:][:punct:]
0003f9f0:·3130·2e33·2e32·0a20·202d·2063·6f6e·6669··10.3.2.··-·confi0003f9f0:·5d2a·5c29·222e·2a40·5c31·4049·7027·290a··]*\)".*@\1@Ip').
0003fa00:·6775·7265·5f73·7472·6174·6567·790a·2020··gure_strategy.··0003fa00:·7265·6164·6172·7261·7920·2d74·2052·5359··readarray·-t·RSY
0003fa10:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity0003fa10:·534c·4f47·5f49·4e43·4c55·4445·2026·6c74··SLOG_INCLUDE·&lt
0003fa20:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003fa20:·3b20·266c·743b·2866·6f72·2049·4e43·5041··;·&lt;(for·INCPA
0003fa30:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu0003fa30:·5448·2069·6e20·2224·7b4e·4557·5f49·4e43··TH·in·"${NEW_INC
0003fa40:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n0003fa40:·5b40·5d7d·223b·2064·6f20·6576·616c·2070··[@]}";·do·eval·p
0003fa50:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003fa50:·7269·6e74·6620·2725·735c·5c6e·2720·2224··rintf·'%s\\n'·"$
0003fa60:·2020·2d20·7273·7973·6c6f·675f·6669·6c65····-·rsyslog_file0003fa60:·7b49·4e43·5041·5448·7d22·3b20·646f·6e65··{INCPATH}";·done
0003fa70:·735f·6772·6f75·706f·776e·6572·7368·6970··s_groupownership0003fa70:·290a·0a23·2044·6563·6c61·7265·2061·6e20··)..#·Declare·an·
0003fa80:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure0003fa80:·6172·7261·7920·746f·2068·6f6c·6420·7468··array·to·hold·th
0003fa90:·204c·6f67·2046·696c·6573·2041·7265·204f···Log·Files·Are·O0003fa90:·6520·6669·6e61·6c20·6c69·7374·206f·6620··e·final·list·of·
0003faa0:·776e·6564·2042·7920·4170·7072·6f70·7269··wned·By·Appropri0003faa0:·6469·6666·6572·656e·7420·6c6f·6720·6669··different·log·fi
0003fab0:·6174·6520·4772·6f75·7020·2d20·4765·7420··ate·Group·-·Get·0003fab0:·6c65·2070·6174·6873·0a64·6563·6c61·7265··le·paths.declare
0003fac0:·496e·636c·7564·6543·6f6e·6669·6720·6469··IncludeConfig·di0003fac0:·202d·6120·4c4f·475f·4649·4c45·5f50·4154···-a·LOG_FILE_PAT
0003fad0:·7265·6374·6976·650a·2020·616e·7369·626c··rective.··ansibl0003fad0:·4853·0a0a·2320·4172·7261·7920·746f·2068··HS..#·Array·to·h
0003fae0:·652e·6275·696c·7469·6e2e·7368·656c·6c3a··e.builtin.shell:0003fae0:·6f6c·6420·616c·6c20·7273·7973·6c6f·6720··old·all·rsyslog·
0003faf0:·207c·0a20·2020·2067·7265·7020·2d65·2027···|.····grep·-e·'0003faf0:·636f·6e66·6967·2065·6e74·7269·6573·0a52··config·entries.R
0003fb00:·2449·6e63·6c75·6465·436f·6e66·6967·2720··$IncludeConfig'·0003fb00:·5359·534c·4f47·5f43·4f4e·4649·4753·3d28··SYSLOG_CONFIGS=(
0003fb10:·7b7b·2072·7379·736c·6f67·5f65·7463·5f63··{{·rsyslog_etc_c0003fb10:·290a·5253·5953·4c4f·475f·434f·4e46·4947··).RSYSLOG_CONFIG
0003fb20:·6f6e·6669·6720·7d7d·207c·2063·7574·202d··onfig·}}·|·cut·-0003fb20:·533d·2822·247b·5253·5953·4c4f·475f·4554··S=("${RSYSLOG_ET
0003fb30:·6420·2720·2720·2d66·2032·207c·7c20·7472··d·'·'·-f·2·||·tr0003fb30:·435f·434f·4e46·4947·7d22·2022·247b·5253··C_CONFIG}"·"${RS
0003fb40:·7565·0a20·2072·6567·6973·7465·723a·2072··ue.··register:·r0003fb40:·5953·4c4f·475f·494e·434c·5544·455f·434f··YSLOG_INCLUDE_CO
0003fb50:·7379·736c·6f67·5f6f·6c64·5f69·6e63·0a20··syslog_old_inc.·0003fb50:·4e46·4947·5b40·5d7d·2220·2224·7b52·5359··NFIG[@]}"·"${RSY
0003fb60:·2063·6861·6e67·6564·5f77·6865·6e3a·2066···changed_when:·f0003fb60:·534c·4f47·5f49·4e43·4c55·4445·5b40·5d7d··SLOG_INCLUDE[@]}
0003fb70:·616c·7365·0a20·2077·6865·6e3a·0a20·202d··alse.··when:.··-0003fb70:·2229·0a0a·2320·4765·7420·6675·6c6c·206c··")..#·Get·full·l
0003fb80:·2027·226c·696e·7578·2d62·6173·6522·2069···'"linux-base"·i0003fb80:·6973·7420·6f66·2066·696c·6573·2074·6f20··ist·of·files·to·
0003fb90:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003fb90:·6265·2063·6865·636b·6564·0a23·2052·5359··be·checked.#·RSY
0003fba0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"0003fba0:·534c·4f47·5f43·4f4e·4649·4753·206d·6179··SLOG_CONFIGS·may
0003fbb0:·7273·7973·6c6f·6722·2069·6e20·616e·7369··rsyslog"·in·ansi0003fbb0:·2063·6f6e·7461·696e·2067·6c6f·6273·2073···contain·globs·s
0003fbc0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003fbc0:·7563·6820·6173·0a23·202f·6574·632f·7273··uch·as.#·/etc/rs
0003fbd0:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·0003fbd0:·7973·6c6f·672e·642f·2a2e·636f·6e66·202f··yslog.d/*.conf·/
0003fbe0:·4e49·5354·2d38·3030·2d35·332d·4143·2d36··NIST-800-53-AC-60003fbe0:·6574·632f·7273·7973·6c6f·672e·642f·2a2e··etc/rsyslog.d/*.
0003fbf0:·2831·290a·2020·2d20·4e49·5354·2d38·3030··(1).··-·NIST-8000003fbf0:·6672·756c·650a·2320·536f·2c20·6c6f·6f70··frule.#·So,·loop
0003fc00:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-·0003fc00:·206f·7665·7220·7468·6520·656e·7472·6965···over·the·entrie
0003fc10:·5043·492d·4453·532d·5265·712d·3130·2e35··PCI-DSS-Req-10.50003fc10:·7320·696e·2052·5359·534c·4f47·5f43·4f4e··s·in·RSYSLOG_CON
0003fc20:·2e31·0a20·202d·2050·4349·2d44·5353·2d52··.1.··-·PCI-DSS-R0003fc20:·4649·4753·2061·6e64·2075·7365·2066·696e··FIGS·and·use·fin
0003fc30:·6571·2d31·302e·352e·320a·2020·2d20·5043··eq-10.5.2.··-·PC0003fc30:·6420·746f·2067·6574·2074·6865·206c·6973··d·to·get·the·lis
0003fc40:·492d·4453·5376·342d·3130·2e33·0a20·202d··I-DSSv4-10.3.··-0003fc40:·7420·6f66·2069·6e63·6c75·6465·6420·6669··t·of·included·fi
0003fc50:·2050·4349·2d44·5353·7634·2d31·302e·332e···PCI-DSSv4-10.3.0003fc50:·6c65·732e·0a52·5359·534c·4f47·5f43·4f4e··les..RSYSLOG_CON
0003fc60:·320a·2020·2d20·636f·6e66·6967·7572·655f··2.··-·configure_0003fc60:·4649·475f·4649·4c45·533d·2829·0a66·6f72··FIG_FILES=().for
0003fc70:·7374·7261·7465·6779·0a20·202d·206c·6f77··strategy.··-·low0003fc70:·2045·4e54·5259·2069·6e20·2224·7b52·5359···ENTRY·in·"${RSY
0003fc80:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·0003fc80:·534c·4f47·5f43·4f4e·4649·4753·5b40·5d7d··SLOG_CONFIGS[@]}
0003fc90:·6d65·6469·756d·5f64·6973·7275·7074·696f··medium_disruptio0003fc90:·220a·646f·0a09·2320·4966·2064·6972·6563··".do..#·If·direc
0003fca0:·6e0a·2020·2d20·6d65·6469·756d·5f73·6576··n.··-·medium_sev0003fca0:·746f·7279·2c20·7273·7973·6c6f·6720·7769··tory,·rsyslog·wi
0003fcb0:·6572·6974·790a·2020·2d20·6e6f·5f72·6562··erity.··-·no_reb0003fcb0:·6c6c·2073·6561·7263·6820·666f·7220·636f··ll·search·for·co
0003fcc0:·6f6f·745f·6e65·6564·6564·0a20·202d·2072··oot_needed.··-·r0003fcc0:·6e66·6967·2066·696c·6573·2069·6e20·7265··nfig·files·in·re
0003fcd0:·7379·736c·6f67·5f66·696c·6573·5f67·726f··syslog_files_gro0003fcd0:·6375·7273·6976·656c·792e·0a09·2320·486f··cursively...#·Ho
0003fce0:·7570·6f77·6e65·7273·6869·700a·0a2d·206e··upownership..-·n0003fce0:·7765·7665·722c·2066·696c·6573·2069·6e20··wever,·files·in·
0003fcf0:·616d·653a·2045·6e73·7572·6520·4c6f·6720··ame:·Ensure·Log·0003fcf0:·6869·6464·656e·2073·7562·2d64·6972·6563··hidden·sub-direc
0003fd00:·4669·6c65·7320·4172·6520·4f77·6e65·6420··Files·Are·Owned·0003fd00:·746f·7269·6573·206f·7220·6869·6464·656e··tories·or·hidden
0003fd10:·4279·2041·7070·726f·7072·6961·7465·2047··By·Appropriate·G0003fd10:·2066·696c·6573·2077·696c·6c20·6265·2069···files·will·be·i
Max diff block lines reached; 984034/1090046 bytes (90.27%) of diff not shown.
125 KB
html2text {}
    
Offset 258, 14 lines modifiedOffset 258, 142 lines modified
258 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-007-3·R2.1,·CIP-007-3·R2.2,·CIP-007-3·R2.3,·CIP-258 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-007-3·R2.1,·CIP-007-3·R2.2,·CIP-007-3·R2.3,·CIP-
259 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2259 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2
260 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)260 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)
261 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5261 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5
262 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.5.1,·Req-10.5.2262 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.5.1,·Req-10.5.2
263 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R71263 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R71
264 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.3.2,·10.3264 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.3.2,·10.3
 265 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 266 #·Remediation·is·applicable·only·in·certain·platforms
 267 if·dpkg-query·--show·--showformat='${db:Status-Status}
 268 '·'linux-base'·2>/dev/null·|·grep·-q·^installed·&&·dpkg-query·--show·--
 269 showformat='${db:Status-Status}\n'·'rsyslog'·2>/dev/null·|·grep·-
 270 q·'^installed';·then
  
 271 #·List·of·log·file·paths·to·be·inspected·for·correct·permissions
 272 #·*·Primarily·inspect·log·file·paths·listed·in·/etc/rsyslog.conf
 273 RSYSLOG_ETC_CONFIG="/etc/rsyslog.conf"
 274 #·*·And·also·the·log·file·paths·listed·after·rsyslog's·$IncludeConfig·directive
 275 #···(store·the·result·into·array·for·the·case·there's·shell·glob·used·as·value
 276 of·IncludeConfig)
 277 readarray·-t·OLD_INC·<·<(grep·-e·"\$IncludeConfig[[:space:]]\+[^[:space:];]\+"
 278 /etc/rsyslog.conf·|·cut·-d·'·'·-f·2)
 279 readarray·-t·RSYSLOG_INCLUDE_CONFIG·<·<(for·INCPATH·in·"${OLD_INC[@]}";·do·eval
 280 printf·'%s\\n'·"${INCPATH}";·done)
 281 readarray·-t·NEW_INC·<·<(sed·-n·'/^\s*include(/,/)/Ip'·/etc/rsyslog.conf·|·sed
 282 -n·'s@.*file\s*=\s*"\([/[:alnum:][:punct:]]*\)".*@\1@Ip')
 283 readarray·-t·RSYSLOG_INCLUDE·<·<(for·INCPATH·in·"${NEW_INC[@]}";·do·eval·printf
 284 '%s\\n'·"${INCPATH}";·done)
  
 285 #·Declare·an·array·to·hold·the·final·list·of·different·log·file·paths
 286 declare·-a·LOG_FILE_PATHS
  
 287 #·Array·to·hold·all·rsyslog·config·entries
 288 RSYSLOG_CONFIGS=()
 289 RSYSLOG_CONFIGS=("${RSYSLOG_ETC_CONFIG}"·"${RSYSLOG_INCLUDE_CONFIG[@]}"·"$
 290 {RSYSLOG_INCLUDE[@]}")
  
 291 #·Get·full·list·of·files·to·be·checked
 292 #·RSYSLOG_CONFIGS·may·contain·globs·such·as
 293 #·/etc/rsyslog.d/*.conf·/etc/rsyslog.d/*.frule
 294 #·So,·loop·over·the·entries·in·RSYSLOG_CONFIGS·and·use·find·to·get·the·list·of
 295 included·files.
 296 RSYSLOG_CONFIG_FILES=()
 297 for·ENTRY·in·"${RSYSLOG_CONFIGS[@]}"
 298 do
 299 »       #·If·directory,·rsyslog·will·search·for·config·files·in·recursively.
 300 »       #·However,·files·in·hidden·sub-directories·or·hidden·files·will·be·ignored.
 301 »       if·[·-d·"${ENTRY}"·]
 302 »       then
 303 »       »       readarray·-t·FINDOUT·<·<(find·"${ENTRY}"·-not·-path·'*/.*'·-type·f)
 304 »       »       RSYSLOG_CONFIG_FILES+=("${FINDOUT[@]}")
 305 »       elif·[·-f·"${ENTRY}"·]
 306 »       then
 307 »       »       RSYSLOG_CONFIG_FILES+=("${ENTRY}")
 308 »       else
 309 »       »       echo·"Invalid·include·object:·${ENTRY}"
 310 »       fi
 311 done
  
 312 #·Browse·each·file·selected·above·as·containing·paths·of·log·files
 313 #·('/etc/rsyslog.conf'·and·'/etc/rsyslog.d/*.conf'·in·the·default
 314 configuration)
 315 for·LOG_FILE·in·"${RSYSLOG_CONFIG_FILES[@]}"
 316 do
 317 »       #·From·each·of·these·files·extract·just·particular·log·file·path(s),·thus:
 318 »       #·*·Ignore·lines·starting·with·space·('·'),·comment·('#"),·or·variable·syntax
 319 ('$')·characters,
 320 »       #·*·Ignore·empty·lines,
 321 »       #·*·Strip·quotes·and·closing·brackets·from·paths.
 322 »       #·*·Ignore·paths·that·match·/dev|/etc.*\.conf,·as·those·are·paths,·but·likely
 323 not·log·files
 324 »       #·*·From·the·remaining·valid·rows·select·only·fields·constituting·a·log·file
 325 path
 326 »       #·Text·file·column·is·understood·to·represent·a·log·file·path·if·and·only·if
 327 all·of·the
 328 »       #·following·are·met:
 329 »       #·*·it·contains·at·least·one·slash·'/'·character,
 330 »       #·*·it·is·preceded·by·space
 331 »       #·*·it·doesn't·contain·space·('·'),·colon·(':'),·and·semicolon·(';')
 332 characters
 333 »       #·Search·log·file·for·path(s)·only·in·case·it·exists!
 334 »       if·[[·-f·"${LOG_FILE}"·]]
 335 »       then
 336 »       »       NORMALIZED_CONFIG_FILE_LINES=$(sed·-e·"/^[#|$]/d"·"${LOG_FILE}")
 337 »       »       LINES_WITH_PATHS=$(grep·'[^/]*\s\+\S*/\S\+$'·<<<·"$
 338 {NORMALIZED_CONFIG_FILE_LINES}")
 339 »       »       FILTERED_PATHS=$(awk·'{if(NF>=2&&($NF~/^\//||$NF~/^-\//)){sub(/^-\//,"/
 340 ",$NF);print·$NF}}'·<<<·"${LINES_WITH_PATHS}")
 341 »       »       CLEANED_PATHS=$(sed·-e·"s/[\"')]//g;·/\\/etc.*\.conf/d;·/\\/dev\\//d"·<<<·"$
 342 {FILTERED_PATHS}")
 343 »       »       MATCHED_ITEMS=$(sed·-e·"/^$/d"·<<<·"${CLEANED_PATHS}")
 344 »       »       #·Since·above·sed·command·might·return·more·than·one·item·(delimited·by
 345 newline),·split
 346 »       »       #·the·particular·matches·entries·into·new·array·specific·for·this·log·file
 347 »       »       readarray·-t·ARRAY_FOR_LOG_FILE·<<<·"$MATCHED_ITEMS"
 348 »       »       #·Concatenate·the·two·arrays·-·previous·content·of·$LOG_FILE_PATHS·array·with
 349 »       »       #·items·from·newly·created·array·for·this·log·file
 350 »       »       LOG_FILE_PATHS+=("${ARRAY_FOR_LOG_FILE[@]}")
 351 »       »       #·Delete·the·temporary·array
 352 »       »       unset·ARRAY_FOR_LOG_FILE
 353 »       fi
 354 done
  
 355 #·Check·for·RainerScript·action·log·format·which·might·be·also·multiline·so
 356 grep·regex·is·a·bit
 357 #·curly:
 358 #·extract·possibly·multiline·action·omfile·expressions
 359 #·extract·File="logfile"·expression
 360 #·match·only·"logfile"·expression
 361 for·LOG_FILE·in·"${RSYSLOG_CONFIG_FILES[@]}"
 362 do
 363 »       ACTION_OMFILE_LINES=$(grep·-iozP·"action\s*\(\s*type\s*=\s*\"omfile\"[^\)]*\)"
 364 "${LOG_FILE}")
 365 »       OMFILE_LINES=$(echo·"${ACTION_OMFILE_LINES}"|·grep·-iaoP·"\bFile\s*=\s*\"([/[:
 366 alnum:][:punct:]]*)\"\s*\)")
 367 »       LOG_FILE_PATHS+=("$(echo·"${OMFILE_LINES}"|·grep·-oE·"\"([/[:alnum:][:punct:
 368 ]]*)\""|tr·-d·"\"")")
 369 done
  
 370 #·Ensure·the·correct·attribute·if·file·exists
 371 FILE_CMD="chgrp"
 372 for·LOG_FILE_PATH·in·"${LOG_FILE_PATHS[@]}"
 373 do
 374 »       #·Sanity·check·-·if·particular·$LOG_FILE_PATH·is·empty·string,·skip·it·from
 375 further·processing
 376 »       if·[·-z·"$LOG_FILE_PATH"·]
 377 »       then
Max diff block lines reached; 121972/127623 bytes (95.57%) of diff not shown.
2.99 MB
./usr/share/xml/scap/ssg/content/ssg-debian11-ds.xml
2.99 MB
./usr/share/xml/scap/ssg/content/ssg-debian11-ds.xml
Max HTML report size reached
698 KB
./usr/share/xml/scap/ssg/content/ssg-debian11-ocil.xml
698 KB
./usr/share/xml/scap/ssg/content/ssg-debian11-ocil.xml
Ordering differences only
    
Offset 3, 3459 lines modifiedOffset 3, 3459 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_immutable_ocil:questionnaire:1"> 
11 ······<ocil:title>Make·the·auditd·Configuration·Immutable</ocil:title> 
12 ······<ocil:actions> 
13 ········<ocil:test_action_ref>ocil:ssg-audit_rules_immutable_action:testaction:1</ocil:test_action_ref> 
14 ······</ocil:actions> 
15 ····</ocil:questionnaire> 
16 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_ipv6_ocil:questionnaire:1">
17 ······<ocil:title>Require·modules·to·be·validly·signed</ocil:title>11 ······<ocil:title>Disable·the·IPv6·protocol</ocil:title>
18 ······<ocil:actions>12 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-kernel_config_ipv6_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>14 ······</ocil:actions>
21 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-service_rsyslog_enabled_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
23 ······<ocil:title>Enable·rsyslog·Service</ocil:title>17 ······<ocil:title>Verify·Permissions·on·SSH·Server·Private·*_key·Key·Files</ocil:title>
24 ······<ocil:actions>18 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-service_rsyslog_enabled_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>20 ······</ocil:actions>
27 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdrivermode_ocil:questionnaire:1"> 
29 ······<ocil:title>Ensure·Rsyslog·Encrypts·Off-Loaded·Audit·Records</ocil:title>22 ····<ocil:questionnaire·id="ocil:ssg-accounts_polyinstantiated_var_tmp_ocil:questionnaire:1">
 23 ······<ocil:title>Configure·Polyinstantiation·of·/var/tmp·Directories</ocil:title>
30 ······<ocil:actions>24 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdrivermode_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-accounts_polyinstantiated_var_tmp_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>26 ······</ocil:actions>
33 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_randomize_memory_ocil:questionnaire:1">
35 ······<ocil:title>Unmap·kernel·when·running·in·userspace·(aka·KAISER)</ocil:title>29 ······<ocil:title>Randomize·the·kernel·memory·sections</ocil:title>
36 ······<ocil:actions>30 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-kernel_config_randomize_memory_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>32 ······</ocil:actions>
39 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_rhosts_rsa_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-accounts_root_gid_zero_ocil:questionnaire:1">
41 ······<ocil:title>Disable·SSH·Support·for·Rhosts·RSA·Authentication</ocil:title>35 ······<ocil:title>Verify·Root·Has·A·Primary·GID·0</ocil:title>
42 ······<ocil:actions>36 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_rhosts_rsa_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-accounts_root_gid_zero_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>38 ······</ocil:actions>
45 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-partition_for_var_log_audit_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-gnome_gdm_disable_xdmcp_ocil:questionnaire:1">
47 ······<ocil:title>Ensure·/var/log/audit·Located·On·Separate·Partition</ocil:title>41 ······<ocil:title>Disable·XDMCP·in·GDM</ocil:title>
48 ······<ocil:actions>42 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-partition_for_var_log_audit_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-gnome_gdm_disable_xdmcp_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>44 ······</ocil:actions>
51 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_umount2_ocil:questionnaire:1"> 
53 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·umount2</ocil:title>46 ····<ocil:questionnaire·id="ocil:ssg-grub2_rng_core_default_quality_argument_ocil:questionnaire:1">
 47 ······<ocil:title>Configure·the·confidence·in·TPM·for·entropy</ocil:title>
54 ······<ocil:actions>48 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_umount2_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-grub2_rng_core_default_quality_argument_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>50 ······</ocil:actions>
57 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-snmpd_not_default_password_ocil:questionnaire:1"> 
59 ······<ocil:title>Ensure·Default·SNMP·Password·Is·Not·Used</ocil:title>52 ····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_shadow_ocil:questionnaire:1">
 53 ······<ocil:title>Verify·Group·Who·Owns·Backup·shadow·File</ocil:title>
60 ······<ocil:actions>54 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-snmpd_not_default_password_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_shadow_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>56 ······</ocil:actions>
63 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-sshd_use_priv_separation_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-account_passwords_pam_faillock_audit_ocil:questionnaire:1">
65 ······<ocil:title>Enable·Use·of·Privilege·Separation</ocil:title>59 ······<ocil:title>Account·Lockouts·Must·Be·Logged</ocil:title>
66 ······<ocil:actions>60 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-sshd_use_priv_separation_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-account_passwords_pam_faillock_audit_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>62 ······</ocil:actions>
69 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_unlink_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_fs_ocil:questionnaire:1">
71 ······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·unlink</ocil:title>65 ······<ocil:title>Disable·kernel·debugfs</ocil:title>
72 ······<ocil:actions>66 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_unlink_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-kernel_config_debug_fs_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>68 ······</ocil:actions>
75 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-service_sshd_disabled_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_maxstartups_ocil:questionnaire:1">
77 ······<ocil:title>Disable·SSH·Server·If·Possible</ocil:title>71 ······<ocil:title>Ensure·SSH·MaxStartups·is·configured</ocil:title>
78 ······<ocil:actions>72 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-service_sshd_disabled_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-sshd_set_maxstartups_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>74 ······</ocil:actions>
81 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_mac_modification_usr_share_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_hibernation_ocil:questionnaire:1">
83 ······<ocil:title>Record·Events·that·Modify·the·System's·Mandatory·Access·Controls·in·usr/share</ocil:title>77 ······<ocil:title>Disable·hibernation</ocil:title>
84 ······<ocil:actions>78 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_usr_share_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-kernel_config_hibernation_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>80 ······</ocil:actions>
87 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-account_use_centralized_automated_auth_ocil:questionnaire:1"> 
89 ······<ocil:title>Use·Centralized·and·Automated·Authentication</ocil:title>82 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_arp_filter_ocil:questionnaire:1">
 83 ······<ocil:title>Configure·ARP·filtering·for·All·IPv4·Interfaces</ocil:title>
90 ······<ocil:actions>84 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-account_use_centralized_automated_auth_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_arp_filter_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>86 ······</ocil:actions>
93 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-no_empty_passwords_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_disk_error_action_stig_ocil:questionnaire:1">
95 ······<ocil:title>Prevent·Login·to·Accounts·With·Empty·Password</ocil:title>89 ······<ocil:title>Configure·auditd·Disk·Error·Action·on·Disk·Error</ocil:title>
96 ······<ocil:actions>90 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-no_empty_passwords_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_stig_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>92 ······</ocil:actions>
99 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_space_left_action_ocil:questionnaire:1">
101 ······<ocil:title>Verify·Only·Root·Has·UID·0</ocil:title>95 ······<ocil:title>Configure·auditd·space_left·Action·on·Low·Disk·Space</ocil:title>
102 ······<ocil:actions>96 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>98 ······</ocil:actions>
105 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fremovexattr_ocil:questionnaire:1">100 ····<ocil:questionnaire·id="ocil:ssg-package_openssh-server_removed_ocil:questionnaire:1">
107 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fremovexattr</ocil:title>101 ······<ocil:title>Remove·the·OpenSSH·Server·Package</ocil:title>
108 ······<ocil:actions>102 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fremovexattr_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-package_openssh-server_removed_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>104 ······</ocil:actions>
111 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_fs_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-accounts_minimum_age_login_defs_ocil:questionnaire:1">
113 ······<ocil:title>Disable·kernel·debugfs</ocil:title>107 ······<ocil:title>Set·Password·Minimum·Age</ocil:title>
114 ······<ocil:actions>108 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-kernel_config_debug_fs_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-accounts_minimum_age_login_defs_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>110 ······</ocil:actions>
117 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-ensure_logrotate_activated_ocil:questionnaire:1"> 
119 ······<ocil:title>Ensure·Logrotate·Runs·Periodically</ocil:title>112 ····<ocil:questionnaire·id="ocil:ssg-grub2_systemd_debug-shell_argument_absent_ocil:questionnaire:1">
 113 ······<ocil:title>Ensure·debug-shell·service·is·not·enabled·during·boot</ocil:title>
120 ······<ocil:actions>114 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-ensure_logrotate_activated_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-grub2_systemd_debug-shell_argument_absent_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>116 ······</ocil:actions>
123 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
124 ····<ocil:questionnaire·id="ocil:ssg-sudoers_explicit_command_args_ocil:questionnaire:1"> 
Max diff block lines reached; 702105/714546 bytes (98.26%) of diff not shown.
2.2 MB
./usr/share/xml/scap/ssg/content/ssg-debian11-xccdf.xml
2.2 MB
./usr/share/xml/scap/ssg/content/ssg-debian11-xccdf.xml
Max HTML report size reached
4.27 MB
./usr/share/xml/scap/ssg/content/ssg-debian12-ds.xml
4.27 MB
./usr/share/xml/scap/ssg/content/ssg-debian12-ds.xml
Max HTML report size reached
1.13 MB
./usr/share/xml/scap/ssg/content/ssg-debian12-ocil.xml
1.13 MB
./usr/share/xml/scap/ssg/content/ssg-debian12-ocil.xml
Ordering differences only
    
Offset 3, 5857 lines modifiedOffset 3, 5857 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
 10 ····<ocil:questionnaire·id="ocil:ssg-package_setroubleshoot-plugins_removed_ocil:questionnaire:1">
 11 ······<ocil:title>Uninstall·setroubleshoot-plugins·Package</ocil:title>
10 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1"> 
11 ······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·all·IPv4·Interfaces</ocil:title> 
12 ······<ocil:actions> 
13 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref> 
14 ······</ocil:actions> 
15 ····</ocil:questionnaire> 
16 ····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_yama_ptrace_scope_ocil:questionnaire:1"> 
17 ······<ocil:title>Restrict·usage·of·ptrace·to·descendant·processes</ocil:title> 
18 ······<ocil:actions> 
19 ········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_yama_ptrace_scope_action:testaction:1</ocil:test_action_ref> 
20 ······</ocil:actions> 
21 ····</ocil:questionnaire> 
22 ····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_chrony_keys_ocil:questionnaire:1"> 
23 ······<ocil:title>Verify·User·Who·Owns·/etc/chrony.keys·File</ocil:title> 
24 ······<ocil:actions>12 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-file_owner_etc_chrony_keys_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-package_setroubleshoot-plugins_removed_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>14 ······</ocil:actions>
27 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-auditd_log_format_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_systemmap_ocil:questionnaire:1">
29 ······<ocil:title>Resolve·information·before·writing·to·audit·logs</ocil:title>17 ······<ocil:title>Verify·Group·Who·Owns·System.map·Files</ocil:title>
30 ······<ocil:actions>18 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-auditd_log_format_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_systemmap_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>20 ······</ocil:actions>
33 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-grub2_systemd_debug-shell_argument_absent_ocil:questionnaire:1"> 
35 ······<ocil:title>Ensure·debug-shell·service·is·not·enabled·during·boot</ocil:title>22 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_loglevel_info_ocil:questionnaire:1">
 23 ······<ocil:title>Set·LogLevel·to·INFO</ocil:title>
36 ······<ocil:actions>24 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-grub2_systemd_debug-shell_argument_absent_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-sshd_set_loglevel_info_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>26 ······</ocil:actions>
39 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_shared_media_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-no_netrc_files_ocil:questionnaire:1">
41 ······<ocil:title>Configure·Sending·and·Accepting·Shared·Media·Redirects·by·Default</ocil:title>29 ······<ocil:title>Verify·No·netrc·Files·Exist</ocil:title>
42 ······<ocil:actions>30 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_shared_media_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-no_netrc_files_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>32 ······</ocil:actions>
45 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-grub2_slub_debug_argument_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_stime_ocil:questionnaire:1">
47 ······<ocil:title>Enable·SLUB/SLAB·allocator·poisoning</ocil:title>35 ······<ocil:title>Record·Attempts·to·Alter·Time·Through·stime</ocil:title>
48 ······<ocil:actions>36 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-grub2_slub_debug_argument_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-audit_rules_time_stime_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>38 ······</ocil:actions>
51 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_var_log_syslog_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-directory_owner_etc_sysctld_ocil:questionnaire:1">
53 ······<ocil:title>Verify·Group·Who·Owns·/var/log/syslog·File</ocil:title>41 ······<ocil:title>Verify·User·Who·Owns·/etc/sysctl.d·Directory</ocil:title>
54 ······<ocil:actions>42 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_var_log_syslog_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-directory_owner_etc_sysctld_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>44 ······</ocil:actions>
57 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-partition_for_usr_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_interval_ocil:questionnaire:1">
59 ······<ocil:title>Ensure·/usr·Located·On·Separate·Partition</ocil:title>47 ······<ocil:title>Set·Interval·For·Counting·Failed·Password·Attempts</ocil:title>
60 ······<ocil:actions>48 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-partition_for_usr_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-accounts_passwords_pam_faillock_interval_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>50 ······</ocil:actions>
63 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-package_gnutls-utils_installed_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-service_ntp_enabled_ocil:questionnaire:1">
65 ······<ocil:title>Ensure·gnutls-utils·is·installed</ocil:title>53 ······<ocil:title>Enable·the·NTP·Daemon</ocil:title>
66 ······<ocil:actions>54 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-package_gnutls-utils_installed_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-service_ntp_enabled_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>56 ······</ocil:actions>
69 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-mount_option_dev_shm_nodev_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_key_ocil:questionnaire:1">
71 ······<ocil:title>Add·nodev·Option·to·/dev/shm</ocil:title>59 ······<ocil:title>Specify·module·signing·key·to·use</ocil:title>
72 ······<ocil:actions>60 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nodev_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_key_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>62 ······</ocil:actions>
75 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-package_dhcp_removed_ocil:questionnaire:1">
77 ······<ocil:title>Verify·User·Who·Owns·/var/log·Directory</ocil:title>65 ······<ocil:title>Uninstall·DHCP·Server·Package</ocil:title>
78 ······<ocil:actions>66 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-package_dhcp_removed_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>68 ······</ocil:actions>
81 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-partition_for_var_log_audit_ocil:questionnaire:1"> 
83 ······<ocil:title>Ensure·/var/log/audit·Located·On·Separate·Partition</ocil:title>70 ····<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_ocil:questionnaire:1">
 71 ······<ocil:title>Ensure·Rsyslog·Encrypts·Off-Loaded·Audit·Records</ocil:title>
84 ······<ocil:actions>72 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-partition_for_var_log_audit_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>74 ······</ocil:actions>
87 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-rsyslog_remote_tls_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_ipsec_conf_ocil:questionnaire:1">
89 ······<ocil:title>Configure·TLS·for·rsyslog·remote·logging</ocil:title>77 ······<ocil:title>Verify·Permissions·On·/etc/ipsec.conf·File</ocil:title>
90 ······<ocil:actions>78 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-rsyslog_remote_tls_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_ipsec_conf_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>80 ······</ocil:actions>
93 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_unlock_time_ocil:questionnaire:1"> 
95 ······<ocil:title>Set·Lockout·Time·for·Failed·Password·Attempts</ocil:title>82 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_x86_vsyscall_emulation_ocil:questionnaire:1">
 83 ······<ocil:title>Disable·x86·vsyscall·emulation</ocil:title>
96 ······<ocil:actions>84 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-accounts_passwords_pam_faillock_unlock_time_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-kernel_config_x86_vsyscall_emulation_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>86 ······</ocil:actions>
99 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-directory_groupowner_etc_nftables_ocil:questionnaire:1"> 
101 ······<ocil:title>Verify·Group·Who·Owns·/etc/nftables·Directory</ocil:title>88 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_action_stig_ocil:questionnaire:1">
 89 ······<ocil:title>Configure·auditd·max_log_file_action·Upon·Reaching·Maximum·Log·Size</ocil:title>
102 ······<ocil:actions>90 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-directory_groupowner_etc_nftables_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_stig_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>92 ······</ocil:actions>
105 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_openat_ocil:questionnaire:1"> 
107 ······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·openat</ocil:title>94 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_library_dirs_ocil:questionnaire:1">
 95 ······<ocil:title>Verify·that·Shared·Library·Files·Have·Restrictive·Permissions</ocil:title>
108 ······<ocil:actions>96 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_openat_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-file_permissions_library_dirs_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>98 ······</ocil:actions>
111 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_home_dirs_ocil:questionnaire:1">100 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_crypttab_ocil:questionnaire:1">
113 ······<ocil:title>Ensure·that·User·Home·Directories·are·not·Group-Writable·or·World-Readable</ocil:title>101 ······<ocil:title>Verify·Permissions·On·/etc/crypttab·File</ocil:title>
114 ······<ocil:actions>102 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-file_permissions_home_dirs_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_crypttab_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>104 ······</ocil:actions>
117 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_credentials_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_sshd_config_ocil:questionnaire:1">
119 ······<ocil:title>Enable·checks·on·credential·management</ocil:title>107 ······<ocil:title>Verify·Permissions·on·SSH·Server·config·file</ocil:title>
120 ······<ocil:actions>108 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-kernel_config_debug_credentials_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-file_permissions_sshd_config_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>110 ······</ocil:actions>
Max diff block lines reached; 1176776/1188662 bytes (99.00%) of diff not shown.
3.02 MB
./usr/share/xml/scap/ssg/content/ssg-debian12-xccdf.xml
3.02 MB
./usr/share/xml/scap/ssg/content/ssg-debian12-xccdf.xml
Max HTML report size reached
3.62 GB
ssg-nondebian_0.1.76-1_all.deb
452 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary1 -rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary
2 -rw-r--r--···0········0········0····18172·2025-03-01·08:08:00.000000·control.tar.xz2 -rw-r--r--···0········0········0····18188·2025-03-01·08:08:00.000000·control.tar.xz
3 -rw-r--r--···0········0········0·37090700·2025-03-01·08:08:00.000000·data.tar.xz3 -rw-r--r--···0········0········0·37078640·2025-03-01·08:08:00.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
3.62 GB
data.tar.xz
3.62 GB
data.tar
22.8 MB
./usr/share/doc/ssg-nondebian/ssg-al2023-guide-cis.html
    
Offset 15111, 213 lines modifiedOffset 15111, 213 lines modified
0003b060:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003b060:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003b070:·2369·646d·3133·3339·2220·7461·6269·6e64··#idm1339"·tabind0003b070:·2369·646d·3133·3339·2220·7461·6269·6e64··#idm1339"·tabind
0003b080:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003b080:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003b090:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003b090:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003b0a0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003b0a0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003b0b0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003b0b0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
0003b0c0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003b0c0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003b0d0:·5265·6d65·6469·6174·696f·6e20·416e·6163··Remediation·Anac0003b0d0:·5265·6d65·6469·6174·696f·6e20·5075·7070··Remediation·Pupp
0003b0e0:·6f6e·6461·2073·6e69·7070·6574·20e2·87b2··onda·snippet·...0003b0e0:·6574·2073·6e69·7070·6574·20e2·87b2·3c2f··et·snippet·...</
0003b0f0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003b0f0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0003b100:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003b100:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0003b110:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003b110:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0003b120:·2269·646d·3133·3339·223e·3c74·6162·6c65··"idm1339"><table0003b120:·646d·3133·3339·223e·3c74·6162·6c65·2063··dm1339"><table·c
0003b130:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003b130:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
0003b140:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003b140:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
0003b150:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003b150:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
0003b160:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003b160:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
0003b170:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003b170:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
0003b180:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>0003b180:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
0003b190:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis0003b190:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
0003b1a0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td0003b1a0:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l
0003b1b0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t0003b1b0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
0003b1c0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t0003b1c0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>
0003b1d0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>0003b1d0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></
0003b1e0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str0003b1e0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
0003b1f0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e0003b1f0:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena
0003b200:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><0003b200:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t
0003b210:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod0003b210:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
 0003b220:·696e·636c·7564·6520·696e·7374·616c·6c5f··include·install_
 0003b230:·6169·6465·0a0a·636c·6173·7320·696e·7374··aide..class·inst
 0003b240:·616c·6c5f·6169·6465·207b·0a20·2070·6163··all_aide·{.··pac
 0003b250:·6b61·6765·207b·2027·6169·6465·273a·0a20··kage·{·'aide':.·
 0003b260:·2020·2065·6e73·7572·6520·3d26·6774·3b20·····ensure·=&gt;·
 0003b270:·2769·6e73·7461·6c6c·6564·272c·0a20·207d··'installed',.··}
0003b220:·653e·0a70·6163·6b61·6765·202d·2d61·6464··e>.package·--add 
0003b230:·3d61·6964·650a·3c2f·636f·6465·3e3c·2f70··=aide.</code></p 
0003b240:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003b250:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
0003b260:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
0003b270:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
0003b280:·7461·7267·6574·3d22·2369·646d·3133·3430··target="#idm1340 
0003b290:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
0003b2a0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
0003b2b0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
0003b2c0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
0003b2d0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
0003b2e0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat 
0003b2f0:·696f·6e20·5075·7070·6574·2073·6e69·7070··ion·Puppet·snipp 
0003b300:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d 
0003b310:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003b320:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003b330:·6522·2069·643d·2269·646d·3133·3430·223e··e"·id="idm1340"> 
0003b340:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta 
0003b350:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe 
0003b360:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered 
0003b370:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed 
0003b380:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple 
0003b390:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo 
0003b3a0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b3b0:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</ 
0003b3c0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b3d0:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo 
0003b3e0:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals 
0003b3f0:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr>< 
0003b400:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th 
0003b410:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td> 
0003b420:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
0003b430:·653e·3c63·6f64·653e·696e·636c·7564·6520··e><code>include· 
0003b440:·696e·7374·616c·6c5f·6169·6465·0a0a·636c··install_aide..cl 
0003b450:·6173·7320·696e·7374·616c·6c5f·6169·6465··ass·install_aide 
0003b460:·207b·0a20·2070·6163·6b61·6765·207b·2027···{.··package·{·' 
0003b470:·6169·6465·273a·0a20·2020·2065·6e73·7572··aide':.····ensur 
0003b480:·6520·3d26·6774·3b20·2769·6e73·7461·6c6c··e·=&gt;·'install 
0003b490:·6564·272c·0a20·207d·0a7d·0a3c·2f63·6f64··ed',.··}.}.</cod 
0003b4a0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003b4b0:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003b4c0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003b4d0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003b4e0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003b4f0:·6d31·3334·3122·2074·6162·696e·6465·783d··m1341"·tabindex= 
0003b500:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003b510:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003b520:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003b530:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003b540:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003b550:·6564·6961·7469·6f6e·204f·5342·7569·6c64··ediation·OSBuild 
0003b560:·2042·6c75·6570·7269·6e74·2073·6e69·7070···Blueprint·snipp 
0003b570:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d 
0003b580:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003b590:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003b5a0:·6522·2069·643d·2269·646d·3133·3431·223e··e"·id="idm1341"> 
0003b5b0:·3c70·7265·3e3c·636f·6465·3e0a·5b5b·7061··<pre><code>.[[pa 
0003b5c0:·636b·6167·6573·5d5d·0a6e·616d·6520·3d20··ckages]].name·=· 
0003b5d0:·2261·6964·6522·0a76·6572·7369·6f6e·203d··"aide".version·= 
0003b5e0:·2022·2a22·0a3c·2f63·6f64·653e·3c2f·7072···"*".</code></pr0003b280:·0a7d·0a3c·2f63·6f64·653e·3c2f·7072·653e··.}.</code></pre>
0003b5f0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class0003b290:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="
0003b600:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes0003b2a0:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"
0003b610:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="0003b2b0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co
0003b620:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t0003b2c0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar
0003b630:·6172·6765·743d·2223·6964·6d31·3334·3222··arget="#idm1342"0003b2d0:·6765·743d·2223·6964·6d31·3334·3022·2074··get="#idm1340"·t
0003b640:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003b2e0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003b650:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003b2f0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003b660:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003b300:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003b670:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003b310:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003b680:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003b320:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
 0003b330:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
 0003b340:·2053·6865·6c6c·2073·6372·6970·7420·e287···Shell·script·..
 0003b350:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
 0003b360:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
 0003b370:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
 0003b380:·3d22·6964·6d31·3334·3022·3e3c·7461·626c··="idm1340"><tabl
 0003b390:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
 0003b3a0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
 0003b3b0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
 0003b3c0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
 0003b3d0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
 0003b3e0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003b3f0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di
 0003b400:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t
 0003b410:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
 0003b420:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</
 0003b430:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td
 0003b440:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
 0003b450:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
 0003b460:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr>
 0003b470:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
 0003b480:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
Max diff block lines reached; 21912985/21941027 bytes (99.87%) of diff not shown.
1.87 MB
html2text {}
Max HTML report size reached
9.79 MB
./usr/share/doc/ssg-nondebian/ssg-al2023-guide-cis_server_l1.html
    
Offset 15077, 213 lines modifiedOffset 15077, 213 lines modified
0003ae40:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003ae40:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003ae50:·6964·6d31·3333·3922·2074·6162·696e·6465··idm1339"·tabinde0003ae50:·6964·6d31·3333·3922·2074·6162·696e·6465··idm1339"·tabinde
0003ae60:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003ae60:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003ae70:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003ae70:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003ae80:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003ae80:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003ae90:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003ae90:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003aea0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003aea0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003aeb0:·656d·6564·6961·7469·6f6e·2041·6e61·636f··emediation·Anaco0003aeb0:·656d·6564·6961·7469·6f6e·2050·7570·7065··emediation·Puppe
0003aec0:·6e64·6120·736e·6970·7065·7420·e287·b23c··nda·snippet·...<0003aec0:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a
0003aed0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003aed0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003aee0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003aee0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003aef0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003aef0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003af00:·6964·6d31·3333·3922·3e3c·7461·626c·6520··idm1339"><table·0003af00:·6d31·3333·3922·3e3c·7461·626c·6520·636c··m1339"><table·cl
0003af10:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003af10:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
0003af20:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003af20:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003af30:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003af30:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
0003af40:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003af40:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
0003af50:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003af50:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003af60:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><0003af60:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
0003af70:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr0003af70:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
0003af80:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>0003af80:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
0003af90:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr0003af90:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
0003afa0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th0003afa0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
0003afb0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><0003afb0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
0003afc0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra0003afc0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
0003afd0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en0003afd0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab
0003afe0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></0003afe0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta
0003aff0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code0003aff0:·626c·653e·3c70·7265·3e3c·636f·6465·3e69··ble><pre><code>i
 0003b000:·6e63·6c75·6465·2069·6e73·7461·6c6c·5f61··nclude·install_a
 0003b010:·6964·650a·0a63·6c61·7373·2069·6e73·7461··ide..class·insta
 0003b020:·6c6c·5f61·6964·6520·7b0a·2020·7061·636b··ll_aide·{.··pack
 0003b030:·6167·6520·7b20·2761·6964·6527·3a0a·2020··age·{·'aide':.··
 0003b040:·2020·656e·7375·7265·203d·2667·743b·2027····ensure·=&gt;·'
 0003b050:·696e·7374·616c·6c65·6427·2c0a·2020·7d0a··installed',.··}.
0003b000:·3e0a·7061·636b·6167·6520·2d2d·6164·643d··>.package·--add= 
0003b010:·6169·6465·0a3c·2f63·6f64·653e·3c2f·7072··aide.</code></pr 
0003b020:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003b030:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003b040:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003b050:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003b060:·6172·6765·743d·2223·6964·6d31·3334·3022··arget="#idm1340" 
0003b070:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003b080:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003b090:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003b0a0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003b0b0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003b0c0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003b0d0:·6f6e·2050·7570·7065·7420·736e·6970·7065··on·Puppet·snippe 
0003b0e0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b0f0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b100:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b110:·2220·6964·3d22·6964·6d31·3334·3022·3e3c··"·id="idm1340">< 
0003b120:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003b130:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003b140:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003b150:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003b160:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003b170:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003b180:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b190:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b1a0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b1b0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b1c0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b1d0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b1e0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b1f0:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b200:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b210:·3e3c·636f·6465·3e69·6e63·6c75·6465·2069··><code>include·i 
0003b220:·6e73·7461·6c6c·5f61·6964·650a·0a63·6c61··nstall_aide..cla 
0003b230:·7373·2069·6e73·7461·6c6c·5f61·6964·6520··ss·install_aide· 
0003b240:·7b0a·2020·7061·636b·6167·6520·7b20·2761··{.··package·{·'a 
0003b250:·6964·6527·3a0a·2020·2020·656e·7375·7265··ide':.····ensure 
0003b260:·203d·2667·743b·2027·696e·7374·616c·6c65···=&gt;·'installe 
0003b270:·6427·2c0a·2020·7d0a·7d0a·3c2f·636f·6465··d',.··}.}.</code 
0003b280:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b290:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b2a0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b2b0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b2c0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b2d0:·3133·3431·2220·7461·6269·6e64·6578·3d22··1341"·tabindex=" 
0003b2e0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b2f0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b300:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b310:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b320:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b330:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild· 
0003b340:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003b350:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b360:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b370:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b380:·2220·6964·3d22·6964·6d31·3334·3122·3e3c··"·id="idm1341">< 
0003b390:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac 
0003b3a0:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·" 
0003b3b0:·6169·6465·220a·7665·7273·696f·6e20·3d20··aide".version·=· 
0003b3c0:·222a·220a·3c2f·636f·6465·3e3c·2f70·7265··"*".</code></pre0003b060:·7d0a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··}.</code></pre><
0003b3d0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class=0003b070:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b
0003b3e0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success0003b080:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"·
0003b3f0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c0003b090:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col
0003b400:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta0003b0a0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ
0003b410:·7267·6574·3d22·2369·646d·3133·3432·2220··rget="#idm1342"·0003b0b0:·6574·3d22·2369·646d·3133·3430·2220·7461··et="#idm1340"·ta
0003b420:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003b0c0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b430:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003b0d0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b440:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003b0e0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b450:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003b0f0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b460:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003b100:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003b470:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003b110:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
 0003b120:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
 0003b130:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
 0003b140:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
 0003b150:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
 0003b160:·2269·646d·3133·3430·223e·3c74·6162·6c65··"idm1340"><table
 0003b170:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
 0003b180:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
 0003b190:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
 0003b1a0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
 0003b1b0:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
 0003b1c0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003b1d0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
 0003b1e0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
 0003b1f0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003b200:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
 0003b210:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
 0003b220:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
 0003b230:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e
 0003b240:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><
 0003b250:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
 0003b260:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
Max diff block lines reached; 9239204/9267246 bytes (99.70%) of diff not shown.
978 KB
html2text {}
    
Offset 118, 38 lines modifiedOffset 118, 41 lines modified
118 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)118 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
119 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3119 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
120 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5120 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
121 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199121 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
122 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79122 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
123 ············_\x8c_\x8i_\x8s············1.3.1123 ············_\x8c_\x8i_\x8s············1.3.1
124 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2124 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
126 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
127 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
128 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
129 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
130 package·--add=aide 
131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low126 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low127 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false128 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable129 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
136 include·install_aide130 include·install_aide
  
137 class·install_aide·{131 class·install_aide·{
138 ··package·{·'aide':132 ··package·{·'aide':
139 ····ensure·=>·'installed',133 ····ensure·=>·'installed',
140 ··}134 ··}
141 }135 }
142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 141 #·Remediation·is·applicable·only·in·certain·platforms
 142 if·rpm·--quiet·-q·kernel;·then
  
143 [[packages]] 
144 name·=·"aide" 
145 version·=·"*"143 if·!·rpm·-q·--quiet·"aide"·;·then
 144 ····dnf·install·-y·"aide"
 145 fi
  
 146 else
 147 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 148 fi
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8149 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low150 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low151 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false152 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable153 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
151 -·name:·Gather·the·package·facts154 -·name:·Gather·the·package·facts
152 ··package_facts:155 ··package_facts:
Offset 178, 29 lines modifiedOffset 181, 26 lines modified
178 ··-·PCI-DSSv4-11.5.2181 ··-·PCI-DSSv4-11.5.2
179 ··-·enable_strategy182 ··-·enable_strategy
180 ··-·low_complexity183 ··-·low_complexity
181 ··-·low_disruption184 ··-·low_disruption
182 ··-·medium_severity185 ··-·medium_severity
183 ··-·no_reboot_needed186 ··-·no_reboot_needed
184 ··-·package_aide_installed187 ··-·package_aide_installed
 188 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 189 [[packages]]
 190 name·=·"aide"
 191 version·=·"*"
185 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8192 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
186 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low193 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
187 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low194 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
188 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false195 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
189 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable196 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
190 #·Remediation·is·applicable·only·in·certain·platforms 
191 if·rpm·--quiet·-q·kernel;·then 
  
192 if·!·rpm·-q·--quiet·"aide"·;·then 
193 ····dnf·install·-y·"aide" 
194 fi 
  
 197 package·--add=aide
195 else 
196 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
197 fi 
198 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*198 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
199 Run·the·following·command·to·generate·a·new·database:199 Run·the·following·command·to·generate·a·new·database:
200 $·sudo·/usr/sbin/aide·--init200 $·sudo·/usr/sbin/aide·--init
201 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,201 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,
202 the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a202 the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a
203 secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The203 secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The
204 newly-generated·database·can·be·installed·as·follows:204 newly-generated·database·can·be·installed·as·follows:
Offset 549, 14 lines modifiedOffset 549, 33 lines modified
549 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1549 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
550 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)550 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
551 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,551 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,
552 ·····················FCS_TLSC_EXT.1552 ·····················FCS_TLSC_EXT.1
553 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174553 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
554 ············_\x8c_\x8i_\x8s······1.9554 ············_\x8c_\x8i_\x8s······1.9
555 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2555 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 556 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 557 var_system_crypto_policy='DEFAULT'
  
  
 558 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 559 rc=$?
  
 560 if·test·"$rc"·=·127;·then
 561 »       echo·"$stderr_of_call"·>&2
 562 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 563 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 564 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 565 »       false··#·end·with·an·error·code
 566 elif·test·"$rc"·!=·0;·then
 567 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 568 »       false··#·end·with·an·error·code
 569 fi
556 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8570 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
557 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low571 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
558 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low572 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
559 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false573 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
560 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict574 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
561 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable575 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
562 ··set_fact:576 ··set_fact:
Offset 601, 33 lines modifiedOffset 620, 14 lines modified
601 ··-·PCI-DSSv4-2.2.7620 ··-·PCI-DSSv4-2.2.7
602 ··-·configure_crypto_policy621 ··-·configure_crypto_policy
603 ··-·high_severity622 ··-·high_severity
604 ··-·low_complexity623 ··-·low_complexity
605 ··-·low_disruption624 ··-·low_disruption
606 ··-·no_reboot_needed625 ··-·no_reboot_needed
Max diff block lines reached; 996616/1001763 bytes (99.49%) of diff not shown.
2.78 MB
./usr/share/doc/ssg-nondebian/ssg-alinux2-guide-pci-dss.html
    
Offset 15505, 95 lines modifiedOffset 15505, 95 lines modified
0003c900:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003c900:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003c910:·6964·6d31·3231·3522·2074·6162·696e·6465··idm1215"·tabinde0003c910:·6964·6d31·3231·3522·2074·6162·696e·6465··idm1215"·tabinde
0003c920:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003c920:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003c930:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003c930:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003c940:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003c940:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003c950:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003c950:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003c960:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003c960:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003c970:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui0003c970:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib
 0003c980:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</
 0003c990:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
 0003c9a0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
 0003c9b0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
 0003c9c0:·646d·3132·3135·223e·3c74·6162·6c65·2063··dm1215"><table·c
 0003c9d0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
 0003c9e0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
 0003c9f0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
 0003ca00:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
 0003ca10:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
 0003ca20:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003ca30:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
 0003ca40:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l
 0003ca50:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003ca60:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>
 0003ca70:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></
 0003ca80:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
 0003ca90:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena
0003c980:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
0003c990:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003c9a0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003c9b0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003c9c0:·7073·6522·2069·643d·2269·646d·3132·3135··pse"·id="idm1215 
0003c9d0:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[ 
0003c9e0:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name· 
0003c9f0:·3d20·2261·6964·6522·0a76·6572·7369·6f6e··=·"aide".version 
0003ca00:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></ 
0003ca10:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003ca20:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003ca30:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003ca40:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003ca50:·2d74·6172·6765·743d·2223·6964·6d31·3231··-target="#idm121 
0003ca60:·3622·2074·6162·696e·6465·783d·2230·2220··6"·tabindex="0"· 
0003ca70:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003ca80:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003ca90:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003caa0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003cab0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003cac0:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni 
0003cad0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003cae0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003caf0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003cb00:·7073·6522·2069·643d·2269·646d·3132·3136··pse"·id="idm1216 
0003cb10:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003cb20:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003cb30:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003cb40:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003cb50:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003cb60:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003cb70:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003cb80:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003cb90:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003cba0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003cbb0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003cbc0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr0003caa0:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t
 0003cab0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
 0003cac0:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t
 0003cad0:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts
 0003cae0:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts
 0003caf0:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a
0003cbd0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003cbe0:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003cbf0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003cc00:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name 
0003cc10:·3a20·4761·7468·6572·2074·6865·2070·6163··:·Gather·the·pac 
0003cc20:·6b61·6765·2066·6163·7473·0a20·2070·6163··kage·facts.··pac 
0003cc30:·6b61·6765·5f66·6163·7473·3a0a·2020·2020··kage_facts:.···· 
0003cc40:·6d61·6e61·6765·723a·2061·7574·6f0a·2020··manager:·auto.·· 
0003cc50:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5 
0003cc60:·2e31·302e·312e·330a·2020·2d20·4e49·5354··.10.1.3.··-·NIST 
0003cc70:·2d38·3030·2d35·332d·434d·2d36·2861·290a··-800-53-CM-6(a). 
0003cc80:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req- 
0003cc90:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS 
0003cca0:·7634·2d31·312e·352e·320a·2020·2d20·656e··v4-11.5.2.··-·en 
0003ccb0:·6162·6c65·5f73·7472·6174·6567·790a·2020··able_strategy.·· 
0003ccc0:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity 
0003ccd0:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt 
0003cce0:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s 
0003ccf0:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r 
0003cd00:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··- 
0003cd10:·2070·6163·6b61·6765·5f61·6964·655f·696e···package_aide_in 
0003cd20:·7374·616c·6c65·640a·0a2d·206e·616d·653a··stalled..-·name: 
0003cd30:·2045·6e73·7572·6520·6169·6465·2069·7320···Ensure·aide·is· 
0003cd40:·696e·7374·616c·6c65·640a·2020·7061·636b··installed.··pack 
0003cd50:·6167·653a·0a20·2020·206e·616d·653a·2061··age:.····name:·a 
0003cd60:·6964·650a·2020·2020·7374·6174·653a·2070··ide.····state:·p 
0003cd70:·7265·7365·6e74·0a20·2077·6865·6e3a·2027··resent.··when:·' 
0003cd80:·226b·6572·6e65·6c22·2069·6e20·616e·7369··"kernel"·in·ansi 
0003cd90:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
0003cda0:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·0003cb00:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-·
0003cdb0:·434a·4953·2d35·2e31·302e·312e·330a·2020··CJIS-5.10.1.3.··0003cb10:·434a·4953·2d35·2e31·302e·312e·330a·2020··CJIS-5.10.1.3.··
0003cdc0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003cb20:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM
0003cdd0:·2d36·2861·290a·2020·2d20·5043·492d·4453··-6(a).··-·PCI-DS0003cb30:·2d36·2861·290a·2020·2d20·5043·492d·4453··-6(a).··-·PCI-DS
0003cde0:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003cb40:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P
0003cdf0:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003cb50:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.
0003ce00:·2020·2d20·656e·6162·6c65·5f73·7472·6174····-·enable_strat0003cb60:·2020·2d20·656e·6162·6c65·5f73·7472·6174····-·enable_strat
0003ce10:·6567·790a·2020·2d20·6c6f·775f·636f·6d70··egy.··-·low_comp0003cb70:·6567·790a·2020·2d20·6c6f·775f·636f·6d70··egy.··-·low_comp
0003ce20:·6c65·7869·7479·0a20·202d·206c·6f77·5f64··lexity.··-·low_d0003cb80:·6c65·7869·7479·0a20·202d·206c·6f77·5f64··lexity.··-·low_d
0003ce30:·6973·7275·7074·696f·6e0a·2020·2d20·6d65··isruption.··-·me0003cb90:·6973·7275·7074·696f·6e0a·2020·2d20·6d65··isruption.··-·me
0003ce40:·6469·756d·5f73·6576·6572·6974·790a·2020··dium_severity.··0003cba0:·6469·756d·5f73·6576·6572·6974·790a·2020··dium_severity.··
0003ce50:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need0003cbb0:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need
0003ce60:·6564·0a20·202d·2070·6163·6b61·6765·5f61··ed.··-·package_a0003cbc0:·6564·0a20·202d·2070·6163·6b61·6765·5f61··ed.··-·package_a
0003ce70:·6964·655f·696e·7374·616c·6c65·640a·3c2f··ide_installed.</0003cbd0:·6964·655f·696e·7374·616c·6c65·640a·0a2d··ide_installed..-
 0003cbe0:·206e·616d·653a·2045·6e73·7572·6520·6169···name:·Ensure·ai
 0003cbf0:·6465·2069·7320·696e·7374·616c·6c65·640a··de·is·installed.
 0003cc00:·2020·7061·636b·6167·653a·0a20·2020·206e····package:.····n
 0003cc10:·616d·653a·2061·6964·650a·2020·2020·7374··ame:·aide.····st
 0003cc20:·6174·653a·2070·7265·7365·6e74·0a20·2077··ate:·present.··w
 0003cc30:·6865·6e3a·2027·226b·6572·6e65·6c22·2069··hen:·'"kernel"·i
 0003cc40:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 0003cc50:·7061·636b·6167·6573·270a·2020·7461·6773··packages'.··tags
 0003cc60:·3a0a·2020·2d20·434a·4953·2d35·2e31·302e··:.··-·CJIS-5.10.
 0003cc70:·312e·330a·2020·2d20·4e49·5354·2d38·3030··1.3.··-·NIST-800
 0003cc80:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-·
 0003cc90:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.5
 0003cca0:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1
 0003ccb0:·312e·352e·320a·2020·2d20·656e·6162·6c65··1.5.2.··-·enable
 0003ccc0:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo
 0003ccd0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-
Max diff block lines reached; 2606414/2618170 bytes (99.55%) of diff not shown.
295 KB
html2text {}
    
Offset 172, 19 lines modifiedOffset 172, 14 lines modified
172 include·install_aide172 include·install_aide
  
173 class·install_aide·{173 class·install_aide·{
174 ··package·{·'aide':174 ··package·{·'aide':
175 ····ensure·=>·'installed',175 ····ensure·=>·'installed',
176 ··}176 ··}
177 }177 }
178 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
179 [[packages]] 
180 name·=·"aide" 
181 version·=·"*" 
182 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8178 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
183 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low179 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
184 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low180 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
185 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false181 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
186 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable182 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
187 -·name:·Gather·the·package·facts183 -·name:·Gather·the·package·facts
188 ··package_facts:184 ··package_facts:
Offset 213, 14 lines modifiedOffset 208, 19 lines modified
213 ··-·PCI-DSSv4-11.5.2208 ··-·PCI-DSSv4-11.5.2
214 ··-·enable_strategy209 ··-·enable_strategy
215 ··-·low_complexity210 ··-·low_complexity
216 ··-·low_disruption211 ··-·low_disruption
217 ··-·medium_severity212 ··-·medium_severity
218 ··-·no_reboot_needed213 ··-·no_reboot_needed
219 ··-·package_aide_installed214 ··-·package_aide_installed
 215 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 216 [[packages]]
 217 name·=·"aide"
 218 version·=·"*"
220 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*219 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
221 Run·the·following·command·to·generate·a·new·database:220 Run·the·following·command·to·generate·a·new·database:
222 $·sudo·/usr/sbin/aide·--init221 $·sudo·/usr/sbin/aide·--init
223 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the222 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the
224 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these223 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these
225 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their224 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
226 integrity.·The·newly-generated·database·can·be·installed·as·follows:225 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 556, 14 lines modifiedOffset 556, 33 lines modified
556 ············_\x8i_\x8s_\x8m······1446556 ············_\x8i_\x8s_\x8m······1446
557 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1557 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
558 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)558 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
559 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,559 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,
560 ·····················FCS_TLSC_EXT.1560 ·····················FCS_TLSC_EXT.1
561 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174561 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
562 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2562 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 563 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 564 var_system_crypto_policy='DEFAULT'
  
  
 565 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 566 rc=$?
  
 567 if·test·"$rc"·=·127;·then
 568 »       echo·"$stderr_of_call"·>&2
 569 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 570 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 571 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 572 »       false··#·end·with·an·error·code
 573 elif·test·"$rc"·!=·0;·then
 574 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 575 »       false··#·end·with·an·error·code
 576 fi
563 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8577 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
564 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low578 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
565 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low579 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
566 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false580 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
567 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict581 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
568 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable582 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
569 ··set_fact:583 ··set_fact:
Offset 608, 33 lines modifiedOffset 627, 14 lines modified
608 ··-·PCI-DSSv4-2.2.7627 ··-·PCI-DSSv4-2.2.7
609 ··-·configure_crypto_policy628 ··-·configure_crypto_policy
610 ··-·high_severity629 ··-·high_severity
611 ··-·low_complexity630 ··-·low_complexity
612 ··-·low_disruption631 ··-·low_disruption
613 ··-·no_reboot_needed632 ··-·no_reboot_needed
614 ··-·restrict_strategy633 ··-·restrict_strategy
615 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
616 var_system_crypto_policy='DEFAULT' 
  
  
617 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
618 rc=$? 
  
619 if·test·"$rc"·=·127;·then 
620 »       echo·"$stderr_of_call"·>&2 
621 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
622 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
623 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
624 »       false··#·end·with·an·error·code 
625 elif·test·"$rc"·!=·0;·then 
626 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
627 »       false··#·end·with·an·error·code 
628 fi 
629 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*634 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
630 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is635 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is
631 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that636 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that
632 Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either637 Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either
633 commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.638 commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.
634 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate639 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate
635 ············expectations,·and·makes·system·configuration·more·fragmented.640 ············expectations,·and·makes·system·configuration·more·fragmented.
Offset 645, 14 lines modifiedOffset 645, 19 lines modified
645 ·····················(ii)645 ·····················(ii)
646 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1646 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
647 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13647 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13
648 ············_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1648 ············_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1
649 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2649 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
650 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093650 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
651 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2651 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 652 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 653 SSH_CONF="/etc/sysconfig/sshd"
  
 654 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
652 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8655 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
653 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low656 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
654 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium657 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
655 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true658 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
656 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable659 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable
657 -·name:·Configure·SSH·to·use·System·Crypto·Policy660 -·name:·Configure·SSH·to·use·System·Crypto·Policy
658 ··lineinfile:661 ··lineinfile:
Max diff block lines reached; 296449/301965 bytes (98.17%) of diff not shown.
369 KB
./usr/share/doc/ssg-nondebian/ssg-alinux2-guide-standard.html
    
Offset 16285, 195 lines modifiedOffset 16285, 195 lines modified
0003f9c0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003f9c0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003f9d0:·646d·3134·3432·2220·7461·6269·6e64·6578··dm1442"·tabindex0003f9d0:·646d·3134·3432·2220·7461·6269·6e64·6578··dm1442"·tabindex
0003f9e0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003f9e0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003f9f0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003f9f0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003fa00:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003fa00:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003fa10:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003fa10:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003fa20:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003fa20:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003fa30:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl0003fa30:·6d65·6469·6174·696f·6e20·5368·656c·6c20··mediation·Shell·
0003fa40:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a 
0003fa50:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003fa60:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003fa70:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003fa80:·6d31·3434·3222·3e3c·7461·626c·6520·636c··m1442"><table·cl 
0003fa90:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003faa0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003fab0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003fac0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003fad0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th0003fa40:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b
 0003fa50:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
 0003fa60:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
 0003fa70:·6c61·7073·6522·2069·643d·2269·646d·3134··lapse"·id="idm14
 0003fa80:·3432·223e·3c70·7265·3e3c·636f·6465·3e23··42"><pre><code>#
 0003fa90:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
 0003faa0:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
 0003fab0:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
 0003fac0:·6f72·6d73·0a69·6620·7270·6d20·2d2d·7175··orms.if·rpm·--qu
 0003fad0:·6965·7420·2d71·2062·696e·643b·2074·6865··iet·-q·bind;·the
 0003fae0:·6e0a·0a66·756e·6374·696f·6e20·7265·6d65··n..function·reme
 0003faf0:·6469·6174·655f·6269·6e64·5f63·7279·7074··diate_bind_crypt
 0003fb00:·6f5f·706f·6c69·6379·2829·207b·0a09·434f··o_policy()·{..CO
 0003fb10:·4e46·4947·5f46·494c·453d·222f·6574·632f··NFIG_FILE="/etc/
 0003fb20:·6e61·6d65·642e·636f·6e66·220a·0969·6620··named.conf"..if·
 0003fb30:·7465·7374·202d·6620·2224·434f·4e46·4947··test·-f·"$CONFIG
 0003fb40:·5f46·494c·4522·3b20·7468·656e·0a09·0973··_FILE";·then...s
 0003fb50:·6564·202d·6920·2773·7c6f·7074·696f·6e73··ed·-i·'s|options
 0003fb60:·207b·7c26·616d·703b·5c6e·5c74·696e·636c···{|&amp;\n\tincl
 0003fb70:·7564·6520·222f·6574·632f·6372·7970·746f··ude·"/etc/crypto
 0003fb80:·2d70·6f6c·6963·6965·732f·6261·636b·2d65··-policies/back-e
 0003fb90:·6e64·732f·6269·6e64·2e63·6f6e·6669·6722··nds/bind.config"
 0003fba0:·3b7c·2720·2224·434f·4e46·4947·5f46·494c··;|'·"$CONFIG_FIL
 0003fbb0:·4522·0a09·0972·6574·7572·6e20·300a·0965··E"...return·0..e
 0003fbc0:·6c73·650a·0909·6563·686f·2022·4162·6f72··lse...echo·"Abor
 0003fbd0:·7469·6e67·2072·656d·6564·6961·7469·6f6e··ting·remediation
 0003fbe0:·2061·7320·2724·434f·4e46·4947·5f46·494c···as·'$CONFIG_FIL
 0003fbf0:·4527·2077·6173·206e·6f74·2065·7665·6e20··E'·was·not·even·
 0003fc00:·666f·756e·642e·2220·2667·743b·2661·6d70··found."·&gt;&amp
 0003fc10:·3b32·0a09·0972·6574·7572·6e20·310a·0966··;2...return·1..f
 0003fc20:·690a·7d0a·0a72·656d·6564·6961·7465·5f62··i.}..remediate_b
 0003fc30:·696e·645f·6372·7970·746f·5f70·6f6c·6963··ind_crypto_polic
 0003fc40:·790a·0a65·6c73·650a·2020·2020·2667·743b··y..else.····&gt;
 0003fc50:·2661·6d70·3b32·2065·6368·6f20·2752·656d··&amp;2·echo·'Rem
 0003fc60:·6564·6961·7469·6f6e·2069·7320·6e6f·7420··ediation·is·not·
 0003fc70:·6170·706c·6963·6162·6c65·2c20·6e6f·7468··applicable,·noth
 0003fc80:·696e·6720·7761·7320·646f·6e65·270a·6669··ing·was·done'.fi
 0003fc90:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
 0003fca0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
 0003fcb0:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
 0003fcc0:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
 0003fcd0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
 0003fce0:·743d·2223·6964·6d31·3434·3322·2074·6162··t="#idm1443"·tab
 0003fcf0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
 0003fd00:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
 0003fd10:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
 0003fd20:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
 0003fd30:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
 0003fd40:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A
 0003fd50:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·.
 0003fd60:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
 0003fd70:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
 0003fd80:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
 0003fd90:·643d·2269·646d·3134·3433·223e·3c74·6162··d="idm1443"><tab
 0003fda0:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 0003fdb0:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 0003fdc0:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 0003fdd0:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 0003fde0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
 0003fdf0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003fe00:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003fe10:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
0003fae0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t0003fe20:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
0003faf0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003fb00:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo0003fe30:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003fe40:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
0003fb10:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><0003fe50:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 0003fe60:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003fe70:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><
 0003fe80:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
 0003fe90:·3e3c·636f·6465·3e2d·206e·616d·653a·2047··><code>-·name:·G
 0003fea0:·6174·6865·7220·7468·6520·7061·636b·6167··ather·the·packag
0003fb20:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003fb30:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003fb40:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003fb50:·6779·3a3c·2f74·683e·3c74·643e·636f·6e66··gy:</th><td>conf 
0003fb60:·6967·7572·653c·2f74·643e·3c2f·7472·3e3c··igure</td></tr>< 
0003fb70:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod 
0003fb80:·653e·2d20·6e61·6d65·3a20·4761·7468·6572··e>-·name:·Gather 
0003fb90:·2074·6865·2070·6163·6b61·6765·2066·6163···the·package·fac 
0003fba0:·7473·0a20·2070·6163·6b61·6765·5f66·6163··ts.··package_fac 
0003fbb0:·7473·3a0a·2020·2020·6d61·6e61·6765·723a··ts:.····manager: 
0003fbc0:·2061·7574·6f0a·2020·7461·6773·3a0a·2020···auto.··tags:.·· 
0003fbd0:·2d20·4e49·5354·2d38·3030·2d35·332d·5343··-·NIST-800-53-SC 
0003fbe0:·2d31·3228·3229·0a20·202d·204e·4953·542d··-12(2).··-·NIST- 
0003fbf0:·3830·302d·3533·2d53·432d·3132·2833·290a··800-53-SC-12(3). 
0003fc00:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53- 
0003fc10:·5343·2d31·330a·2020·2d20·636f·6e66·6967··SC-13.··-·config 
0003fc20:·7572·655f·6269·6e64·5f63·7279·7074·6f5f··ure_bind_crypto_ 
0003fc30:·706f·6c69·6379·0a20·202d·2063·6f6e·6669··policy.··-·confi 
0003fc40:·6775·7265·5f73·7472·6174·6567·790a·2020··gure_strategy.·· 
0003fc50:·2d20·6869·6768·5f73·6576·6572·6974·790a··-·high_severity. 
0003fc60:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi 
0003fc70:·7479·0a20·202d·206c·6f77·5f64·6973·7275··ty.··-·low_disru 
0003fc80:·7074·696f·6e0a·2020·2d20·6e6f·5f72·6562··ption.··-·no_reb 
0003fc90:·6f6f·745f·6e65·6564·6564·0a0a·2d20·6e61··oot_needed..-·na 
0003fca0:·6d65·3a20·436f·6e66·6967·7572·6520·4249··me:·Configure·BI 
0003fcb0:·4e44·2074·6f20·7573·6520·5379·7374·656d··ND·to·use·System 
0003fcc0:·2043·7279·7074·6f20·506f·6c69·6379·202d···Crypto·Policy·- 
0003fcd0:·2043·6865·636b·2042·494e·4420·636f·6e66···Check·BIND·conf 
0003fce0:·6967·7572·6174·696f·6e20·6669·6c65·0a20··iguration·file.· 
0003fcf0:·2020·2065·7869·7374·730a·2020·616e·7369·····exists.··ansi 
0003fd00:·626c·652e·6275·696c·7469·6e2e·7374·6174··ble.builtin.stat 
0003fd10:·3a0a·2020·2020·7061·7468·3a20·2f65·7463··:.····path:·/etc 
0003fd20:·2f6e·616d·6564·2e63·6f6e·660a·2020·7265··/named.conf.··re 
0003fd30:·6769·7374·6572·3a20·6269·6e64·5f63·6f6e··gister:·bind_con 
0003fd40:·6669·675f·6669·6c65·0a20·2077·6865·6e3a··fig_file.··when: 
0003fd50:·2027·2262·696e·6422·2069·6e20·616e·7369···'"bind"·in·ansi 
0003fd60:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003feb0:·6520·6661·6374·730a·2020·7061·636b·6167··e·facts.··packag
0003fd70:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·0003fec0:·655f·6661·6374·733a·0a20·2020·206d·616e··e_facts:.····man
Max diff block lines reached; 321792/347350 bytes (92.64%) of diff not shown.
30.0 KB
html2text {}
    
Offset 343, 14 lines modifiedOffset 343, 35 lines modified
343 ············violate·expectations,·and·makes·system·configuration·more·fragmented.343 ············violate·expectations,·and·makes·system·configuration·more·fragmented.
344 Severity: ··high344 Severity: ··high
345 Rule·ID:····xccdf_org.ssgproject.content_rule_configure_bind_crypto_policy345 Rule·ID:····xccdf_org.ssgproject.content_rule_configure_bind_crypto_policy
346 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002418,·CCI-002422346 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002418,·CCI-002422
347 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1347 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
348 ············_\x8n_\x8i_\x8s_\x8t·····SC-13,·SC-12(2),·SC-12(3)348 ············_\x8n_\x8i_\x8s_\x8t·····SC-13,·SC-12(2),·SC-12(3)
349 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000423-GPOS-00187,·SRG-OS-000426-GPOS-00190349 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000423-GPOS-00187,·SRG-OS-000426-GPOS-00190
 350 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 351 #·Remediation·is·applicable·only·in·certain·platforms
 352 if·rpm·--quiet·-q·bind;·then
  
 353 function·remediate_bind_crypto_policy()·{
 354 »       CONFIG_FILE="/etc/named.conf"
 355 »       if·test·-f·"$CONFIG_FILE";·then
 356 »       »       sed·-i·'s|options·{|&\n\tinclude·"/etc/crypto-policies/back-ends/bind.config";|'
 357 "$CONFIG_FILE"
 358 »       »       return·0
 359 »       else
 360 »       »       echo·"Aborting·remediation·as·'$CONFIG_FILE'·was·not·even·found."·>&2
 361 »       »       return·1
 362 »       fi
 363 }
  
 364 remediate_bind_crypto_policy
  
 365 else
 366 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 367 fi
350 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8368 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
351 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low369 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
352 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low370 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
353 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false371 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
354 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure372 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
355 -·name:·Gather·the·package·facts373 -·name:·Gather·the·package·facts
356 ··package_facts:374 ··package_facts:
Offset 417, 35 lines modifiedOffset 438, 14 lines modified
417 ··-·NIST-800-53-SC-13438 ··-·NIST-800-53-SC-13
418 ··-·configure_bind_crypto_policy439 ··-·configure_bind_crypto_policy
419 ··-·configure_strategy440 ··-·configure_strategy
420 ··-·high_severity441 ··-·high_severity
421 ··-·low_complexity442 ··-·low_complexity
422 ··-·low_disruption443 ··-·low_disruption
423 ··-·no_reboot_needed444 ··-·no_reboot_needed
424 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
425 #·Remediation·is·applicable·only·in·certain·platforms 
426 if·rpm·--quiet·-q·bind;·then 
  
427 function·remediate_bind_crypto_policy()·{ 
428 »       CONFIG_FILE="/etc/named.conf" 
429 »       if·test·-f·"$CONFIG_FILE";·then 
430 »       »       sed·-i·'s|options·{|&\n\tinclude·"/etc/crypto-policies/back-ends/bind.config";|' 
431 "$CONFIG_FILE" 
432 »       »       return·0 
433 »       else 
434 »       »       echo·"Aborting·remediation·as·'$CONFIG_FILE'·was·not·even·found."·>&2 
435 »       »       return·1 
436 »       fi 
437 } 
  
438 remediate_bind_crypto_policy 
  
439 else 
440 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
441 fi 
442 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*445 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
443 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·DEFAULT446 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·DEFAULT
444 policy,·run·the·following·command:447 policy,·run·the·following·command:
445 $·sudo·update-crypto-policies·--set·DEFAULT448 $·sudo·update-crypto-policies·--set·DEFAULT
446 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.449 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.
447 Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to450 Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to
448 correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case451 correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case
Offset 478, 14 lines modifiedOffset 478, 34 lines modified
478 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1478 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
479 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)479 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
480 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,480 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,
481 ·····················FCS_CKM.2,·FCS_TLSC_EXT.1481 ·····················FCS_CKM.2,·FCS_TLSC_EXT.1
482 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-482 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-
483 ·····················GPOS-00174483 ·····················GPOS-00174
484 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2484 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 485 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 486 var_system_crypto_policy='DEFAULT'
  
  
 487 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/
 488 null)
 489 rc=$?
  
 490 if·test·"$rc"·=·127;·then
 491 »       echo·"$stderr_of_call"·>&2
 492 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 493 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 494 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 495 »       false··#·end·with·an·error·code
 496 elif·test·"$rc"·!=·0;·then
 497 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 498 »       false··#·end·with·an·error·code
 499 fi
485 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8500 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
486 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low501 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
487 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low502 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
488 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false503 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
489 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict504 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
490 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable505 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
491 ··set_fact:506 ··set_fact:
Offset 530, 34 lines modifiedOffset 550, 14 lines modified
530 ··-·PCI-DSSv4-2.2.7550 ··-·PCI-DSSv4-2.2.7
531 ··-·configure_crypto_policy551 ··-·configure_crypto_policy
532 ··-·high_severity552 ··-·high_severity
533 ··-·low_complexity553 ··-·low_complexity
534 ··-·low_disruption554 ··-·low_disruption
535 ··-·no_reboot_needed555 ··-·no_reboot_needed
536 ··-·restrict_strategy556 ··-·restrict_strategy
537 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
538 var_system_crypto_policy='DEFAULT' 
  
  
539 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/ 
540 null) 
541 rc=$? 
  
542 if·test·"$rc"·=·127;·then 
543 »       echo·"$stderr_of_call"·>&2 
544 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
545 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
Max diff block lines reached; 25409/30684 bytes (82.81%) of diff not shown.
2.7 MB
./usr/share/doc/ssg-nondebian/ssg-alinux3-guide-pci-dss.html
    
Offset 15862, 95 lines modifiedOffset 15862, 95 lines modified
0003df50:·6574·3d22·2369·646d·3133·3039·2220·7461··et="#idm1309"·ta0003df50:·6574·3d22·2369·646d·3133·3039·2220·7461··et="#idm1309"·ta
0003df60:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003df60:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003df70:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003df70:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003df80:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003df80:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003df90:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003df90:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003dfa0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003dfa0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003dfb0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003dfb0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
 0003dfc0:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet·
 0003dfd0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
 0003dfe0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
 0003dff0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
 0003e000:·6964·3d22·6964·6d31·3330·3922·3e3c·7461··id="idm1309"><ta
 0003e010:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
 0003e020:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
 0003e030:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
 0003e040:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
 0003e050:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
 0003e060:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</
 0003e070:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003e080:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th>
 0003e090:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
 0003e0a0:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:
 0003e0b0:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</
 0003e0c0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003e0d0:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
0003dfc0:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
0003dfd0:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003dfe0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003dff0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003e000:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003e010:·6d31·3330·3922·3e3c·7072·653e·3c63·6f64··m1309"><pre><cod 
0003e020:·653e·0a5b·5b70·6163·6b61·6765·735d·5d0a··e>.[[packages]]. 
0003e030:·6e61·6d65·203d·2022·6169·6465·220a·7665··name·=·"aide".ve 
0003e040:·7273·696f·6e20·3d20·222a·220a·3c2f·636f··rsion·=·"*".</co 
0003e050:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003e060:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003e070:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003e080:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003e090:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003e0a0:·646d·3133·3130·2220·7461·6269·6e64·6578··dm1310"·tabindex 
0003e0b0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003e0c0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003e0d0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003e0e0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003e0f0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003e100:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl 
0003e110:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a 
0003e120:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003e130:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003e140:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003e150:·6d31·3331·3022·3e3c·7461·626c·6520·636c··m1310"><table·cl 
0003e160:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003e170:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003e180:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003e190:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003e1a0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003e1b0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003e1c0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003e1d0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003e1e0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003e1f0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003e200:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t0003e0e0:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t
 0003e0f0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 0003e100:·636f·6465·3e2d·206e·616d·653a·2047·6174··code>-·name:·Gat
 0003e110:·6865·7220·7468·6520·7061·636b·6167·6520··her·the·package·
 0003e120:·6661·6374·730a·2020·7061·636b·6167·655f··facts.··package_
 0003e130:·6661·6374·733a·0a20·2020·206d·616e·6167··facts:.····manag
 0003e140:·6572·3a20·6175·746f·0a20·2074·6167·733a··er:·auto.··tags:
0003e210:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003e220:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003e230:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
0003e240:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>- 
0003e250:·206e·616d·653a·2047·6174·6865·7220·7468···name:·Gather·th 
0003e260:·6520·7061·636b·6167·6520·6661·6374·730a··e·package·facts. 
0003e270:·2020·7061·636b·6167·655f·6661·6374·733a····package_facts: 
0003e280:·0a20·2020·206d·616e·6167·6572·3a20·6175··.····manager:·au 
0003e290:·746f·0a20·2074·6167·733a·0a20·202d·2043··to.··tags:.··-·C 
0003e2a0:·4a49·532d·352e·3130·2e31·2e33·0a20·202d··JIS-5.10.1.3.··- 
0003e2b0:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM- 
0003e2c0:·3628·6129·0a20·202d·2050·4349·2d44·5353··6(a).··-·PCI-DSS 
0003e2d0:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC 
0003e2e0:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.· 
0003e2f0:·202d·2065·6e61·626c·655f·7374·7261·7465···-·enable_strate 
0003e300:·6779·0a20·202d·206c·6f77·5f63·6f6d·706c··gy.··-·low_compl 
0003e310:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di 
0003e320:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med 
0003e330:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··- 
0003e340:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede 
0003e350:·640a·2020·2d20·7061·636b·6167·655f·6169··d.··-·package_ai 
0003e360:·6465·5f69·6e73·7461·6c6c·6564·0a0a·2d20··de_installed..-· 
0003e370:·6e61·6d65·3a20·456e·7375·7265·2061·6964··name:·Ensure·aid 
0003e380:·6520·6973·2069·6e73·7461·6c6c·6564·0a20··e·is·installed.· 
0003e390:·2070·6163·6b61·6765·3a0a·2020·2020·6e61···package:.····na 
0003e3a0:·6d65·3a20·6169·6465·0a20·2020·2073·7461··me:·aide.····sta 
0003e3b0:·7465·3a20·7072·6573·656e·740a·2020·7768··te:·present.··wh 
0003e3c0:·656e·3a20·2722·6b65·726e·656c·2220·696e··en:·'"kernel"·in 
0003e3d0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
0003e3e0:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags: 
0003e3f0:·0a20·202d·2043·4a49·532d·352e·3130·2e31··.··-·CJIS-5.10.10003e150:·0a20·202d·2043·4a49·532d·352e·3130·2e31··.··-·CJIS-5.10.1
0003e400:·2e33·0a20·202d·204e·4953·542d·3830·302d··.3.··-·NIST-800-0003e160:·2e33·0a20·202d·204e·4953·542d·3830·302d··.3.··-·NIST-800-
0003e410:·3533·2d43·4d2d·3628·6129·0a20·202d·2050··53-CM-6(a).··-·P0003e170:·3533·2d43·4d2d·3628·6129·0a20·202d·2050··53-CM-6(a).··-·P
0003e420:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.0003e180:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.
0003e430:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-110003e190:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-11
0003e440:·2e35·2e32·0a20·202d·2065·6e61·626c·655f··.5.2.··-·enable_0003e1a0:·2e35·2e32·0a20·202d·2065·6e61·626c·655f··.5.2.··-·enable_
0003e450:·7374·7261·7465·6779·0a20·202d·206c·6f77··strategy.··-·low0003e1b0:·7374·7261·7465·6779·0a20·202d·206c·6f77··strategy.··-·low
0003e460:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·0003e1c0:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·
0003e470:·6c6f·775f·6469·7372·7570·7469·6f6e·0a20··low_disruption.·0003e1d0:·6c6f·775f·6469·7372·7570·7469·6f6e·0a20··low_disruption.·
0003e480:·202d·206d·6564·6975·6d5f·7365·7665·7269···-·medium_severi0003e1e0:·202d·206d·6564·6975·6d5f·7365·7665·7269···-·medium_severi
0003e490:·7479·0a20·202d·206e·6f5f·7265·626f·6f74··ty.··-·no_reboot0003e1f0:·7479·0a20·202d·206e·6f5f·7265·626f·6f74··ty.··-·no_reboot
0003e4a0:·5f6e·6565·6465·640a·2020·2d20·7061·636b··_needed.··-·pack0003e200:·5f6e·6565·6465·640a·2020·2d20·7061·636b··_needed.··-·pack
0003e4b0:·6167·655f·6169·6465·5f69·6e73·7461·6c6c··age_aide_install0003e210:·6167·655f·6169·6465·5f69·6e73·7461·6c6c··age_aide_install
 0003e220:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu
 0003e230:·7265·2061·6964·6520·6973·2069·6e73·7461··re·aide·is·insta
 0003e240:·6c6c·6564·0a20·2070·6163·6b61·6765·3a0a··lled.··package:.
 0003e250:·2020·2020·6e61·6d65·3a20·6169·6465·0a20······name:·aide.·
 0003e260:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
 0003e270:·740a·2020·7768·656e·3a20·2722·6b65·726e··t.··when:·'"kern
 0003e280:·656c·2220·696e·2061·6e73·6962·6c65·5f66··el"·in·ansible_f
 0003e290:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 0003e2a0:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-
 0003e2b0:·352e·3130·2e31·2e33·0a20·202d·204e·4953··5.10.1.3.··-·NIS
 0003e2c0:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a)
 0003e2d0:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req
 0003e2e0:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS
 0003e2f0:·5376·342d·3131·2e35·2e32·0a20·202d·2065··Sv4-11.5.2.··-·e
 0003e300:·6e61·626c·655f·7374·7261·7465·6779·0a20··nable_strategy.·
 0003e310:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit
Max diff block lines reached; 2540504/2552260 bytes (99.54%) of diff not shown.
276 KB
html2text {}
    
Offset 214, 19 lines modifiedOffset 214, 14 lines modified
214 include·install_aide214 include·install_aide
  
215 class·install_aide·{215 class·install_aide·{
216 ··package·{·'aide':216 ··package·{·'aide':
217 ····ensure·=>·'installed',217 ····ensure·=>·'installed',
218 ··}218 ··}
219 }219 }
220 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
221 [[packages]] 
222 name·=·"aide" 
223 version·=·"*" 
224 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8220 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
225 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low221 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
226 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low222 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
227 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false223 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
228 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable224 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
229 -·name:·Gather·the·package·facts225 -·name:·Gather·the·package·facts
230 ··package_facts:226 ··package_facts:
Offset 255, 14 lines modifiedOffset 250, 19 lines modified
255 ··-·PCI-DSSv4-11.5.2250 ··-·PCI-DSSv4-11.5.2
256 ··-·enable_strategy251 ··-·enable_strategy
257 ··-·low_complexity252 ··-·low_complexity
258 ··-·low_disruption253 ··-·low_disruption
259 ··-·medium_severity254 ··-·medium_severity
260 ··-·no_reboot_needed255 ··-·no_reboot_needed
261 ··-·package_aide_installed256 ··-·package_aide_installed
 257 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 258 [[packages]]
 259 name·=·"aide"
 260 version·=·"*"
262 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*261 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
263 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of262 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of
264 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:263 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:
265 05·4·*·*·*·root·/usr/sbin/aide·--check264 05·4·*·*·*·root·/usr/sbin/aide·--check
266 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/265 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/
267 crontab:266 crontab:
268 05·4·*·*·0·root·/usr/sbin/aide·--check267 05·4·*·*·0·root·/usr/sbin/aide·--check
Offset 475, 14 lines modifiedOffset 475, 33 lines modified
475 ············_\x8i_\x8s_\x8m······1446475 ············_\x8i_\x8s_\x8m······1446
476 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1476 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
477 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)477 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
478 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,478 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,
479 ·····················FCS_TLSC_EXT.1479 ·····················FCS_TLSC_EXT.1
480 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174480 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
481 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2481 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 482 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 483 var_system_crypto_policy='DEFAULT'
  
  
 484 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 485 rc=$?
  
 486 if·test·"$rc"·=·127;·then
 487 »       echo·"$stderr_of_call"·>&2
 488 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 489 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 490 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 491 »       false··#·end·with·an·error·code
 492 elif·test·"$rc"·!=·0;·then
 493 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 494 »       false··#·end·with·an·error·code
 495 fi
482 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8496 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
483 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low497 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
484 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low498 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
485 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false499 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
486 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict500 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
487 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable501 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
488 ··set_fact:502 ··set_fact:
Offset 527, 33 lines modifiedOffset 546, 14 lines modified
527 ··-·PCI-DSSv4-2.2.7546 ··-·PCI-DSSv4-2.2.7
528 ··-·configure_crypto_policy547 ··-·configure_crypto_policy
529 ··-·high_severity548 ··-·high_severity
530 ··-·low_complexity549 ··-·low_complexity
531 ··-·low_disruption550 ··-·low_disruption
532 ··-·no_reboot_needed551 ··-·no_reboot_needed
533 ··-·restrict_strategy552 ··-·restrict_strategy
534 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
535 var_system_crypto_policy='DEFAULT' 
  
  
536 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
537 rc=$? 
  
538 if·test·"$rc"·=·127;·then 
539 »       echo·"$stderr_of_call"·>&2 
540 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
541 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
542 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
543 »       false··#·end·with·an·error·code 
544 elif·test·"$rc"·!=·0;·then 
545 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
546 »       false··#·end·with·an·error·code 
547 fi 
548 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*553 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
549 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is554 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is
550 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that555 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that
551 Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either556 Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either
552 commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.557 commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.
553 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate558 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate
554 ············expectations,·and·makes·system·configuration·more·fragmented.559 ············expectations,·and·makes·system·configuration·more·fragmented.
Offset 564, 14 lines modifiedOffset 564, 19 lines modified
564 ·····················(ii)564 ·····················(ii)
565 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1565 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
566 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13566 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13
567 ············_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1567 ············_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1
568 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2568 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
569 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093569 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
570 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2570 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 571 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 572 SSH_CONF="/etc/sysconfig/sshd"
  
 573 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
571 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8574 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
572 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low575 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
573 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium576 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
574 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true577 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
575 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable578 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable
576 -·name:·Configure·SSH·to·use·System·Crypto·Policy579 -·name:·Configure·SSH·to·use·System·Crypto·Policy
577 ··lineinfile:580 ··lineinfile:
Max diff block lines reached; 277157/282595 bytes (98.08%) of diff not shown.
335 KB
./usr/share/doc/ssg-nondebian/ssg-alinux3-guide-standard.html
    
Offset 15755, 195 lines modifiedOffset 15755, 195 lines modified
0003d8a0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003d8a0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003d8b0:·3134·3530·2220·7461·6269·6e64·6578·3d22··1450"·tabindex="0003d8b0:·3134·3530·2220·7461·6269·6e64·6578·3d22··1450"·tabindex="
0003d8c0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003d8c0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003d8d0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003d8d0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003d8e0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003d8e0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003d8f0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003d8f0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003d900:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003d900:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
 0003d910:·6469·6174·696f·6e20·5368·656c·6c20·7363··diation·Shell·sc
 0003d920:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
 0003d930:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
 0003d940:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
 0003d950:·7073·6522·2069·643d·2269·646d·3134·3530··pse"·id="idm1450
 0003d960:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
 0003d970:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
 0003d980:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
 0003d990:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
 0003d9a0:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie
 0003d9b0:·7420·2d71·2062·696e·643b·2074·6865·6e0a··t·-q·bind;·then.
 0003d9c0:·0a66·756e·6374·696f·6e20·7265·6d65·6469··.function·remedi
0003d910:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible· 
0003d920:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003d930:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003d940:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003d950:·6c6c·6170·7365·2220·6964·3d22·6964·6d31··llapse"·id="idm1 
0003d960:·3435·3022·3e3c·7461·626c·6520·636c·6173··450"><table·clas 
0003d970:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003d980:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003d990:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003d9a0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003d9b0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003d9c0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003d9d0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003d9e0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003d9f0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003da00:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003da10:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003da20:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003da30:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config 
0003da40:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t 
0003da50:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003da60:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t 
0003da70:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts 
0003da80:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts 
0003da90:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a 
0003daa0:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-· 
0003dab0:·4e49·5354·2d38·3030·2d35·332d·5343·2d31··NIST-800-53-SC-1 
0003dac0:·3228·3229·0a20·202d·204e·4953·542d·3830··2(2).··-·NIST-80 
0003dad0:·302d·3533·2d53·432d·3132·2833·290a·2020··0-53-SC-12(3).·· 
0003dae0:·2d20·4e49·5354·2d38·3030·2d35·332d·5343··-·NIST-800-53-SC 
0003daf0:·2d31·330a·2020·2d20·636f·6e66·6967·7572··-13.··-·configur 
0003db00:·655f·6269·6e64·5f63·7279·7074·6f5f·706f··e_bind_crypto_po0003d9d0:·6174·655f·6269·6e64·5f63·7279·7074·6f5f··ate_bind_crypto_
0003db10:·6c69·6379·0a20·202d·2063·6f6e·6669·6775··licy.··-·configu 
0003db20:·7265·5f73·7472·6174·6567·790a·2020·2d20··re_strategy.··-· 
0003db30:·6869·6768·5f73·6576·6572·6974·790a·2020··high_severity.·· 
0003db40:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity 
0003db50:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt 
0003db60:·696f·6e0a·2020·2d20·6e6f·5f72·6562·6f6f··ion.··-·no_reboo 
0003db70:·745f·6e65·6564·6564·0a0a·2d20·6e61·6d65··t_needed..-·name 
0003db80:·3a20·436f·6e66·6967·7572·6520·4249·4e44··:·Configure·BIND 
0003db90:·2074·6f20·7573·6520·5379·7374·656d·2043···to·use·System·C 
0003dba0:·7279·7074·6f20·506f·6c69·6379·202d·2043··rypto·Policy·-·C 
0003dbb0:·6865·636b·2042·494e·4420·636f·6e66·6967··heck·BIND·config 
0003dbc0:·7572·6174·696f·6e20·6669·6c65·0a20·2020··uration·file.··· 
0003dbd0:·2065·7869·7374·730a·2020·616e·7369·626c···exists.··ansibl 
0003dbe0:·652e·6275·696c·7469·6e2e·7374·6174·3a0a··e.builtin.stat:. 
0003dbf0:·2020·2020·7061·7468·3a20·2f65·7463·2f6e······path:·/etc/n 
0003dc00:·616d·6564·2e63·6f6e·660a·2020·7265·6769··amed.conf.··regi 
0003dc10:·7374·6572·3a20·6269·6e64·5f63·6f6e·6669··ster:·bind_confi 
0003dc20:·675f·6669·6c65·0a20·2077·6865·6e3a·2027··g_file.··when:·' 
0003dc30:·2262·696e·6422·2069·6e20·616e·7369·626c··"bind"·in·ansibl0003d9e0:·706f·6c69·6379·2829·207b·0a09·434f·4e46··policy()·{..CONF
 0003d9f0:·4947·5f46·494c·453d·222f·6574·632f·6e61··IG_FILE="/etc/na
 0003da00:·6d65·642e·636f·6e66·220a·0969·6620·7465··med.conf"..if·te
 0003da10:·7374·202d·6620·2224·434f·4e46·4947·5f46··st·-f·"$CONFIG_F
 0003da20:·494c·4522·3b20·7468·656e·0a09·0973·6564··ILE";·then...sed
 0003da30:·202d·6920·2773·7c6f·7074·696f·6e73·207b···-i·'s|options·{
 0003da40:·7c26·616d·703b·5c6e·5c74·696e·636c·7564··|&amp;\n\tinclud
 0003da50:·6520·222f·6574·632f·6372·7970·746f·2d70··e·"/etc/crypto-p
 0003da60:·6f6c·6963·6965·732f·6261·636b·2d65·6e64··olicies/back-end
 0003da70:·732f·6269·6e64·2e63·6f6e·6669·6722·3b7c··s/bind.config";|
 0003da80:·2720·2224·434f·4e46·4947·5f46·494c·4522··'·"$CONFIG_FILE"
 0003da90:·0a09·0972·6574·7572·6e20·300a·0965·6c73··...return·0..els
 0003daa0:·650a·0909·6563·686f·2022·4162·6f72·7469··e...echo·"Aborti
 0003dab0:·6e67·2072·656d·6564·6961·7469·6f6e·2061··ng·remediation·a
 0003dac0:·7320·2724·434f·4e46·4947·5f46·494c·4527··s·'$CONFIG_FILE'
 0003dad0:·2077·6173·206e·6f74·2065·7665·6e20·666f···was·not·even·fo
 0003dae0:·756e·642e·2220·2667·743b·2661·6d70·3b32··und."·&gt;&amp;2
 0003daf0:·0a09·0972·6574·7572·6e20·310a·0966·690a··...return·1..fi.
 0003db00:·7d0a·0a72·656d·6564·6961·7465·5f62·696e··}..remediate_bin
 0003db10:·645f·6372·7970·746f·5f70·6f6c·6963·790a··d_crypto_policy.
 0003db20:·0a65·6c73·650a·2020·2020·2667·743b·2661··.else.····&gt;&a
 0003db30:·6d70·3b32·2065·6368·6f20·2752·656d·6564··mp;2·echo·'Remed
 0003db40:·6961·7469·6f6e·2069·7320·6e6f·7420·6170··iation·is·not·ap
 0003db50:·706c·6963·6162·6c65·2c20·6e6f·7468·696e··plicable,·nothin
 0003db60:·6720·7761·7320·646f·6e65·270a·6669·0a3c··g·was·done'.fi.<
 0003db70:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
 0003db80:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
 0003db90:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
 0003dba0:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
 0003dbb0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
 0003dbc0:·2223·6964·6d31·3435·3122·2074·6162·696e··"#idm1451"·tabin
 0003dbd0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
 0003dbe0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
 0003dbf0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
 0003dc00:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
 0003dc10:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
 0003dc20:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans
 0003dc30:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...
 0003dc40:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
 0003dc50:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
 0003dc60:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
 0003dc70:·2269·646d·3134·3531·223e·3c74·6162·6c65··"idm1451"><table
 0003dc80:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
 0003dc90:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
 0003dca0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
 0003dcb0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
 0003dcc0:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
 0003dcd0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003dce0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
 0003dcf0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
 0003dd00:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003dd10:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
 0003dd20:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
 0003dd30:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
 0003dd40:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c
 0003dd50:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t
 0003dd60:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 0003dd70:·636f·6465·3e2d·206e·616d·653a·2047·6174··code>-·name:·Gat
Max diff block lines reached; 290822/316380 bytes (91.92%) of diff not shown.
26.2 KB
html2text {}
    
Offset 208, 14 lines modifiedOffset 208, 35 lines modified
208 ············violate·expectations,·and·makes·system·configuration·more·fragmented.208 ············violate·expectations,·and·makes·system·configuration·more·fragmented.
209 Severity: ··high209 Severity: ··high
210 Rule·ID:····xccdf_org.ssgproject.content_rule_configure_bind_crypto_policy210 Rule·ID:····xccdf_org.ssgproject.content_rule_configure_bind_crypto_policy
211 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002418,·CCI-002422211 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002418,·CCI-002422
212 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1212 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
213 ············_\x8n_\x8i_\x8s_\x8t·····SC-13,·SC-12(2),·SC-12(3)213 ············_\x8n_\x8i_\x8s_\x8t·····SC-13,·SC-12(2),·SC-12(3)
214 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000423-GPOS-00187,·SRG-OS-000426-GPOS-00190214 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000423-GPOS-00187,·SRG-OS-000426-GPOS-00190
 215 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 216 #·Remediation·is·applicable·only·in·certain·platforms
 217 if·rpm·--quiet·-q·bind;·then
  
 218 function·remediate_bind_crypto_policy()·{
 219 »       CONFIG_FILE="/etc/named.conf"
 220 »       if·test·-f·"$CONFIG_FILE";·then
 221 »       »       sed·-i·'s|options·{|&\n\tinclude·"/etc/crypto-policies/back-ends/bind.config";|'
 222 "$CONFIG_FILE"
 223 »       »       return·0
 224 »       else
 225 »       »       echo·"Aborting·remediation·as·'$CONFIG_FILE'·was·not·even·found."·>&2
 226 »       »       return·1
 227 »       fi
 228 }
  
 229 remediate_bind_crypto_policy
  
 230 else
 231 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 232 fi
215 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8233 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
216 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low234 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
217 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low235 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
218 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false236 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
219 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure237 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
220 -·name:·Gather·the·package·facts238 -·name:·Gather·the·package·facts
221 ··package_facts:239 ··package_facts:
Offset 282, 35 lines modifiedOffset 303, 14 lines modified
282 ··-·NIST-800-53-SC-13303 ··-·NIST-800-53-SC-13
283 ··-·configure_bind_crypto_policy304 ··-·configure_bind_crypto_policy
284 ··-·configure_strategy305 ··-·configure_strategy
285 ··-·high_severity306 ··-·high_severity
286 ··-·low_complexity307 ··-·low_complexity
287 ··-·low_disruption308 ··-·low_disruption
288 ··-·no_reboot_needed309 ··-·no_reboot_needed
289 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
290 #·Remediation·is·applicable·only·in·certain·platforms 
291 if·rpm·--quiet·-q·bind;·then 
  
292 function·remediate_bind_crypto_policy()·{ 
293 »       CONFIG_FILE="/etc/named.conf" 
294 »       if·test·-f·"$CONFIG_FILE";·then 
295 »       »       sed·-i·'s|options·{|&\n\tinclude·"/etc/crypto-policies/back-ends/bind.config";|' 
296 "$CONFIG_FILE" 
297 »       »       return·0 
298 »       else 
299 »       »       echo·"Aborting·remediation·as·'$CONFIG_FILE'·was·not·even·found."·>&2 
300 »       »       return·1 
301 »       fi 
302 } 
  
303 remediate_bind_crypto_policy 
  
304 else 
305 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
306 fi 
307 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*310 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
308 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·DEFAULT311 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·DEFAULT
309 policy,·run·the·following·command:312 policy,·run·the·following·command:
310 $·sudo·update-crypto-policies·--set·DEFAULT313 $·sudo·update-crypto-policies·--set·DEFAULT
311 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.314 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.
312 Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to315 Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to
313 correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case316 correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case
Offset 343, 14 lines modifiedOffset 343, 34 lines modified
343 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1343 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
344 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)344 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
345 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,345 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,
346 ·····················FCS_CKM.2,·FCS_TLSC_EXT.1346 ·····················FCS_CKM.2,·FCS_TLSC_EXT.1
347 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-347 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-
348 ·····················GPOS-00174348 ·····················GPOS-00174
349 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2349 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 350 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 351 var_system_crypto_policy='DEFAULT'
  
  
 352 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/
 353 null)
 354 rc=$?
  
 355 if·test·"$rc"·=·127;·then
 356 »       echo·"$stderr_of_call"·>&2
 357 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 358 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 359 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 360 »       false··#·end·with·an·error·code
 361 elif·test·"$rc"·!=·0;·then
 362 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 363 »       false··#·end·with·an·error·code
 364 fi
350 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8365 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
351 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low366 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
352 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low367 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
353 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false368 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
354 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict369 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
355 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable370 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
356 ··set_fact:371 ··set_fact:
Offset 395, 34 lines modifiedOffset 415, 14 lines modified
395 ··-·PCI-DSSv4-2.2.7415 ··-·PCI-DSSv4-2.2.7
396 ··-·configure_crypto_policy416 ··-·configure_crypto_policy
397 ··-·high_severity417 ··-·high_severity
398 ··-·low_complexity418 ··-·low_complexity
399 ··-·low_disruption419 ··-·low_disruption
400 ··-·no_reboot_needed420 ··-·no_reboot_needed
401 ··-·restrict_strategy421 ··-·restrict_strategy
402 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
403 var_system_crypto_policy='DEFAULT' 
  
  
404 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/ 
405 null) 
406 rc=$? 
  
407 if·test·"$rc"·=·127;·then 
408 »       echo·"$stderr_of_call"·>&2 
409 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
410 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
Max diff block lines reached; 21540/26815 bytes (80.33%) of diff not shown.
23.0 MB
./usr/share/doc/ssg-nondebian/ssg-almalinux9-guide-cis.html
    
Offset 15111, 213 lines modifiedOffset 15111, 213 lines modified
0003b060:·2d74·6172·6765·743d·2223·6964·6d33·3138··-target="#idm3180003b060:·2d74·6172·6765·743d·2223·6964·6d33·3138··-target="#idm318
0003b070:·3722·2074·6162·696e·6465·783d·2230·2220··7"·tabindex="0"·0003b070:·3722·2074·6162·696e·6465·783d·2230·2220··7"·tabindex="0"·
0003b080:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003b080:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003b090:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003b090:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003b0a0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003b0a0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003b0b0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003b0b0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003b0c0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003b0c0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003b0d0:·7469·6f6e·2041·6e61·636f·6e64·6120·736e··tion·Anaconda·sn0003b0d0:·7469·6f6e·2050·7570·7065·7420·736e·6970··tion·Puppet·snip
0003b0e0:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br0003b0e0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><
0003b0f0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan0003b0f0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003b100:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll0003b100:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003b110:·6170·7365·2220·6964·3d22·6964·6d33·3138··apse"·id="idm3180003b110:·7365·2220·6964·3d22·6964·6d33·3138·3722··se"·id="idm3187"
0003b120:·3722·3e3c·7461·626c·6520·636c·6173·733d··7"><table·class=0003b120:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
0003b130:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str0003b130:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
0003b140:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde0003b140:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
0003b150:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden0003b150:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
0003b160:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com0003b160:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
0003b170:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td0003b170:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
0003b180:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t0003b180:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
0003b190:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption0003b190:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
0003b1a0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t0003b1a0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
0003b1b0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R0003b1b0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
0003b1c0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f0003b1c0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
0003b1d0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t0003b1d0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
0003b1e0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0003b1e0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
0003b1f0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</0003b1f0:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td
0003b200:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>0003b200:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
 0003b210:·7265·3e3c·636f·6465·3e69·6e63·6c75·6465··re><code>include
 0003b220:·2069·6e73·7461·6c6c·5f61·6964·650a·0a63···install_aide..c
 0003b230:·6c61·7373·2069·6e73·7461·6c6c·5f61·6964··lass·install_aid
 0003b240:·6520·7b0a·2020·7061·636b·6167·6520·7b20··e·{.··package·{·
 0003b250:·2761·6964·6527·3a0a·2020·2020·656e·7375··'aide':.····ensu
 0003b260:·7265·203d·2667·743b·2027·696e·7374·616c··re·=&gt;·'instal
 0003b270:·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f·636f··led',.··}.}.</co
0003b210:·3c70·7265·3e3c·636f·6465·3e0a·7061·636b··<pre><code>.pack 
0003b220:·6167·6520·2d2d·6164·643d·6169·6465·0a3c··age·--add=aide.< 
0003b230:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003b240:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003b250:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003b260:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003b270:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003b280:·2223·6964·6d33·3138·3822·2074·6162·696e··"#idm3188"·tabin 
0003b290:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003b2a0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003b2b0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003b2c0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003b2d0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003b2e0:·3e52·656d·6564·6961·7469·6f6e·2050·7570··>Remediation·Pup 
0003b2f0:·7065·7420·736e·6970·7065·7420·e287·b23c··pet·snippet·...< 
0003b300:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b310:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b320:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b330:·6964·6d33·3138·3822·3e3c·7461·626c·6520··idm3188"><table· 
0003b340:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003b350:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003b360:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003b370:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003b380:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003b390:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b3a0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003b3b0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003b3c0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b3d0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003b3e0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003b3f0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003b400:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003b410:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003b420:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b430:·3e69·6e63·6c75·6465·2069·6e73·7461·6c6c··>include·install 
0003b440:·5f61·6964·650a·0a63·6c61·7373·2069·6e73··_aide..class·ins 
0003b450:·7461·6c6c·5f61·6964·6520·7b0a·2020·7061··tall_aide·{.··pa 
0003b460:·636b·6167·6520·7b20·2761·6964·6527·3a0a··ckage·{·'aide':. 
0003b470:·2020·2020·656e·7375·7265·203d·2667·743b······ensure·=&gt; 
0003b480:·2027·696e·7374·616c·6c65·6427·2c0a·2020···'installed',.·· 
0003b490:·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70·7265··}.}.</code></pre 
0003b4a0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b4b0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b4c0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b4d0:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b4e0:·7267·6574·3d22·2369·646d·3331·3839·2220··rget="#idm3189"· 
0003b4f0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003b500:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003b510:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003b520:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003b530:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003b540:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003b550:·6e20·4f53·4275·696c·6420·426c·7565·7072··n·OSBuild·Bluepr 
0003b560:·696e·7420·736e·6970·7065·7420·e287·b23c··int·snippet·...< 
0003b570:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b580:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b590:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b5a0:·6964·6d33·3138·3922·3e3c·7072·653e·3c63··idm3189"><pre><c 
0003b5b0:·6f64·653e·0a5b·5b70·6163·6b61·6765·735d··ode>.[[packages] 
0003b5c0:·5d0a·6e61·6d65·203d·2022·6169·6465·220a··].name·=·"aide". 
0003b5d0:·7665·7273·696f·6e20·3d20·222a·220a·3c2f··version·=·"*".</ 
0003b5e0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div0003b280:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
0003b5f0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b0003b290:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
0003b600:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data0003b2a0:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
0003b610:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps0003b2b0:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
0003b620:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003b2c0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003b630:·2369·646d·3331·3930·2220·7461·6269·6e64··#idm3190"·tabind0003b2d0:·646d·3331·3838·2220·7461·6269·6e64·6578··dm3188"·tabindex
0003b640:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003b2e0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003b650:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003b2f0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003b660:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003b300:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003b670:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003b310:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003b680:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003b320:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
 0003b330:·6d65·6469·6174·696f·6e20·5368·656c·6c20··mediation·Shell·
 0003b340:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b
 0003b350:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
 0003b360:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
 0003b370:·6c61·7073·6522·2069·643d·2269·646d·3331··lapse"·id="idm31
 0003b380:·3838·223e·3c74·6162·6c65·2063·6c61·7373··88"><table·class
 0003b390:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
 0003b3a0:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
 0003b3b0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
 0003b3c0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
 0003b3d0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
0003b690:·5265·6d65·6469·6174·696f·6e20·416e·7369··Remediation·Ansi 
0003b6a0:·626c·6520·736e·6970·7065·7420·e287·b23c··ble·snippet·...< 
0003b6b0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b6c0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b6d0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b6e0:·6964·6d33·3139·3022·3e3c·7461·626c·6520··idm3190"><table· 
0003b6f0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003b700:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003b710:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003b720:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
Max diff block lines reached; 22140069/22168111 bytes (99.87%) of diff not shown.
1.9 MB
html2text {}
Max HTML report size reached
10.1 MB
./usr/share/doc/ssg-nondebian/ssg-almalinux9-guide-cis_server_l1.html
    
Offset 15073, 213 lines modifiedOffset 15073, 213 lines modified
0003ae00:·6574·3d22·2369·646d·3331·3837·2220·7461··et="#idm3187"·ta0003ae00:·6574·3d22·2369·646d·3331·3837·2220·7461··et="#idm3187"·ta
0003ae10:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003ae10:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003ae20:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003ae20:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003ae30:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003ae30:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003ae40:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003ae40:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003ae50:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003ae50:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003ae60:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003ae60:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003ae70:·416e·6163·6f6e·6461·2073·6e69·7070·6574··Anaconda·snippet0003ae70:·5075·7070·6574·2073·6e69·7070·6574·20e2··Puppet·snippet·.
0003ae80:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div0003ae80:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
0003ae90:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0003ae90:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0003aea0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"0003aea0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0003aeb0:·2069·643d·2269·646d·3331·3837·223e·3c74···id="idm3187"><t0003aeb0:·643d·2269·646d·3331·3837·223e·3c74·6162··d="idm3187"><tab
0003aec0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl0003aec0:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
0003aed0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·0003aed0:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
0003aee0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t0003aee0:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
0003aef0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">0003aef0:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
0003af00:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi0003af00:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
0003af10:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<0003af10:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
0003af20:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003af20:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
0003af30:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th0003af30:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
0003af40:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t0003af40:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
0003af50:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot0003af50:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
0003af60:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<0003af60:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
0003af70:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003af70:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
0003af80:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><0003af80:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
0003af90:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></0003af90:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr
0003afa0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>0003afa0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
0003afb0:·3c63·6f64·653e·0a70·6163·6b61·6765·202d··<code>.package·- 
0003afc0:·2d61·6464·3d61·6964·650a·3c2f·636f·6465··-add=aide.</code 
0003afd0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003afe0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003aff0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b000:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b010:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b020:·3331·3838·2220·7461·6269·6e64·6578·3d22··3188"·tabindex=" 
0003b030:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b040:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b050:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b060:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b070:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b080:·6469·6174·696f·6e20·5075·7070·6574·2073··diation·Puppet·s 
0003b090:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003b0a0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003b0b0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003b0c0:·6c61·7073·6522·2069·643d·2269·646d·3331··lapse"·id="idm31 
0003b0d0:·3838·223e·3c74·6162·6c65·2063·6c61·7373··88"><table·class 
0003b0e0:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
0003b0f0:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord 
0003b100:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
0003b110:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
0003b120:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
0003b130:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003b140:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio0003afb0:·6f64·653e·696e·636c·7564·6520·696e·7374··ode>include·inst
 0003afc0:·616c·6c5f·6169·6465·0a0a·636c·6173·7320··all_aide..class·
 0003afd0:·696e·7374·616c·6c5f·6169·6465·207b·0a20··install_aide·{.·
 0003afe0:·2070·6163·6b61·6765·207b·2027·6169·6465···package·{·'aide
 0003aff0:·273a·0a20·2020·2065·6e73·7572·6520·3d26··':.····ensure·=&
 0003b000:·6774·3b20·2769·6e73·7461·6c6c·6564·272c··gt;·'installed',
 0003b010:·0a20·207d·0a7d·0a3c·2f63·6f64·653e·3c2f··.··}.}.</code></
 0003b020:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
 0003b030:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
 0003b040:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
 0003b050:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
 0003b060:·2d74·6172·6765·743d·2223·6964·6d33·3138··-target="#idm318
 0003b070:·3822·2074·6162·696e·6465·783d·2230·2220··8"·tabindex="0"·
 0003b080:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
 0003b090:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
 0003b0a0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
 0003b0b0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
 0003b0c0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
 0003b0d0:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
 0003b0e0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
 0003b0f0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
 0003b100:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
 0003b110:·2220·6964·3d22·6964·6d33·3138·3822·3e3c··"·id="idm3188"><
 0003b120:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
 0003b130:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
 0003b140:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
 0003b150:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
 0003b160:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
0003b150:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</0003b170:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
0003b160:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>0003b180:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003b170:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
0003b180:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003b190:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:0003b190:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
 0003b1a0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003b1b0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003b1a0:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable<0003b1c0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
 0003b1d0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003b1e0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
 0003b1f0:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><
 0003b200:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
 0003b210:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
 0003b220:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
 0003b230:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
 0003b240:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
 0003b250:·7270·6d20·2d2d·7175·6965·7420·2d71·206b··rpm·--quiet·-q·k
 0003b260:·6572·6e65·6c3b·2074·6865·6e0a·0a69·6620··ernel;·then..if·
 0003b270:·2120·7270·6d20·2d71·202d·2d71·7569·6574··!·rpm·-q·--quiet
 0003b280:·2022·6169·6465·2220·3b20·7468·656e·0a20···"aide"·;·then.·
 0003b290:·2020·2064·6e66·2069·6e73·7461·6c6c·202d·····dnf·install·-
 0003b2a0:·7920·2261·6964·6522·0a66·690a·0a65·6c73··y·"aide".fi..els
 0003b2b0:·650a·2020·2020·2667·743b·2661·6d70·3b32··e.····&gt;&amp;2
 0003b2c0:·2065·6368·6f20·2752·656d·6564·6961·7469···echo·'Remediati
 0003b2d0:·6f6e·2069·7320·6e6f·7420·6170·706c·6963··on·is·not·applic
 0003b2e0:·6162·6c65·2c20·6e6f·7468·696e·6720·7761··able,·nothing·wa
 0003b2f0:·7320·646f·6e65·270a·6669·0a3c·2f63·6f64··s·done'.fi.</cod
0003b1b0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003b1c0:·3e3c·7072·653e·3c63·6f64·653e·696e·636c··><pre><code>incl 
0003b1d0:·7564·6520·696e·7374·616c·6c5f·6169·6465··ude·install_aide 
0003b1e0:·0a0a·636c·6173·7320·696e·7374·616c·6c5f··..class·install_ 
0003b1f0:·6169·6465·207b·0a20·2070·6163·6b61·6765··aide·{.··package 
0003b200:·207b·2027·6169·6465·273a·0a20·2020·2065···{·'aide':.····e 
0003b210:·6e73·7572·6520·3d26·6774·3b20·2769·6e73··nsure·=&gt;·'ins 
0003b220:·7461·6c6c·6564·272c·0a20·207d·0a7d·0a3c··talled',.··}.}.< 
0003b230:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003b240:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003b250:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003b260:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003b270:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003b280:·2223·6964·6d33·3138·3922·2074·6162·696e··"#idm3189"·tabin 
0003b290:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003b2a0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003b2b0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003b2c0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003b2d0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003b2e0:·3e52·656d·6564·6961·7469·6f6e·204f·5342··>Remediation·OSB 
Max diff block lines reached; 9473988/9502030 bytes (99.70%) of diff not shown.
1.0 MB
html2text {}
    
Offset 113, 38 lines modifiedOffset 113, 41 lines modified
113 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)113 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
114 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3114 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
116 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199116 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
117 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79117 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
118 ············_\x8c_\x8i_\x8s············6.1.1118 ············_\x8c_\x8i_\x8s············6.1.1
119 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2119 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
120 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
121 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
122 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
123 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
124 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
125 package·--add=aide 
126 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8120 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
127 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low121 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
128 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low122 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
129 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false123 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
130 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable124 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
131 include·install_aide125 include·install_aide
  
132 class·install_aide·{126 class·install_aide·{
133 ··package·{·'aide':127 ··package·{·'aide':
134 ····ensure·=>·'installed',128 ····ensure·=>·'installed',
135 ··}129 ··}
136 }130 }
137 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 136 #·Remediation·is·applicable·only·in·certain·platforms
 137 if·rpm·--quiet·-q·kernel;·then
  
138 [[packages]] 
139 name·=·"aide" 
140 version·=·"*"138 if·!·rpm·-q·--quiet·"aide"·;·then
 139 ····dnf·install·-y·"aide"
 140 fi
  
 141 else
 142 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 143 fi
141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
142 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low145 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
143 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low146 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
144 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false147 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
145 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable148 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
146 -·name:·Gather·the·package·facts149 -·name:·Gather·the·package·facts
147 ··package_facts:150 ··package_facts:
Offset 173, 29 lines modifiedOffset 176, 26 lines modified
173 ··-·PCI-DSSv4-11.5.2176 ··-·PCI-DSSv4-11.5.2
174 ··-·enable_strategy177 ··-·enable_strategy
175 ··-·low_complexity178 ··-·low_complexity
176 ··-·low_disruption179 ··-·low_disruption
177 ··-·medium_severity180 ··-·medium_severity
178 ··-·no_reboot_needed181 ··-·no_reboot_needed
179 ··-·package_aide_installed182 ··-·package_aide_installed
 183 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 184 [[packages]]
 185 name·=·"aide"
 186 version·=·"*"
180 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8187 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
181 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low188 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
182 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low189 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
183 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false190 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
184 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable191 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
185 #·Remediation·is·applicable·only·in·certain·platforms 
186 if·rpm·--quiet·-q·kernel;·then 
  
187 if·!·rpm·-q·--quiet·"aide"·;·then 
188 ····dnf·install·-y·"aide" 
189 fi 
  
 192 package·--add=aide
190 else 
191 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
192 fi 
193 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*193 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
194 Run·the·following·command·to·generate·a·new·database:194 Run·the·following·command·to·generate·a·new·database:
195 $·sudo·/usr/sbin/aide·--init195 $·sudo·/usr/sbin/aide·--init
196 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration196 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration
197 file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only197 file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only
198 media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:198 media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
199 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz199 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
Offset 535, 14 lines modifiedOffset 535, 33 lines modified
535 ············_\x8i_\x8s_\x8m······1446535 ············_\x8i_\x8s_\x8m······1446
536 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1536 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
537 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)537 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
538 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1538 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
539 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174539 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
540 ············_\x8c_\x8i_\x8s······1.6.1540 ············_\x8c_\x8i_\x8s······1.6.1
541 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2541 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 542 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 543 var_system_crypto_policy='DEFAULT:NO-SHA1'
  
  
 544 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 545 rc=$?
  
 546 if·test·"$rc"·=·127;·then
 547 »       echo·"$stderr_of_call"·>&2
 548 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 549 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 550 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 551 »       false··#·end·with·an·error·code
 552 elif·test·"$rc"·!=·0;·then
 553 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 554 »       false··#·end·with·an·error·code
 555 fi
542 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8556 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
543 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low557 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
544 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low558 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
545 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false559 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
546 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict560 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
547 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable561 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
548 ··set_fact:562 ··set_fact:
Offset 587, 33 lines modifiedOffset 606, 14 lines modified
587 ··-·PCI-DSSv4-2.2.7606 ··-·PCI-DSSv4-2.2.7
588 ··-·configure_crypto_policy607 ··-·configure_crypto_policy
589 ··-·high_severity608 ··-·high_severity
590 ··-·low_complexity609 ··-·low_complexity
591 ··-·low_disruption610 ··-·low_disruption
592 ··-·no_reboot_needed611 ··-·no_reboot_needed
Max diff block lines reached; 1044527/1049759 bytes (99.50%) of diff not shown.
9.83 MB
./usr/share/doc/ssg-nondebian/ssg-almalinux9-guide-cis_workstation_l1.html
    
Offset 15064, 213 lines modifiedOffset 15064, 213 lines modified
0003ad70:·612d·7461·7267·6574·3d22·2369·646d·3331··a-target="#idm310003ad70:·612d·7461·7267·6574·3d22·2369·646d·3331··a-target="#idm31
0003ad80:·3837·2220·7461·6269·6e64·6578·3d22·3022··87"·tabindex="0"0003ad80:·3837·2220·7461·6269·6e64·6578·3d22·3022··87"·tabindex="0"
0003ad90:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a0003ad90:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003ada0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa0003ada0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003adb0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti0003adb0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003adc0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·0003adc0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003add0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi0003add0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
0003ade0:·6174·696f·6e20·416e·6163·6f6e·6461·2073··ation·Anaconda·s0003ade0:·6174·696f·6e20·5075·7070·6574·2073·6e69··ation·Puppet·sni
0003adf0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b0003adf0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>
0003ae00:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa0003ae00:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003ae10:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col0003ae10:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003ae20:·6c61·7073·6522·2069·643d·2269·646d·3331··lapse"·id="idm310003ae20:·7073·6522·2069·643d·2269·646d·3331·3837··pse"·id="idm3187
0003ae30:·3837·223e·3c74·6162·6c65·2063·6c61·7373··87"><table·class0003ae30:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003ae40:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st0003ae40:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
0003ae50:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord0003ae50:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
0003ae60:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde0003ae60:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
0003ae70:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co0003ae70:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
0003ae80:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t0003ae80:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
0003ae90:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><0003ae90:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
0003aea0:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio0003aea0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
0003aeb0:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</0003aeb0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
0003aec0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>0003aec0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
0003aed0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>0003aed0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
0003aee0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><0003aee0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
0003aef0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:0003aef0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
0003af00:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable<0003af00:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t
0003af10:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table0003af10:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
0003af20:·3e3c·7072·653e·3c63·6f64·653e·0a70·6163··><pre><code>.pac0003af20:·7072·653e·3c63·6f64·653e·696e·636c·7564··pre><code>includ
 0003af30:·6520·696e·7374·616c·6c5f·6169·6465·0a0a··e·install_aide..
 0003af40:·636c·6173·7320·696e·7374·616c·6c5f·6169··class·install_ai
 0003af50:·6465·207b·0a20·2070·6163·6b61·6765·207b··de·{.··package·{
 0003af60:·2027·6169·6465·273a·0a20·2020·2065·6e73···'aide':.····ens
 0003af70:·7572·6520·3d26·6774·3b20·2769·6e73·7461··ure·=&gt;·'insta
 0003af80:·6c6c·6564·272c·0a20·207d·0a7d·0a3c·2f63··lled',.··}.}.</c
0003af30:·6b61·6765·202d·2d61·6464·3d61·6964·650a··kage·--add=aide. 
0003af40:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003af50:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003af60:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003af70:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003af80:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003af90:·3d22·2369·646d·3331·3838·2220·7461·6269··="#idm3188"·tabi 
0003afa0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003afb0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003afc0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003afd0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003afe0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003aff0:·223e·5265·6d65·6469·6174·696f·6e20·5075··">Remediation·Pu 
0003b000:·7070·6574·2073·6e69·7070·6574·20e2·87b2··ppet·snippet·... 
0003b010:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003b020:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003b030:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003b040:·2269·646d·3331·3838·223e·3c74·6162·6c65··"idm3188"><table 
0003b050:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003b060:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003b070:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003b080:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003b090:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
0003b0a0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003b0b0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis 
0003b0c0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td 
0003b0d0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003b0e0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
0003b0f0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003b100:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003b110:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e 
0003b120:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr>< 
0003b130:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod 
0003b140:·653e·696e·636c·7564·6520·696e·7374·616c··e>include·instal 
0003b150:·6c5f·6169·6465·0a0a·636c·6173·7320·696e··l_aide..class·in 
0003b160:·7374·616c·6c5f·6169·6465·207b·0a20·2070··stall_aide·{.··p 
0003b170:·6163·6b61·6765·207b·2027·6169·6465·273a··ackage·{·'aide': 
0003b180:·0a20·2020·2065·6e73·7572·6520·3d26·6774··.····ensure·=&gt 
0003b190:·3b20·2769·6e73·7461·6c6c·6564·272c·0a20··;·'installed',.· 
0003b1a0:·207d·0a7d·0a3c·2f63·6f64·653e·3c2f·7072···}.}.</code></pr 
0003b1b0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003b1c0:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003b1d0:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003b1e0:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003b1f0:·6172·6765·743d·2223·6964·6d33·3138·3922··arget="#idm3189" 
0003b200:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003b210:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003b220:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003b230:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003b240:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003b250:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003b260:·6f6e·204f·5342·7569·6c64·2042·6c75·6570··on·OSBuild·Bluep 
0003b270:·7269·6e74·2073·6e69·7070·6574·20e2·87b2··rint·snippet·... 
0003b280:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003b290:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003b2a0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003b2b0:·2269·646d·3331·3839·223e·3c70·7265·3e3c··"idm3189"><pre>< 
0003b2c0:·636f·6465·3e0a·5b5b·7061·636b·6167·6573··code>.[[packages 
0003b2d0:·5d5d·0a6e·616d·6520·3d20·2261·6964·6522··]].name·=·"aide" 
0003b2e0:·0a76·6572·7369·6f6e·203d·2022·2a22·0a3c··.version·=·"*".< 
0003b2f0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di0003af90:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div>
0003b300:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·0003afa0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt
0003b310:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat0003afb0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data-
0003b320:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap0003afc0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse
0003b330:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003afd0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003b340:·2223·6964·6d33·3139·3022·2074·6162·696e··"#idm3190"·tabin0003afe0:·6964·6d33·3138·3822·2074·6162·696e·6465··idm3188"·tabinde
0003b350:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003aff0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003b360:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b000:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003b370:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b010:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003b380:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b020:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003b390:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b030:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
 0003b040:·656d·6564·6961·7469·6f6e·2053·6865·6c6c··emediation·Shell
 0003b050:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
 0003b060:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
 0003b070:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
 0003b080:·6c6c·6170·7365·2220·6964·3d22·6964·6d33··llapse"·id="idm3
 0003b090:·3138·3822·3e3c·7461·626c·6520·636c·6173··188"><table·clas
 0003b0a0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
 0003b0b0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
 0003b0c0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
 0003b0d0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
 0003b0e0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003b3a0:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans 
0003b3b0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·... 
0003b3c0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003b3d0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003b3e0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003b3f0:·2269·646d·3331·3930·223e·3c74·6162·6c65··"idm3190"><table 
0003b400:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003b410:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003b420:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003b430:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003b440:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
Max diff block lines reached; 9253077/9281119 bytes (99.70%) of diff not shown.
1000 KB
html2text {}
    
Offset 112, 38 lines modifiedOffset 112, 41 lines modified
112 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)112 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
113 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3113 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
114 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5114 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
115 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199115 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
116 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79116 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
117 ············_\x8c_\x8i_\x8s············6.1.1117 ············_\x8c_\x8i_\x8s············6.1.1
118 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2118 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
124 package·--add=aide 
125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
126 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
127 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
128 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
129 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
130 include·install_aide124 include·install_aide
  
131 class·install_aide·{125 class·install_aide·{
132 ··package·{·'aide':126 ··package·{·'aide':
133 ····ensure·=>·'installed',127 ····ensure·=>·'installed',
134 ··}128 ··}
135 }129 }
136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 131 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 132 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 133 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 134 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 135 #·Remediation·is·applicable·only·in·certain·platforms
 136 if·rpm·--quiet·-q·kernel;·then
  
137 [[packages]] 
138 name·=·"aide" 
139 version·=·"*"137 if·!·rpm·-q·--quiet·"aide"·;·then
 138 ····dnf·install·-y·"aide"
 139 fi
  
 140 else
 141 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 142 fi
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
145 -·name:·Gather·the·package·facts148 -·name:·Gather·the·package·facts
146 ··package_facts:149 ··package_facts:
Offset 172, 29 lines modifiedOffset 175, 26 lines modified
172 ··-·PCI-DSSv4-11.5.2175 ··-·PCI-DSSv4-11.5.2
173 ··-·enable_strategy176 ··-·enable_strategy
174 ··-·low_complexity177 ··-·low_complexity
175 ··-·low_disruption178 ··-·low_disruption
176 ··-·medium_severity179 ··-·medium_severity
177 ··-·no_reboot_needed180 ··-·no_reboot_needed
178 ··-·package_aide_installed181 ··-·package_aide_installed
 182 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 183 [[packages]]
 184 name·=·"aide"
 185 version·=·"*"
179 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
180 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low187 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
181 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low188 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
182 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false189 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
183 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable190 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
184 #·Remediation·is·applicable·only·in·certain·platforms 
185 if·rpm·--quiet·-q·kernel;·then 
  
186 if·!·rpm·-q·--quiet·"aide"·;·then 
187 ····dnf·install·-y·"aide" 
188 fi 
  
 191 package·--add=aide
189 else 
190 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
191 fi 
192 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*192 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
193 Run·the·following·command·to·generate·a·new·database:193 Run·the·following·command·to·generate·a·new·database:
194 $·sudo·/usr/sbin/aide·--init194 $·sudo·/usr/sbin/aide·--init
195 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration195 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration
196 file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only196 file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only
197 media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:197 media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
198 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz198 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
Offset 534, 14 lines modifiedOffset 534, 33 lines modified
534 ············_\x8i_\x8s_\x8m······1446534 ············_\x8i_\x8s_\x8m······1446
535 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1535 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
536 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)536 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
537 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1537 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
538 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174538 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
539 ············_\x8c_\x8i_\x8s······1.6.1539 ············_\x8c_\x8i_\x8s······1.6.1
540 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2540 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 541 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 542 var_system_crypto_policy='DEFAULT:NO-SHA1'
  
  
 543 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 544 rc=$?
  
 545 if·test·"$rc"·=·127;·then
 546 »       echo·"$stderr_of_call"·>&2
 547 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 548 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 549 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 550 »       false··#·end·with·an·error·code
 551 elif·test·"$rc"·!=·0;·then
 552 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 553 »       false··#·end·with·an·error·code
 554 fi
541 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8555 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
542 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low556 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
543 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low557 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
544 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false558 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
545 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict559 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
546 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable560 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
547 ··set_fact:561 ··set_fact:
Offset 586, 33 lines modifiedOffset 605, 14 lines modified
586 ··-·PCI-DSSv4-2.2.7605 ··-·PCI-DSSv4-2.2.7
587 ··-·configure_crypto_policy606 ··-·configure_crypto_policy
588 ··-·high_severity607 ··-·high_severity
589 ··-·low_complexity608 ··-·low_complexity
590 ··-·low_disruption609 ··-·low_disruption
591 ··-·no_reboot_needed610 ··-·no_reboot_needed
Max diff block lines reached; 1022139/1027371 bytes (99.49%) of diff not shown.
22.9 MB
./usr/share/doc/ssg-nondebian/ssg-almalinux9-guide-cis_workstation_l2.html
    
Offset 15103, 213 lines modifiedOffset 15103, 213 lines modified
0003afe0:·7461·2d74·6172·6765·743d·2223·6964·6d33··ta-target="#idm30003afe0:·7461·2d74·6172·6765·743d·2223·6964·6d33··ta-target="#idm3
0003aff0:·3138·3722·2074·6162·696e·6465·783d·2230··187"·tabindex="00003aff0:·3138·3722·2074·6162·696e·6465·783d·2230··187"·tabindex="0
0003b000:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·0003b000:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003b010:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f0003b010:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003b020:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act0003b020:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003b030:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"0003b030:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
0003b040:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed0003b040:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
0003b050:·6961·7469·6f6e·2041·6e61·636f·6e64·6120··iation·Anaconda·0003b050:·6961·7469·6f6e·2050·7570·7065·7420·736e··iation·Puppet·sn
0003b060:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003b060:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br
0003b070:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003b070:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003b080:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003b080:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003b090:·6c6c·6170·7365·2220·6964·3d22·6964·6d33··llapse"·id="idm30003b090:·6170·7365·2220·6964·3d22·6964·6d33·3138··apse"·id="idm318
0003b0a0:·3138·3722·3e3c·7461·626c·6520·636c·6173··187"><table·clas0003b0a0:·3722·3e3c·7461·626c·6520·636c·6173·733d··7"><table·class=
0003b0b0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s0003b0b0:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
0003b0c0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor0003b0c0:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
0003b0d0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond0003b0d0:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
0003b0e0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C0003b0e0:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
0003b0f0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><0003b0f0:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
0003b100:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>0003b100:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
0003b110:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti0003b110:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003b120:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<0003b120:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
0003b130:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b130:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
0003b140:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td0003b140:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
0003b150:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>0003b150:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
0003b160:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy0003b160:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0003b170:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable0003b170:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
0003b180:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl0003b180:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
0003b190:·653e·3c70·7265·3e3c·636f·6465·3e0a·7061··e><pre><code>.pa0003b190:·3c70·7265·3e3c·636f·6465·3e69·6e63·6c75··<pre><code>inclu
0003b1a0:·636b·6167·6520·2d2d·6164·643d·6169·6465··ckage·--add=aide 
0003b1b0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003b1c0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003b1d0:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003b1e0:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003b1f0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
0003b200:·743d·2223·6964·6d33·3138·3822·2074·6162··t="#idm3188"·tab 
0003b210:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003b220:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003b230:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003b240:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003b250:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003b260:·2122·3e52·656d·6564·6961·7469·6f6e·2050··!">Remediation·P 
0003b270:·7570·7065·7420·736e·6970·7065·7420·e287··uppet·snippet·.. 
0003b280:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003b290:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003b2a0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003b2b0:·3d22·6964·6d33·3138·3822·3e3c·7461·626c··="idm3188"><tabl 
0003b2c0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003b2d0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003b2e0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003b2f0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003b300:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003b310:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b320:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003b330:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003b340:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003b350:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003b360:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003b370:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003b380:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003b390:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003b3a0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003b3b0:·6465·3e69·6e63·6c75·6465·2069·6e73·7461··de>include·insta 
0003b3c0:·6c6c·5f61·6964·650a·0a63·6c61·7373·2069··ll_aide..class·i 
0003b3d0:·6e73·7461·6c6c·5f61·6964·6520·7b0a·2020··nstall_aide·{.··0003b1a0:·6465·2069·6e73·7461·6c6c·5f61·6964·650a··de·install_aide.
 0003b1b0:·0a63·6c61·7373·2069·6e73·7461·6c6c·5f61··.class·install_a
 0003b1c0:·6964·6520·7b0a·2020·7061·636b·6167·6520··ide·{.··package·
 0003b1d0:·7b20·2761·6964·6527·3a0a·2020·2020·656e··{·'aide':.····en
 0003b1e0:·7375·7265·203d·2667·743b·2027·696e·7374··sure·=&gt;·'inst
 0003b1f0:·616c·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f··alled',.··}.}.</
0003b3e0:·7061·636b·6167·6520·7b20·2761·6964·6527··package·{·'aide' 
0003b3f0:·3a0a·2020·2020·656e·7375·7265·203d·2667··:.····ensure·=&g 
0003b400:·743b·2027·696e·7374·616c·6c65·6427·2c0a··t;·'installed',. 
0003b410:·2020·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70····}.}.</code></p 
0003b420:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003b430:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
0003b440:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
0003b450:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
0003b460:·7461·7267·6574·3d22·2369·646d·3331·3839··target="#idm3189 
0003b470:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
0003b480:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
0003b490:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
0003b4a0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
0003b4b0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
0003b4c0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat 
0003b4d0:·696f·6e20·4f53·4275·696c·6420·426c·7565··ion·OSBuild·Blue 
0003b4e0:·7072·696e·7420·736e·6970·7065·7420·e287··print·snippet·.. 
0003b4f0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003b500:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003b510:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003b520:·3d22·6964·6d33·3138·3922·3e3c·7072·653e··="idm3189"><pre> 
0003b530:·3c63·6f64·653e·0a5b·5b70·6163·6b61·6765··<code>.[[package 
0003b540:·735d·5d0a·6e61·6d65·203d·2022·6169·6465··s]].name·=·"aide 
0003b550:·220a·7665·7273·696f·6e20·3d20·222a·220a··".version·=·"*". 
0003b560:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d0003b200:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div
0003b570:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn0003b210:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b
0003b580:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da0003b220:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data
0003b590:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla0003b230:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps
0003b5a0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b240:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003b5b0:·3d22·2369·646d·3331·3930·2220·7461·6269··="#idm3190"·tabi0003b250:·2369·646d·3331·3838·2220·7461·6269·6e64··#idm3188"·tabind
0003b5c0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b260:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003b5d0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b270:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003b5e0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b280:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003b5f0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b290:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
0003b600:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b2a0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003b610:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003b2b0:·5265·6d65·6469·6174·696f·6e20·5368·656c··Remediation·Shel
 0003b2c0:·6c20·7363·7269·7074·20e2·87b2·3c2f·613e··l·script·...</a>
 0003b2d0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003b620:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·.. 
0003b630:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003b640:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003b650:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id0003b2e0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
 0003b2f0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
 0003b300:·3331·3838·223e·3c74·6162·6c65·2063·6c61··3188"><table·cla
 0003b310:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
 0003b320:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
 0003b330:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
 0003b340:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
 0003b350:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003b660:·3d22·6964·6d33·3139·3022·3e3c·7461·626c··="idm3190"><tabl 
0003b670:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003b680:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003b690:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003b6a0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003b6b0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003b6c0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b6d0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003b6e0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
Max diff block lines reached; 21975324/22003366 bytes (99.87%) of diff not shown.
1.87 MB
html2text {}
Max HTML report size reached
15.5 MB
./usr/share/doc/ssg-nondebian/ssg-almalinux9-guide-hipaa.html
    
Offset 16002, 176 lines modifiedOffset 16002, 176 lines modified
0003e810:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe0003e810:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003e820:·743d·2223·6964·6d33·3436·3622·2074·6162··t="#idm3466"·tab0003e820:·743d·2223·6964·6d33·3436·3622·2074·6162··t="#idm3466"·tab
0003e830:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="0003e830:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003e840:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp0003e840:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003e850:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti0003e850:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003e860:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to0003e860:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003e870:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#0003e870:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003e880:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A0003e880:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
 0003e890:·6865·6c6c·2073·6372·6970·7420·e287·b23c··hell·script·...<
 0003e8a0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003e8b0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003e8c0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003e8d0:·6964·6d33·3436·3622·3e3c·7072·653e·3c63··idm3466"><pre><c
 0003e8e0:·6f64·653e·0a76·6172·5f73·7973·7465·6d5f··ode>.var_system_
 0003e8f0:·6372·7970·746f·5f70·6f6c·6963·793d·273c··crypto_policy='<
 0003e900:·6162·6272·2074·6974·6c65·3d22·6672·6f6d··abbr·title="from
 0003e910:·2050·726f·6669·6c65·2f72·6566·696e·652d···Profile/refine-
 0003e920:·7661·6c75·653a·2078·6363·6466·5f6f·7267··value:·xccdf_org
 0003e930:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
 0003e940:·656e·745f·7661·6c75·655f·7661·725f·7379··ent_value_var_sy
0003e890:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·. 
0003e8a0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003e8b0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003e8c0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003e8d0:·643d·2269·646d·3334·3636·223e·3c74·6162··d="idm3466"><tab 
0003e8e0:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003e8f0:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003e900:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003e910:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003e920:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003e930:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003e940:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003e950:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003e960:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003e970:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003e980:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003e990:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003e9a0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003e9b0:·3e72·6573·7472·6963·743c·2f74·643e·3c2f··>restrict</td></ 
0003e9c0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003e9d0:·3c63·6f64·653e·2d20·6e61·6d65·3a20·5843··<code>-·name:·XC 
0003e9e0:·4344·4620·5661·6c75·6520·7661·725f·7379··CDF·Value·var_sy 
0003e9f0:·7374·656d·5f63·7279·7074·6f5f·706f·6c69··stem_crypto_poli0003e950:·7374·656d·5f63·7279·7074·6f5f·706f·6c69··stem_crypto_poli
0003ea00:·6379·2023·2070·726f·6d6f·7465·2074·6f20··cy·#·promote·to· 
0003ea10:·7661·7269·6162·6c65·0a20·2073·6574·5f66··variable.··set_f 
0003ea20:·6163·743a·0a20·2020·2076·6172·5f73·7973··act:.····var_sys0003e960:·6379·223e·4649·5053·3c2f·6162·6272·3e27··cy">FIPS</abbr>'
 0003e970:·0a0a·0a73·7464·6572·725f·6f66·5f63·616c··...stderr_of_cal
 0003e980:·6c3d·2428·7570·6461·7465·2d63·7279·7074··l=$(update-crypt
 0003e990:·6f2d·706f·6c69·6369·6573·202d·2d73·6574··o-policies·--set
 0003e9a0:·2024·7b76·6172·5f73·7973·7465·6d5f·6372···${var_system_cr
 0003e9b0:·7970·746f·5f70·6f6c·6963·797d·2032·2667··ypto_policy}·2&g
 0003e9c0:·743b·2661·6d70·3b31·2026·6774·3b20·2f64··t;&amp;1·&gt;·/d
 0003e9d0:·6576·2f6e·756c·6c29·0a72·633d·243f·0a0a··ev/null).rc=$?..
 0003e9e0:·6966·2074·6573·7420·2224·7263·2220·3d20··if·test·"$rc"·=·
 0003e9f0:·3132·373b·2074·6865·6e0a·0965·6368·6f20··127;·then..echo·
 0003ea00:·2224·7374·6465·7272·5f6f·665f·6361·6c6c··"$stderr_of_call
 0003ea10:·2220·2667·743b·2661·6d70·3b32·0a09·6563··"·&gt;&amp;2..ec
 0003ea20:·686f·2022·4d61·6b65·2073·7572·6520·7468··ho·"Make·sure·th
 0003ea30:·6174·2074·6865·2073·6372·6970·7420·6973··at·the·script·is
 0003ea40:·2069·6e73·7461·6c6c·6564·206f·6e20·7468···installed·on·th
 0003ea50:·6520·7265·6d65·6469·6174·6564·2073·7973··e·remediated·sys
 0003ea60:·7465·6d2e·2220·2667·743b·2661·6d70·3b32··tem."·&gt;&amp;2
 0003ea70:·0a09·6563·686f·2022·5365·6520·6f75·7470··..echo·"See·outp
 0003ea80:·7574·206f·6620·7468·6520·2764·6e66·2070··ut·of·the·'dnf·p
 0003ea90:·726f·7669·6465·7320·7570·6461·7465·2d63··rovides·update-c
 0003eaa0:·7279·7074·6f2d·706f·6c69·6369·6573·2720··rypto-policies'·
 0003eab0:·636f·6d6d·616e·6422·2026·6774·3b26·616d··command"·&gt;&am
 0003eac0:·703b·320a·0965·6368·6f20·2274·6f20·7365··p;2..echo·"to·se
 0003ead0:·6520·7768·6174·2070·6163·6b61·6765·2074··e·what·package·t
 0003eae0:·6f20·2872·6529·696e·7374·616c·6c22·2026··o·(re)install"·&
 0003eaf0:·6774·3b26·616d·703b·320a·0a09·6661·6c73··gt;&amp;2...fals
 0003eb00:·6520·2023·2065·6e64·2077·6974·6820·616e··e··#·end·with·an
 0003eb10:·2065·7272·6f72·2063·6f64·650a·656c·6966···error·code.elif
 0003eb20:·2074·6573·7420·2224·7263·2220·213d·2030···test·"$rc"·!=·0
 0003eb30:·3b20·7468·656e·0a09·6563·686f·2022·4572··;·then..echo·"Er
 0003eb40:·726f·7220·696e·766f·6b69·6e67·2074·6865··ror·invoking·the
 0003eb50:·2075·7064·6174·652d·6372·7970·746f·2d70···update-crypto-p
 0003eb60:·6f6c·6963·6965·7320·7363·7269·7074·3a20··olicies·script:·
 0003eb70:·2473·7464·6572·725f·6f66·5f63·616c·6c22··$stderr_of_call"
 0003eb80:·2026·6774·3b26·616d·703b·320a·0966·616c···&gt;&amp;2..fal
 0003eb90:·7365·2020·2320·656e·6420·7769·7468·2061··se··#·end·with·a
 0003eba0:·6e20·6572·726f·7220·636f·6465·0a66·690a··n·error·code.fi.
 0003ebb0:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
 0003ebc0:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
 0003ebd0:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
 0003ebe0:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
 0003ebf0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
 0003ec00:·3d22·2369·646d·3334·3638·2220·7461·6269··="#idm3468"·tabi
 0003ec10:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
 0003ec20:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
 0003ec30:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
 0003ec40:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
 0003ec50:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
 0003ec60:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An
 0003ec70:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..
 0003ec80:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
 0003ec90:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
 0003eca0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
 0003ecb0:·3d22·6964·6d33·3436·3822·3e3c·7461·626c··="idm3468"><tabl
 0003ecc0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
 0003ecd0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
 0003ece0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
 0003ecf0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
 0003ed00:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
 0003ed10:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003ed20:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di
 0003ed30:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t
 0003ed40:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
 0003ed50:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</
 0003ed60:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td
 0003ed70:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
 0003ed80:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
 0003ed90:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t
 0003eda0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 0003edb0:·636f·6465·3e2d·206e·616d·653a·2058·4343··code>-·name:·XCC
 0003edc0:·4446·2056·616c·7565·2076·6172·5f73·7973··DF·Value·var_sys
0003ea30:·7465·6d5f·6372·7970·746f·5f70·6f6c·6963··tem_crypto_polic0003edd0:·7465·6d5f·6372·7970·746f·5f70·6f6c·6963··tem_crypto_polic
 0003ede0:·7920·2320·7072·6f6d·6f74·6520·746f·2076··y·#·promote·to·v
 0003edf0:·6172·6961·626c·650a·2020·7365·745f·6661··ariable.··set_fa
0003ea40:·793a·2021·2173·7472·203c·6162·6272·2074··y:·!!str·<abbr·t 
0003ea50:·6974·6c65·3d22·6672·6f6d·2050·726f·6669··itle="from·Profi 
0003ea60:·6c65·2f72·6566·696e·652d·7661·6c75·653a··le/refine-value: 
0003ea70:·2078·6363·6466·5f6f·7267·2e73·7367·7072···xccdf_org.ssgpr 
0003ea80:·6f6a·6563·742e·636f·6e74·656e·745f·7661··oject.content_va 
0003ea90:·6c75·655f·7661·725f·7379·7374·656d·5f63··lue_var_system_c 
0003eaa0:·7279·7074·6f5f·706f·6c69·6379·223e·4649··rypto_policy">FI 
0003eab0:·5053·3c2f·6162·6272·3e0a·2020·7461·6773··PS</abbr>.··tags 
Max diff block lines reached; 15169683/15192619 bytes (99.85%) of diff not shown.
1.03 MB
html2text {}
    
Offset 229, 14 lines modifiedOffset 229, 33 lines modified
229 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1229 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
230 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)230 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
231 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,231 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,
232 ·····················FCS_TLSC_EXT.1232 ·····················FCS_TLSC_EXT.1
233 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174233 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
234 ············_\x8c_\x8i_\x8s······1.6.1234 ············_\x8c_\x8i_\x8s······1.6.1
235 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2235 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 237 var_system_crypto_policy='FIPS'
  
  
 238 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 239 rc=$?
  
 240 if·test·"$rc"·=·127;·then
 241 »       echo·"$stderr_of_call"·>&2
 242 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 243 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 244 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 245 »       false··#·end·with·an·error·code
 246 elif·test·"$rc"·!=·0;·then
 247 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 248 »       false··#·end·with·an·error·code
 249 fi
236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8250 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
237 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low251 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
238 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low252 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
239 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false253 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
240 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict254 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
241 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable255 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
242 ··set_fact:256 ··set_fact:
Offset 281, 33 lines modifiedOffset 300, 14 lines modified
281 ··-·PCI-DSSv4-2.2.7300 ··-·PCI-DSSv4-2.2.7
282 ··-·configure_crypto_policy301 ··-·configure_crypto_policy
283 ··-·high_severity302 ··-·high_severity
284 ··-·low_complexity303 ··-·low_complexity
285 ··-·low_disruption304 ··-·low_disruption
286 ··-·no_reboot_needed305 ··-·no_reboot_needed
287 ··-·restrict_strategy306 ··-·restrict_strategy
288 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
289 var_system_crypto_policy='FIPS' 
  
  
290 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
291 rc=$? 
  
292 if·test·"$rc"·=·127;·then 
293 »       echo·"$stderr_of_call"·>&2 
294 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
295 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
296 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
297 »       false··#·end·with·an·error·code 
298 elif·test·"$rc"·!=·0;·then 
299 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
300 »       false··#·end·with·an·error·code 
301 fi 
302 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*307 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
303 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is308 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is
304 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto309 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto
305 Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or310 Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or
306 not·set·at·all·in·the·/etc/sysconfig/sshd.311 not·set·at·all·in·the·/etc/sysconfig/sshd.
307 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate312 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate
308 ············expectations,·and·makes·system·configuration·more·fragmented.313 ············expectations,·and·makes·system·configuration·more·fragmented.
Offset 318, 14 lines modifiedOffset 318, 19 lines modified
318 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1318 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
319 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13319 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13
320 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1320 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1
321 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2321 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
322 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093322 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
323 ············_\x8c_\x8i_\x8s······1.6.2323 ············_\x8c_\x8i_\x8s······1.6.2
324 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2324 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 325 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 326 SSH_CONF="/etc/sysconfig/sshd"
  
 327 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
325 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8328 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
326 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low329 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
327 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium330 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
328 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true331 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
329 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable332 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable
330 -·name:·Configure·SSH·to·use·System·Crypto·Policy333 -·name:·Configure·SSH·to·use·System·Crypto·Policy
331 ··lineinfile:334 ··lineinfile:
Offset 343, 19 lines modifiedOffset 348, 14 lines modified
343 ··-·PCI-DSSv4-2.2.7348 ··-·PCI-DSSv4-2.2.7
344 ··-·configure_ssh_crypto_policy349 ··-·configure_ssh_crypto_policy
345 ··-·disable_strategy350 ··-·disable_strategy
346 ··-·low_complexity351 ··-·low_complexity
347 ··-·medium_disruption352 ··-·medium_disruption
348 ··-·medium_severity353 ··-·medium_severity
349 ··-·reboot_required354 ··-·reboot_required
350 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
351 SSH_CONF="/etc/sysconfig/sshd" 
  
352 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF 
353 Group  ·Disk·Partitioning·  Group·contains·1·rule355 Group  ·Disk·Partitioning·  Group·contains·1·rule
354 _\x8[_\x8r_\x8e_\x8f_\x8]  ·To·ensure·separation·and·protection·of·data,·there·are·top-level·system·directories·which·should356 _\x8[_\x8r_\x8e_\x8f_\x8]  ·To·ensure·separation·and·protection·of·data,·there·are·top-level·system·directories·which·should
355 be·placed·on·their·own·physical·partition·or·logical·volume.·The·installer's·default·partitioning·scheme357 be·placed·on·their·own·physical·partition·or·logical·volume.·The·installer's·default·partitioning·scheme
356 creates·separate·logical·volumes·for·/,·/boot,·and·swap.358 creates·separate·logical·volumes·for·/,·/boot,·and·swap.
357 ····*·If·starting·with·any·of·the·default·layouts,·check·the·box·to·\"Review·and·modify·partitioning.\"359 ····*·If·starting·with·any·of·the·default·layouts,·check·the·box·to·\"Review·and·modify·partitioning.\"
358 ······This·allows·for·the·easy·creation·of·additional·logical·volumes·inside·the·volume·group·already360 ······This·allows·for·the·easy·creation·of·additional·logical·volumes·inside·the·volume·group·already
359 ······created,·though·it·may·require·making·/'s·logical·volume·smaller·to·create·space.·In·general,·using361 ······created,·though·it·may·require·making·/'s·logical·volume·smaller·to·create·space.·In·general,·using
Offset 599, 14 lines modifiedOffset 599, 23 lines modified
599 Rule·ID:····xccdf_org.ssgproject.content_rule_dconf_db_up_to_date599 Rule·ID:····xccdf_org.ssgproject.content_rule_dconf_db_up_to_date
600 ············_\x8d_\x8i_\x8s_\x8a····CCI-000366600 ············_\x8d_\x8i_\x8s_\x8a····CCI-000366
601 ············_\x8h_\x8i_\x8p_\x8a_\x8a···164.308(a)(1)(ii)(B),·164.308(a)(5)(ii)(A)601 ············_\x8h_\x8i_\x8p_\x8a_\x8a···164.308(a)(1)(ii)(B),·164.308(a)(5)(ii)(A)
602 References:·_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s··Req-6.2602 References:·_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s··Req-6.2
603 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000480-GPOS-00227603 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000480-GPOS-00227
604 ············_\x8c_\x8i_\x8s·····reload_dconf_db604 ············_\x8c_\x8i_\x8s·····reload_dconf_db
605 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84·8.2.8,·8.2605 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84·8.2.8,·8.2
 606 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 607 #·Remediation·is·applicable·only·in·certain·platforms
 608 if·rpm·--quiet·-q·gdm·&&·{·rpm·--quiet·-q·kernel;·};·then
  
 609 dconf·update
  
 610 else
 611 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 612 fi
606 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8613 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
607 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low614 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
608 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium615 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
Max diff block lines reached; 1078260/1084104 bytes (99.46%) of diff not shown.
15.3 MB
./usr/share/doc/ssg-nondebian/ssg-almalinux9-guide-pci-dss.html
    
Offset 15847, 213 lines modifiedOffset 15847, 213 lines modified
0003de60:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003de60:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003de70:·646d·3331·3837·2220·7461·6269·6e64·6578··dm3187"·tabindex0003de70:·646d·3331·3837·2220·7461·6269·6e64·6578··dm3187"·tabindex
0003de80:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003de80:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003de90:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003de90:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003dea0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003dea0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003deb0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003deb0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003dec0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003dec0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003ded0:·6d65·6469·6174·696f·6e20·416e·6163·6f6e··mediation·Anacon0003ded0:·6d65·6469·6174·696f·6e20·5075·7070·6574··mediation·Puppet
0003dee0:·6461·2073·6e69·7070·6574·20e2·87b2·3c2f··da·snippet·...</0003dee0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>
0003def0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0003def0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003df00:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0003df00:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003df10:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0003df10:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003df20:·646d·3331·3837·223e·3c74·6162·6c65·2063··dm3187"><table·c0003df20:·3331·3837·223e·3c74·6162·6c65·2063·6c61··3187"><table·cla
0003df30:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl0003df30:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
0003df40:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-0003df40:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
0003df50:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c0003df50:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
0003df60:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t0003df60:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
0003df70:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t0003df70:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003df80:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></0003df80:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
0003df90:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru0003df90:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
0003dfa0:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l0003dfa0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low
0003dfb0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>0003dfb0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003dfc0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>0003dfc0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
0003dfd0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></0003dfd0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
0003dfe0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat0003dfe0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
0003dff0:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena0003dff0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl
0003e000:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t0003e000:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
0003e010:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>0003e010:·6c65·3e3c·7072·653e·3c63·6f64·653e·696e··le><pre><code>in
 0003e020:·636c·7564·6520·696e·7374·616c·6c5f·6169··clude·install_ai
 0003e030:·6465·0a0a·636c·6173·7320·696e·7374·616c··de..class·instal
 0003e040:·6c5f·6169·6465·207b·0a20·2070·6163·6b61··l_aide·{.··packa
 0003e050:·6765·207b·2027·6169·6465·273a·0a20·2020··ge·{·'aide':.···
 0003e060:·2065·6e73·7572·6520·3d26·6774·3b20·2769···ensure·=&gt;·'i
 0003e070:·6e73·7461·6c6c·6564·272c·0a20·207d·0a7d··nstalled',.··}.}
0003e020:·0a70·6163·6b61·6765·202d·2d61·6464·3d61··.package·--add=a 
0003e030:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre 
0003e040:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003e050:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003e060:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003e070:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003e080:·7267·6574·3d22·2369·646d·3331·3838·2220··rget="#idm3188"· 
0003e090:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003e0a0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003e0b0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003e0c0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003e0d0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003e0e0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003e0f0:·6e20·5075·7070·6574·2073·6e69·7070·6574··n·Puppet·snippet 
0003e100:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003e110:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003e120:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003e130:·2069·643d·2269·646d·3331·3838·223e·3c74···id="idm3188"><t 
0003e140:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003e150:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003e160:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003e170:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003e180:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003e190:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003e1a0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003e1b0:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003e1c0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003e1d0:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003e1e0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003e1f0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003e200:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003e210:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003e220:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003e230:·3c63·6f64·653e·696e·636c·7564·6520·696e··<code>include·in 
0003e240:·7374·616c·6c5f·6169·6465·0a0a·636c·6173··stall_aide..clas 
0003e250:·7320·696e·7374·616c·6c5f·6169·6465·207b··s·install_aide·{ 
0003e260:·0a20·2070·6163·6b61·6765·207b·2027·6169··.··package·{·'ai 
0003e270:·6465·273a·0a20·2020·2065·6e73·7572·6520··de':.····ensure· 
0003e280:·3d26·6774·3b20·2769·6e73·7461·6c6c·6564··=&gt;·'installed 
0003e290:·272c·0a20·207d·0a7d·0a3c·2f63·6f64·653e··',.··}.}.</code> 
0003e2a0:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003e2b0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003e2c0:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003e2d0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003e2e0:·7461·2d74·6172·6765·743d·2223·6964·6d33··ta-target="#idm3 
0003e2f0:·3138·3922·2074·6162·696e·6465·783d·2230··189"·tabindex="0 
0003e300:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003e310:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003e320:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003e330:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003e340:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003e350:·6961·7469·6f6e·204f·5342·7569·6c64·2042··iation·OSBuild·B 
0003e360:·6c75·6570·7269·6e74·2073·6e69·7070·6574··lueprint·snippet 
0003e370:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003e380:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003e390:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003e3a0:·2069·643d·2269·646d·3331·3839·223e·3c70···id="idm3189"><p 
0003e3b0:·7265·3e3c·636f·6465·3e0a·5b5b·7061·636b··re><code>.[[pack 
0003e3c0:·6167·6573·5d5d·0a6e·616d·6520·3d20·2261··ages]].name·=·"a 
0003e3d0:·6964·6522·0a76·6572·7369·6f6e·203d·2022··ide".version·=·" 
0003e3e0:·2a22·0a3c·2f63·6f64·653e·3c2f·7072·653e··*".</code></pre>0003e080:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
0003e3f0:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="0003e090:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
0003e400:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"0003e0a0:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
0003e410:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co0003e0b0:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
0003e420:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar0003e0c0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
 0003e0d0:·743d·2223·6964·6d33·3138·3822·2074·6162··t="#idm3188"·tab
 0003e0e0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
 0003e0f0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
 0003e100:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
 0003e110:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
 0003e120:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
 0003e130:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
 0003e140:·6865·6c6c·2073·6372·6970·7420·e287·b23c··hell·script·...<
 0003e150:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003e160:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003e170:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003e180:·6964·6d33·3138·3822·3e3c·7461·626c·6520··idm3188"><table·
 0003e190:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 0003e1a0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 0003e1b0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 0003e1c0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 0003e1d0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
 0003e1e0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003e1f0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 0003e200:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
 0003e210:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003e220:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 0003e230:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 0003e240:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 0003e250:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
 0003e260:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
 0003e270:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
 0003e280:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
Max diff block lines reached; 14661025/14689067 bytes (99.81%) of diff not shown.
1.29 MB
html2text {}
    
Offset 187, 38 lines modifiedOffset 187, 41 lines modified
187 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)187 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
188 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3188 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
189 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5189 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
190 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199190 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
191 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79191 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
192 ············_\x8c_\x8i_\x8s············6.1.1192 ············_\x8c_\x8i_\x8s············6.1.1
193 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2193 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
195 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
196 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
197 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
198 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
199 package·--add=aide 
200 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
201 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low195 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
202 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low196 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
203 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false197 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
204 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable198 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
205 include·install_aide199 include·install_aide
  
206 class·install_aide·{200 class·install_aide·{
207 ··package·{·'aide':201 ··package·{·'aide':
208 ····ensure·=>·'installed',202 ····ensure·=>·'installed',
209 ··}203 ··}
210 }204 }
211 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8205 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 206 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 207 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 208 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 209 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 210 #·Remediation·is·applicable·only·in·certain·platforms
 211 if·rpm·--quiet·-q·kernel;·then
  
212 [[packages]] 
213 name·=·"aide" 
214 version·=·"*"212 if·!·rpm·-q·--quiet·"aide"·;·then
 213 ····dnf·install·-y·"aide"
 214 fi
  
 215 else
 216 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 217 fi
215 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8218 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
216 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low219 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
217 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low220 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
218 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false221 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
219 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable222 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
220 -·name:·Gather·the·package·facts223 -·name:·Gather·the·package·facts
221 ··package_facts:224 ··package_facts:
Offset 247, 29 lines modifiedOffset 250, 26 lines modified
247 ··-·PCI-DSSv4-11.5.2250 ··-·PCI-DSSv4-11.5.2
248 ··-·enable_strategy251 ··-·enable_strategy
249 ··-·low_complexity252 ··-·low_complexity
250 ··-·low_disruption253 ··-·low_disruption
251 ··-·medium_severity254 ··-·medium_severity
252 ··-·no_reboot_needed255 ··-·no_reboot_needed
253 ··-·package_aide_installed256 ··-·package_aide_installed
 257 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 258 [[packages]]
 259 name·=·"aide"
 260 version·=·"*"
254 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8261 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
255 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low262 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
256 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low263 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
257 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false264 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
258 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable265 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
259 #·Remediation·is·applicable·only·in·certain·platforms 
260 if·rpm·--quiet·-q·kernel;·then 
  
261 if·!·rpm·-q·--quiet·"aide"·;·then 
262 ····dnf·install·-y·"aide" 
263 fi 
  
 266 package·--add=aide
264 else 
265 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
266 fi 
267 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*267 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
268 Run·the·following·command·to·generate·a·new·database:268 Run·the·following·command·to·generate·a·new·database:
269 $·sudo·/usr/sbin/aide·--init269 $·sudo·/usr/sbin/aide·--init
270 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/270 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/
271 aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides271 aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides
272 additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:272 additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
273 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz273 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
Offset 590, 14 lines modifiedOffset 590, 33 lines modified
590 ············_\x8i_\x8s_\x8m······1446590 ············_\x8i_\x8s_\x8m······1446
591 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1591 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
592 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)592 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
593 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1593 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
594 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174594 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
595 ············_\x8c_\x8i_\x8s······1.6.1595 ············_\x8c_\x8i_\x8s······1.6.1
596 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2596 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 597 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 598 var_system_crypto_policy='DEFAULT'
  
  
 599 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 600 rc=$?
  
 601 if·test·"$rc"·=·127;·then
 602 »       echo·"$stderr_of_call"·>&2
 603 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 604 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 605 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 606 »       false··#·end·with·an·error·code
 607 elif·test·"$rc"·!=·0;·then
 608 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 609 »       false··#·end·with·an·error·code
 610 fi
597 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8611 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
598 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low612 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
599 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low613 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
600 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false614 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
601 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict615 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
602 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable616 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
603 ··set_fact:617 ··set_fact:
Offset 642, 33 lines modifiedOffset 661, 14 lines modified
642 ··-·PCI-DSSv4-2.2.7661 ··-·PCI-DSSv4-2.2.7
643 ··-·configure_crypto_policy662 ··-·configure_crypto_policy
644 ··-·high_severity663 ··-·high_severity
645 ··-·low_complexity664 ··-·low_complexity
646 ··-·low_disruption665 ··-·low_disruption
647 ··-·no_reboot_needed666 ··-·no_reboot_needed
Max diff block lines reached; 1342421/1347646 bytes (99.61%) of diff not shown.
2.7 MB
./usr/share/doc/ssg-nondebian/ssg-anolis23-guide-pci-dss.html
    
Offset 15496, 95 lines modifiedOffset 15496, 95 lines modified
0003c870:·7461·7267·6574·3d22·2369·646d·3133·3636··target="#idm13660003c870:·7461·7267·6574·3d22·2369·646d·3133·3636··target="#idm1366
0003c880:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003c880:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003c890:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003c890:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003c8a0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003c8a0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003c8b0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003c8b0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003c8c0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003c8c0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003c8d0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003c8d0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
 0003c8e0:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip
 0003c8f0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><
 0003c900:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
 0003c910:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
 0003c920:·7365·2220·6964·3d22·6964·6d31·3336·3622··se"·id="idm1366"
0003c8e0:·696f·6e20·4f53·4275·696c·6420·426c·7565··ion·OSBuild·Blue 
0003c8f0:·7072·696e·7420·736e·6970·7065·7420·e287··print·snippet·.. 
0003c900:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003c910:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003c920:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003c930:·3d22·6964·6d31·3336·3622·3e3c·7072·653e··="idm1366"><pre> 
0003c940:·3c63·6f64·653e·0a5b·5b70·6163·6b61·6765··<code>.[[package 
0003c950:·735d·5d0a·6e61·6d65·203d·2022·6169·6465··s]].name·=·"aide 
0003c960:·220a·7665·7273·696f·6e20·3d20·222a·220a··".version·=·"*". 
0003c970:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003c980:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn0003c930:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
 0003c940:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
 0003c950:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
 0003c960:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
 0003c970:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
 0003c980:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
 0003c990:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003c9a0:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
 0003c9b0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003c9c0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
 0003c9d0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
 0003c9e0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
 0003c9f0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
 0003ca00:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td
 0003ca10:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
 0003ca20:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
 0003ca30:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
 0003ca40:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
 0003ca50:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
 0003ca60:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
0003c990:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003c9a0:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003c9b0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003c9c0:·3d22·2369·646d·3133·3637·2220·7461·6269··="#idm1367"·tabi 
0003c9d0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003c9e0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003c9f0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003ca00:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003ca10:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003ca20:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An 
0003ca30:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·.. 
0003ca40:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003ca50:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003ca60:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003ca70:·3d22·6964·6d31·3336·3722·3e3c·7461·626c··="idm1367"><tabl 
0003ca80:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003ca90:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003caa0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003cab0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003cac0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003cad0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003cae0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003caf0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003cb00:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003cb10:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003cb20:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003cb30:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003cb40:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003cb50:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003cb60:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003cb70:·6465·3e2d·206e·616d·653a·2047·6174·6865··de>-·name:·Gathe 
0003cb80:·7220·7468·6520·7061·636b·6167·6520·6661··r·the·package·fa 
0003cb90:·6374·730a·2020·7061·636b·6167·655f·6661··cts.··package_fa 
0003cba0:·6374·733a·0a20·2020·206d·616e·6167·6572··cts:.····manager 
0003cbb0:·3a20·6175·746f·0a20·2074·6167·733a·0a20··:·auto.··tags:.· 
0003cbc0:·202d·2043·4a49·532d·352e·3130·2e31·2e33···-·CJIS-5.10.1.3 
0003cbd0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53 
0003cbe0:·2d43·4d2d·3628·6129·0a20·202d·2050·4349··-CM-6(a).··-·PCI 
0003cbf0:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.·· 
0003cc00:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.5 
0003cc10:·2e32·0a20·202d·2065·6e61·626c·655f·7374··.2.··-·enable_st 
0003cc20:·7261·7465·6779·0a20·202d·206c·6f77·5f63··rategy.··-·low_c 
0003cc30:·6f6d·706c·6578·6974·790a·2020·2d20·6c6f··omplexity.··-·lo 
0003cc40:·775f·6469·7372·7570·7469·6f6e·0a20·202d··w_disruption.··- 
0003cc50:·206d·6564·6975·6d5f·7365·7665·7269·7479···medium_severity 
0003cc60:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n 
0003cc70:·6565·6465·640a·2020·2d20·7061·636b·6167··eeded.··-·packag 
0003cc80:·655f·6169·6465·5f69·6e73·7461·6c6c·6564··e_aide_installed 
0003cc90:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure 
0003cca0:·2061·6964·6520·6973·2069·6e73·7461·6c6c···aide·is·install 
0003ccb0:·6564·0a20·2070·6163·6b61·6765·3a0a·2020··ed.··package:.·· 
0003ccc0:·2020·6e61·6d65·3a20·6169·6465·0a20·2020····name:·aide.··· 
0003ccd0:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present. 
0003cce0:·2020·7768·656e·3a20·2722·6b65·726e·656c····when:·'"kernel 
0003ccf0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
0003cd00:·7473·2e70·6163·6b61·6765·7327·0a20·2074··ts.packages'.··t 
0003cd10:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.0003ca70:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
0003cd20:·3130·2e31·2e33·0a20·202d·204e·4953·542d··10.1.3.··-·NIST-0003ca80:·3130·2e31·2e33·0a20·202d·204e·4953·542d··10.1.3.··-·NIST-
0003cd30:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·0003ca90:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·
0003cd40:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-10003caa0:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1
0003cd50:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv0003cab0:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv
0003cd60:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena0003cac0:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena
0003cd70:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··-0003cad0:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··-
0003cd80:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity.0003cae0:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity.
0003cd90:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti0003caf0:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti
0003cda0:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se0003cb00:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se
0003cdb0:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re0003cb10:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re
0003cdc0:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003cb20:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·
0003cdd0:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins0003cb30:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins
0003cde0:·7461·6c6c·6564·0a3c·2f63·6f64·653e·3c2f··talled.</code></0003cb40:·7461·6c6c·6564·0a0a·2d20·6e61·6d65·3a20··talled..-·name:·
 0003cb50:·456e·7375·7265·2061·6964·6520·6973·2069··Ensure·aide·is·i
 0003cb60:·6e73·7461·6c6c·6564·0a20·2070·6163·6b61··nstalled.··packa
 0003cb70:·6765·3a0a·2020·2020·6e61·6d65·3a20·6169··ge:.····name:·ai
 0003cb80:·6465·0a20·2020·2073·7461·7465·3a20·7072··de.····state:·pr
 0003cb90:·6573·656e·740a·2020·7768·656e·3a20·2722··esent.··when:·'"
 0003cba0:·6b65·726e·656c·2220·696e·2061·6e73·6962··kernel"·in·ansib
 0003cbb0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 0003cbc0:·7327·0a20·2074·6167·733a·0a20·202d·2043··s'.··tags:.··-·C
 0003cbd0:·4a49·532d·352e·3130·2e31·2e33·0a20·202d··JIS-5.10.1.3.··-
 0003cbe0:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
 0003cbf0:·3628·6129·0a20·202d·2050·4349·2d44·5353··6(a).··-·PCI-DSS
 0003cc00:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC
 0003cc10:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·
 0003cc20:·202d·2065·6e61·626c·655f·7374·7261·7465···-·enable_strate
 0003cc30:·6779·0a20·202d·206c·6f77·5f63·6f6d·706c··gy.··-·low_compl
Max diff block lines reached; 2538816/2550572 bytes (99.54%) of diff not shown.
272 KB
html2text {}
    
Offset 170, 19 lines modifiedOffset 170, 14 lines modified
170 include·install_aide170 include·install_aide
  
171 class·install_aide·{171 class·install_aide·{
172 ··package·{·'aide':172 ··package·{·'aide':
173 ····ensure·=>·'installed',173 ····ensure·=>·'installed',
174 ··}174 ··}
175 }175 }
176 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
177 [[packages]] 
178 name·=·"aide" 
179 version·=·"*" 
180 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8176 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
181 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low177 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
182 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low178 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
183 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false179 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
184 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable180 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
185 -·name:·Gather·the·package·facts181 -·name:·Gather·the·package·facts
186 ··package_facts:182 ··package_facts:
Offset 211, 14 lines modifiedOffset 206, 19 lines modified
211 ··-·PCI-DSSv4-11.5.2206 ··-·PCI-DSSv4-11.5.2
212 ··-·enable_strategy207 ··-·enable_strategy
213 ··-·low_complexity208 ··-·low_complexity
214 ··-·low_disruption209 ··-·low_disruption
215 ··-·medium_severity210 ··-·medium_severity
216 ··-·no_reboot_needed211 ··-·no_reboot_needed
217 ··-·package_aide_installed212 ··-·package_aide_installed
 213 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 214 [[packages]]
 215 name·=·"aide"
 216 version·=·"*"
218 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*217 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
219 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of218 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of
220 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:219 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:
221 05·4·*·*·*·root·/usr/sbin/aide·--check220 05·4·*·*·*·root·/usr/sbin/aide·--check
222 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/221 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/
223 crontab:222 crontab:
224 05·4·*·*·0·root·/usr/sbin/aide·--check223 05·4·*·*·0·root·/usr/sbin/aide·--check
Offset 431, 14 lines modifiedOffset 431, 33 lines modified
431 ············_\x8i_\x8s_\x8m······1446431 ············_\x8i_\x8s_\x8m······1446
432 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1432 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
433 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)433 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
434 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,434 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,
435 ·····················FCS_TLSC_EXT.1435 ·····················FCS_TLSC_EXT.1
436 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174436 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
437 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2437 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 438 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 439 var_system_crypto_policy='DEFAULT'
  
  
 440 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 441 rc=$?
  
 442 if·test·"$rc"·=·127;·then
 443 »       echo·"$stderr_of_call"·>&2
 444 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 445 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 446 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 447 »       false··#·end·with·an·error·code
 448 elif·test·"$rc"·!=·0;·then
 449 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 450 »       false··#·end·with·an·error·code
 451 fi
438 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8452 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
439 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low453 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
440 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low454 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
441 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false455 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
442 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict456 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
443 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable457 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
444 ··set_fact:458 ··set_fact:
Offset 483, 33 lines modifiedOffset 502, 14 lines modified
483 ··-·PCI-DSSv4-2.2.7502 ··-·PCI-DSSv4-2.2.7
484 ··-·configure_crypto_policy503 ··-·configure_crypto_policy
485 ··-·high_severity504 ··-·high_severity
486 ··-·low_complexity505 ··-·low_complexity
487 ··-·low_disruption506 ··-·low_disruption
488 ··-·no_reboot_needed507 ··-·no_reboot_needed
489 ··-·restrict_strategy508 ··-·restrict_strategy
490 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
491 var_system_crypto_policy='DEFAULT' 
  
  
492 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
493 rc=$? 
  
494 if·test·"$rc"·=·127;·then 
495 »       echo·"$stderr_of_call"·>&2 
496 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
497 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
498 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
499 »       false··#·end·with·an·error·code 
500 elif·test·"$rc"·!=·0;·then 
501 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
502 »       false··#·end·with·an·error·code 
503 fi 
504 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*509 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
505 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is510 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is
506 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that511 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that
507 Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either512 Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either
508 commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.513 commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.
509 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate514 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate
510 ············expectations,·and·makes·system·configuration·more·fragmented.515 ············expectations,·and·makes·system·configuration·more·fragmented.
Offset 520, 14 lines modifiedOffset 520, 19 lines modified
520 ·····················(ii)520 ·····················(ii)
521 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1521 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
522 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13522 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13
523 ············_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1523 ············_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1
524 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2524 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
525 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093525 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
526 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2526 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 527 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 528 SSH_CONF="/etc/sysconfig/sshd"
  
 529 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
527 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8530 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
528 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low531 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
529 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium532 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
530 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true533 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
531 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable534 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable
532 -·name:·Configure·SSH·to·use·System·Crypto·Policy535 -·name:·Configure·SSH·to·use·System·Crypto·Policy
533 ··lineinfile:536 ··lineinfile:
Max diff block lines reached; 272600/278038 bytes (98.04%) of diff not shown.
3.15 MB
./usr/share/doc/ssg-nondebian/ssg-anolis23-guide-standard.html
    
Offset 15087, 95 lines modifiedOffset 15087, 95 lines modified
0003aee0:·6765·743d·2223·6964·6d31·3336·3622·2074··get="#idm1366"·t0003aee0:·6765·743d·2223·6964·6d31·3336·3622·2074··get="#idm1366"·t
0003aef0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003aef0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003af00:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003af00:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003af10:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003af10:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003af20:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003af20:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003af30:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003af30:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003af40:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003af40:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
 0003af50:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet
 0003af60:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
 0003af70:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
 0003af80:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
 0003af90:·2069·643d·2269·646d·3133·3636·223e·3c74···id="idm1366"><t
 0003afa0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
 0003afb0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
 0003afc0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
 0003afd0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
 0003afe0:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
 0003aff0:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<
 0003b000:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b010:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th
 0003b020:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003b030:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
 0003b040:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
 0003b050:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b060:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
0003af50:·204f·5342·7569·6c64·2042·6c75·6570·7269···OSBuild·Bluepri 
0003af60:·6e74·2073·6e69·7070·6574·20e2·87b2·3c2f··nt·snippet·...</ 
0003af70:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003af80:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003af90:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003afa0:·646d·3133·3636·223e·3c70·7265·3e3c·636f··dm1366"><pre><co 
0003afb0:·6465·3e0a·5b5b·7061·636b·6167·6573·5d5d··de>.[[packages]] 
0003afc0:·0a6e·616d·6520·3d20·2261·6964·6522·0a76··.name·=·"aide".v 
0003afd0:·6572·7369·6f6e·203d·2022·2a22·0a3c·2f63··ersion·=·"*".</c 
0003afe0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003aff0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b000:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b010:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b020:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b030:·6964·6d31·3336·3722·2074·6162·696e·6465··idm1367"·tabinde 
0003b040:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b050:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b060:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b070:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b080:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b090:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib 
0003b0a0:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</ 
0003b0b0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b0c0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b0d0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b0e0:·646d·3133·3637·223e·3c74·6162·6c65·2063··dm1367"><table·c 
0003b0f0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003b100:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003b110:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003b120:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003b130:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003b140:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b150:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003b160:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003b170:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b180:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003b190:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></0003b070:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></
 0003b080:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
 0003b090:·3c63·6f64·653e·2d20·6e61·6d65·3a20·4761··<code>-·name:·Ga
 0003b0a0:·7468·6572·2074·6865·2070·6163·6b61·6765··ther·the·package
 0003b0b0:·2066·6163·7473·0a20·2070·6163·6b61·6765···facts.··package
 0003b0c0:·5f66·6163·7473·3a0a·2020·2020·6d61·6e61··_facts:.····mana
 0003b0d0:·6765·723a·2061·7574·6f0a·2020·7461·6773··ger:·auto.··tags
0003b1a0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b1b0:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003b1c0:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003b1d0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003b1e0:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t 
0003b1f0:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts 
0003b200:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts 
0003b210:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a 
0003b220:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-· 
0003b230:·434a·4953·2d35·2e31·302e·312e·330a·2020··CJIS-5.10.1.3.·· 
0003b240:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM 
0003b250:·2d36·2861·290a·2020·2d20·5043·492d·4453··-6(a).··-·PCI-DS 
0003b260:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P 
0003b270:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2. 
0003b280:·2020·2d20·656e·6162·6c65·5f73·7472·6174····-·enable_strat 
0003b290:·6567·790a·2020·2d20·6c6f·775f·636f·6d70··egy.··-·low_comp 
0003b2a0:·6c65·7869·7479·0a20·202d·206c·6f77·5f64··lexity.··-·low_d 
0003b2b0:·6973·7275·7074·696f·6e0a·2020·2d20·6d65··isruption.··-·me 
0003b2c0:·6469·756d·5f73·6576·6572·6974·790a·2020··dium_severity.·· 
0003b2d0:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need 
0003b2e0:·6564·0a20·202d·2070·6163·6b61·6765·5f61··ed.··-·package_a 
0003b2f0:·6964·655f·696e·7374·616c·6c65·640a·0a2d··ide_installed..- 
0003b300:·206e·616d·653a·2045·6e73·7572·6520·6169···name:·Ensure·ai 
0003b310:·6465·2069·7320·696e·7374·616c·6c65·640a··de·is·installed. 
0003b320:·2020·7061·636b·6167·653a·0a20·2020·206e····package:.····n 
0003b330:·616d·653a·2061·6964·650a·2020·2020·7374··ame:·aide.····st 
0003b340:·6174·653a·2070·7265·7365·6e74·0a20·2077··ate:·present.··w 
0003b350:·6865·6e3a·2027·226b·6572·6e65·6c22·2069··hen:·'"kernel"·i 
0003b360:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
0003b370:·7061·636b·6167·6573·270a·2020·7461·6773··packages'.··tags 
0003b380:·3a0a·2020·2d20·434a·4953·2d35·2e31·302e··:.··-·CJIS-5.10.0003b0e0:·3a0a·2020·2d20·434a·4953·2d35·2e31·302e··:.··-·CJIS-5.10.
0003b390:·312e·330a·2020·2d20·4e49·5354·2d38·3030··1.3.··-·NIST-8000003b0f0:·312e·330a·2020·2d20·4e49·5354·2d38·3030··1.3.··-·NIST-800
0003b3a0:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-·0003b100:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-·
0003b3b0:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.50003b110:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.5
0003b3c0:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-10003b120:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1
0003b3d0:·312e·352e·320a·2020·2d20·656e·6162·6c65··1.5.2.··-·enable0003b130:·312e·352e·320a·2020·2d20·656e·6162·6c65··1.5.2.··-·enable
0003b3e0:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo0003b140:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo
0003b3f0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-0003b150:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-
0003b400:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption.0003b160:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption.
0003b410:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever0003b170:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever
0003b420:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo0003b180:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo
0003b430:·745f·6e65·6564·6564·0a20·202d·2070·6163··t_needed.··-·pac0003b190:·745f·6e65·6564·6564·0a20·202d·2070·6163··t_needed.··-·pac
0003b440:·6b61·6765·5f61·6964·655f·696e·7374·616c··kage_aide_instal0003b1a0:·6b61·6765·5f61·6964·655f·696e·7374·616c··kage_aide_instal
 0003b1b0:·6c65·640a·0a2d·206e·616d·653a·2045·6e73··led..-·name:·Ens
 0003b1c0:·7572·6520·6169·6465·2069·7320·696e·7374··ure·aide·is·inst
 0003b1d0:·616c·6c65·640a·2020·7061·636b·6167·653a··alled.··package:
 0003b1e0:·0a20·2020·206e·616d·653a·2061·6964·650a··.····name:·aide.
 0003b1f0:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
 0003b200:·6e74·0a20·2077·6865·6e3a·2027·226b·6572··nt.··when:·'"ker
 0003b210:·6e65·6c22·2069·6e20·616e·7369·626c·655f··nel"·in·ansible_
 0003b220:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 0003b230:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
 0003b240:·2d35·2e31·302e·312e·330a·2020·2d20·4e49··-5.10.1.3.··-·NI
 0003b250:·5354·2d38·3030·2d35·332d·434d·2d36·2861··ST-800-53-CM-6(a
 0003b260:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re
 0003b270:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D
 0003b280:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·
 0003b290:·656e·6162·6c65·5f73·7472·6174·6567·790a··enable_strategy.
 0003b2a0:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi
Max diff block lines reached; 2977105/2988861 bytes (99.61%) of diff not shown.
310 KB
html2text {}
    
Offset 126, 19 lines modifiedOffset 126, 14 lines modified
126 include·install_aide126 include·install_aide
  
127 class·install_aide·{127 class·install_aide·{
128 ··package·{·'aide':128 ··package·{·'aide':
129 ····ensure·=>·'installed',129 ····ensure·=>·'installed',
130 ··}130 ··}
131 }131 }
132 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
133 [[packages]] 
134 name·=·"aide" 
135 version·=·"*" 
136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8132 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low133 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low134 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false135 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable136 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
141 -·name:·Gather·the·package·facts137 -·name:·Gather·the·package·facts
142 ··package_facts:138 ··package_facts:
Offset 167, 14 lines modifiedOffset 162, 19 lines modified
167 ··-·PCI-DSSv4-11.5.2162 ··-·PCI-DSSv4-11.5.2
168 ··-·enable_strategy163 ··-·enable_strategy
169 ··-·low_complexity164 ··-·low_complexity
170 ··-·low_disruption165 ··-·low_disruption
171 ··-·medium_severity166 ··-·medium_severity
172 ··-·no_reboot_needed167 ··-·no_reboot_needed
173 ··-·package_aide_installed168 ··-·package_aide_installed
 169 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 170 [[packages]]
 171 name·=·"aide"
 172 version·=·"*"
174 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*173 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
175 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of174 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of
176 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:175 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:
177 05·4·*·*·*·root·/usr/sbin/aide·--check176 05·4·*·*·*·root·/usr/sbin/aide·--check
178 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/177 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/
179 crontab:178 crontab:
180 05·4·*·*·0·root·/usr/sbin/aide·--check179 05·4·*·*·0·root·/usr/sbin/aide·--check
Offset 387, 14 lines modifiedOffset 387, 33 lines modified
387 ············_\x8i_\x8s_\x8m······1446387 ············_\x8i_\x8s_\x8m······1446
388 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1388 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
389 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)389 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
390 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,390 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,
391 ·····················FCS_TLSC_EXT.1391 ·····················FCS_TLSC_EXT.1
392 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174392 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
393 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2393 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 394 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 395 var_system_crypto_policy='DEFAULT'
  
  
 396 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 397 rc=$?
  
 398 if·test·"$rc"·=·127;·then
 399 »       echo·"$stderr_of_call"·>&2
 400 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 401 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 402 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 403 »       false··#·end·with·an·error·code
 404 elif·test·"$rc"·!=·0;·then
 405 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 406 »       false··#·end·with·an·error·code
 407 fi
394 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8408 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
395 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low409 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
396 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low410 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
397 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false411 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
398 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict412 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
399 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable413 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
400 ··set_fact:414 ··set_fact:
Offset 439, 33 lines modifiedOffset 458, 14 lines modified
439 ··-·PCI-DSSv4-2.2.7458 ··-·PCI-DSSv4-2.2.7
440 ··-·configure_crypto_policy459 ··-·configure_crypto_policy
441 ··-·high_severity460 ··-·high_severity
442 ··-·low_complexity461 ··-·low_complexity
443 ··-·low_disruption462 ··-·low_disruption
444 ··-·no_reboot_needed463 ··-·no_reboot_needed
445 ··-·restrict_strategy464 ··-·restrict_strategy
446 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
447 var_system_crypto_policy='DEFAULT' 
  
  
448 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
449 rc=$? 
  
450 if·test·"$rc"·=·127;·then 
451 »       echo·"$stderr_of_call"·>&2 
452 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
453 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
454 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
455 »       false··#·end·with·an·error·code 
456 elif·test·"$rc"·!=·0;·then 
457 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
458 »       false··#·end·with·an·error·code 
459 fi 
460 Group  ·Updating·Software·  Group·contains·1·rule465 Group  ·Updating·Software·  Group·contains·1·rule
461 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·yum·command·line·tool·is·used·to·install·and·update·software·packages.·The·system·also466 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·yum·command·line·tool·is·used·to·install·and·update·software·packages.·The·system·also
462 provides·a·graphical·software·update·tool·in·the·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·menu,·in·the·A\x8Ad\x8dm\x8mi\x8in\x8ni\x8is\x8st\x8tr\x8ra\x8at\x8ti\x8io\x8on\x8n·submenu,·called467 provides·a·graphical·software·update·tool·in·the·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·menu,·in·the·A\x8Ad\x8dm\x8mi\x8in\x8ni\x8is\x8st\x8tr\x8ra\x8at\x8ti\x8io\x8on\x8n·submenu,·called
463 S\x8So\x8of\x8ft\x8tw\x8wa\x8ar\x8re\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8e.468 S\x8So\x8of\x8ft\x8tw\x8wa\x8ar\x8re\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8e.
  
464 Anolis·OS·23·systems·contain·an·installed·software·catalog·called·the·RPM·database,·which·records469 Anolis·OS·23·systems·contain·an·installed·software·catalog·called·the·RPM·database,·which·records
465 metadata·of·installed·packages.·Consistently·using·yum·or·the·graphical·S\x8So\x8of\x8ft\x8tw\x8wa\x8ar\x8re\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8e·for·all470 metadata·of·installed·packages.·Consistently·using·yum·or·the·graphical·S\x8So\x8of\x8ft\x8tw\x8wa\x8ar\x8re\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8e·for·all
Offset 670, 14 lines modifiedOffset 670, 20 lines modified
670 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the670 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the
671 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent671 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent
672 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,672 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,
673 ···········standards,·and·guidance.673 ···········standards,·and·guidance.
674 ···········Proper·group·ownership·will·ensure·that·only·root·user·can·modify·the·banner.674 ···········Proper·group·ownership·will·ensure·that·only·root·user·can·modify·the·banner.
675 Severity: ·medium675 Severity: ·medium
676 Rule·ID:···xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue676 Rule·ID:···xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue
 677 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 678 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 679 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 680 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 681 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
 682 chgrp·0·/etc/issue
677 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8683 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
678 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low684 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
679 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low685 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
680 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false686 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
681 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure687 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
682 -·name:·Test·for·existence·/etc/issue688 -·name:·Test·for·existence·/etc/issue
Max diff block lines reached; 311780/317233 bytes (98.28%) of diff not shown.
2.7 MB
./usr/share/doc/ssg-nondebian/ssg-anolis8-guide-pci-dss.html
    
Offset 15495, 95 lines modifiedOffset 15495, 95 lines modified
0003c860:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003c860:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003c870:·3133·3636·2220·7461·6269·6e64·6578·3d22··1366"·tabindex="0003c870:·3133·3636·2220·7461·6269·6e64·6578·3d22··1366"·tabindex="
0003c880:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003c880:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003c890:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003c890:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003c8a0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003c8a0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003c8b0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003c8b0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003c8c0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003c8c0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003c8d0:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild·0003c8d0:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·
 0003c8e0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
 0003c8f0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
 0003c900:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
 0003c910:·6c6c·6170·7365·2220·6964·3d22·6964·6d31··llapse"·id="idm1
 0003c920:·3336·3622·3e3c·7461·626c·6520·636c·6173··366"><table·clas
 0003c930:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
 0003c940:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
 0003c950:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
 0003c960:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
 0003c970:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
 0003c980:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003c990:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
 0003c9a0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
 0003c9b0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003c9c0:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
 0003c9d0:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
 0003c9e0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
 0003c9f0:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable
0003c8e0:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003c8f0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003c900:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003c910:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003c920:·2220·6964·3d22·6964·6d31·3336·3622·3e3c··"·id="idm1366">< 
0003c930:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac 
0003c940:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·" 
0003c950:·6169·6465·220a·7665·7273·696f·6e20·3d20··aide".version·=· 
0003c960:·222a·220a·3c2f·636f·6465·3e3c·2f70·7265··"*".</code></pre 
0003c970:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003c980:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003c990:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003c9a0:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003c9b0:·7267·6574·3d22·2369·646d·3133·3637·2220··rget="#idm1367"· 
0003c9c0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003c9d0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003c9e0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003c9f0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003ca00:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003ca10:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003ca20:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe 
0003ca30:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003ca40:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003ca50:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003ca60:·2220·6964·3d22·6964·6d31·3336·3722·3e3c··"·id="idm1367">< 
0003ca70:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003ca80:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003ca90:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003caa0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003cab0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003cac0:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003cad0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003ca00:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
 0003ca10:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n
 0003ca20:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the·
 0003ca30:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.··
 0003ca40:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.·
 0003ca50:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto
0003cae0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003caf0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003cb00:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003cb10:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003cb20:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003cb30:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003cb40:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003cb50:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003cb60:·3e3c·636f·6465·3e2d·206e·616d·653a·2047··><code>-·name:·G 
0003cb70:·6174·6865·7220·7468·6520·7061·636b·6167··ather·the·packag 
0003cb80:·6520·6661·6374·730a·2020·7061·636b·6167··e·facts.··packag 
0003cb90:·655f·6661·6374·733a·0a20·2020·206d·616e··e_facts:.····man 
0003cba0:·6167·6572·3a20·6175·746f·0a20·2074·6167··ager:·auto.··tag 
0003cbb0:·733a·0a20·202d·2043·4a49·532d·352e·3130··s:.··-·CJIS-5.10 
0003cbc0:·2e31·2e33·0a20·202d·204e·4953·542d·3830··.1.3.··-·NIST-80 
0003cbd0:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··- 
0003cbe0:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11. 
0003cbf0:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4- 
0003cc00:·3131·2e35·2e32·0a20·202d·2065·6e61·626c··11.5.2.··-·enabl 
0003cc10:·655f·7374·7261·7465·6779·0a20·202d·206c··e_strategy.··-·l 
0003cc20:·6f77·5f63·6f6d·706c·6578·6974·790a·2020··ow_complexity.·· 
0003cc30:·2d20·6c6f·775f·6469·7372·7570·7469·6f6e··-·low_disruption 
0003cc40:·0a20·202d·206d·6564·6975·6d5f·7365·7665··.··-·medium_seve 
0003cc50:·7269·7479·0a20·202d·206e·6f5f·7265·626f··rity.··-·no_rebo 
0003cc60:·6f74·5f6e·6565·6465·640a·2020·2d20·7061··ot_needed.··-·pa 
0003cc70:·636b·6167·655f·6169·6465·5f69·6e73·7461··ckage_aide_insta 
0003cc80:·6c6c·6564·0a0a·2d20·6e61·6d65·3a20·456e··lled..-·name:·En 
0003cc90:·7375·7265·2061·6964·6520·6973·2069·6e73··sure·aide·is·ins 
0003cca0:·7461·6c6c·6564·0a20·2070·6163·6b61·6765··talled.··package 
0003ccb0:·3a0a·2020·2020·6e61·6d65·3a20·6169·6465··:.····name:·aide 
0003ccc0:·0a20·2020·2073·7461·7465·3a20·7072·6573··.····state:·pres 
0003ccd0:·656e·740a·2020·7768·656e·3a20·2722·6b65··ent.··when:·'"ke 
0003cce0:·726e·656c·2220·696e·2061·6e73·6962·6c65··rnel"·in·ansible 
0003ccf0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
0003cd00:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003ca60:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
0003cd10:·532d·352e·3130·2e31·2e33·0a20·202d·204e··S-5.10.1.3.··-·N0003ca70:·532d·352e·3130·2e31·2e33·0a20·202d·204e··S-5.10.1.3.··-·N
0003cd20:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003ca80:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(
0003cd30:·6129·0a20·202d·2050·4349·2d44·5353·2d52··a).··-·PCI-DSS-R0003ca90:·6129·0a20·202d·2050·4349·2d44·5353·2d52··a).··-·PCI-DSS-R
0003cd40:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI-0003caa0:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI-
0003cd50:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··-0003cab0:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··-
0003cd60:·2065·6e61·626c·655f·7374·7261·7465·6779···enable_strategy0003cac0:·2065·6e61·626c·655f·7374·7261·7465·6779···enable_strategy
0003cd70:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex0003cad0:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex
0003cd80:·6974·790a·2020·2d20·6c6f·775f·6469·7372··ity.··-·low_disr0003cae0:·6974·790a·2020·2d20·6c6f·775f·6469·7372··ity.··-·low_disr
0003cd90:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu0003caf0:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu
0003cda0:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n0003cb00:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n
0003cdb0:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003cb10:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.
0003cdc0:·2020·2d20·7061·636b·6167·655f·6169·6465····-·package_aide0003cb20:·2020·2d20·7061·636b·6167·655f·6169·6465····-·package_aide
0003cdd0:·5f69·6e73·7461·6c6c·6564·0a3c·2f63·6f64··_installed.</cod0003cb30:·5f69·6e73·7461·6c6c·6564·0a0a·2d20·6e61··_installed..-·na
 0003cb40:·6d65·3a20·456e·7375·7265·2061·6964·6520··me:·Ensure·aide·
 0003cb50:·6973·2069·6e73·7461·6c6c·6564·0a20·2070··is·installed.··p
 0003cb60:·6163·6b61·6765·3a0a·2020·2020·6e61·6d65··ackage:.····name
 0003cb70:·3a20·6169·6465·0a20·2020·2073·7461·7465··:·aide.····state
 0003cb80:·3a20·7072·6573·656e·740a·2020·7768·656e··:·present.··when
 0003cb90:·3a20·2722·6b65·726e·656c·2220·696e·2061··:·'"kernel"·in·a
 0003cba0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 0003cbb0:·6b61·6765·7327·0a20·2074·6167·733a·0a20··kages'.··tags:.·
 0003cbc0:·202d·2043·4a49·532d·352e·3130·2e31·2e33···-·CJIS-5.10.1.3
 0003cbd0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
 0003cbe0:·2d43·4d2d·3628·6129·0a20·202d·2050·4349··-CM-6(a).··-·PCI
 0003cbf0:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··
 0003cc00:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.5
 0003cc10:·2e32·0a20·202d·2065·6e61·626c·655f·7374··.2.··-·enable_st
 0003cc20:·7261·7465·6779·0a20·202d·206c·6f77·5f63··rategy.··-·low_c
 0003cc30:·6f6d·706c·6578·6974·790a·2020·2d20·6c6f··omplexity.··-·lo
Max diff block lines reached; 2539368/2551124 bytes (99.54%) of diff not shown.
272 KB
html2text {}
    
Offset 170, 19 lines modifiedOffset 170, 14 lines modified
170 include·install_aide170 include·install_aide
  
171 class·install_aide·{171 class·install_aide·{
172 ··package·{·'aide':172 ··package·{·'aide':
173 ····ensure·=>·'installed',173 ····ensure·=>·'installed',
174 ··}174 ··}
175 }175 }
176 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
177 [[packages]] 
178 name·=·"aide" 
179 version·=·"*" 
180 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8176 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
181 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low177 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
182 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low178 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
183 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false179 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
184 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable180 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
185 -·name:·Gather·the·package·facts181 -·name:·Gather·the·package·facts
186 ··package_facts:182 ··package_facts:
Offset 211, 14 lines modifiedOffset 206, 19 lines modified
211 ··-·PCI-DSSv4-11.5.2206 ··-·PCI-DSSv4-11.5.2
212 ··-·enable_strategy207 ··-·enable_strategy
213 ··-·low_complexity208 ··-·low_complexity
214 ··-·low_disruption209 ··-·low_disruption
215 ··-·medium_severity210 ··-·medium_severity
216 ··-·no_reboot_needed211 ··-·no_reboot_needed
217 ··-·package_aide_installed212 ··-·package_aide_installed
 213 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 214 [[packages]]
 215 name·=·"aide"
 216 version·=·"*"
218 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*217 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
219 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of218 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of
220 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:219 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:
221 05·4·*·*·*·root·/usr/sbin/aide·--check220 05·4·*·*·*·root·/usr/sbin/aide·--check
222 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/221 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/
223 crontab:222 crontab:
224 05·4·*·*·0·root·/usr/sbin/aide·--check223 05·4·*·*·0·root·/usr/sbin/aide·--check
Offset 431, 14 lines modifiedOffset 431, 33 lines modified
431 ············_\x8i_\x8s_\x8m······1446431 ············_\x8i_\x8s_\x8m······1446
432 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1432 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
433 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)433 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
434 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,434 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,
435 ·····················FCS_TLSC_EXT.1435 ·····················FCS_TLSC_EXT.1
436 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174436 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
437 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2437 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 438 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 439 var_system_crypto_policy='DEFAULT'
  
  
 440 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 441 rc=$?
  
 442 if·test·"$rc"·=·127;·then
 443 »       echo·"$stderr_of_call"·>&2
 444 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 445 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 446 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 447 »       false··#·end·with·an·error·code
 448 elif·test·"$rc"·!=·0;·then
 449 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 450 »       false··#·end·with·an·error·code
 451 fi
438 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8452 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
439 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low453 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
440 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low454 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
441 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false455 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
442 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict456 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
443 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable457 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
444 ··set_fact:458 ··set_fact:
Offset 483, 33 lines modifiedOffset 502, 14 lines modified
483 ··-·PCI-DSSv4-2.2.7502 ··-·PCI-DSSv4-2.2.7
484 ··-·configure_crypto_policy503 ··-·configure_crypto_policy
485 ··-·high_severity504 ··-·high_severity
486 ··-·low_complexity505 ··-·low_complexity
487 ··-·low_disruption506 ··-·low_disruption
488 ··-·no_reboot_needed507 ··-·no_reboot_needed
489 ··-·restrict_strategy508 ··-·restrict_strategy
490 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
491 var_system_crypto_policy='DEFAULT' 
  
  
492 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
493 rc=$? 
  
494 if·test·"$rc"·=·127;·then 
495 »       echo·"$stderr_of_call"·>&2 
496 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
497 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
498 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
499 »       false··#·end·with·an·error·code 
500 elif·test·"$rc"·!=·0;·then 
501 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
502 »       false··#·end·with·an·error·code 
503 fi 
504 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*509 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
505 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is510 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is
506 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that511 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that
507 Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either512 Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either
508 commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.513 commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.
509 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate514 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate
510 ············expectations,·and·makes·system·configuration·more·fragmented.515 ············expectations,·and·makes·system·configuration·more·fragmented.
Offset 520, 14 lines modifiedOffset 520, 19 lines modified
520 ·····················(ii)520 ·····················(ii)
521 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1521 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
522 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13522 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13
523 ············_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1523 ············_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1
524 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2524 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
525 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093525 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
526 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2526 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 527 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 528 SSH_CONF="/etc/sysconfig/sshd"
  
 529 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
527 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8530 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
528 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low531 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
529 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium532 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
530 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true533 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
531 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable534 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable
532 -·name:·Configure·SSH·to·use·System·Crypto·Policy535 -·name:·Configure·SSH·to·use·System·Crypto·Policy
533 ··lineinfile:536 ··lineinfile:
Max diff block lines reached; 272597/278035 bytes (98.04%) of diff not shown.
3.15 MB
./usr/share/doc/ssg-nondebian/ssg-anolis8-guide-standard.html
    
Offset 15086, 95 lines modifiedOffset 15086, 95 lines modified
0003aed0:·7461·7267·6574·3d22·2369·646d·3133·3636··target="#idm13660003aed0:·7461·7267·6574·3d22·2369·646d·3133·3636··target="#idm1366
0003aee0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003aee0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003aef0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003aef0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003af00:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003af00:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003af10:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003af10:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003af20:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003af20:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003af30:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003af30:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
 0003af40:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip
 0003af50:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><
 0003af60:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
 0003af70:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
 0003af80:·7365·2220·6964·3d22·6964·6d31·3336·3622··se"·id="idm1366"
0003af40:·696f·6e20·4f53·4275·696c·6420·426c·7565··ion·OSBuild·Blue 
0003af50:·7072·696e·7420·736e·6970·7065·7420·e287··print·snippet·.. 
0003af60:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003af70:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003af80:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003af90:·3d22·6964·6d31·3336·3622·3e3c·7072·653e··="idm1366"><pre> 
0003afa0:·3c63·6f64·653e·0a5b·5b70·6163·6b61·6765··<code>.[[package 
0003afb0:·735d·5d0a·6e61·6d65·203d·2022·6169·6465··s]].name·=·"aide 
0003afc0:·220a·7665·7273·696f·6e20·3d20·222a·220a··".version·=·"*". 
0003afd0:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003afe0:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn0003af90:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
 0003afa0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
 0003afb0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
 0003afc0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
 0003afd0:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
 0003afe0:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
 0003aff0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003b000:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
 0003b010:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003b020:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
 0003b030:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
 0003b040:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
 0003b050:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
 0003b060:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td
 0003b070:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
 0003b080:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
 0003b090:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
 0003b0a0:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
 0003b0b0:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
 0003b0c0:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
0003aff0:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003b000:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003b010:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003b020:·3d22·2369·646d·3133·3637·2220·7461·6269··="#idm1367"·tabi 
0003b030:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003b040:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003b050:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003b060:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003b070:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003b080:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An 
0003b090:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·.. 
0003b0a0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003b0b0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003b0c0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003b0d0:·3d22·6964·6d31·3336·3722·3e3c·7461·626c··="idm1367"><tabl 
0003b0e0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003b0f0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003b100:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003b110:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003b120:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003b130:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b140:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003b150:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003b160:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003b170:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003b180:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003b190:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003b1a0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003b1b0:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003b1c0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003b1d0:·6465·3e2d·206e·616d·653a·2047·6174·6865··de>-·name:·Gathe 
0003b1e0:·7220·7468·6520·7061·636b·6167·6520·6661··r·the·package·fa 
0003b1f0:·6374·730a·2020·7061·636b·6167·655f·6661··cts.··package_fa 
0003b200:·6374·733a·0a20·2020·206d·616e·6167·6572··cts:.····manager 
0003b210:·3a20·6175·746f·0a20·2074·6167·733a·0a20··:·auto.··tags:.· 
0003b220:·202d·2043·4a49·532d·352e·3130·2e31·2e33···-·CJIS-5.10.1.3 
0003b230:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53 
0003b240:·2d43·4d2d·3628·6129·0a20·202d·2050·4349··-CM-6(a).··-·PCI 
0003b250:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.·· 
0003b260:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.5 
0003b270:·2e32·0a20·202d·2065·6e61·626c·655f·7374··.2.··-·enable_st 
0003b280:·7261·7465·6779·0a20·202d·206c·6f77·5f63··rategy.··-·low_c 
0003b290:·6f6d·706c·6578·6974·790a·2020·2d20·6c6f··omplexity.··-·lo 
0003b2a0:·775f·6469·7372·7570·7469·6f6e·0a20·202d··w_disruption.··- 
0003b2b0:·206d·6564·6975·6d5f·7365·7665·7269·7479···medium_severity 
0003b2c0:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n 
0003b2d0:·6565·6465·640a·2020·2d20·7061·636b·6167··eeded.··-·packag 
0003b2e0:·655f·6169·6465·5f69·6e73·7461·6c6c·6564··e_aide_installed 
0003b2f0:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure 
0003b300:·2061·6964·6520·6973·2069·6e73·7461·6c6c···aide·is·install 
0003b310:·6564·0a20·2070·6163·6b61·6765·3a0a·2020··ed.··package:.·· 
0003b320:·2020·6e61·6d65·3a20·6169·6465·0a20·2020····name:·aide.··· 
0003b330:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present. 
0003b340:·2020·7768·656e·3a20·2722·6b65·726e·656c····when:·'"kernel 
0003b350:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
0003b360:·7473·2e70·6163·6b61·6765·7327·0a20·2074··ts.packages'.··t 
0003b370:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.0003b0d0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
0003b380:·3130·2e31·2e33·0a20·202d·204e·4953·542d··10.1.3.··-·NIST-0003b0e0:·3130·2e31·2e33·0a20·202d·204e·4953·542d··10.1.3.··-·NIST-
0003b390:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·0003b0f0:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·
0003b3a0:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-10003b100:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1
0003b3b0:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv0003b110:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv
0003b3c0:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena0003b120:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena
0003b3d0:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··-0003b130:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··-
0003b3e0:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity.0003b140:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity.
0003b3f0:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti0003b150:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti
0003b400:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se0003b160:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se
0003b410:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re0003b170:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re
0003b420:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003b180:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·
0003b430:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins0003b190:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins
0003b440:·7461·6c6c·6564·0a3c·2f63·6f64·653e·3c2f··talled.</code></0003b1a0:·7461·6c6c·6564·0a0a·2d20·6e61·6d65·3a20··talled..-·name:·
 0003b1b0:·456e·7375·7265·2061·6964·6520·6973·2069··Ensure·aide·is·i
 0003b1c0:·6e73·7461·6c6c·6564·0a20·2070·6163·6b61··nstalled.··packa
 0003b1d0:·6765·3a0a·2020·2020·6e61·6d65·3a20·6169··ge:.····name:·ai
 0003b1e0:·6465·0a20·2020·2073·7461·7465·3a20·7072··de.····state:·pr
 0003b1f0:·6573·656e·740a·2020·7768·656e·3a20·2722··esent.··when:·'"
 0003b200:·6b65·726e·656c·2220·696e·2061·6e73·6962··kernel"·in·ansib
 0003b210:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 0003b220:·7327·0a20·2074·6167·733a·0a20·202d·2043··s'.··tags:.··-·C
 0003b230:·4a49·532d·352e·3130·2e31·2e33·0a20·202d··JIS-5.10.1.3.··-
 0003b240:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
 0003b250:·3628·6129·0a20·202d·2050·4349·2d44·5353··6(a).··-·PCI-DSS
 0003b260:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC
 0003b270:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·
 0003b280:·202d·2065·6e61·626c·655f·7374·7261·7465···-·enable_strate
 0003b290:·6779·0a20·202d·206c·6f77·5f63·6f6d·706c··gy.··-·low_compl
Max diff block lines reached; 2976277/2988033 bytes (99.61%) of diff not shown.
310 KB
html2text {}
    
Offset 126, 19 lines modifiedOffset 126, 14 lines modified
126 include·install_aide126 include·install_aide
  
127 class·install_aide·{127 class·install_aide·{
128 ··package·{·'aide':128 ··package·{·'aide':
129 ····ensure·=>·'installed',129 ····ensure·=>·'installed',
130 ··}130 ··}
131 }131 }
132 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
133 [[packages]] 
134 name·=·"aide" 
135 version·=·"*" 
136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8132 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low133 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low134 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false135 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable136 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
141 -·name:·Gather·the·package·facts137 -·name:·Gather·the·package·facts
142 ··package_facts:138 ··package_facts:
Offset 167, 14 lines modifiedOffset 162, 19 lines modified
167 ··-·PCI-DSSv4-11.5.2162 ··-·PCI-DSSv4-11.5.2
168 ··-·enable_strategy163 ··-·enable_strategy
169 ··-·low_complexity164 ··-·low_complexity
170 ··-·low_disruption165 ··-·low_disruption
171 ··-·medium_severity166 ··-·medium_severity
172 ··-·no_reboot_needed167 ··-·no_reboot_needed
173 ··-·package_aide_installed168 ··-·package_aide_installed
 169 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 170 [[packages]]
 171 name·=·"aide"
 172 version·=·"*"
174 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*173 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
175 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of174 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of
176 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:175 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:
177 05·4·*·*·*·root·/usr/sbin/aide·--check176 05·4·*·*·*·root·/usr/sbin/aide·--check
178 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/177 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/
179 crontab:178 crontab:
180 05·4·*·*·0·root·/usr/sbin/aide·--check179 05·4·*·*·0·root·/usr/sbin/aide·--check
Offset 387, 14 lines modifiedOffset 387, 33 lines modified
387 ············_\x8i_\x8s_\x8m······1446387 ············_\x8i_\x8s_\x8m······1446
388 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1388 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
389 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)389 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
390 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,390 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,
391 ·····················FCS_TLSC_EXT.1391 ·····················FCS_TLSC_EXT.1
392 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174392 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
393 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2393 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 394 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 395 var_system_crypto_policy='DEFAULT'
  
  
 396 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 397 rc=$?
  
 398 if·test·"$rc"·=·127;·then
 399 »       echo·"$stderr_of_call"·>&2
 400 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 401 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 402 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 403 »       false··#·end·with·an·error·code
 404 elif·test·"$rc"·!=·0;·then
 405 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 406 »       false··#·end·with·an·error·code
 407 fi
394 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8408 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
395 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low409 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
396 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low410 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
397 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false411 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
398 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict412 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
399 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable413 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
400 ··set_fact:414 ··set_fact:
Offset 439, 33 lines modifiedOffset 458, 14 lines modified
439 ··-·PCI-DSSv4-2.2.7458 ··-·PCI-DSSv4-2.2.7
440 ··-·configure_crypto_policy459 ··-·configure_crypto_policy
441 ··-·high_severity460 ··-·high_severity
442 ··-·low_complexity461 ··-·low_complexity
443 ··-·low_disruption462 ··-·low_disruption
444 ··-·no_reboot_needed463 ··-·no_reboot_needed
445 ··-·restrict_strategy464 ··-·restrict_strategy
446 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
447 var_system_crypto_policy='DEFAULT' 
  
  
448 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
449 rc=$? 
  
450 if·test·"$rc"·=·127;·then 
451 »       echo·"$stderr_of_call"·>&2 
452 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
453 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
454 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
455 »       false··#·end·with·an·error·code 
456 elif·test·"$rc"·!=·0;·then 
457 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
458 »       false··#·end·with·an·error·code 
459 fi 
460 Group  ·Updating·Software·  Group·contains·1·rule465 Group  ·Updating·Software·  Group·contains·1·rule
461 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·yum·command·line·tool·is·used·to·install·and·update·software·packages.·The·system·also466 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·yum·command·line·tool·is·used·to·install·and·update·software·packages.·The·system·also
462 provides·a·graphical·software·update·tool·in·the·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·menu,·in·the·A\x8Ad\x8dm\x8mi\x8in\x8ni\x8is\x8st\x8tr\x8ra\x8at\x8ti\x8io\x8on\x8n·submenu,·called467 provides·a·graphical·software·update·tool·in·the·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·menu,·in·the·A\x8Ad\x8dm\x8mi\x8in\x8ni\x8is\x8st\x8tr\x8ra\x8at\x8ti\x8io\x8on\x8n·submenu,·called
463 S\x8So\x8of\x8ft\x8tw\x8wa\x8ar\x8re\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8e.468 S\x8So\x8of\x8ft\x8tw\x8wa\x8ar\x8re\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8e.
  
464 Anolis·OS·8·systems·contain·an·installed·software·catalog·called·the·RPM·database,·which·records469 Anolis·OS·8·systems·contain·an·installed·software·catalog·called·the·RPM·database,·which·records
465 metadata·of·installed·packages.·Consistently·using·yum·or·the·graphical·S\x8So\x8of\x8ft\x8tw\x8wa\x8ar\x8re\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8e·for·all470 metadata·of·installed·packages.·Consistently·using·yum·or·the·graphical·S\x8So\x8of\x8ft\x8tw\x8wa\x8ar\x8re\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8e·for·all
Offset 670, 14 lines modifiedOffset 670, 20 lines modified
670 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the670 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the
671 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent671 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent
672 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,672 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,
673 ···········standards,·and·guidance.673 ···········standards,·and·guidance.
674 ···········Proper·group·ownership·will·ensure·that·only·root·user·can·modify·the·banner.674 ···········Proper·group·ownership·will·ensure·that·only·root·user·can·modify·the·banner.
675 Severity: ·medium675 Severity: ·medium
676 Rule·ID:···xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue676 Rule·ID:···xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue
 677 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 678 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 679 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 680 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 681 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
 682 chgrp·0·/etc/issue
677 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8683 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
678 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low684 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
679 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low685 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
680 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false686 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
681 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure687 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
682 -·name:·Test·for·existence·/etc/issue688 -·name:·Test·for·existence·/etc/issue
Max diff block lines reached; 311775/317227 bytes (98.28%) of diff not shown.
23.8 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-anssi_bp28_enhanced.html
    
Offset 15320, 283 lines modifiedOffset 15320, 283 lines modified
0003bd70:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe0003bd70:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003bd80:·743d·2223·6964·6d38·3031·3222·2074·6162··t="#idm8012"·tab0003bd80:·743d·2223·6964·6d38·3031·3222·2074·6162··t="#idm8012"·tab
0003bd90:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="0003bd90:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003bda0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp0003bda0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003bdb0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti0003bdb0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003bdc0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to0003bdc0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003bdd0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#0003bdd0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003bde0:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A0003bde0:·2122·3e52·656d·6564·6961·7469·6f6e·2073··!">Remediation·s
0003bdf0:·6e61·636f·6e64·6120·736e·6970·7065·7420··naconda·snippet· 
0003be00:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003be10:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003be20:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003be30:·6964·3d22·6964·6d38·3031·3222·3e3c·7461··id="idm8012"><ta 
0003be40:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003be50:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003be60:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
0003be70:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
0003be80:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
0003be90:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</ 
0003bea0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003beb0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
0003bec0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003bed0:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003bee0:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</ 
0003bef0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003bf00:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t 
0003bf10:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t 
0003bf20:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003bf30:·636f·6465·3e0a·7061·636b·6167·6520·2d2d··code>.package·-- 
0003bf40:·6164·643d·6169·6465·0a3c·2f63·6f64·653e··add=aide.</code> 
0003bf50:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003bf60:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003bf70:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003bf80:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003bf90:·7461·2d74·6172·6765·743d·2223·6964·6d38··ta-target="#idm8 
0003bfa0:·3031·3322·2074·6162·696e·6465·783d·2230··013"·tabindex="0 
0003bfb0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003bfc0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003bfd0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003bfe0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003bff0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003c000:·6961·7469·6f6e·2050·7570·7065·7420·736e··iation·Puppet·sn 
0003c010:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br0003bdf0:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br
0003c020:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan0003be00:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003c030:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll0003be10:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003c040:·6170·7365·2220·6964·3d22·6964·6d38·3031··apse"·id="idm801 
0003c050:·3322·3e3c·7461·626c·6520·636c·6173·733d··3"><table·class= 
0003c060:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str 
0003c070:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde 
0003c080:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden 
0003c090:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com 
0003c0a0:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td 
0003c0b0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003c0c0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption 
0003c0d0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003c0e0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R 
0003c0f0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f 
0003c100:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t 
0003c110:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:< 
0003c120:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</ 
0003c130:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table> 
0003c140:·3c70·7265·3e3c·636f·6465·3e69·6e63·6c75··<pre><code>inclu 
0003c150:·6465·2069·6e73·7461·6c6c·5f61·6964·650a··de·install_aide. 
0003c160:·0a63·6c61·7373·2069·6e73·7461·6c6c·5f61··.class·install_a 
0003c170:·6964·6520·7b0a·2020·7061·636b·6167·6520··ide·{.··package· 
0003c180:·7b20·2761·6964·6527·3a0a·2020·2020·656e··{·'aide':.····en 
0003c190:·7375·7265·203d·2667·743b·2027·696e·7374··sure·=&gt;·'inst 
0003c1a0:·616c·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f··alled',.··}.}.</ 
0003c1b0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003c1c0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003c1d0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003c1e0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003c1f0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003c200:·2369·646d·3830·3134·2220·7461·6269·6e64··#idm8014"·tabind 
0003c210:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003c220:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003c230:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003c240:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003c250:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003c260:·5265·6d65·6469·6174·696f·6e20·4f53·4275··Remediation·OSBu 
0003c270:·696c·6420·426c·7565·7072·696e·7420·736e··ild·Blueprint·sn 
0003c280:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br 
0003c290:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003c2a0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003c2b0:·6170·7365·2220·6964·3d22·6964·6d38·3031··apse"·id="idm8010003be20:·6170·7365·2220·6964·3d22·6964·6d38·3031··apse"·id="idm801
0003c2c0:·3422·3e3c·7072·653e·3c63·6f64·653e·0a5b··4"><pre><code>.[ 
0003c2d0:·5b70·6163·6b61·6765·735d·5d0a·6e61·6d65··[packages]].name 
0003c2e0:·203d·2022·6169·6465·220a·7665·7273·696f···=·"aide".versio 
0003c2f0:·6e20·3d20·222a·220a·3c2f·636f·6465·3e3c··n·=·"*".</code>< 
0003c300:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003c310:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003c320:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003c330:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003c340:·612d·7461·7267·6574·3d22·2369·646d·3830··a-target="#idm80 
0003c350:·3135·2220·7461·6269·6e64·6578·3d22·3022··15"·tabindex="0" 
0003c360:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003c370:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003c380:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003c390:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003c3a0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi0003be30:·3222·3e3c·7461·626c·6520·636c·6173·733d··2"><table·class=
 0003be40:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
 0003be50:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
 0003be60:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
 0003be70:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
 0003be80:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
 0003be90:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003bea0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
 0003beb0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003bec0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
 0003bed0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
 0003bee0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
 0003bef0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
 0003bf00:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
 0003bf10:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
 0003bf20:·3c70·7265·3e3c·636f·6465·3e0a·646e·6620··<pre><code>.dnf·
 0003bf30:·696e·7374·616c·6c20·6169·6465·0a3c·2f63··install·aide.</c
 0003bf40:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div>
 0003bf50:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt
 0003bf60:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data-
 0003bf70:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse
 0003bf80:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
 0003bf90:·6964·6d38·3031·3322·2074·6162·696e·6465··idm8013"·tabinde
 0003bfa0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
 0003bfb0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
 0003bfc0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
 0003bfd0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
 0003bfe0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
Max diff block lines reached; 22839958/22877660 bytes (99.84%) of diff not shown.
1.99 MB
html2text {}
Max HTML report size reached
24.1 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-anssi_bp28_high.html
    
Offset 15326, 282 lines modifiedOffset 15326, 282 lines modified
0003bdd0:·7267·6574·3d22·2369·646d·3830·3132·2220··rget="#idm8012"·0003bdd0:·7267·6574·3d22·2369·646d·3830·3132·2220··rget="#idm8012"·
0003bde0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003bde0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003bdf0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003bdf0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003be00:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003be00:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003be10:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003be10:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003be20:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003be20:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003be30:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003be30:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003be40:·6e20·416e·6163·6f6e·6461·2073·6e69·7070··n·Anaconda·snipp 
0003be50:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d 
0003be60:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003be70:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003be80:·6522·2069·643d·2269·646d·3830·3132·223e··e"·id="idm8012"> 
0003be90:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta 
0003bea0:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe 
0003beb0:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered 
0003bec0:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed 
0003bed0:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple 
0003bee0:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo 
0003bef0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003bf00:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</ 
0003bf10:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003bf20:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo 
0003bf30:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals 
0003bf40:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr>< 
0003bf50:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th 
0003bf60:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td> 
0003bf70:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
0003bf80:·653e·3c63·6f64·653e·0a70·6163·6b61·6765··e><code>.package 
0003bf90:·202d·2d61·6464·3d61·6964·650a·3c2f·636f···--add=aide.</co 
0003bfa0:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003bfb0:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003bfc0:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003bfd0:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003bfe0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003bff0:·646d·3830·3133·2220·7461·6269·6e64·6578··dm8013"·tabindex 
0003c000:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003c010:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003c020:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003c030:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003c040:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003c050:·6d65·6469·6174·696f·6e20·5075·7070·6574··mediation·Puppet 
0003c060:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>0003be40:·6e20·7363·7269·7074·20e2·87b2·3c2f·613e··n·script·...</a>
0003c070:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003c080:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003c090:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003c0a0:·3830·3133·223e·3c74·6162·6c65·2063·6c61··8013"><table·cla 
0003c0b0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003c0c0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003c0d0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003c0e0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003c0f0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003c100:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003c110:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003c120:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003c130:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003c140:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003c150:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003c160:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003c170:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003c180:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003c190:·6c65·3e3c·7072·653e·3c63·6f64·653e·696e··le><pre><code>in 
0003c1a0:·636c·7564·6520·696e·7374·616c·6c5f·6169··clude·install_ai 
0003c1b0:·6465·0a0a·636c·6173·7320·696e·7374·616c··de..class·instal 
0003c1c0:·6c5f·6169·6465·207b·0a20·2070·6163·6b61··l_aide·{.··packa 
0003c1d0:·6765·207b·2027·6169·6465·273a·0a20·2020··ge·{·'aide':.··· 
0003c1e0:·2065·6e73·7572·6520·3d26·6774·3b20·2769···ensure·=&gt;·'i 
0003c1f0:·6e73·7461·6c6c·6564·272c·0a20·207d·0a7d··nstalled',.··}.} 
0003c200:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003c210:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003c220:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003c230:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003c240:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
0003c250:·743d·2223·6964·6d38·3031·3422·2074·6162··t="#idm8014"·tab 
0003c260:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003c270:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003c280:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003c290:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003c2a0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003c2b0:·2122·3e52·656d·6564·6961·7469·6f6e·204f··!">Remediation·O 
0003c2c0:·5342·7569·6c64·2042·6c75·6570·7269·6e74··SBuild·Blueprint 
0003c2d0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003c2e0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="0003be50:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003c2f0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c0003be60:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003c300:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm0003be70:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
 0003be80:·3830·3132·223e·3c74·6162·6c65·2063·6c61··8012"><table·cla
 0003be90:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
 0003bea0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
 0003beb0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
 0003bec0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
 0003bed0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003c310:·3830·3134·223e·3c70·7265·3e3c·636f·6465··8014"><pre><code 
0003c320:·3e0a·5b5b·7061·636b·6167·6573·5d5d·0a6e··>.[[packages]].n 
0003c330:·616d·6520·3d20·2261·6964·6522·0a76·6572··ame·=·"aide".ver 
0003c340:·7369·6f6e·203d·2022·2a22·0a3c·2f63·6f64··sion·=·"*".</cod 
0003c350:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003c360:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003c370:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003c380:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003c390:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003c3a0:·6d38·3031·3522·2074·6162·696e·6465·783d··m8015"·tabindex= 
0003c3b0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003c3c0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003c3d0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003c3e0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003c3f0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003c400:·6564·6961·7469·6f6e·2073·6372·6970·7420··ediation·script· 
0003c410:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003c420:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003c430:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003c440:·6964·3d22·6964·6d38·3031·3522·3e3c·7461··id="idm8015"><ta 
0003c450:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003c460:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003c470:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
0003c480:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
0003c490:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
0003c4a0:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</ 
0003c4b0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003c4c0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
0003c4d0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr0003bee0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
0003c4e0:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003c4f0:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</0003bef0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
 0003bf00:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low
0003c500:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>0003bf10:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003c510:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t 
0003c520:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t 
0003c530:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003c540:·636f·6465·3e0a·7061·636b·6167·6520·696e··code>.package·in 
Max diff block lines reached; 23130709/23168273 bytes (99.84%) of diff not shown.
2.02 MB
html2text {}
Max HTML report size reached
10.5 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-anssi_bp28_intermediary.html
    
Offset 15316, 283 lines modifiedOffset 15316, 283 lines modified
0003bd30:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003bd30:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003bd40:·2369·646d·3830·3132·2220·7461·6269·6e64··#idm8012"·tabind0003bd40:·2369·646d·3830·3132·2220·7461·6269·6e64··#idm8012"·tabind
0003bd50:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003bd50:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003bd60:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003bd60:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003bd70:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003bd70:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003bd80:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003bd80:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
0003bd90:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003bd90:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003bda0:·5265·6d65·6469·6174·696f·6e20·416e·6163··Remediation·Anac0003bda0:·5265·6d65·6469·6174·696f·6e20·7363·7269··Remediation·scri
0003bdb0:·6f6e·6461·2073·6e69·7070·6574·20e2·87b2··onda·snippet·... 
0003bdc0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003bdd0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003bde0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003bdf0:·2269·646d·3830·3132·223e·3c74·6162·6c65··"idm8012"><table 
0003be00:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003be10:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003be20:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003be30:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003be40:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
0003be50:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003be60:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis 
0003be70:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td 
0003be80:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003be90:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
0003bea0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003beb0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003bec0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e 
0003bed0:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr>< 
0003bee0:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod 
0003bef0:·653e·0a70·6163·6b61·6765·202d·2d61·6464··e>.package·--add 
0003bf00:·3d61·6964·650a·3c2f·636f·6465·3e3c·2f70··=aide.</code></p 
0003bf10:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003bf20:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
0003bf30:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
0003bf40:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
0003bf50:·7461·7267·6574·3d22·2369·646d·3830·3133··target="#idm8013 
0003bf60:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
0003bf70:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
0003bf80:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
0003bf90:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
0003bfa0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
0003bfb0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat 
0003bfc0:·696f·6e20·5075·7070·6574·2073·6e69·7070··ion·Puppet·snipp 
0003bfd0:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d0003bdb0:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
0003bfe0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-0003bdc0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0003bff0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps0003bdd0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
0003c000:·6522·2069·643d·2269·646d·3830·3133·223e··e"·id="idm8013">0003bde0:·6522·2069·643d·2269·646d·3830·3132·223e··e"·id="idm8012">
0003c010:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta0003bdf0:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
0003c020:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe0003be00:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
0003c030:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered0003be10:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
0003c040:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed0003be20:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
0003c050:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple0003be30:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
0003c060:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo0003be40:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo
0003c070:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><0003be50:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
0003c080:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</0003be60:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
0003c090:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><0003be70:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
0003c0a0:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo0003be80:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo
0003c0b0:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals0003be90:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals
0003c0c0:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><0003bea0:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><
0003c0d0:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th0003beb0:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
0003c0e0:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td>0003bec0:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td>
0003c0f0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr0003bed0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
 0003bee0:·653e·3c63·6f64·653e·0a64·6e66·2069·6e73··e><code>.dnf·ins
 0003bef0:·7461·6c6c·2061·6964·650a·3c2f·636f·6465··tall·aide.</code
 0003bf00:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
 0003bf10:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
 0003bf20:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
 0003bf30:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
 0003bf40:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
 0003bf50:·3830·3133·2220·7461·6269·6e64·6578·3d22··8013"·tabindex="
 0003bf60:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
 0003bf70:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
 0003bf80:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
 0003bf90:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
 0003bfa0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
 0003bfb0:·6469·6174·696f·6e20·5075·7070·6574·2073··diation·Puppet·s
 0003bfc0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b
 0003bfd0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
 0003bfe0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
 0003bff0:·6c61·7073·6522·2069·643d·2269·646d·3830··lapse"·id="idm80
 0003c000:·3133·223e·3c74·6162·6c65·2063·6c61·7373··13"><table·class
 0003c010:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
 0003c020:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
 0003c030:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
 0003c040:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
 0003c050:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
 0003c060:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
 0003c070:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio
 0003c080:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</
 0003c090:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003c0a0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>
 0003c0b0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><
 0003c0c0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
 0003c0d0:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable<
 0003c0e0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
0003c100:·653e·3c63·6f64·653e·696e·636c·7564·6520··e><code>include·0003c0f0:·3e3c·7072·653e·3c63·6f64·653e·696e·636c··><pre><code>incl
0003c110:·696e·7374·616c·6c5f·6169·6465·0a0a·636c··install_aide..cl 
0003c120:·6173·7320·696e·7374·616c·6c5f·6169·6465··ass·install_aide0003c100:·7564·6520·696e·7374·616c·6c5f·6169·6465··ude·install_aide
 0003c110:·0a0a·636c·6173·7320·696e·7374·616c·6c5f··..class·install_
0003c130:·207b·0a20·2070·6163·6b61·6765·207b·2027···{.··package·{·'0003c120:·6169·6465·207b·0a20·2070·6163·6b61·6765··aide·{.··package
0003c140:·6169·6465·273a·0a20·2020·2065·6e73·7572··aide':.····ensur0003c130:·207b·2027·6169·6465·273a·0a20·2020·2065···{·'aide':.····e
0003c150:·6520·3d26·6774·3b20·2769·6e73·7461·6c6c··e·=&gt;·'install0003c140:·6e73·7572·6520·3d26·6774·3b20·2769·6e73··nsure·=&gt;·'ins
0003c160:·6564·272c·0a20·207d·0a7d·0a3c·2f63·6f64··ed',.··}.}.</cod0003c150:·7461·6c6c·6564·272c·0a20·207d·0a7d·0a3c··talled',.··}.}.<
0003c170:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a0003c160:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
0003c180:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-0003c170:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
0003c190:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to0003c180:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
0003c1a0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·0003c190:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
0003c1b0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003c1a0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003c1c0:·6d38·3031·3422·2074·6162·696e·6465·783d··m8014"·tabindex=0003c1b0:·2223·6964·6d38·3031·3422·2074·6162·696e··"#idm8014"·tabin
0003c1d0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003c1c0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003c1e0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003c1d0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003c1f0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003c1e0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003c200:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003c1f0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003c210:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003c200:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
 0003c210:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
0003c220:·6564·6961·7469·6f6e·204f·5342·7569·6c64··ediation·OSBuild 
0003c230:·2042·6c75·6570·7269·6e74·2073·6e69·7070···Blueprint·snipp 
0003c240:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d 
0003c250:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003c260:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003c270:·6522·2069·643d·2269·646d·3830·3134·223e··e"·id="idm8014"> 
0003c280:·3c70·7265·3e3c·636f·6465·3e0a·5b5b·7061··<pre><code>.[[pa 
0003c290:·636b·6167·6573·5d5d·0a6e·616d·6520·3d20··ckages]].name·=· 
0003c2a0:·2261·6964·6522·0a76·6572·7369·6f6e·203d··"aide".version·= 
0003c2b0:·2022·2a22·0a3c·2f63·6f64·653e·3c2f·7072···"*".</code></pr 
0003c2c0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003c2d0:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003c2e0:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
Max diff block lines reached; 9837059/9874761 bytes (99.62%) of diff not shown.
1.06 MB
html2text {}
    
Offset 147, 52 lines modifiedOffset 147, 48 lines modified
147 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3147 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
148 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5148 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
149 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199149 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
150 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79150 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
151 ············_\x8c_\x8i_\x8s············5.3.1151 ············_\x8c_\x8i_\x8s············5.3.1
152 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2152 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
153 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule153 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
154 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8154 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
155 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low155 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
156 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low156 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
157 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false157 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
158 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable158 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
159 package·--add=aide159 dnf·install·aide
160 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8160 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
161 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low161 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
162 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low162 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
163 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false163 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
164 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable164 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
165 include·install_aide165 include·install_aide
  
166 class·install_aide·{166 class·install_aide·{
167 ··package·{·'aide':167 ··package·{·'aide':
168 ····ensure·=>·'installed',168 ····ensure·=>·'installed',
169 ··}169 ··}
170 }170 }
171 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
172 [[packages]] 
173 name·=·"aide" 
174 version·=·"*" 
175 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8171 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
176 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low172 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
177 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low173 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
178 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false174 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
179 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable175 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 176 #·Remediation·is·applicable·only·in·certain·platforms
 177 if·rpm·--quiet·-q·kernel;·then
  
 178 if·!·rpm·-q·--quiet·"aide"·;·then
 179 ····yum·install·-y·"aide"
 180 fi
180 package·install·aide 
181 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
182 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
183 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
184 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
185 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
186 dnf·install·aide181 else
 182 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 183 fi
187 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
188 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low185 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
189 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low186 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
190 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false187 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
191 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable188 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
192 -·name:·Gather·the·package·facts189 -·name:·Gather·the·package·facts
193 ··package_facts:190 ··package_facts:
Offset 223, 29 lines modifiedOffset 219, 33 lines modified
223 ··-·PCI-DSSv4-11.5.2219 ··-·PCI-DSSv4-11.5.2
224 ··-·enable_strategy220 ··-·enable_strategy
225 ··-·low_complexity221 ··-·low_complexity
226 ··-·low_disruption222 ··-·low_disruption
227 ··-·medium_severity223 ··-·medium_severity
228 ··-·no_reboot_needed224 ··-·no_reboot_needed
229 ··-·package_aide_installed225 ··-·package_aide_installed
 226 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 227 [[packages]]
 228 name·=·"aide"
 229 version·=·"*"
230 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8230 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
231 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low231 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
232 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low232 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
233 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false233 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
234 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable234 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
235 #·Remediation·is·applicable·only·in·certain·platforms 
236 if·rpm·--quiet·-q·kernel;·then 
  
237 if·!·rpm·-q·--quiet·"aide"·;·then 
238 ····yum·install·-y·"aide" 
239 fi235 package·install·aide
 236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 237 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 238 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 239 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 240 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 241 package·--add=aide
240 else 
241 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
242 fi 
243 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*242 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
244 Run·the·following·command·to·generate·a·new·database:243 Run·the·following·command·to·generate·a·new·database:
245 $·sudo·/usr/sbin/aide·--init244 $·sudo·/usr/sbin/aide·--init
246 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the245 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the
247 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these246 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these
248 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their247 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
249 integrity.·The·newly-generated·database·can·be·installed·as·follows:248 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 271, 14 lines modifiedOffset 271, 28 lines modified
271 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3271 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
272 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5272 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
273 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199273 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
274 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79274 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
275 ············_\x8c_\x8i_\x8s············5.3.1275 ············_\x8c_\x8i_\x8s············5.3.1
276 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2276 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
277 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule277 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
 278 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 279 #·Remediation·is·applicable·only·in·certain·platforms
 280 if·rpm·--quiet·-q·kernel;·then
  
 281 if·!·rpm·-q·--quiet·"aide"·;·then
 282 ····yum·install·-y·"aide"
 283 fi
  
 284 /usr/sbin/aide·--init
 285 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 286 else
 287 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 288 fi
278 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8289 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
279 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low290 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
280 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low291 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
281 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false292 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
282 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict293 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1109871/1115087 bytes (99.53%) of diff not shown.
3.49 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-anssi_bp28_minimal.html
    
Offset 14991, 295 lines modifiedOffset 14991, 295 lines modified
0003a8e0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003a8e0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003a8f0:·6d31·3332·3531·2220·7461·6269·6e64·6578··m13251"·tabindex0003a8f0:·6d31·3332·3531·2220·7461·6269·6e64·6578··m13251"·tabindex
0003a900:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003a900:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003a910:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003a910:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003a920:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003a920:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003a930:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003a930:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003a940:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003a940:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003a950:·6d65·6469·6174·696f·6e20·416e·6163·6f6e··mediation·Anacon0003a950:·6d65·6469·6174·696f·6e20·7363·7269·7074··mediation·script
 0003a960:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
 0003a970:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
 0003a980:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
 0003a990:·2069·643d·2269·646d·3133·3235·3122·3e3c···id="idm13251"><
 0003a9a0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
 0003a9b0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
 0003a9c0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
 0003a9d0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
 0003a9e0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
 0003a9f0:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
 0003aa00:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003aa10:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
0003a960:·6461·2073·6e69·7070·6574·20e2·87b2·3c2f··da·snippet·...</ 
0003a970:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003a980:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003a990:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003a9a0:·646d·3133·3235·3122·3e3c·7461·626c·6520··dm13251"><table· 
0003a9b0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003a9c0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003a9d0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003a9e0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003a9f0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003aa00:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003aa10:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003aa20:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003aa30:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003aa40:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003aa50:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003aa60:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003aa70:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003aa80:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003aa90:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003aaa0:·3e0a·7061·636b·6167·6520·2d2d·6164·643d··>.package·--add= 
0003aab0:·646e·662d·6175·746f·6d61·7469·630a·3c2f··dnf-automatic.</ 
0003aac0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003aad0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003aae0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003aaf0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003ab00:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003ab10:·2369·646d·3133·3235·3222·2074·6162·696e··#idm13252"·tabin 
0003ab20:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003ab30:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003ab40:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003ab50:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003ab60:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003ab70:·3e52·656d·6564·6961·7469·6f6e·2050·7570··>Remediation·Pup 
0003ab80:·7065·7420·736e·6970·7065·7420·e287·b23c··pet·snippet·...< 
0003ab90:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003aba0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003abb0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003abc0:·6964·6d31·3332·3532·223e·3c74·6162·6c65··idm13252"><table 
0003abd0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003abe0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003abf0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003ac00:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003ac10:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
0003ac20:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>0003aa20:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
0003ac30:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis0003aa30:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003ac40:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td0003aa40:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
0003ac50:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t0003aa50:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003aa60:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
 0003aa70:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><
 0003aa80:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
 0003aa90:·3e3c·636f·6465·3e0a·646e·6620·696e·7374··><code>.dnf·inst
0003ac60:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
0003ac70:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003ac80:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003ac90:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e 
0003aca0:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr>< 
0003acb0:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod 
0003acc0:·653e·696e·636c·7564·6520·696e·7374·616c··e>include·instal 
0003acd0:·6c5f·646e·662d·6175·746f·6d61·7469·630a··l_dnf-automatic.0003aaa0:·616c·6c20·646e·662d·6175·746f·6d61·7469··all·dnf-automati
0003ace0:·0a63·6c61·7373·2069·6e73·7461·6c6c·5f64··.class·install_d 
0003acf0:·6e66·2d61·7574·6f6d·6174·6963·207b·0a20··nf-automatic·{.· 
0003ad00:·2070·6163·6b61·6765·207b·2027·646e·662d···package·{·'dnf- 
0003ad10:·6175·746f·6d61·7469·6327·3a0a·2020·2020··automatic':.···· 
0003ad20:·656e·7375·7265·203d·2667·743b·2027·696e··ensure·=&gt;·'in 
0003ad30:·7374·616c·6c65·6427·2c0a·2020·7d0a·7d0a··stalled',.··}.}. 
0003ad40:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d0003aab0:·630a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··c.</code></pre><
0003ad50:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn0003aac0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b
0003ad60:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da0003aad0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"·
0003ad70:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla0003aae0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col
0003ad80:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003aaf0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ
0003ad90:·3d22·2369·646d·3133·3235·3322·2074·6162··="#idm13253"·tab 
0003ada0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003adb0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003adc0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003add0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003ade0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003adf0:·2122·3e52·656d·6564·6961·7469·6f6e·204f··!">Remediation·O 
0003ae00:·5342·7569·6c64·2042·6c75·6570·7269·6e74··SBuild·Blueprint 
0003ae10:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003ae20:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003ae30:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003ae40:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003ae50:·3133·3235·3322·3e3c·7072·653e·3c63·6f64··13253"><pre><cod 
0003ae60:·653e·0a5b·5b70·6163·6b61·6765·735d·5d0a··e>.[[packages]]. 
0003ae70:·6e61·6d65·203d·2022·646e·662d·6175·746f··name·=·"dnf-auto 
0003ae80:·6d61·7469·6322·0a76·6572·7369·6f6e·203d··matic".version·= 
0003ae90:·2022·2a22·0a3c·2f63·6f64·653e·3c2f·7072···"*".</code></pr 
0003aea0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003aeb0:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003aec0:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003aed0:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003aee0:·6172·6765·743d·2223·6964·6d31·3332·3534··arget="#idm13254 
0003aef0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
0003af00:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
0003af10:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
0003af20:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
0003af30:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
0003af40:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat 
0003af50:·696f·6e20·7363·7269·7074·20e2·87b2·3c2f··ion·script·...</ 
0003af60:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003af70:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003af80:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003af90:·646d·3133·3235·3422·3e3c·7461·626c·6520··dm13254"><table· 
0003afa0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003afb0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003afc0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
Max diff block lines reached; 3377446/3416804 bytes (98.85%) of diff not shown.
238 KB
html2text {}
    
Offset 112, 52 lines modifiedOffset 112, 49 lines modified
112 Rationale:··dnf-automatic·is·an·alternative·command·line·interface·(CLI)·to·dnf·upgrade112 Rationale:··dnf-automatic·is·an·alternative·command·line·interface·(CLI)·to·dnf·upgrade
113 ············suitable·for·automatic,·regular·execution.113 ············suitable·for·automatic,·regular·execution.
114 Severity: ··medium114 Severity: ··medium
115 Rule·ID:····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed115 Rule·ID:····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed
116 ············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.2116 ············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.2
117 References:·_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-00080117 References:·_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-00080
118 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61118 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
124 package·--add=dnf-automatic124 dnf·install·dnf-automatic
125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
126 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low126 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
127 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low127 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
128 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false128 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
129 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable129 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
130 include·install_dnf-automatic130 include·install_dnf-automatic
  
131 class·install_dnf-automatic·{131 class·install_dnf-automatic·{
132 ··package·{·'dnf-automatic':132 ··package·{·'dnf-automatic':
133 ····ensure·=>·'installed',133 ····ensure·=>·'installed',
134 ··}134 ··}
135 }135 }
136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
137 [[packages]] 
138 name·=·"dnf-automatic" 
139 version·=·"*" 
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 141 #·Remediation·is·applicable·only·in·certain·platforms
 142 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-
 143 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 144 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then
 145 ····yum·install·-y·"dnf-automatic"
 146 fi
145 package·install·dnf-automatic 
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
151 dnf·install·dnf-automatic147 else
 148 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 149 fi
152 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8150 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
153 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low151 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
154 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low152 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
155 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false153 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
156 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable154 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
157 -·name:·Gather·the·package·facts155 -·name:·Gather·the·package·facts
158 ··package_facts:156 ··package_facts:
Offset 181, 30 lines modifiedOffset 178, 33 lines modified
181 ··tags:178 ··tags:
182 ··-·enable_strategy179 ··-·enable_strategy
183 ··-·low_complexity180 ··-·low_complexity
184 ··-·low_disruption181 ··-·low_disruption
185 ··-·medium_severity182 ··-·medium_severity
186 ··-·no_reboot_needed183 ··-·no_reboot_needed
187 ··-·package_dnf-automatic_installed184 ··-·package_dnf-automatic_installed
 185 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 186 [[packages]]
 187 name·=·"dnf-automatic"
 188 version·=·"*"
188 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
189 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low190 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
190 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low191 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
191 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false192 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
192 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable193 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
193 #·Remediation·is·applicable·only·in·certain·platforms 
194 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·- 
195 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
196 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then 
197 ····yum·install·-y·"dnf-automatic" 
198 fi194 package·install·dnf-automatic
 195 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 196 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 197 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 198 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 199 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 200 package·--add=dnf-automatic
199 else 
200 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
201 fi 
202 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*201 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
203 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed202 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed
204 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/203 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/
205 automatic.conf.204 automatic.conf.
206 ············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation205 ············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation
207 ············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and206 ············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and
208 Rationale:··updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in207 Rationale:··updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in
Offset 214, 54 lines modifiedOffset 214, 14 lines modified
214 Severity: ··medium214 Severity: ··medium
215 Rule·ID:····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates215 Rule·ID:····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates
216 ············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495216 ············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495
217 ············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)217 ············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)
218 References:·_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1218 References:·_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1
219 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260219 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260
220 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61220 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
221 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
222 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
223 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
224 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
225 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···unknown 
226 -·name:·Gather·the·package·facts 
227 ··package_facts: 
228 ····manager:·auto 
229 ··tags: 
230 ··-·NIST-800-53-CM-6(a) 
231 ··-·NIST-800-53-SI-2(5) 
232 ··-·NIST-800-53-SI-2(c) 
233 ··-·dnf-automatic_apply_updates 
234 ··-·low_complexity 
235 ··-·medium_disruption 
236 ··-·medium_severity 
237 ··-·no_reboot_needed 
Max diff block lines reached; 237219/243416 bytes (97.45%) of diff not shown.
27.3 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis.html
    
Offset 15373, 283 lines modifiedOffset 15373, 283 lines modified
0003c0c0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003c0c0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003c0d0:·6964·6d38·3031·3222·2074·6162·696e·6465··idm8012"·tabinde0003c0d0:·6964·6d38·3031·3222·2074·6162·696e·6465··idm8012"·tabinde
0003c0e0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003c0e0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003c0f0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003c0f0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003c100:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003c100:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003c110:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003c110:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003c120:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003c120:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003c130:·656d·6564·6961·7469·6f6e·2041·6e61·636f··emediation·Anaco0003c130:·656d·6564·6961·7469·6f6e·2073·6372·6970··emediation·scrip
0003c140:·6e64·6120·736e·6970·7065·7420·e287·b23c··nda·snippet·...< 
0003c150:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003c160:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003c170:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003c180:·6964·6d38·3031·3222·3e3c·7461·626c·6520··idm8012"><table· 
0003c190:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003c1a0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003c1b0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003c1c0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003c1d0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003c1e0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003c1f0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003c200:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003c210:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003c220:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003c230:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003c240:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003c250:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003c260:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003c270:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003c280:·3e0a·7061·636b·6167·6520·2d2d·6164·643d··>.package·--add= 
0003c290:·6169·6465·0a3c·2f63·6f64·653e·3c2f·7072··aide.</code></pr 
0003c2a0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003c2b0:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003c2c0:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003c2d0:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003c2e0:·6172·6765·743d·2223·6964·6d38·3031·3322··arget="#idm8013" 
0003c2f0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003c300:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003c310:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003c320:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003c330:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003c340:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003c350:·6f6e·2050·7570·7065·7420·736e·6970·7065··on·Puppet·snippe 
0003c360:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di0003c140:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003c370:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003c380:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003c390:·2220·6964·3d22·6964·6d38·3031·3322·3e3c··"·id="idm8013">< 
0003c3a0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003c3b0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003c3c0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003c3d0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003c3e0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003c3f0:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003c400:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003c410:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003c420:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003c430:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003c440:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003c450:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003c460:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003c470:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003c480:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003c490:·3e3c·636f·6465·3e69·6e63·6c75·6465·2069··><code>include·i 
0003c4a0:·6e73·7461·6c6c·5f61·6964·650a·0a63·6c61··nstall_aide..cla 
0003c4b0:·7373·2069·6e73·7461·6c6c·5f61·6964·6520··ss·install_aide· 
0003c4c0:·7b0a·2020·7061·636b·6167·6520·7b20·2761··{.··package·{·'a 
0003c4d0:·6964·6527·3a0a·2020·2020·656e·7375·7265··ide':.····ensure 
0003c4e0:·203d·2667·743b·2027·696e·7374·616c·6c65···=&gt;·'installe 
0003c4f0:·6427·2c0a·2020·7d0a·7d0a·3c2f·636f·6465··d',.··}.}.</code 
0003c500:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003c510:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003c520:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003c530:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003c540:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003c550:·3830·3134·2220·7461·6269·6e64·6578·3d22··8014"·tabindex=" 
0003c560:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003c570:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003c580:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003c590:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003c5a0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003c5b0:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild· 
0003c5c0:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003c5d0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003c5e0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c0003c150:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003c5f0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse0003c160:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003c600:·2220·6964·3d22·6964·6d38·3031·3422·3e3c··"·id="idm8014"><0003c170:·2220·6964·3d22·6964·6d38·3031·3222·3e3c··"·id="idm8012"><
 0003c180:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
 0003c190:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
 0003c1a0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
 0003c1b0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
 0003c1c0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
0003c610:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac 
0003c620:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·" 
0003c630:·6169·6465·220a·7665·7273·696f·6e20·3d20··aide".version·=· 
0003c640:·222a·220a·3c2f·636f·6465·3e3c·2f70·7265··"*".</code></pre 
0003c650:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003c660:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003c670:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003c680:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003c690:·7267·6574·3d22·2369·646d·3830·3135·2220··rget="#idm8015"· 
0003c6a0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003c6b0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003c6c0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003c6d0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003c6e0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003c6f0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003c700:·6e20·7363·7269·7074·20e2·87b2·3c2f·613e··n·script·...</a> 
0003c710:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003c720:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003c730:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003c740:·3830·3135·223e·3c74·6162·6c65·2063·6c61··8015"><table·cla 
0003c750:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003c760:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003c770:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003c780:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003c790:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003c7a0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003c7b0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003c7c0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003c7d0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003c7e0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003c7f0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003c800:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003c810:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003c820:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003c830:·6c65·3e3c·7072·653e·3c63·6f64·653e·0a70··le><pre><code>.p 
0003c840:·6163·6b61·6765·2069·6e73·7461·6c6c·2061··ackage·install·a 
0003c850:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre 
Max diff block lines reached; 26117322/26155024 bytes (99.86%) of diff not shown.
2.32 MB
html2text {}
Max HTML report size reached
12.3 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis_server_l1.html
    
Offset 15335, 282 lines modifiedOffset 15335, 282 lines modified
0003be60:·612d·7461·7267·6574·3d22·2369·646d·3830··a-target="#idm800003be60:·612d·7461·7267·6574·3d22·2369·646d·3830··a-target="#idm80
0003be70:·3132·2220·7461·6269·6e64·6578·3d22·3022··12"·tabindex="0"0003be70:·3132·2220·7461·6269·6e64·6578·3d22·3022··12"·tabindex="0"
0003be80:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a0003be80:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003be90:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa0003be90:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003bea0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti0003bea0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003beb0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·0003beb0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003bec0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi0003bec0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
 0003bed0:·6174·696f·6e20·7363·7269·7074·20e2·87b2··ation·script·...
0003bed0:·6174·696f·6e20·416e·6163·6f6e·6461·2073··ation·Anaconda·s 
0003bee0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003bef0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003bf00:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003bf10:·6c61·7073·6522·2069·643d·2269·646d·3830··lapse"·id="idm80 
0003bf20:·3132·223e·3c74·6162·6c65·2063·6c61·7373··12"><table·class 
0003bf30:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
0003bf40:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord 
0003bf50:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
0003bf60:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
0003bf70:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
0003bf80:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003bf90:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003bfa0:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003bfb0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003bfc0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
0003bfd0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003bfe0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003bff0:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003c000:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003c010:·3e3c·7072·653e·3c63·6f64·653e·0a70·6163··><pre><code>.pac 
0003c020:·6b61·6765·202d·2d61·6464·3d61·6964·650a··kage·--add=aide. 
0003c030:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003c040:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003c050:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003c060:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003c070:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003c080:·3d22·2369·646d·3830·3133·2220·7461·6269··="#idm8013"·tabi 
0003c090:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003c0a0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003c0b0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003c0c0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003c0d0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003c0e0:·223e·5265·6d65·6469·6174·696f·6e20·5075··">Remediation·Pu 
0003c0f0:·7070·6574·2073·6e69·7070·6574·20e2·87b2··ppet·snippet·... 
0003c100:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003bee0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003c110:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003bef0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003c120:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003bf00:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003c130:·2269·646d·3830·3133·223e·3c74·6162·6c65··"idm8013"><table0003bf10:·2269·646d·3830·3132·223e·3c74·6162·6c65··"idm8012"><table
0003c140:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003bf20:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
0003c150:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003bf30:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
0003c160:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003bf40:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
0003c170:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003bf50:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
0003c180:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003bf60:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
0003c190:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>0003bf70:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
0003c1a0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis0003bf80:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
0003c1b0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td0003bf90:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
0003c1c0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t0003bfa0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
0003c1d0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t0003bfb0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
0003c1e0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>0003bfc0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
0003c1f0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str0003bfd0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
0003c200:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e0003bfe0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e
0003c210:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><0003bff0:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><
0003c220:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod0003c000:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
 0003c010:·653e·0a64·6e66·2069·6e73·7461·6c6c·2061··e>.dnf·install·a
 0003c020:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre
 0003c030:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class=
 0003c040:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success
 0003c050:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c
 0003c060:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta
 0003c070:·7267·6574·3d22·2369·646d·3830·3133·2220··rget="#idm8013"·
 0003c080:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
 0003c090:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
 0003c0a0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
 0003c0b0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
 0003c0c0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
 0003c0d0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
 0003c0e0:·6e20·5075·7070·6574·2073·6e69·7070·6574··n·Puppet·snippet
 0003c0f0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
 0003c100:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
 0003c110:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
 0003c120:·2069·643d·2269·646d·3830·3133·223e·3c74···id="idm8013"><t
 0003c130:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
 0003c140:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
 0003c150:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
 0003c160:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
 0003c170:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
 0003c180:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<
 0003c190:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003c1a0:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th
 0003c1b0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003c1c0:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
 0003c1d0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
 0003c1e0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003c1f0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
 0003c200:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></
 0003c210:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
0003c230:·653e·696e·636c·7564·6520·696e·7374·616c··e>include·instal0003c220:·3c63·6f64·653e·696e·636c·7564·6520·696e··<code>include·in
0003c240:·6c5f·6169·6465·0a0a·636c·6173·7320·696e··l_aide..class·in0003c230:·7374·616c·6c5f·6169·6465·0a0a·636c·6173··stall_aide..clas
0003c250:·7374·616c·6c5f·6169·6465·207b·0a20·2070··stall_aide·{.··p0003c240:·7320·696e·7374·616c·6c5f·6169·6465·207b··s·install_aide·{
0003c260:·6163·6b61·6765·207b·2027·6169·6465·273a··ackage·{·'aide':0003c250:·0a20·2070·6163·6b61·6765·207b·2027·6169··.··package·{·'ai
0003c270:·0a20·2020·2065·6e73·7572·6520·3d26·6774··.····ensure·=&gt0003c260:·6465·273a·0a20·2020·2065·6e73·7572·6520··de':.····ensure·
0003c280:·3b20·2769·6e73·7461·6c6c·6564·272c·0a20··;·'installed',.·0003c270:·3d26·6774·3b20·2769·6e73·7461·6c6c·6564··=&gt;·'installed
0003c290:·207d·0a7d·0a3c·2f63·6f64·653e·3c2f·7072···}.}.</code></pr0003c280:·272c·0a20·207d·0a7d·0a3c·2f63·6f64·653e··',.··}.}.</code>
0003c2a0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class0003c290:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
0003c2b0:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes0003c2a0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
0003c2c0:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="0003c2b0:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
0003c2d0:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t0003c2c0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
0003c2e0:·6172·6765·743d·2223·6964·6d38·3031·3422··arget="#idm8014"0003c2d0:·7461·2d74·6172·6765·743d·2223·6964·6d38··ta-target="#idm8
0003c2f0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003c2e0:·3031·3422·2074·6162·696e·6465·783d·2230··014"·tabindex="0
0003c300:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003c2f0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003c310:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003c300:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003c320:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003c310:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003c330:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003c320:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
0003c340:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003c330:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003c340:·6961·7469·6f6e·2053·6865·6c6c·2073·6372··iation·Shell·scr
0003c350:·6f6e·204f·5342·7569·6c64·2042·6c75·6570··on·OSBuild·Bluep 
0003c360:·7269·6e74·2073·6e69·7070·6574·20e2·87b2··rint·snippet·... 
0003c370:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003c380:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003c390:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003c3a0:·2269·646d·3830·3134·223e·3c70·7265·3e3c··"idm8014"><pre>< 
0003c3b0:·636f·6465·3e0a·5b5b·7061·636b·6167·6573··code>.[[packages 
0003c3c0:·5d5d·0a6e·616d·6520·3d20·2261·6964·6522··]].name·=·"aide" 
0003c3d0:·0a76·6572·7369·6f6e·203d·2022·2a22·0a3c··.version·=·"*".< 
0003c3e0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003c3f0:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003c400:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003c410:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
Max diff block lines reached; 11488470/11526034 bytes (99.67%) of diff not shown.
1.28 MB
html2text {}
    
Offset 133, 52 lines modifiedOffset 133, 48 lines modified
133 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3133 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
134 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5134 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
135 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199135 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
136 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79136 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
137 ············_\x8c_\x8i_\x8s············5.3.1137 ············_\x8c_\x8i_\x8s············5.3.1
138 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2138 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
139 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule139 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
145 package·--add=aide145 dnf·install·aide
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
151 include·install_aide151 include·install_aide
  
152 class·install_aide·{152 class·install_aide·{
153 ··package·{·'aide':153 ··package·{·'aide':
154 ····ensure·=>·'installed',154 ····ensure·=>·'installed',
155 ··}155 ··}
156 }156 }
157 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
158 [[packages]] 
159 name·=·"aide" 
160 version·=·"*" 
161 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8157 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
162 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low158 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
163 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low159 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
164 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false160 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
165 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable161 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 162 #·Remediation·is·applicable·only·in·certain·platforms
 163 if·rpm·--quiet·-q·kernel;·then
  
 164 if·!·rpm·-q·--quiet·"aide"·;·then
 165 ····yum·install·-y·"aide"
 166 fi
166 package·install·aide 
167 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
168 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
169 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
170 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
171 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
172 dnf·install·aide167 else
 168 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 169 fi
173 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8170 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
174 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low171 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
175 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low172 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
176 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false173 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
177 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable174 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
178 -·name:·Gather·the·package·facts175 -·name:·Gather·the·package·facts
179 ··package_facts:176 ··package_facts:
Offset 209, 29 lines modifiedOffset 205, 33 lines modified
209 ··-·PCI-DSSv4-11.5.2205 ··-·PCI-DSSv4-11.5.2
210 ··-·enable_strategy206 ··-·enable_strategy
211 ··-·low_complexity207 ··-·low_complexity
212 ··-·low_disruption208 ··-·low_disruption
213 ··-·medium_severity209 ··-·medium_severity
214 ··-·no_reboot_needed210 ··-·no_reboot_needed
215 ··-·package_aide_installed211 ··-·package_aide_installed
 212 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 213 [[packages]]
 214 name·=·"aide"
 215 version·=·"*"
216 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8216 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
217 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low217 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
218 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low218 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
219 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false219 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
220 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable220 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
221 #·Remediation·is·applicable·only·in·certain·platforms 
222 if·rpm·--quiet·-q·kernel;·then 
  
223 if·!·rpm·-q·--quiet·"aide"·;·then 
224 ····yum·install·-y·"aide" 
225 fi221 package·install·aide
 222 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 223 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 224 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 225 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 226 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 227 package·--add=aide
226 else 
227 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
228 fi 
229 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*228 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
230 Run·the·following·command·to·generate·a·new·database:229 Run·the·following·command·to·generate·a·new·database:
231 $·sudo·/usr/sbin/aide·--init230 $·sudo·/usr/sbin/aide·--init
232 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:231 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
233 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz232 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
234 To·initiate·a·manual·check,·run·the·following·command:233 To·initiate·a·manual·check,·run·the·following·command:
235 $·sudo·/usr/sbin/aide·--check234 $·sudo·/usr/sbin/aide·--check
Offset 250, 14 lines modifiedOffset 250, 28 lines modified
250 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3250 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
251 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5251 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
252 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199252 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
253 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79253 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
254 ············_\x8c_\x8i_\x8s············5.3.1254 ············_\x8c_\x8i_\x8s············5.3.1
255 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2255 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
256 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule256 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
 257 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 258 #·Remediation·is·applicable·only·in·certain·platforms
 259 if·rpm·--quiet·-q·kernel;·then
  
 260 if·!·rpm·-q·--quiet·"aide"·;·then
 261 ····yum·install·-y·"aide"
 262 fi
  
 263 /usr/sbin/aide·--init
 264 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 265 else
 266 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 267 fi
257 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8268 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
258 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low269 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
259 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low270 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
260 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false271 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
261 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict272 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1338715/1344080 bytes (99.60%) of diff not shown.
12.0 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis_workstation_l1.html
    
Offset 15326, 283 lines modifiedOffset 15326, 283 lines modified
0003bdd0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003bdd0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003bde0:·2369·646d·3830·3132·2220·7461·6269·6e64··#idm8012"·tabind0003bde0:·2369·646d·3830·3132·2220·7461·6269·6e64··#idm8012"·tabind
0003bdf0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003bdf0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003be00:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003be00:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003be10:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003be10:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003be20:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003be20:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
0003be30:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003be30:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003be40:·5265·6d65·6469·6174·696f·6e20·416e·6163··Remediation·Anac0003be40:·5265·6d65·6469·6174·696f·6e20·7363·7269··Remediation·scri
0003be50:·6f6e·6461·2073·6e69·7070·6574·20e2·87b2··onda·snippet·... 
0003be60:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003be70:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003be80:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003be90:·2269·646d·3830·3132·223e·3c74·6162·6c65··"idm8012"><table 
0003bea0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003beb0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003bec0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003bed0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003bee0:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
0003bef0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003bf00:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis 
0003bf10:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td 
0003bf20:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003bf30:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
0003bf40:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003bf50:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003bf60:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e 
0003bf70:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr>< 
0003bf80:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod 
0003bf90:·653e·0a70·6163·6b61·6765·202d·2d61·6464··e>.package·--add 
0003bfa0:·3d61·6964·650a·3c2f·636f·6465·3e3c·2f70··=aide.</code></p 
0003bfb0:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003bfc0:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
0003bfd0:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
0003bfe0:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
0003bff0:·7461·7267·6574·3d22·2369·646d·3830·3133··target="#idm8013 
0003c000:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
0003c010:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
0003c020:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
0003c030:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
0003c040:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
0003c050:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat 
0003c060:·696f·6e20·5075·7070·6574·2073·6e69·7070··ion·Puppet·snipp 
0003c070:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d0003be50:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
0003c080:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-0003be60:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0003c090:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps0003be70:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
0003c0a0:·6522·2069·643d·2269·646d·3830·3133·223e··e"·id="idm8013">0003be80:·6522·2069·643d·2269·646d·3830·3132·223e··e"·id="idm8012">
0003c0b0:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta0003be90:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
0003c0c0:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe0003bea0:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
0003c0d0:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered0003beb0:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
0003c0e0:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed0003bec0:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
0003c0f0:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple0003bed0:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
0003c100:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo0003bee0:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo
0003c110:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><0003bef0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
0003c120:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</0003bf00:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
0003c130:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><0003bf10:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
0003c140:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo0003bf20:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo
0003c150:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals0003bf30:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals
0003c160:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><0003bf40:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><
0003c170:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th0003bf50:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
0003c180:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td>0003bf60:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td>
0003c190:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr0003bf70:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
 0003bf80:·653e·3c63·6f64·653e·0a64·6e66·2069·6e73··e><code>.dnf·ins
 0003bf90:·7461·6c6c·2061·6964·650a·3c2f·636f·6465··tall·aide.</code
 0003bfa0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
 0003bfb0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
 0003bfc0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
 0003bfd0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
 0003bfe0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
 0003bff0:·3830·3133·2220·7461·6269·6e64·6578·3d22··8013"·tabindex="
 0003c000:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
 0003c010:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
 0003c020:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
 0003c030:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
 0003c040:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
 0003c050:·6469·6174·696f·6e20·5075·7070·6574·2073··diation·Puppet·s
 0003c060:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b
 0003c070:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
 0003c080:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
 0003c090:·6c61·7073·6522·2069·643d·2269·646d·3830··lapse"·id="idm80
 0003c0a0:·3133·223e·3c74·6162·6c65·2063·6c61·7373··13"><table·class
 0003c0b0:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
 0003c0c0:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
 0003c0d0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
 0003c0e0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
 0003c0f0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
 0003c100:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
 0003c110:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio
 0003c120:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</
 0003c130:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003c140:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>
 0003c150:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><
 0003c160:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
 0003c170:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable<
 0003c180:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
0003c1a0:·653e·3c63·6f64·653e·696e·636c·7564·6520··e><code>include·0003c190:·3e3c·7072·653e·3c63·6f64·653e·696e·636c··><pre><code>incl
0003c1b0:·696e·7374·616c·6c5f·6169·6465·0a0a·636c··install_aide..cl 
0003c1c0:·6173·7320·696e·7374·616c·6c5f·6169·6465··ass·install_aide0003c1a0:·7564·6520·696e·7374·616c·6c5f·6169·6465··ude·install_aide
 0003c1b0:·0a0a·636c·6173·7320·696e·7374·616c·6c5f··..class·install_
0003c1d0:·207b·0a20·2070·6163·6b61·6765·207b·2027···{.··package·{·'0003c1c0:·6169·6465·207b·0a20·2070·6163·6b61·6765··aide·{.··package
0003c1e0:·6169·6465·273a·0a20·2020·2065·6e73·7572··aide':.····ensur0003c1d0:·207b·2027·6169·6465·273a·0a20·2020·2065···{·'aide':.····e
0003c1f0:·6520·3d26·6774·3b20·2769·6e73·7461·6c6c··e·=&gt;·'install0003c1e0:·6e73·7572·6520·3d26·6774·3b20·2769·6e73··nsure·=&gt;·'ins
0003c200:·6564·272c·0a20·207d·0a7d·0a3c·2f63·6f64··ed',.··}.}.</cod0003c1f0:·7461·6c6c·6564·272c·0a20·207d·0a7d·0a3c··talled',.··}.}.<
0003c210:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a0003c200:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
0003c220:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-0003c210:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
0003c230:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to0003c220:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
0003c240:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·0003c230:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
0003c250:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003c240:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003c260:·6d38·3031·3422·2074·6162·696e·6465·783d··m8014"·tabindex=0003c250:·2223·6964·6d38·3031·3422·2074·6162·696e··"#idm8014"·tabin
0003c270:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003c260:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003c280:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003c270:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003c290:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003c280:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003c2a0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003c290:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003c2b0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003c2a0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
 0003c2b0:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
0003c2c0:·6564·6961·7469·6f6e·204f·5342·7569·6c64··ediation·OSBuild 
0003c2d0:·2042·6c75·6570·7269·6e74·2073·6e69·7070···Blueprint·snipp 
0003c2e0:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d 
0003c2f0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003c300:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003c310:·6522·2069·643d·2269·646d·3830·3134·223e··e"·id="idm8014"> 
0003c320:·3c70·7265·3e3c·636f·6465·3e0a·5b5b·7061··<pre><code>.[[pa 
0003c330:·636b·6167·6573·5d5d·0a6e·616d·6520·3d20··ckages]].name·=· 
0003c340:·2261·6964·6522·0a76·6572·7369·6f6e·203d··"aide".version·= 
0003c350:·2022·2a22·0a3c·2f63·6f64·653e·3c2f·7072···"*".</code></pr 
0003c360:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003c370:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003c380:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
Max diff block lines reached; 11184414/11222116 bytes (99.66%) of diff not shown.
1.25 MB
html2text {}
    
Offset 132, 52 lines modifiedOffset 132, 48 lines modified
132 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3132 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
133 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5133 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
134 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199134 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
135 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79135 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
136 ············_\x8c_\x8i_\x8s············5.3.1136 ············_\x8c_\x8i_\x8s············5.3.1
137 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2137 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
138 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule138 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
140 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low140 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
141 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low141 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
142 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false142 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
143 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable143 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
144 package·--add=aide144 dnf·install·aide
145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
150 include·install_aide150 include·install_aide
  
151 class·install_aide·{151 class·install_aide·{
152 ··package·{·'aide':152 ··package·{·'aide':
153 ····ensure·=>·'installed',153 ····ensure·=>·'installed',
154 ··}154 ··}
155 }155 }
156 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
157 [[packages]] 
158 name·=·"aide" 
159 version·=·"*" 
160 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8156 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
161 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low157 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
162 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low158 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
163 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false159 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
164 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable160 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 161 #·Remediation·is·applicable·only·in·certain·platforms
 162 if·rpm·--quiet·-q·kernel;·then
  
 163 if·!·rpm·-q·--quiet·"aide"·;·then
 164 ····yum·install·-y·"aide"
 165 fi
165 package·install·aide 
166 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
167 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
168 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
169 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
170 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
171 dnf·install·aide166 else
 167 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 168 fi
172 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8169 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
173 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low170 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
174 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low171 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
175 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false172 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
176 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable173 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
177 -·name:·Gather·the·package·facts174 -·name:·Gather·the·package·facts
178 ··package_facts:175 ··package_facts:
Offset 208, 29 lines modifiedOffset 204, 33 lines modified
208 ··-·PCI-DSSv4-11.5.2204 ··-·PCI-DSSv4-11.5.2
209 ··-·enable_strategy205 ··-·enable_strategy
210 ··-·low_complexity206 ··-·low_complexity
211 ··-·low_disruption207 ··-·low_disruption
212 ··-·medium_severity208 ··-·medium_severity
213 ··-·no_reboot_needed209 ··-·no_reboot_needed
214 ··-·package_aide_installed210 ··-·package_aide_installed
 211 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 212 [[packages]]
 213 name·=·"aide"
 214 version·=·"*"
215 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8215 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
216 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low216 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
217 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low217 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
218 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false218 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
219 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable219 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
220 #·Remediation·is·applicable·only·in·certain·platforms 
221 if·rpm·--quiet·-q·kernel;·then 
  
222 if·!·rpm·-q·--quiet·"aide"·;·then 
223 ····yum·install·-y·"aide" 
224 fi220 package·install·aide
 221 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 222 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 223 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 224 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 225 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 226 package·--add=aide
225 else 
226 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
227 fi 
228 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*227 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
229 Run·the·following·command·to·generate·a·new·database:228 Run·the·following·command·to·generate·a·new·database:
230 $·sudo·/usr/sbin/aide·--init229 $·sudo·/usr/sbin/aide·--init
231 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:230 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
232 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz231 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
233 To·initiate·a·manual·check,·run·the·following·command:232 To·initiate·a·manual·check,·run·the·following·command:
234 $·sudo·/usr/sbin/aide·--check233 $·sudo·/usr/sbin/aide·--check
Offset 249, 14 lines modifiedOffset 249, 28 lines modified
249 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3249 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
250 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5250 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
251 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199251 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
252 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79252 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
253 ············_\x8c_\x8i_\x8s············5.3.1253 ············_\x8c_\x8i_\x8s············5.3.1
254 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2254 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
255 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule255 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
 256 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 257 #·Remediation·is·applicable·only·in·certain·platforms
 258 if·rpm·--quiet·-q·kernel;·then
  
 259 if·!·rpm·-q·--quiet·"aide"·;·then
 260 ····yum·install·-y·"aide"
 261 fi
  
 262 /usr/sbin/aide·--init
 263 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 264 else
 265 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 266 fi
256 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8267 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
257 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low268 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
258 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low269 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
259 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false270 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
260 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict271 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1303871/1309236 bytes (99.59%) of diff not shown.
27.0 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis_workstation_l2.html
    
Offset 15365, 282 lines modifiedOffset 15365, 282 lines modified
0003c040:·2d74·6172·6765·743d·2223·6964·6d38·3031··-target="#idm8010003c040:·2d74·6172·6765·743d·2223·6964·6d38·3031··-target="#idm801
0003c050:·3222·2074·6162·696e·6465·783d·2230·2220··2"·tabindex="0"·0003c050:·3222·2074·6162·696e·6465·783d·2230·2220··2"·tabindex="0"·
0003c060:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003c060:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003c070:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003c070:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003c080:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003c080:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003c090:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003c090:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003c0a0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003c0a0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
 0003c0b0:·7469·6f6e·2073·6372·6970·7420·e287·b23c··tion·script·...<
0003c0b0:·7469·6f6e·2041·6e61·636f·6e64·6120·736e··tion·Anaconda·sn 
0003c0c0:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br 
0003c0d0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003c0e0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003c0f0:·6170·7365·2220·6964·3d22·6964·6d38·3031··apse"·id="idm801 
0003c100:·3222·3e3c·7461·626c·6520·636c·6173·733d··2"><table·class= 
0003c110:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str 
0003c120:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde 
0003c130:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden 
0003c140:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com 
0003c150:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td 
0003c160:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003c170:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption 
0003c180:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003c190:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R 
0003c1a0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f 
0003c1b0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t 
0003c1c0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:< 
0003c1d0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</ 
0003c1e0:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table> 
0003c1f0:·3c70·7265·3e3c·636f·6465·3e0a·7061·636b··<pre><code>.pack 
0003c200:·6167·6520·2d2d·6164·643d·6169·6465·0a3c··age·--add=aide.< 
0003c210:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003c220:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003c230:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003c240:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003c250:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003c260:·2223·6964·6d38·3031·3322·2074·6162·696e··"#idm8013"·tabin 
0003c270:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003c280:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003c290:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003c2a0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003c2b0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003c2c0:·3e52·656d·6564·6961·7469·6f6e·2050·7570··>Remediation·Pup 
0003c2d0:·7065·7420·736e·6970·7065·7420·e287·b23c··pet·snippet·...< 
0003c2e0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003c0c0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
0003c2f0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003c0d0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
0003c300:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003c0e0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
0003c310:·6964·6d38·3031·3322·3e3c·7461·626c·6520··idm8013"><table·0003c0f0:·6964·6d38·3031·3222·3e3c·7461·626c·6520··idm8012"><table·
0003c320:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003c100:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
0003c330:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003c110:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
0003c340:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003c120:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
0003c350:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003c130:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
0003c360:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003c140:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
0003c370:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003c380:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003c390:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003c3a0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003c3b0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003c3c0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003c3d0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003c3e0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003c3f0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003c400:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003c410:·3e69·6e63·6c75·6465·2069·6e73·7461·6c6c··>include·install 
0003c420:·5f61·6964·650a·0a63·6c61·7373·2069·6e73··_aide..class·ins 
0003c430:·7461·6c6c·5f61·6964·6520·7b0a·2020·7061··tall_aide·{.··pa 
0003c440:·636b·6167·6520·7b20·2761·6964·6527·3a0a··ckage·{·'aide':. 
0003c450:·2020·2020·656e·7375·7265·203d·2667·743b······ensure·=&gt; 
0003c460:·2027·696e·7374·616c·6c65·6427·2c0a·2020···'installed',.·· 
0003c470:·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70·7265··}.}.</code></pre 
0003c480:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003c490:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003c4a0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003c4b0:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003c4c0:·7267·6574·3d22·2369·646d·3830·3134·2220··rget="#idm8014"· 
0003c4d0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003c4e0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003c4f0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003c500:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003c510:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003c520:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003c530:·6e20·4f53·4275·696c·6420·426c·7565·7072··n·OSBuild·Bluepr 
0003c540:·696e·7420·736e·6970·7065·7420·e287·b23c··int·snippet·...< 
0003c550:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003c560:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003c570:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003c580:·6964·6d38·3031·3422·3e3c·7072·653e·3c63··idm8014"><pre><c 
0003c590:·6f64·653e·0a5b·5b70·6163·6b61·6765·735d··ode>.[[packages] 
0003c5a0:·5d0a·6e61·6d65·203d·2022·6169·6465·220a··].name·=·"aide". 
0003c5b0:·7665·7273·696f·6e20·3d20·222a·220a·3c2f··version·=·"*".</ 
0003c5c0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003c5d0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003c5e0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003c5f0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003c600:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003c610:·2369·646d·3830·3135·2220·7461·6269·6e64··#idm8015"·tabind 
0003c620:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003c630:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003c640:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003c650:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003c660:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003c670:·5265·6d65·6469·6174·696f·6e20·7363·7269··Remediation·scri 
0003c680:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d 
0003c690:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003c6a0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003c6b0:·6522·2069·643d·2269·646d·3830·3135·223e··e"·id="idm8015"> 
0003c6c0:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta 
0003c6d0:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe 
0003c6e0:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered 
0003c6f0:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed 
0003c700:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple 
0003c710:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo 
0003c720:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003c730:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</ 
0003c740:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003c750:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo 
0003c760:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals 
0003c770:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr>< 
0003c780:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th 
0003c790:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td> 
0003c7a0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
0003c7b0:·653e·3c63·6f64·653e·0a70·6163·6b61·6765··e><code>.package 
0003c7c0:·2069·6e73·7461·6c6c·2061·6964·650a·3c2f···install·aide.</ 
0003c7d0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003c7e0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003c7f0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003c800:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003c810:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
Max diff block lines reached; 25908833/25946397 bytes (99.86%) of diff not shown.
2.3 MB
html2text {}
Max HTML report size reached
10.8 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cui.html
    
Offset 15357, 282 lines modifiedOffset 15357, 282 lines modified
0003bfc0:·7461·2d74·6172·6765·743d·2223·6964·6d38··ta-target="#idm80003bfc0:·7461·2d74·6172·6765·743d·2223·6964·6d38··ta-target="#idm8
0003bfd0:·3031·3222·2074·6162·696e·6465·783d·2230··012"·tabindex="00003bfd0:·3031·3222·2074·6162·696e·6465·783d·2230··012"·tabindex="0
0003bfe0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·0003bfe0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003bff0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f0003bff0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003c000:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act0003c000:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003c010:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"0003c010:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
0003c020:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed0003c020:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003c030:·6961·7469·6f6e·2073·6372·6970·7420·e287··iation·script·..
0003c030:·6961·7469·6f6e·2041·6e61·636f·6e64·6120··iation·Anaconda· 
0003c040:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003c050:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003c060:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003c070:·6c6c·6170·7365·2220·6964·3d22·6964·6d38··llapse"·id="idm8 
0003c080:·3031·3222·3e3c·7461·626c·6520·636c·6173··012"><table·clas 
0003c090:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003c0a0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003c0b0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003c0c0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003c0d0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003c0e0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003c0f0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003c100:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003c110:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003c120:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003c130:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003c140:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003c150:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003c160:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003c170:·653e·3c70·7265·3e3c·636f·6465·3e0a·7061··e><pre><code>.pa 
0003c180:·636b·6167·6520·2d2d·6164·643d·6169·6465··ckage·--add=aide 
0003c190:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003c1a0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003c1b0:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003c1c0:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003c1d0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
0003c1e0:·743d·2223·6964·6d38·3031·3322·2074·6162··t="#idm8013"·tab 
0003c1f0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003c200:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003c210:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003c220:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003c230:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003c240:·2122·3e52·656d·6564·6961·7469·6f6e·2050··!">Remediation·P 
0003c250:·7570·7065·7420·736e·6970·7065·7420·e287··uppet·snippet·.. 
0003c260:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003c270:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003c280:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003c290:·3d22·6964·6d38·3031·3322·3e3c·7461·626c··="idm8013"><tabl 
0003c2a0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003c2b0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003c2c0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003c2d0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003c2e0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003c2f0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003c300:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003c310:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003c320:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003c330:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003c340:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003c350:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003c360:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003c370:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003c380:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003c390:·6465·3e69·6e63·6c75·6465·2069·6e73·7461··de>include·insta 
0003c3a0:·6c6c·5f61·6964·650a·0a63·6c61·7373·2069··ll_aide..class·i 
0003c3b0:·6e73·7461·6c6c·5f61·6964·6520·7b0a·2020··nstall_aide·{.·· 
0003c3c0:·7061·636b·6167·6520·7b20·2761·6964·6527··package·{·'aide' 
0003c3d0:·3a0a·2020·2020·656e·7375·7265·203d·2667··:.····ensure·=&g 
0003c3e0:·743b·2027·696e·7374·616c·6c65·6427·2c0a··t;·'installed',. 
0003c3f0:·2020·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70····}.}.</code></p 
0003c400:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003c410:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
0003c420:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
0003c430:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
0003c440:·7461·7267·6574·3d22·2369·646d·3830·3134··target="#idm8014 
0003c450:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
0003c460:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
0003c470:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
0003c480:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
0003c490:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
0003c4a0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat 
0003c4b0:·696f·6e20·4f53·4275·696c·6420·426c·7565··ion·OSBuild·Blue 
0003c4c0:·7072·696e·7420·736e·6970·7065·7420·e287··print·snippet·.. 
0003c4d0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl0003c040:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003c4e0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla0003c050:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003c4f0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id0003c060:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003c500:·3d22·6964·6d38·3031·3422·3e3c·7072·653e··="idm8014"><pre>0003c070:·3d22·6964·6d38·3031·3222·3e3c·7461·626c··="idm8012"><tabl
 0003c080:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
 0003c090:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
 0003c0a0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
 0003c0b0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
 0003c0c0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
0003c510:·3c63·6f64·653e·0a5b·5b70·6163·6b61·6765··<code>.[[package 
0003c520:·735d·5d0a·6e61·6d65·203d·2022·6169·6465··s]].name·=·"aide 
0003c530:·220a·7665·7273·696f·6e20·3d20·222a·220a··".version·=·"*". 
0003c540:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003c550:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003c560:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003c570:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003c580:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003c590:·3d22·2369·646d·3830·3135·2220·7461·6269··="#idm8015"·tabi 
0003c5a0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003c5b0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003c5c0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003c5d0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003c5e0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003c5f0:·223e·5265·6d65·6469·6174·696f·6e20·7363··">Remediation·sc 
0003c600:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br> 
0003c610:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003c620:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003c630:·7073·6522·2069·643d·2269·646d·3830·3135··pse"·id="idm8015 
0003c640:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003c650:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003c660:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003c670:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003c680:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003c690:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003c6a0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003c6b0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003c6c0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003c6d0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003c6e0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003c6f0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003c700:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003c710:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003c720:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003c730:·7072·653e·3c63·6f64·653e·0a70·6163·6b61··pre><code>.packa 
0003c740:·6765·2069·6e73·7461·6c6c·2061·6964·650a··ge·install·aide. 
Max diff block lines reached; 10007809/10045373 bytes (99.63%) of diff not shown.
1.25 MB
html2text {}
    
Offset 138, 52 lines modifiedOffset 138, 48 lines modified
138 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3138 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
139 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5139 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
140 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199140 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
141 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79141 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
142 ············_\x8c_\x8i_\x8s············5.3.1142 ············_\x8c_\x8i_\x8s············5.3.1
143 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2143 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
144 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule144 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
150 package·--add=aide150 dnf·install·aide
151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
152 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low152 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
153 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low153 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
154 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false154 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
155 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable155 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
156 include·install_aide156 include·install_aide
  
157 class·install_aide·{157 class·install_aide·{
158 ··package·{·'aide':158 ··package·{·'aide':
159 ····ensure·=>·'installed',159 ····ensure·=>·'installed',
160 ··}160 ··}
161 }161 }
162 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
163 [[packages]] 
164 name·=·"aide" 
165 version·=·"*" 
166 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8162 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
167 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low163 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
168 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low164 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
169 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false165 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
170 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable166 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 167 #·Remediation·is·applicable·only·in·certain·platforms
 168 if·rpm·--quiet·-q·kernel;·then
  
 169 if·!·rpm·-q·--quiet·"aide"·;·then
 170 ····yum·install·-y·"aide"
 171 fi
171 package·install·aide 
172 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
173 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
174 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
175 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
176 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
177 dnf·install·aide172 else
 173 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 174 fi
178 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8175 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
179 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low176 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
180 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low177 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
181 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false178 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
182 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable179 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
183 -·name:·Gather·the·package·facts180 -·name:·Gather·the·package·facts
184 ··package_facts:181 ··package_facts:
Offset 214, 29 lines modifiedOffset 210, 33 lines modified
214 ··-·PCI-DSSv4-11.5.2210 ··-·PCI-DSSv4-11.5.2
215 ··-·enable_strategy211 ··-·enable_strategy
216 ··-·low_complexity212 ··-·low_complexity
217 ··-·low_disruption213 ··-·low_disruption
218 ··-·medium_severity214 ··-·medium_severity
219 ··-·no_reboot_needed215 ··-·no_reboot_needed
220 ··-·package_aide_installed216 ··-·package_aide_installed
 217 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 218 [[packages]]
 219 name·=·"aide"
 220 version·=·"*"
221 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8221 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
222 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low222 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
223 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low223 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
224 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false224 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
225 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable225 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
226 #·Remediation·is·applicable·only·in·certain·platforms 
227 if·rpm·--quiet·-q·kernel;·then 
  
228 if·!·rpm·-q·--quiet·"aide"·;·then 
229 ····yum·install·-y·"aide" 
230 fi226 package·install·aide
 227 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 228 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 229 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 230 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 231 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 232 package·--add=aide
231 else 
232 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
233 fi 
234 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules233 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules
235 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.234 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.
  
236 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·8.235 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·8.
  
237 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.236 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.
238 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·D\x8Dr\x8ra\x8ac\x8cu\x8ut\x8t·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8du\x8ul\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*237 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·D\x8Dr\x8ra\x8ac\x8cu\x8ut\x8t·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8du\x8ul\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
Offset 263, 31 lines modifiedOffset 263, 31 lines modified
263 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877263 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
264 ············_\x8i_\x8s_\x8m······1446264 ············_\x8i_\x8s_\x8m······1446
265 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1265 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
266 References:·_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12266 References:·_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
267 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1267 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
268 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176268 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
269 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-230223r1017042_rule269 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-230223r1017042_rule
270 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
271 [customizations] 
272 fips·=·true 
273 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8270 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
274 #·Remediation·is·applicable·only·in·certain·platforms271 #·Remediation·is·applicable·only·in·certain·platforms
275 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then272 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
276 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then273 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
277 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF274 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
278 kargs·=·["fips=1"]275 kargs·=·["fips=1"]
279 EOF276 EOF
280 fi277 fi
  
281 else278 else
282 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'279 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
283 fi280 fi
 281 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
Max diff block lines reached; 1309325/1315362 bytes (99.54%) of diff not shown.
7.16 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-e8.html
    
Offset 15402, 408 lines modifiedOffset 15402, 408 lines modified
0003c290:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003c290:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003c2a0:·6964·6d37·3637·3322·2074·6162·696e·6465··idm7673"·tabinde0003c2a0:·6964·6d37·3637·3322·2074·6162·696e·6465··idm7673"·tabinde
0003c2b0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003c2b0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003c2c0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003c2c0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003c2d0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003c2d0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003c2e0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003c2e0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003c2f0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003c2f0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003c300:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib0003c300:·656d·6564·6961·7469·6f6e·2053·6865·6c6c··emediation·Shell
0003c310:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</0003c310:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
0003c320:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0003c320:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003c330:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0003c330:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003c340:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0003c340:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm7
0003c350:·646d·3736·3733·223e·3c74·6162·6c65·2063··dm7673"><table·c0003c350:·3637·3322·3e3c·7072·653e·3c63·6f64·653e··673"><pre><code>
0003c360:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl0003c360:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
0003c370:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-0003c370:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
0003c380:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c0003c380:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
0003c390:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t0003c390:·666f·726d·730a·6966·2021·2028·207b·2072··forms.if·!·(·{·r
0003c3a0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t0003c3a0:·706d·202d·2d71·7569·6574·202d·7120·6b65··pm·--quiet·-q·ke
0003c3b0:·683e·3c74·643e·6869·6768·3c2f·7464·3e3c··h><td>high</td><0003c3b0:·726e·656c·203b·7d20·2661·6d70·3b26·616d··rnel·;}·&amp;&am
0003c3c0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr0003c3c0:·703b·207b·2072·706d·202d·2d71·7569·6574··p;·{·rpm·--quiet
0003c3d0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>0003c3d0:·202d·7120·7270·6d2d·6f73·7472·6565·203b···-q·rpm-ostree·;
0003c3e0:·6d65·6469·756d·3c2f·7464·3e3c·2f74·723e··medium</td></tr>0003c3e0:·7d20·2661·6d70·3b26·616d·703b·207b·2072··}·&amp;&amp;·{·r
0003c3f0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<0003c3f0:·706d·202d·2d71·7569·6574·202d·7120·626f··pm·--quiet·-q·bo
0003c400:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t0003c400:·6f74·6320·3b7d·2026·616d·703b·2661·6d70··otc·;}·&amp;&amp
0003c410:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S0003c410:·3b20·7b20·2120·7270·6d20·2d2d·7175·6965··;·{·!·rpm·--quie
0003c420:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td0003c420:·7420·2d71·206f·7065·6e73·6869·6674·2d6b··t·-q·openshift-k
0003c430:·3e72·6573·7472·6963·743c·2f74·643e·3c2f··>restrict</td></0003c430:·7562·656c·6574·203b·7d20·293b·2074·6865··ubelet·;}·);·the
0003c440:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>0003c440:·6e0a·0a23·2046·696e·6420·7768·6963·6820··n..#·Find·which·
0003c450:·3c63·6f64·653e·2d20·6e61·6d65·3a20·4761··<code>-·name:·Ga0003c450:·6669·6c65·7320·6861·7665·2069·6e63·6f72··files·have·incor
0003c460:·7468·6572·2074·6865·2070·6163·6b61·6765··ther·the·package0003c460:·7265·6374·2068·6173·6820·286e·6f74·2069··rect·hash·(not·i
0003c470:·2066·6163·7473·0a20·2070·6163·6b61·6765···facts.··package0003c470:·6e20·2f65·7463·2c20·6265·6361·7573·6520··n·/etc,·because·
0003c480:·5f66·6163·7473·3a0a·2020·2020·6d61·6e61··_facts:.····mana0003c480:·6f66·2074·6865·2073·7973·7465·6d20·7265··of·the·system·re
0003c490:·6765·723a·2061·7574·6f0a·2020·7461·6773··ger:·auto.··tags0003c490:·6c61·7465·6420·636f·6e66·6967·2066·696c··lated·config·fil
0003c4a0:·3a0a·2020·2d20·434a·4953·2d35·2e31·302e··:.··-·CJIS-5.10.0003c4a0:·6573·2920·616e·6420·7468·656e·2067·6574··es)·and·then·get
0003c4b0:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003c4b0:·2066·696c·6573·206e·616d·6573·0a66·696c···files·names.fil
0003c4c0:·2d31·3731·2d33·2e33·2e38·0a20·202d·204e··-171-3.3.8.··-·N0003c4c0:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003c4d0:·4953·542d·3830·302d·3137·312d·332e·342e··IST-800-171-3.4.0003c4d0:·745f·6861·7368·3d22·2428·7270·6d20·2d56··t_hash="$(rpm·-V
0003c4e0:·310a·2020·2d20·4e49·5354·2d38·3030·2d35··1.··-·NIST-800-50003c4e0:·6120·2d2d·6e6f·636f·6e66·6967·207c·2067··a·--noconfig·|·g
0003c4f0:·332d·4155·2d39·2833·290a·2020·2d20·4e49··3-AU-9(3).··-·NI0003c4f0:·7265·7020·2d45·2027·5e2e·2e35·2720·7c20··rep·-E·'^..5'·|·
0003c500:·5354·2d38·3030·2d35·332d·434d·2d36·2863··ST-800-53-CM-6(c0003c500:·6177·6b20·277b·7072·696e·7420·244e·467d··awk·'{print·$NF}
0003c510:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003c510:·2720·2922·0a0a·6966·205b·202d·6e20·2224··'·)"..if·[·-n·"$
0003c520:·332d·434d·2d36·2864·290a·2020·2d20·4e49··3-CM-6(d).··-·NI0003c520:·6669·6c65·735f·7769·7468·5f69·6e63·6f72··files_with_incor
0003c530:·5354·2d38·3030·2d35·332d·5349·2d37·0a20··ST-800-53-SI-7.·0003c530:·7265·6374·5f68·6173·6822·205d·3b20·7468··rect_hash"·];·th
0003c540:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003c540:·656e·0a20·2020·2023·2046·726f·6d20·6669··en.····#·From·fi
0003c550:·492d·3728·3129·0a20·202d·204e·4953·542d··I-7(1).··-·NIST-0003c550:·6c65·7320·6e61·6d65·7320·6765·7420·7061··les·names·get·pa
0003c560:·3830·302d·3533·2d53·492d·3728·3629·0a20··800-53-SI-7(6).·0003c560:·636b·6167·6520·6e61·6d65·7320·616e·6420··ckage·names·and·
0003c570:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-10003c570:·6368·616e·6765·206e·6577·6c69·6e65·2074··change·newline·t
0003c580:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv0003c580:·6f20·7370·6163·652c·2062·6563·6175·7365··o·space,·because
0003c590:·342d·3131·2e35·2e32·0a20·202d·2068·6967··4-11.5.2.··-·hig0003c590:·2072·706d·2077·7269·7465·7320·6561·6368···rpm·writes·each
0003c5a0:·685f·636f·6d70·6c65·7869·7479·0a20·202d··h_complexity.··-0003c5a0:·2070·6163·6b61·6765·2074·6f20·6e65·7720···package·to·new·
0003c5b0:·2068·6967·685f·7365·7665·7269·7479·0a20···high_severity.·0003c5b0:·6c69·6e65·0a20·2020·2070·6163·6b61·6765··line.····package
0003c5c0:·202d·206d·6564·6975·6d5f·6469·7372·7570···-·medium_disrup0003c5c0:·735f·746f·5f72·6569·6e73·7461·6c6c·3d22··s_to_reinstall="
0003c5d0:·7469·6f6e·0a20·202d·206e·6f5f·7265·626f··tion.··-·no_rebo0003c5d0:·2428·7270·6d20·2d71·6620·2466·696c·6573··$(rpm·-qf·$files
0003c5e0:·6f74·5f6e·6565·6465·640a·2020·2d20·7265··ot_needed.··-·re0003c5e0:·5f77·6974·685f·696e·636f·7272·6563·745f··_with_incorrect_
0003c5f0:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.0003c5f0:·6861·7368·207c·2074·7220·275c·6e27·2027··hash·|·tr·'\n'·'
0003c600:·2020·2d20·7270·6d5f·7665·7269·6679·5f68····-·rpm_verify_h0003c600:·2027·2922·0a0a·2020·2020·0a20·2020·2079···')"..····.····y
0003c610:·6173·6865·730a·0a2d·206e·616d·653a·2027··ashes..-·name:·'0003c610:·756d·2072·6569·6e73·7461·6c6c·202d·7920··um·reinstall·-y·
0003c620:·5365·7420·6661·6374·3a20·5061·636b·6167··Set·fact:·Packag0003c620:·2470·6163·6b61·6765·735f·746f·5f72·6569··$packages_to_rei
0003c630:·6520·6d61·6e61·6765·7220·7265·696e·7374··e·manager·reinst0003c630:·6e73·7461·6c6c·0a20·2020·200a·6669·0a0a··nstall.····.fi..
0003c640:·616c·6c20·636f·6d6d·616e·6427·0a20·2073··all·command'.··s0003c640:·656c·7365·0a20·2020·2026·6774·3b26·616d··else.····&gt;&am
0003c650:·6574·5f66·6163·743a·0a20·2020·2070·6163··et_fact:.····pac0003c650:·703b·3220·6563·686f·2027·5265·6d65·6469··p;2·echo·'Remedi
0003c660:·6b61·6765·5f6d·616e·6167·6572·5f72·6569··kage_manager_rei0003c660:·6174·696f·6e20·6973·206e·6f74·2061·7070··ation·is·not·app
0003c670:·6e73·7461·6c6c·5f63·6d64·3a20·7975·6d20··nstall_cmd:·yum·0003c670:·6c69·6361·626c·652c·206e·6f74·6869·6e67··licable,·nothing
0003c680:·7265·696e·7374·616c·6c20·2d79·0a20·2077··reinstall·-y.··w0003c680:·2077·6173·2064·6f6e·6527·0a66·690a·3c2f···was·done'.fi.</
0003c690:·6865·6e3a·0a20·202d·206e·6f74·2028·2022··hen:.··-·not·(·"0003c690:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div
0003c6a0:·6b65·726e·656c·2220·696e·2061·6e73·6962··kernel"·in·ansib0003c6a0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b
0003c6b0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003c6b0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data
0003c6c0:·7320·616e·6420·2272·706d·2d6f·7374·7265··s·and·"rpm-ostre0003c6c0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps
0003c6d0:·6522·2069·6e20·616e·7369·626c·655f·6661··e"·in·ansible_fa0003c6d0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003c6e0:·6374·732e·7061·636b·6167·6573·0a20·2020··cts.packages.···0003c6e0:·2369·646d·3736·3734·2220·7461·6269·6e64··#idm7674"·tabind
0003c6f0:·2061·6e64·2022·626f·6f74·6322·2069·6e20···and·"bootc"·in·0003c6f0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003c700:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003c700:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003c710:·636b·6167·6573·2061·6e64·206e·6f74·2022··ckages·and·not·"0003c710:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003c720:·6f70·656e·7368·6966·742d·6b75·6265·6c65··openshift-kubele0003c720:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
0003c730:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa0003c730:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003c740:·6374·732e·7061·636b·6167·6573·0a20·2020··cts.packages.···0003c740:·5265·6d65·6469·6174·696f·6e20·416e·7369··Remediation·Ansi
0003c750:·2029·0a20·202d·2061·6e73·6962·6c65·5f64···).··-·ansible_d0003c750:·626c·6520·736e·6970·7065·7420·e287·b23c··ble·snippet·...<
0003c760:·6973·7472·6962·7574·696f·6e20·696e·205b··istribution·in·[0003c760:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
0003c770:·2022·4665·646f·7261·222c·2022·5265·6448···"Fedora",·"RedH0003c770:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
0003c780:·6174·222c·2022·4365·6e74·4f53·222c·2022··at",·"CentOS",·"0003c780:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
0003c790:·4f72·6163·6c65·4c69·6e75·7822·205d·0a20··OracleLinux"·].·0003c790:·6964·6d37·3637·3422·3e3c·7461·626c·6520··idm7674"><table·
0003c7a0:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-0003c7a0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
0003c7b0:·352e·3130·2e34·2e31·0a20·202d·204e·4953··5.10.4.1.··-·NIS0003c7b0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
0003c7c0:·542d·3830·302d·3137·312d·332e·332e·380a··T-800-171-3.3.8.0003c7c0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
0003c7d0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003c7d0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
0003c7e0:·2d33·2e34·2e31·0a20·202d·204e·4953·542d··-3.4.1.··-·NIST-0003c7e0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
0003c7f0:·3830·302d·3533·2d41·552d·3928·3329·0a20··800-53-AU-9(3).·0003c7f0:·7468·3e3c·7464·3e68·6967·683c·2f74·643e··th><td>high</td>
0003c800:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C0003c800:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
0003c810:·4d2d·3628·6329·0a20·202d·204e·4953·542d··M-6(c).··-·NIST-0003c810:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
0003c820:·3830·302d·3533·2d43·4d2d·3628·6429·0a20··800-53-CM-6(d).·0003c820:·3e6d·6564·6975·6d3c·2f74·643e·3c2f·7472··>medium</td></tr
0003c830:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003c830:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:
0003c840:·492d·370a·2020·2d20·4e49·5354·2d38·3030··I-7.··-·NIST-8000003c840:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</
0003c850:·2d35·332d·5349·2d37·2831·290a·2020·2d20··-53-SI-7(1).··-·0003c850:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003c860:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003c860:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
0003c870:·2836·290a·2020·2d20·5043·492d·4453·532d··(6).··-·PCI-DSS-0003c870:·643e·7265·7374·7269·6374·3c2f·7464·3e3c··d>restrict</td><
0003c880:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI0003c880:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
0003c890:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.··0003c890:·3e3c·636f·6465·3e2d·206e·616d·653a·2047··><code>-·name:·G
0003c8a0:·2d20·6869·6768·5f63·6f6d·706c·6578·6974··-·high_complexit0003c8a0:·6174·6865·7220·7468·6520·7061·636b·6167··ather·the·packag
0003c8b0:·790a·2020·2d20·6869·6768·5f73·6576·6572··y.··-·high_sever0003c8b0:·6520·6661·6374·730a·2020·7061·636b·6167··e·facts.··packag
0003c8c0:·6974·790a·2020·2d20·6d65·6469·756d·5f64··ity.··-·medium_d0003c8c0:·655f·6661·6374·733a·0a20·2020·206d·616e··e_facts:.····man
0003c8d0:·6973·7275·7074·696f·6e0a·2020·2d20·6e6f··isruption.··-·no0003c8d0:·6167·6572·3a20·6175·746f·0a20·2074·6167··ager:·auto.··tag
0003c8e0:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·0003c8e0:·733a·0a20·202d·2043·4a49·532d·352e·3130··s:.··-·CJIS-5.10
0003c8f0:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra0003c8f0:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-80
0003c900:·7465·6779·0a20·202d·2072·706d·5f76·6572··tegy.··-·rpm_ver0003c900:·302d·3137·312d·332e·332e·380a·2020·2d20··0-171-3.3.8.··-·
0003c910:·6966·795f·6861·7368·6573·0a0a·2d20·6e61··ify_hashes..-·na0003c910:·4e49·5354·2d38·3030·2d31·3731·2d33·2e34··NIST-800-171-3.4
0003c920:·6d65·3a20·2753·6574·2066·6163·743a·2050··me:·'Set·fact:·P0003c920:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-
0003c930:·6163·6b61·6765·206d·616e·6167·6572·2072··ackage·manager·r0003c930:·3533·2d41·552d·3928·3329·0a20·202d·204e··53-AU-9(3).··-·N
0003c940:·6569·6e73·7461·6c6c·2063·6f6d·6d61·6e64··einstall·command0003c940:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(
0003c950:·2028·7a79·7070·6572·2927·0a20·2073·6574···(zypper)'.··set0003c950:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-
0003c960:·5f66·6163·743a·0a20·2020·2070·6163·6b61··_fact:.····packa0003c960:·3533·2d43·4d2d·3628·6429·0a20·202d·204e··53-CM-6(d).··-·N
0003c970:·6765·5f6d·616e·6167·6572·5f72·6569·6e73··ge_manager_reins0003c970:·4953·542d·3830·302d·3533·2d53·492d·370a··IST-800-53-SI-7.
0003c980:·7461·6c6c·5f63·6d64·3a20·7a79·7070·6572··tall_cmd:·zypper0003c980:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003c990:·2069·6e20·2d66·202d·790a·2020·7768·656e···in·-f·-y.··when0003c990:·5349·2d37·2831·290a·2020·2d20·4e49·5354··SI-7(1).··-·NIST
0003c9a0:·3a0a·2020·2d20·6e6f·7420·2820·226b·6572··:.··-·not·(·"ker0003c9a0:·2d38·3030·2d35·332d·5349·2d37·2836·290a··-800-53-SI-7(6).
0003c9b0:·6e65·6c22·2069·6e20·616e·7369·626c·655f··nel"·in·ansible_0003c9b0:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-
0003c9c0:·6661·6374·732e·7061·636b·6167·6573·2061··facts.packages·a0003c9c0:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS
0003c9d0:·6e64·2022·7270·6d2d·6f73·7472·6565·2220··nd·"rpm-ostree"·0003c9d0:·7634·2d31·312e·352e·320a·2020·2d20·6869··v4-11.5.2.··-·hi
0003c9e0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003c9e0:·6768·5f63·6f6d·706c·6578·6974·790a·2020··gh_complexity.··
0003c9f0:·2e70·6163·6b61·6765·730a·2020·2020·616e··.packages.····an0003c9f0:·2d20·6869·6768·5f73·6576·6572·6974·790a··-·high_severity.
0003ca00:·6420·2262·6f6f·7463·2220·696e·2061·6e73··d·"bootc"·in·ans0003ca00:·2020·2d20·6d65·6469·756d·5f64·6973·7275····-·medium_disru
0003ca10:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003ca10:·7074·696f·6e0a·2020·2d20·6e6f·5f72·6562··ption.··-·no_reb
0003ca20:·6765·7320·616e·6420·6e6f·7420·226f·7065··ges·and·not·"ope0003ca20:·6f6f·745f·6e65·6564·6564·0a20·202d·2072··oot_needed.··-·r
0003ca30:·6e73·6869·6674·2d6b·7562·656c·6574·2220··nshift-kubelet"·0003ca30:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy
0003ca40:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003ca40:·0a20·202d·2072·706d·5f76·6572·6966·795f··.··-·rpm_verify_
0003ca50:·2e70·6163·6b61·6765·730a·2020·2020·290a··.packages.····).0003ca50:·6861·7368·6573·0a0a·2d20·6e61·6d65·3a20··hashes..-·name:·
0003ca60:·2020·2d20·616e·7369·626c·655f·6469·7374····-·ansible_dist0003ca60:·2753·6574·2066·6163·743a·2050·6163·6b61··'Set·fact:·Packa
Max diff block lines reached; 6723107/6778059 bytes (99.19%) of diff not shown.
714 KB
html2text {}
    
Offset 132, 14 lines modifiedOffset 132, 33 lines modified
132 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6132 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
133 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4133 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
134 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)134 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
135 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1135 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
136 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5136 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
137 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227137 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
138 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2138 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 140 #·Remediation·is·applicable·only·in·certain·platforms
 141 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 142 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 143 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 144 if·[·-n·"$files_with_incorrect_hash"·];·then
 145 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 146 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 147 ····yum·reinstall·-y·$packages_to_reinstall
  
 148 fi
  
 149 else
 150 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 151 fi
139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8152 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
140 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high153 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
141 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium154 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
142 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false155 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
143 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict156 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
144 -·name:·Gather·the·package·facts157 -·name:·Gather·the·package·facts
145 ··package_facts:158 ··package_facts:
Offset 306, 33 lines modifiedOffset 325, 14 lines modified
306 ··-·PCI-DSSv4-11.5.2325 ··-·PCI-DSSv4-11.5.2
307 ··-·high_complexity326 ··-·high_complexity
308 ··-·high_severity327 ··-·high_severity
309 ··-·medium_disruption328 ··-·medium_disruption
310 ··-·no_reboot_needed329 ··-·no_reboot_needed
311 ··-·restrict_strategy330 ··-·restrict_strategy
312 ··-·rpm_verify_hashes331 ··-·rpm_verify_hashes
313 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
314 #·Remediation·is·applicable·only·in·certain·platforms 
315 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
316 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
317 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
318 if·[·-n·"$files_with_incorrect_hash"·];·then 
319 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
320 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
321 ····yum·reinstall·-y·$packages_to_reinstall 
  
322 fi 
  
323 else 
324 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
325 fi 
326 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*332 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
327 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:333 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
328 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'334 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
329 run·the·following·command·to·determine·which·package·owns·it:335 run·the·following·command·to·determine·which·package·owns·it:
330 $·rpm·-qf·FILENAME336 $·rpm·-qf·FILENAME
331 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:337 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
332 $·sudo·rpm·--restore·PACKAGENAME338 $·sudo·rpm·--restore·PACKAGENAME
Offset 351, 14 lines modifiedOffset 351, 46 lines modified
351 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5351 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
352 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2352 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
353 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)353 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
354 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1354 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
355 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5355 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
356 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108356 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
357 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2357 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 358 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 359 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 360 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 361 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 362 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 363 #·Remediation·is·applicable·only·in·certain·platforms
 364 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 365 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 366 declare·-A·SETPERMS_RPM_DICT
  
 367 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 368 #·is·expected·by·the·RPM·database
 369 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 370 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 371 do
 372 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 373 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 374 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 375 done
  
 376 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 377 #·correct·values
 378 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 379 do
 380 ········rpm·--restore·"${RPM_PACKAGE}"
 381 done
  
 382 else
 383 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 384 fi
358 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8385 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
359 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high386 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
360 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium387 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
361 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false388 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
362 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict389 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
363 -·name:·Gather·the·package·facts390 -·name:·Gather·the·package·facts
364 ··package_facts:391 ··package_facts:
Offset 466, 46 lines modifiedOffset 498, 14 lines modified
466 ··-·PCI-DSSv4-11.5.2498 ··-·PCI-DSSv4-11.5.2
467 ··-·high_complexity499 ··-·high_complexity
468 ··-·high_severity500 ··-·high_severity
469 ··-·medium_disruption501 ··-·medium_disruption
470 ··-·no_reboot_needed502 ··-·no_reboot_needed
471 ··-·restrict_strategy503 ··-·restrict_strategy
472 ··-·rpm_verify_ownership504 ··-·rpm_verify_ownership
473 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
474 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
475 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
476 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
477 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 723173/730884 bytes (98.94%) of diff not shown.
17.9 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-hipaa.html
    
Offset 15428, 408 lines modifiedOffset 15428, 408 lines modified
0003c430:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003c430:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003c440:·2223·6964·6d37·3637·3322·2074·6162·696e··"#idm7673"·tabin0003c440:·2223·6964·6d37·3637·3322·2074·6162·696e··"#idm7673"·tabin
0003c450:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003c450:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003c460:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003c460:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003c470:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003c470:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003c480:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003c480:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003c490:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003c490:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003c4a0:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003c4a0:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
0003c4b0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...0003c4b0:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
0003c4c0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003c4c0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003c4d0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003c4d0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003c4e0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003c4e0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003c4f0:·2269·646d·3736·3733·223e·3c74·6162·6c65··"idm7673"><table0003c4f0:·6d37·3637·3322·3e3c·7072·653e·3c63·6f64··m7673"><pre><cod
0003c500:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003c500:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
0003c510:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003c510:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
0003c520:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003c520:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
0003c530:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003c530:·6174·666f·726d·730a·6966·2021·2028·207b··atforms.if·!·(·{
0003c540:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003c540:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003c550:·2f74·683e·3c74·643e·6869·6768·3c2f·7464··/th><td>high</td0003c550:·6b65·726e·656c·203b·7d20·2661·6d70·3b26··kernel·;}·&amp;&
0003c560:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di0003c560:·616d·703b·207b·2072·706d·202d·2d71·7569··amp;·{·rpm·--qui
0003c570:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003c570:·6574·202d·7120·7270·6d2d·6f73·7472·6565··et·-q·rpm-ostree
0003c580:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t0003c580:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003c590:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot0003c590:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003c5a0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<0003c5a0:·626f·6f74·6320·3b7d·2026·616d·703b·2661··bootc·;}·&amp;&a
0003c5b0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003c5b0:·6d70·3b20·7b20·2120·7270·6d20·2d2d·7175··mp;·{·!·rpm·--qu
0003c5c0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><0003c5c0:·6965·7420·2d71·206f·7065·6e73·6869·6674··iet·-q·openshift
0003c5d0:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>0003c5d0:·2d6b·7562·656c·6574·203b·7d20·293b·2074··-kubelet·;}·);·t
0003c5e0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr0003c5e0:·6865·6e0a·0a23·2046·696e·6420·7768·6963··hen..#·Find·whic
0003c5f0:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·0003c5f0:·6820·6669·6c65·7320·6861·7665·2069·6e63··h·files·have·inc
0003c600:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa0003c600:·6f72·7265·6374·2068·6173·6820·286e·6f74··orrect·hash·(not
0003c610:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa0003c610:·2069·6e20·2f65·7463·2c20·6265·6361·7573···in·/etc,·becaus
0003c620:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma0003c620:·6520·6f66·2074·6865·2073·7973·7465·6d20··e·of·the·system·
0003c630:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta0003c630:·7265·6c61·7465·6420·636f·6e66·6967·2066··related·config·f
0003c640:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.10003c640:·696c·6573·2920·616e·6420·7468·656e·2067··iles)·and·then·g
0003c650:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-80003c650:·6574·2066·696c·6573·206e·616d·6573·0a66··et·files·names.f
0003c660:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-0003c660:·696c·6573·5f77·6974·685f·696e·636f·7272··iles_with_incorr
0003c670:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003c670:·6563·745f·6861·7368·3d22·2428·7270·6d20··ect_hash="$(rpm·
0003c680:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003c680:·2d56·6120·2d2d·6e6f·636f·6e66·6967·207c··-Va·--noconfig·|
0003c690:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·0003c690:·2067·7265·7020·2d45·2027·5e2e·2e35·2720···grep·-E·'^..5'·
0003c6a0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003c6a0:·7c20·6177·6b20·277b·7072·696e·7420·244e··|·awk·'{print·$N
0003c6b0:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-8000003c6b0:·467d·2720·2922·0a0a·6966·205b·202d·6e20··F}'·)"..if·[·-n·
0003c6c0:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·0003c6c0:·2224·6669·6c65·735f·7769·7468·5f69·6e63··"$files_with_inc
0003c6d0:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003c6d0:·6f72·7265·6374·5f68·6173·6822·205d·3b20··orrect_hash"·];·
0003c6e0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003c6e0:·7468·656e·0a20·2020·2023·2046·726f·6d20··then.····#·From·
0003c6f0:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS0003c6f0:·6669·6c65·7320·6e61·6d65·7320·6765·7420··files·names·get·
0003c700:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)0003c700:·7061·636b·6167·6520·6e61·6d65·7320·616e··package·names·an
0003c710:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003c710:·6420·6368·616e·6765·206e·6577·6c69·6e65··d·change·newline
0003c720:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS0003c720:·2074·6f20·7370·6163·652c·2062·6563·6175···to·space,·becau
0003c730:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h0003c730:·7365·2072·706d·2077·7269·7465·7320·6561··se·rpm·writes·ea
0003c740:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·0003c740:·6368·2070·6163·6b61·6765·2074·6f20·6e65··ch·package·to·ne
0003c750:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity0003c750:·7720·6c69·6e65·0a20·2020·2070·6163·6b61··w·line.····packa
0003c760:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003c760:·6765·735f·746f·5f72·6569·6e73·7461·6c6c··ges_to_reinstall
0003c770:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re0003c770:·3d22·2428·7270·6d20·2d71·6620·2466·696c··="$(rpm·-qf·$fil
0003c780:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003c780:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003c790:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0003c790:·745f·6861·7368·207c·2074·7220·275c·6e27··t_hash·|·tr·'\n'
0003c7a0:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify0003c7a0:·2027·2027·2922·0a0a·2020·2020·0a20·2020···'·')"..····.···
0003c7b0:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:0003c7b0:·2079·756d·2072·6569·6e73·7461·6c6c·202d···yum·reinstall·-
0003c7c0:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack0003c7c0:·7920·2470·6163·6b61·6765·735f·746f·5f72··y·$packages_to_r
0003c7d0:·6167·6520·6d61·6e61·6765·7220·7265·696e··age·manager·rein0003c7d0:·6569·6e73·7461·6c6c·0a20·2020·200a·6669··einstall.····.fi
0003c7e0:·7374·616c·6c20·636f·6d6d·616e·6427·0a20··stall·command'.·0003c7e0:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
0003c7f0:·2073·6574·5f66·6163·743a·0a20·2020·2070···set_fact:.····p0003c7f0:·616d·703b·3220·6563·686f·2027·5265·6d65··amp;2·echo·'Reme
0003c800:·6163·6b61·6765·5f6d·616e·6167·6572·5f72··ackage_manager_r0003c800:·6469·6174·696f·6e20·6973·206e·6f74·2061··diation·is·not·a
0003c810:·6569·6e73·7461·6c6c·5f63·6d64·3a20·7975··einstall_cmd:·yu0003c810:·7070·6c69·6361·626c·652c·206e·6f74·6869··pplicable,·nothi
0003c820:·6d20·7265·696e·7374·616c·6c20·2d79·0a20··m·reinstall·-y.·0003c820:·6e67·2077·6173·2064·6f6e·6527·0a66·690a··ng·was·done'.fi.
0003c830:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003c830:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
0003c840:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003c840:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
0003c850:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003c850:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
0003c860:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003c860:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
0003c870:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003c870:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003c880:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003c880:·3d22·2369·646d·3736·3734·2220·7461·6269··="#idm7674"·tabi
0003c890:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003c890:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003c8a0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003c8a0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003c8b0:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003c8b0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003c8c0:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003c8c0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003c8d0:·6c65·7422·2069·6e20·616e·7369·626c·655f··let"·in·ansible_0003c8d0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003c8e0:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003c8e0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An
0003c8f0:·2020·2029·0a20·202d·2061·6e73·6962·6c65·····).··-·ansible0003c8f0:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..
0003c900:·5f64·6973·7472·6962·7574·696f·6e20·696e··_distribution·in0003c900:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003c910:·205b·2022·4665·646f·7261·222c·2022·5265···[·"Fedora",·"Re0003c910:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003c920:·6448·6174·222c·2022·4365·6e74·4f53·222c··dHat",·"CentOS",0003c920:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003c930:·2022·4f72·6163·6c65·4c69·6e75·7822·205d···"OracleLinux"·]0003c930:·3d22·6964·6d37·3637·3422·3e3c·7461·626c··="idm7674"><tabl
0003c940:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003c940:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
0003c950:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N0003c950:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
0003c960:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.0003c960:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
0003c970:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-10003c970:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
0003c980:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS0003c980:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
0003c990:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)0003c990:·3c2f·7468·3e3c·7464·3e68·6967·683c·2f74··</th><td>high</t
0003c9a0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003c9a0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
0003c9b0:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS0003c9b0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
0003c9c0:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)0003c9c0:·7464·3e6d·6564·6975·6d3c·2f74·643e·3c2f··td>medium</td></
0003c9d0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003c9d0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003c9e0:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-80003c9e0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
0003c9f0:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··0003c9f0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003ca00:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003ca00:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
0003ca10:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS0003ca10:·3c74·643e·7265·7374·7269·6374·3c2f·7464··<td>restrict</td
0003ca20:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003ca20:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0003ca30:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003ca30:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
0003ca40:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex0003ca40:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
0003ca50:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev0003ca50:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
0003ca60:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium0003ca60:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
0003ca70:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·0003ca70:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
0003ca80:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed0003ca80:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
0003ca90:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st0003ca90:·3130·2e34·2e31·0a20·202d·204e·4953·542d··10.4.1.··-·NIST-
0003caa0:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v0003caa0:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··
0003cab0:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·0003cab0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003cac0:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:0003cac0:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-80
0003cad0:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager0003cad0:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-
0003cae0:·2072·6569·6e73·7461·6c6c·2063·6f6d·6d61···reinstall·comma0003cae0:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
0003caf0:·6e64·2028·7a79·7070·6572·2927·0a20·2073··nd·(zypper)'.··s0003caf0:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-80
0003cb00:·6574·5f66·6163·743a·0a20·2020·2070·6163··et_fact:.····pac0003cb00:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-
0003cb10:·6b61·6765·5f6d·616e·6167·6572·5f72·6569··kage_manager_rei0003cb10:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003cb20:·6e73·7461·6c6c·5f63·6d64·3a20·7a79·7070··nstall_cmd:·zypp0003cb20:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
0003cb30:·6572·2069·6e20·2d66·202d·790a·2020·7768··er·in·-f·-y.··wh0003cb30:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI
0003cb40:·656e·3a0a·2020·2d20·6e6f·7420·2820·226b··en:.··-·not·(·"k0003cb40:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(6
0003cb50:·6572·6e65·6c22·2069·6e20·616e·7369·626c··ernel"·in·ansibl0003cb50:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re
0003cb60:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003cb60:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D
0003cb70:·2061·6e64·2022·7270·6d2d·6f73·7472·6565···and·"rpm-ostree0003cb70:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·
0003cb80:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003cb80:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.
0003cb90:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003cb90:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit
0003cba0:·616e·6420·2262·6f6f·7463·2220·696e·2061··and·"bootc"·in·a0003cba0:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis
0003cbb0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003cbb0:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r
0003cbc0:·6b61·6765·7320·616e·6420·6e6f·7420·226f··kages·and·not·"o0003cbc0:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-
0003cbd0:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet0003cbd0:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate
0003cbe0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003cbe0:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif
0003cbf0:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003cbf0:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name
0003cc00:·290a·2020·2d20·616e·7369·626c·655f·6469··).··-·ansible_di0003cc00:·3a20·2753·6574·2066·6163·743a·2050·6163··:·'Set·fact:·Pac
Max diff block lines reached; 17387732/17442684 bytes (99.68%) of diff not shown.
1.3 MB
html2text {}
    
Offset 138, 14 lines modifiedOffset 138, 33 lines modified
138 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6138 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
139 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4139 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
140 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)140 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
141 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1141 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
142 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5142 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
143 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227143 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
144 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2144 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 146 #·Remediation·is·applicable·only·in·certain·platforms
 147 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 148 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 149 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 150 if·[·-n·"$files_with_incorrect_hash"·];·then
 151 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 152 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 153 ····yum·reinstall·-y·$packages_to_reinstall
  
 154 fi
  
 155 else
 156 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 157 fi
145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8158 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high159 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium160 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false161 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict162 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
150 -·name:·Gather·the·package·facts163 -·name:·Gather·the·package·facts
151 ··package_facts:164 ··package_facts:
Offset 312, 33 lines modifiedOffset 331, 14 lines modified
312 ··-·PCI-DSSv4-11.5.2331 ··-·PCI-DSSv4-11.5.2
313 ··-·high_complexity332 ··-·high_complexity
314 ··-·high_severity333 ··-·high_severity
315 ··-·medium_disruption334 ··-·medium_disruption
316 ··-·no_reboot_needed335 ··-·no_reboot_needed
317 ··-·restrict_strategy336 ··-·restrict_strategy
318 ··-·rpm_verify_hashes337 ··-·rpm_verify_hashes
319 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
320 #·Remediation·is·applicable·only·in·certain·platforms 
321 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
322 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
323 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
324 if·[·-n·"$files_with_incorrect_hash"·];·then 
325 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
326 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
327 ····yum·reinstall·-y·$packages_to_reinstall 
  
328 fi 
  
329 else 
330 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
331 fi 
332 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*338 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
333 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:339 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
334 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'340 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
335 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:341 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
336 $·rpm·-qf·FILENAME342 $·rpm·-qf·FILENAME
  
337 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:343 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 359, 14 lines modifiedOffset 359, 50 lines modified
359 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5359 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
360 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2360 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
361 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)361 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
362 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1362 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
363 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5363 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
364 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108364 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
365 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2365 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 366 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 367 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 368 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 369 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 370 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 371 #·Remediation·is·applicable·only·in·certain·platforms
 372 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 373 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 374 declare·-A·SETPERMS_RPM_DICT
  
 375 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 376 #·is·expected·by·the·RPM·database
 377 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 378 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 379 do
 380 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 381 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 382 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 383 ········do
 384 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 385 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 386 ········done
 387 done
  
 388 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 389 #·correct·values
 390 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 391 do
 392 »       rpm·--restore·"${RPM_PACKAGE}"
 393 done
  
 394 else
 395 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 396 fi
366 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8397 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
367 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high398 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
368 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium399 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
369 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false400 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
370 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict401 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
371 -·name:·Gather·the·package·facts402 -·name:·Gather·the·package·facts
372 ··package_facts:403 ··package_facts:
Offset 478, 50 lines modifiedOffset 514, 14 lines modified
478 ··-·PCI-DSSv4-11.5.2514 ··-·PCI-DSSv4-11.5.2
479 ··-·high_complexity515 ··-·high_complexity
480 ··-·high_severity516 ··-·high_severity
481 ··-·medium_disruption517 ··-·medium_disruption
482 ··-·no_reboot_needed518 ··-·no_reboot_needed
483 ··-·restrict_strategy519 ··-·restrict_strategy
484 ··-·rpm_verify_permissions520 ··-·rpm_verify_permissions
485 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 1353029/1361113 bytes (99.41%) of diff not shown.
10.7 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-ism_o.html
    
Offset 15437, 408 lines modifiedOffset 15437, 408 lines modified
0003c4c0:·6574·3d22·2369·646d·3736·3733·2220·7461··et="#idm7673"·ta0003c4c0:·6574·3d22·2369·646d·3736·3733·2220·7461··et="#idm7673"·ta
0003c4d0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003c4d0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003c4e0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003c4e0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003c4f0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003c4f0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003c500:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003c500:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003c510:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003c510:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003c520:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003c520:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003c530:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet·0003c530:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
0003c540:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·0003c540:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003c550:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col0003c550:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003c560:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·0003c560:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003c570:·6964·3d22·6964·6d37·3637·3322·3e3c·7461··id="idm7673"><ta0003c570:·2269·646d·3736·3733·223e·3c70·7265·3e3c··"idm7673"><pre><
0003c580:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table0003c580:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
0003c590:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t0003c590:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
0003c5a0:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta0003c5a0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
0003c5b0:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><0003c5b0:·2070·6c61·7466·6f72·6d73·0a69·6620·2120···platforms.if·!·
0003c5c0:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit0003c5c0:·2820·7b20·7270·6d20·2d2d·7175·6965·7420··(·{·rpm·--quiet·
0003c5d0:·793a·3c2f·7468·3e3c·7464·3e68·6967·683c··y:</th><td>high<0003c5d0:·2d71·206b·6572·6e65·6c20·3b7d·2026·616d··-q·kernel·;}·&am
0003c5e0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003c5e0:·703b·2661·6d70·3b20·7b20·7270·6d20·2d2d··p;&amp;·{·rpm·--
0003c5f0:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th0003c5f0:·7175·6965·7420·2d71·2072·706d·2d6f·7374··quiet·-q·rpm-ost
0003c600:·3e3c·7464·3e6d·6564·6975·6d3c·2f74·643e··><td>medium</td>0003c600:·7265·6520·3b7d·2026·616d·703b·2661·6d70··ree·;}·&amp;&amp
0003c610:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb0003c610:·3b20·7b20·7270·6d20·2d2d·7175·6965·7420··;·{·rpm·--quiet·
0003c620:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal0003c620:·2d71·2062·6f6f·7463·203b·7d20·2661·6d70··-q·bootc·;}·&amp
0003c630:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>0003c630:·3b26·616d·703b·207b·2021·2072·706d·202d··;&amp;·{·!·rpm·-
0003c640:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t0003c640:·2d71·7569·6574·202d·7120·6f70·656e·7368··-quiet·-q·opensh
0003c650:·683e·3c74·643e·7265·7374·7269·6374·3c2f··h><td>restrict</0003c650:·6966·742d·6b75·6265·6c65·7420·3b7d·2029··ift-kubelet·;}·)
0003c660:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>0003c660:·3b20·7468·656e·0a0a·2320·4669·6e64·2077··;·then..#·Find·w
0003c670:·3c70·7265·3e3c·636f·6465·3e2d·206e·616d··<pre><code>-·nam0003c670:·6869·6368·2066·696c·6573·2068·6176·6520··hich·files·have·
0003c680:·653a·2047·6174·6865·7220·7468·6520·7061··e:·Gather·the·pa0003c680:·696e·636f·7272·6563·7420·6861·7368·2028··incorrect·hash·(
0003c690:·636b·6167·6520·6661·6374·730a·2020·7061··ckage·facts.··pa0003c690:·6e6f·7420·696e·202f·6574·632c·2062·6563··not·in·/etc,·bec
0003c6a0:·636b·6167·655f·6661·6374·733a·0a20·2020··ckage_facts:.···0003c6a0:·6175·7365·206f·6620·7468·6520·7379·7374··ause·of·the·syst
0003c6b0:·206d·616e·6167·6572·3a20·6175·746f·0a20···manager:·auto.·0003c6b0:·656d·2072·656c·6174·6564·2063·6f6e·6669··em·related·confi
0003c6c0:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-0003c6c0:·6720·6669·6c65·7329·2061·6e64·2074·6865··g·files)·and·the
0003c6d0:·352e·3130·2e34·2e31·0a20·202d·204e·4953··5.10.4.1.··-·NIS0003c6d0:·6e20·6765·7420·6669·6c65·7320·6e61·6d65··n·get·files·name
0003c6e0:·542d·3830·302d·3137·312d·332e·332e·380a··T-800-171-3.3.8.0003c6e0:·730a·6669·6c65·735f·7769·7468·5f69·6e63··s.files_with_inc
0003c6f0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003c6f0:·6f72·7265·6374·5f68·6173·683d·2224·2872··orrect_hash="$(r
0003c700:·2d33·2e34·2e31·0a20·202d·204e·4953·542d··-3.4.1.··-·NIST-0003c700:·706d·202d·5661·202d·2d6e·6f63·6f6e·6669··pm·-Va·--noconfi
0003c710:·3830·302d·3533·2d41·552d·3928·3329·0a20··800-53-AU-9(3).·0003c710:·6720·7c20·6772·6570·202d·4520·275e·2e2e··g·|·grep·-E·'^..
0003c720:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C0003c720:·3527·207c·2061·776b·2027·7b70·7269·6e74··5'·|·awk·'{print
0003c730:·4d2d·3628·6329·0a20·202d·204e·4953·542d··M-6(c).··-·NIST-0003c730:·2024·4e46·7d27·2029·220a·0a69·6620·5b20···$NF}'·)"..if·[·
0003c740:·3830·302d·3533·2d43·4d2d·3628·6429·0a20··800-53-CM-6(d).·0003c740:·2d6e·2022·2466·696c·6573·5f77·6974·685f··-n·"$files_with_
0003c750:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003c750:·696e·636f·7272·6563·745f·6861·7368·2220··incorrect_hash"·
0003c760:·492d·370a·2020·2d20·4e49·5354·2d38·3030··I-7.··-·NIST-8000003c760:·5d3b·2074·6865·6e0a·2020·2020·2320·4672··];·then.····#·Fr
0003c770:·2d35·332d·5349·2d37·2831·290a·2020·2d20··-53-SI-7(1).··-·0003c770:·6f6d·2066·696c·6573·206e·616d·6573·2067··om·files·names·g
0003c780:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003c780:·6574·2070·6163·6b61·6765·206e·616d·6573··et·package·names
0003c790:·2836·290a·2020·2d20·5043·492d·4453·532d··(6).··-·PCI-DSS-0003c790:·2061·6e64·2063·6861·6e67·6520·6e65·776c···and·change·newl
0003c7a0:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI0003c7a0:·696e·6520·746f·2073·7061·6365·2c20·6265··ine·to·space,·be
0003c7b0:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.··0003c7b0:·6361·7573·6520·7270·6d20·7772·6974·6573··cause·rpm·writes
0003c7c0:·2d20·6869·6768·5f63·6f6d·706c·6578·6974··-·high_complexit0003c7c0:·2065·6163·6820·7061·636b·6167·6520·746f···each·package·to
0003c7d0:·790a·2020·2d20·6869·6768·5f73·6576·6572··y.··-·high_sever0003c7d0:·206e·6577·206c·696e·650a·2020·2020·7061···new·line.····pa
0003c7e0:·6974·790a·2020·2d20·6d65·6469·756d·5f64··ity.··-·medium_d0003c7e0:·636b·6167·6573·5f74·6f5f·7265·696e·7374··ckages_to_reinst
0003c7f0:·6973·7275·7074·696f·6e0a·2020·2d20·6e6f··isruption.··-·no0003c7f0:·616c·6c3d·2224·2872·706d·202d·7166·2024··all="$(rpm·-qf·$
0003c800:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·0003c800:·6669·6c65·735f·7769·7468·5f69·6e63·6f72··files_with_incor
0003c810:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra0003c810:·7265·6374·5f68·6173·6820·7c20·7472·2027··rect_hash·|·tr·'
0003c820:·7465·6779·0a20·202d·2072·706d·5f76·6572··tegy.··-·rpm_ver0003c820:·5c6e·2720·2720·2729·220a·0a20·2020·200a··\n'·'·')"..····.
0003c830:·6966·795f·6861·7368·6573·0a0a·2d20·6e61··ify_hashes..-·na0003c830:·2020·2020·7975·6d20·7265·696e·7374·616c······yum·reinstal
0003c840:·6d65·3a20·2753·6574·2066·6163·743a·2050··me:·'Set·fact:·P0003c840:·6c20·2d79·2024·7061·636b·6167·6573·5f74··l·-y·$packages_t
0003c850:·6163·6b61·6765·206d·616e·6167·6572·2072··ackage·manager·r0003c850:·6f5f·7265·696e·7374·616c·6c0a·2020·2020··o_reinstall.····
0003c860:·6569·6e73·7461·6c6c·2063·6f6d·6d61·6e64··einstall·command0003c860:·0a66·690a·0a65·6c73·650a·2020·2020·2667··.fi..else.····&g
0003c870:·270a·2020·7365·745f·6661·6374·3a0a·2020··'.··set_fact:.··0003c870:·743b·2661·6d70·3b32·2065·6368·6f20·2752··t;&amp;2·echo·'R
0003c880:·2020·7061·636b·6167·655f·6d61·6e61·6765····package_manage0003c880:·656d·6564·6961·7469·6f6e·2069·7320·6e6f··emediation·is·no
0003c890:·725f·7265·696e·7374·616c·6c5f·636d·643a··r_reinstall_cmd:0003c890:·7420·6170·706c·6963·6162·6c65·2c20·6e6f··t·applicable,·no
0003c8a0:·2079·756d·2072·6569·6e73·7461·6c6c·202d···yum·reinstall·-0003c8a0:·7468·696e·6720·7761·7320·646f·6e65·270a··thing·was·done'.
0003c8b0:·790a·2020·7768·656e·3a0a·2020·2d20·6e6f··y.··when:.··-·no0003c8b0:·6669·0a3c·2f63·6f64·653e·3c2f·7072·653e··fi.</code></pre>
0003c8c0:·7420·2820·226b·6572·6e65·6c22·2069·6e20··t·(·"kernel"·in·0003c8c0:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="
0003c8d0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003c8d0:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"
0003c8e0:·636b·6167·6573·2061·6e64·2022·7270·6d2d··ckages·and·"rpm-0003c8e0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co
0003c8f0:·6f73·7472·6565·2220·696e·2061·6e73·6962··ostree"·in·ansib0003c8f0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar
0003c900:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003c900:·6765·743d·2223·6964·6d37·3637·3422·2074··get="#idm7674"·t
0003c910:·730a·2020·2020·616e·6420·2262·6f6f·7463··s.····and·"bootc0003c910:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003c920:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003c920:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003c930:·7473·2e70·6163·6b61·6765·7320·616e·6420··ts.packages·and·0003c930:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003c940:·6e6f·7420·226f·7065·6e73·6869·6674·2d6b··not·"openshift-k0003c940:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003c950:·7562·656c·6574·2220·696e·2061·6e73·6962··ubelet"·in·ansib0003c950:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003c960:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003c960:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003c970:·730a·2020·2020·290a·2020·2d20·616e·7369··s.····).··-·ansi0003c970:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet
0003c980:·626c·655f·6469·7374·7269·6275·7469·6f6e··ble_distribution0003c980:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003c990:·2069·6e20·5b20·2246·6564·6f72·6122·2c20···in·[·"Fedora",·0003c990:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003c9a0:·2252·6564·4861·7422·2c20·2243·656e·744f··"RedHat",·"CentO0003c9a0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003c9b0:·5322·2c20·224f·7261·636c·654c·696e·7578··S",·"OracleLinux0003c9b0:·2069·643d·2269·646d·3736·3734·223e·3c74···id="idm7674"><t
0003c9c0:·2220·5d0a·2020·7461·6773·3a0a·2020·2d20··"·].··tags:.··-·0003c9c0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
0003c9d0:·434a·4953·2d35·2e31·302e·342e·310a·2020··CJIS-5.10.4.1.··0003c9d0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
0003c9e0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003c9e0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
0003c9f0:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-800003c9f0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
0003ca00:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·0003ca00:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
0003ca10:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-90003ca10:·7479·3a3c·2f74·683e·3c74·643e·6869·6768··ty:</th><td>high
0003ca20:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-8000003ca20:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003ca30:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·0003ca30:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
0003ca40:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003ca40:·683e·3c74·643e·6d65·6469·756d·3c2f·7464··h><td>medium</td
0003ca50:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-8000003ca50:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
0003ca60:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS0003ca60:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
0003ca70:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)0003ca70:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
0003ca80:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003ca80:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
0003ca90:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI0003ca90:·7468·3e3c·7464·3e72·6573·7472·6963·743c··th><td>restrict<
0003caa0:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··0003caa0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
0003cab0:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.50003cab0:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na
0003cac0:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp0003cac0:·6d65·3a20·4761·7468·6572·2074·6865·2070··me:·Gather·the·p
0003cad0:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_0003cad0:·6163·6b61·6765·2066·6163·7473·0a20·2070··ackage·facts.··p
0003cae0:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med0003cae0:·6163·6b61·6765·5f66·6163·7473·3a0a·2020··ackage_facts:.··
0003caf0:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·0003caf0:·2020·6d61·6e61·6765·723a·2061·7574·6f0a····manager:·auto.
0003cb00:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee0003cb00:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
0003cb10:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict0003cb10:·2d35·2e31·302e·342e·310a·2020·2d20·4e49··-5.10.4.1.··-·NI
0003cb20:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp0003cb20:·5354·2d38·3030·2d31·3731·2d33·2e33·2e38··ST-800-171-3.3.8
0003cb30:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.0003cb30:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0003cb40:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa0003cb40:·312d·332e·342e·310a·2020·2d20·4e49·5354··1-3.4.1.··-·NIST
0003cb50:·6374·3a20·5061·636b·6167·6520·6d61·6e61··ct:·Package·mana0003cb50:·2d38·3030·2d35·332d·4155·2d39·2833·290a··-800-53-AU-9(3).
0003cb60:·6765·7220·7265·696e·7374·616c·6c20·636f··ger·reinstall·co0003cb60:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003cb70:·6d6d·616e·6420·287a·7970·7065·7229·270a··mmand·(zypper)'.0003cb70:·434d·2d36·2863·290a·2020·2d20·4e49·5354··CM-6(c).··-·NIST
0003cb80:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····0003cb80:·2d38·3030·2d35·332d·434d·2d36·2864·290a··-800-53-CM-6(d).
0003cb90:·7061·636b·6167·655f·6d61·6e61·6765·725f··package_manager_0003cb90:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003cba0:·7265·696e·7374·616c·6c5f·636d·643a·207a··reinstall_cmd:·z0003cba0:·5349·2d37·0a20·202d·204e·4953·542d·3830··SI-7.··-·NIST-80
0003cbb0:·7970·7065·7220·696e·202d·6620·2d79·0a20··ypper·in·-f·-y.·0003cbb0:·302d·3533·2d53·492d·3728·3129·0a20·202d··0-53-SI-7(1).··-
0003cbc0:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003cbc0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003cbd0:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003cbd0:·3728·3629·0a20·202d·2050·4349·2d44·5353··7(6).··-·PCI-DSS
0003cbe0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003cbe0:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC
0003cbf0:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003cbf0:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·
0003cc00:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003cc00:·202d·2068·6967·685f·636f·6d70·6c65·7869···-·high_complexi
0003cc10:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003cc10:·7479·0a20·202d·2068·6967·685f·7365·7665··ty.··-·high_seve
0003cc20:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003cc20:·7269·7479·0a20·202d·206d·6564·6975·6d5f··rity.··-·medium_
0003cc30:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003cc30:·6469·7372·7570·7469·6f6e·0a20·202d·206e··disruption.··-·n
0003cc40:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003cc40:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.
0003cc50:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003cc50:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str
0003cc60:·6c65·7422·2069·6e20·616e·7369·626c·655f··let"·in·ansible_0003cc60:·6174·6567·790a·2020·2d20·7270·6d5f·7665··ategy.··-·rpm_ve
0003cc70:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003cc70:·7269·6679·5f68·6173·6865·730a·0a2d·206e··rify_hashes..-·n
0003cc80:·2020·2029·0a20·202d·2061·6e73·6962·6c65·····).··-·ansible0003cc80:·616d·653a·2027·5365·7420·6661·6374·3a20··ame:·'Set·fact:·
0003cc90:·5f64·6973·7472·6962·7574·696f·6e20·3d3d··_distribution·==0003cc90:·5061·636b·6167·6520·6d61·6e61·6765·7220··Package·manager·
Max diff block lines reached; 10087375/10142327 bytes (99.46%) of diff not shown.
1.0 MB
html2text {}
    
Offset 139, 14 lines modifiedOffset 139, 33 lines modified
139 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6139 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
140 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4140 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
141 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)141 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
142 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1142 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
143 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5143 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
144 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227144 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
145 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2145 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 147 #·Remediation·is·applicable·only·in·certain·platforms
 148 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 149 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 150 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 151 if·[·-n·"$files_with_incorrect_hash"·];·then
 152 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 153 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 154 ····yum·reinstall·-y·$packages_to_reinstall
  
 155 fi
  
 156 else
 157 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 158 fi
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high160 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium161 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false162 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict163 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
151 -·name:·Gather·the·package·facts164 -·name:·Gather·the·package·facts
152 ··package_facts:165 ··package_facts:
Offset 313, 33 lines modifiedOffset 332, 14 lines modified
313 ··-·PCI-DSSv4-11.5.2332 ··-·PCI-DSSv4-11.5.2
314 ··-·high_complexity333 ··-·high_complexity
315 ··-·high_severity334 ··-·high_severity
316 ··-·medium_disruption335 ··-·medium_disruption
317 ··-·no_reboot_needed336 ··-·no_reboot_needed
318 ··-·restrict_strategy337 ··-·restrict_strategy
319 ··-·rpm_verify_hashes338 ··-·rpm_verify_hashes
320 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
321 #·Remediation·is·applicable·only·in·certain·platforms 
322 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
323 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
324 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
325 if·[·-n·"$files_with_incorrect_hash"·];·then 
326 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
327 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
328 ····yum·reinstall·-y·$packages_to_reinstall 
  
329 fi 
  
330 else 
331 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
332 fi 
333 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*339 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
334 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:340 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
335 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'341 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
336 run·the·following·command·to·determine·which·package·owns·it:342 run·the·following·command·to·determine·which·package·owns·it:
337 $·rpm·-qf·FILENAME343 $·rpm·-qf·FILENAME
338 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:344 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
339 $·sudo·rpm·--restore·PACKAGENAME345 $·sudo·rpm·--restore·PACKAGENAME
Offset 358, 14 lines modifiedOffset 358, 46 lines modified
358 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5358 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
359 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2359 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
360 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)360 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
361 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1361 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
362 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5362 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
363 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108363 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
364 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2364 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 365 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 366 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 367 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 368 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 369 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 370 #·Remediation·is·applicable·only·in·certain·platforms
 371 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 372 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 373 declare·-A·SETPERMS_RPM_DICT
  
 374 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 375 #·is·expected·by·the·RPM·database
 376 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 377 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 378 do
 379 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 380 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 381 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 382 done
  
 383 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 384 #·correct·values
 385 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 386 do
 387 ········rpm·--restore·"${RPM_PACKAGE}"
 388 done
  
 389 else
 390 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 391 fi
365 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8392 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
366 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high393 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
367 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium394 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
368 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false395 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
369 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict396 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
370 -·name:·Gather·the·package·facts397 -·name:·Gather·the·package·facts
371 ··package_facts:398 ··package_facts:
Offset 473, 46 lines modifiedOffset 505, 14 lines modified
473 ··-·PCI-DSSv4-11.5.2505 ··-·PCI-DSSv4-11.5.2
474 ··-·high_complexity506 ··-·high_complexity
475 ··-·high_severity507 ··-·high_severity
476 ··-·medium_disruption508 ··-·medium_disruption
477 ··-·no_reboot_needed509 ··-·no_reboot_needed
478 ··-·restrict_strategy510 ··-·restrict_strategy
479 ··-·rpm_verify_ownership511 ··-·rpm_verify_ownership
480 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
481 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
482 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
483 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
484 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 1042360/1050071 bytes (99.27%) of diff not shown.
10.8 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-ospp.html
    
Offset 15330, 283 lines modifiedOffset 15330, 283 lines modified
0003be10:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003be10:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003be20:·6964·6d38·3031·3222·2074·6162·696e·6465··idm8012"·tabinde0003be20:·6964·6d38·3031·3222·2074·6162·696e·6465··idm8012"·tabinde
0003be30:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003be30:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003be40:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003be40:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003be50:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003be50:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003be60:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003be60:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003be70:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003be70:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003be80:·656d·6564·6961·7469·6f6e·2041·6e61·636f··emediation·Anaco0003be80:·656d·6564·6961·7469·6f6e·2073·6372·6970··emediation·scrip
0003be90:·6e64·6120·736e·6970·7065·7420·e287·b23c··nda·snippet·...< 
0003bea0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003beb0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003bec0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003bed0:·6964·6d38·3031·3222·3e3c·7461·626c·6520··idm8012"><table· 
0003bee0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003bef0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003bf00:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003bf10:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003bf20:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003bf30:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003bf40:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003bf50:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003bf60:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003bf70:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003bf80:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003bf90:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003bfa0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003bfb0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003bfc0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003bfd0:·3e0a·7061·636b·6167·6520·2d2d·6164·643d··>.package·--add= 
0003bfe0:·6169·6465·0a3c·2f63·6f64·653e·3c2f·7072··aide.</code></pr 
0003bff0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003c000:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003c010:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003c020:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003c030:·6172·6765·743d·2223·6964·6d38·3031·3322··arget="#idm8013" 
0003c040:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003c050:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003c060:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003c070:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003c080:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003c090:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003c0a0:·6f6e·2050·7570·7065·7420·736e·6970·7065··on·Puppet·snippe 
0003c0b0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di0003be90:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003c0c0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c0003bea0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003c0d0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse0003beb0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003c0e0:·2220·6964·3d22·6964·6d38·3031·3322·3e3c··"·id="idm8013"><0003bec0:·2220·6964·3d22·6964·6d38·3031·3222·3e3c··"·id="idm8012"><
0003c0f0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab0003bed0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
0003c100:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped0003bee0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
0003c110:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·0003bef0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
0003c120:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"0003bf00:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
0003c130:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex0003bf10:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
0003c140:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low0003bf20:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
0003c150:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003bf30:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003c160:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t0003bf40:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
0003c170:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></0003bf50:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
0003c180:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo0003bf60:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003c190:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false0003bf70:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
0003c1a0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003bf80:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003c1b0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>0003bf90:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
0003c1c0:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><0003bfa0:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><
0003c1d0:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre0003bfb0:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
 0003bfc0:·3e3c·636f·6465·3e0a·646e·6620·696e·7374··><code>.dnf·inst
 0003bfd0:·616c·6c20·6169·6465·0a3c·2f63·6f64·653e··all·aide.</code>
 0003bfe0:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
 0003bff0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
 0003c000:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
 0003c010:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
 0003c020:·7461·2d74·6172·6765·743d·2223·6964·6d38··ta-target="#idm8
 0003c030:·3031·3322·2074·6162·696e·6465·783d·2230··013"·tabindex="0
 0003c040:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
 0003c050:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
 0003c060:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
 0003c070:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
 0003c080:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003c090:·6961·7469·6f6e·2050·7570·7065·7420·736e··iation·Puppet·sn
 0003c0a0:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br
 0003c0b0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
 0003c0c0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
 0003c0d0:·6170·7365·2220·6964·3d22·6964·6d38·3031··apse"·id="idm801
 0003c0e0:·3322·3e3c·7461·626c·6520·636c·6173·733d··3"><table·class=
 0003c0f0:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
 0003c100:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
 0003c110:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
 0003c120:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
 0003c130:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
 0003c140:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003c150:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
 0003c160:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003c170:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
 0003c180:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
 0003c190:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
 0003c1a0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
 0003c1b0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
 0003c1c0:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
0003c1e0:·3e3c·636f·6465·3e69·6e63·6c75·6465·2069··><code>include·i0003c1d0:·3c70·7265·3e3c·636f·6465·3e69·6e63·6c75··<pre><code>inclu
0003c1f0:·6e73·7461·6c6c·5f61·6964·650a·0a63·6c61··nstall_aide..cla 
0003c200:·7373·2069·6e73·7461·6c6c·5f61·6964·6520··ss·install_aide·0003c1e0:·6465·2069·6e73·7461·6c6c·5f61·6964·650a··de·install_aide.
 0003c1f0:·0a63·6c61·7373·2069·6e73·7461·6c6c·5f61··.class·install_a
0003c210:·7b0a·2020·7061·636b·6167·6520·7b20·2761··{.··package·{·'a0003c200:·6964·6520·7b0a·2020·7061·636b·6167·6520··ide·{.··package·
0003c220:·6964·6527·3a0a·2020·2020·656e·7375·7265··ide':.····ensure0003c210:·7b20·2761·6964·6527·3a0a·2020·2020·656e··{·'aide':.····en
0003c230:·203d·2667·743b·2027·696e·7374·616c·6c65···=&gt;·'installe0003c220:·7375·7265·203d·2667·743b·2027·696e·7374··sure·=&gt;·'inst
0003c240:·6427·2c0a·2020·7d0a·7d0a·3c2f·636f·6465··d',.··}.}.</code0003c230:·616c·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f··alled',.··}.}.</
0003c250:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·0003c240:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div
0003c260:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s0003c250:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b
0003c270:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog0003c260:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data
0003c280:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d0003c270:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps
0003c290:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003c280:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003c2a0:·3830·3134·2220·7461·6269·6e64·6578·3d22··8014"·tabindex="0003c290:·2369·646d·3830·3134·2220·7461·6269·6e64··#idm8014"·tabind
0003c2b0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003c2a0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003c2c0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003c2b0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003c2d0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003c2c0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003c2e0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003c2d0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
0003c2f0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003c2e0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
 0003c2f0:·5265·6d65·6469·6174·696f·6e20·5368·656c··Remediation·Shel
0003c300:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild· 
0003c310:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003c320:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003c330:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003c340:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003c350:·2220·6964·3d22·6964·6d38·3031·3422·3e3c··"·id="idm8014">< 
0003c360:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac 
0003c370:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·" 
0003c380:·6169·6465·220a·7665·7273·696f·6e20·3d20··aide".version·=· 
0003c390:·222a·220a·3c2f·636f·6465·3e3c·2f70·7265··"*".</code></pre 
0003c3a0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003c3b0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003c3c0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
Max diff block lines reached; 10011673/10049375 bytes (99.62%) of diff not shown.
1.25 MB
html2text {}
    
Offset 130, 52 lines modifiedOffset 130, 48 lines modified
130 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3130 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
131 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5131 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
132 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199132 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
133 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79133 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
134 ············_\x8c_\x8i_\x8s············5.3.1134 ············_\x8c_\x8i_\x8s············5.3.1
135 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2135 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
136 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule136 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
137 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8137 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
138 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low138 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
139 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low139 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
140 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false140 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
141 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable141 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
142 package·--add=aide142 dnf·install·aide
143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
148 include·install_aide148 include·install_aide
  
149 class·install_aide·{149 class·install_aide·{
150 ··package·{·'aide':150 ··package·{·'aide':
151 ····ensure·=>·'installed',151 ····ensure·=>·'installed',
152 ··}152 ··}
153 }153 }
154 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
155 [[packages]] 
156 name·=·"aide" 
157 version·=·"*" 
158 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8154 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
159 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low155 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
160 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low156 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
161 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false157 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
162 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable158 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 159 #·Remediation·is·applicable·only·in·certain·platforms
 160 if·rpm·--quiet·-q·kernel;·then
  
 161 if·!·rpm·-q·--quiet·"aide"·;·then
 162 ····yum·install·-y·"aide"
 163 fi
163 package·install·aide 
164 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
165 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
166 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
167 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
168 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
169 dnf·install·aide164 else
 165 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 166 fi
170 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8167 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
171 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low168 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
172 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low169 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
173 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false170 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
174 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable171 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
175 -·name:·Gather·the·package·facts172 -·name:·Gather·the·package·facts
176 ··package_facts:173 ··package_facts:
Offset 206, 29 lines modifiedOffset 202, 33 lines modified
206 ··-·PCI-DSSv4-11.5.2202 ··-·PCI-DSSv4-11.5.2
207 ··-·enable_strategy203 ··-·enable_strategy
208 ··-·low_complexity204 ··-·low_complexity
209 ··-·low_disruption205 ··-·low_disruption
210 ··-·medium_severity206 ··-·medium_severity
211 ··-·no_reboot_needed207 ··-·no_reboot_needed
212 ··-·package_aide_installed208 ··-·package_aide_installed
 209 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 210 [[packages]]
 211 name·=·"aide"
 212 version·=·"*"
213 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8213 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
214 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low214 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
215 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low215 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
216 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false216 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
217 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable217 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
218 #·Remediation·is·applicable·only·in·certain·platforms 
219 if·rpm·--quiet·-q·kernel;·then 
  
220 if·!·rpm·-q·--quiet·"aide"·;·then 
221 ····yum·install·-y·"aide" 
222 fi218 package·install·aide
 219 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 220 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 221 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 222 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 223 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 224 package·--add=aide
223 else 
224 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
225 fi 
226 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules225 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules
227 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.226 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.
  
228 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·8.227 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·8.
  
229 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.228 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.
230 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·D\x8Dr\x8ra\x8ac\x8cu\x8ut\x8t·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8du\x8ul\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*229 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·D\x8Dr\x8ra\x8ac\x8cu\x8ut\x8t·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8du\x8ul\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
Offset 255, 31 lines modifiedOffset 255, 31 lines modified
255 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877255 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
256 ············_\x8i_\x8s_\x8m······1446256 ············_\x8i_\x8s_\x8m······1446
257 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1257 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
258 References:·_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12258 References:·_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
259 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1259 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
260 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176260 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
261 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-230223r1017042_rule261 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-230223r1017042_rule
262 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
263 [customizations] 
264 fips·=·true 
265 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8262 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
266 #·Remediation·is·applicable·only·in·certain·platforms263 #·Remediation·is·applicable·only·in·certain·platforms
267 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then264 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
268 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then265 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
269 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF266 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
270 kargs·=·["fips=1"]267 kargs·=·["fips=1"]
271 EOF268 EOF
272 fi269 fi
  
273 else270 else
274 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'271 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
275 fi272 fi
 273 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
Max diff block lines reached; 1309342/1315379 bytes (99.54%) of diff not shown.
18.6 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-pci-dss.html
    
Offset 15429, 408 lines modifiedOffset 15429, 408 lines modified
0003c440:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003c440:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003c450:·646d·3736·3733·2220·7461·6269·6e64·6578··dm7673"·tabindex0003c450:·646d·3736·3733·2220·7461·6269·6e64·6578··dm7673"·tabindex
0003c460:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003c460:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003c470:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003c470:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003c480:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003c480:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003c490:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003c490:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003c4a0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003c4a0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003c4b0:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl0003c4b0:·6d65·6469·6174·696f·6e20·5368·656c·6c20··mediation·Shell·
0003c4c0:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a0003c4c0:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b
0003c4d0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=0003c4d0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
0003c4e0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·0003c4e0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
0003c4f0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id0003c4f0:·6c61·7073·6522·2069·643d·2269·646d·3736··lapse"·id="idm76
0003c500:·6d37·3637·3322·3e3c·7461·626c·6520·636c··m7673"><table·cl0003c500:·3733·223e·3c70·7265·3e3c·636f·6465·3e23··73"><pre><code>#
0003c510:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table0003c510:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
0003c520:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b0003c520:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
0003c530:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co0003c530:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
0003c540:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th0003c540:·6f72·6d73·0a69·6620·2120·2820·7b20·7270··orms.if·!·(·{·rp
0003c550:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th0003c550:·6d20·2d2d·7175·6965·7420·2d71·206b·6572··m·--quiet·-q·ker
0003c560:·3e3c·7464·3e68·6967·683c·2f74·643e·3c2f··><td>high</td></0003c560:·6e65·6c20·3b7d·2026·616d·703b·2661·6d70··nel·;}·&amp;&amp
0003c570:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru0003c570:·3b20·7b20·7270·6d20·2d2d·7175·6965·7420··;·{·rpm·--quiet·
0003c580:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6d··ption:</th><td>m0003c580:·2d71·2072·706d·2d6f·7374·7265·6520·3b7d··-q·rpm-ostree·;}
0003c590:·6564·6975·6d3c·2f74·643e·3c2f·7472·3e3c··edium</td></tr><0003c590:·2026·616d·703b·2661·6d70·3b20·7b20·7270···&amp;&amp;·{·rp
0003c5a0:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</0003c5a0:·6d20·2d2d·7175·6965·7420·2d71·2062·6f6f··m·--quiet·-q·boo
0003c5b0:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td0003c5b0:·7463·203b·7d20·2661·6d70·3b26·616d·703b··tc·;}·&amp;&amp;
0003c5c0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St0003c5c0:·207b·2021·2072·706d·202d·2d71·7569·6574···{·!·rpm·--quiet
0003c5d0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>0003c5d0:·202d·7120·6f70·656e·7368·6966·742d·6b75···-q·openshift-ku
0003c5e0:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t0003c5e0:·6265·6c65·7420·3b7d·2029·3b20·7468·656e··belet·;}·);·then
0003c5f0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><0003c5f0:·0a0a·2320·4669·6e64·2077·6869·6368·2066··..#·Find·which·f
0003c600:·636f·6465·3e2d·206e·616d·653a·2047·6174··code>-·name:·Gat0003c600:·696c·6573·2068·6176·6520·696e·636f·7272··iles·have·incorr
0003c610:·6865·7220·7468·6520·7061·636b·6167·6520··her·the·package·0003c610:·6563·7420·6861·7368·2028·6e6f·7420·696e··ect·hash·(not·in
0003c620:·6661·6374·730a·2020·7061·636b·6167·655f··facts.··package_0003c620:·202f·6574·632c·2062·6563·6175·7365·206f···/etc,·because·o
0003c630:·6661·6374·733a·0a20·2020·206d·616e·6167··facts:.····manag0003c630:·6620·7468·6520·7379·7374·656d·2072·656c··f·the·system·rel
0003c640:·6572·3a20·6175·746f·0a20·2074·6167·733a··er:·auto.··tags:0003c640:·6174·6564·2063·6f6e·6669·6720·6669·6c65··ated·config·file
0003c650:·0a20·202d·2043·4a49·532d·352e·3130·2e34··.··-·CJIS-5.10.40003c650:·7329·2061·6e64·2074·6865·6e20·6765·7420··s)·and·then·get·
0003c660:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-0003c660:·6669·6c65·7320·6e61·6d65·730a·6669·6c65··files·names.file
0003c670:·3137·312d·332e·332e·380a·2020·2d20·4e49··171-3.3.8.··-·NI0003c670:·735f·7769·7468·5f69·6e63·6f72·7265·6374··s_with_incorrect
0003c680:·5354·2d38·3030·2d31·3731·2d33·2e34·2e31··ST-800-171-3.4.10003c680:·5f68·6173·683d·2224·2872·706d·202d·5661··_hash="$(rpm·-Va
0003c690:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003c690:·202d·2d6e·6f63·6f6e·6669·6720·7c20·6772···--noconfig·|·gr
0003c6a0:·2d41·552d·3928·3329·0a20·202d·204e·4953··-AU-9(3).··-·NIS0003c6a0:·6570·202d·4520·275e·2e2e·3527·207c·2061··ep·-E·'^..5'·|·a
0003c6b0:·542d·3830·302d·3533·2d43·4d2d·3628·6329··T-800-53-CM-6(c)0003c6b0:·776b·2027·7b70·7269·6e74·2024·4e46·7d27··wk·'{print·$NF}'
0003c6c0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003c6c0:·2029·220a·0a69·6620·5b20·2d6e·2022·2466···)"..if·[·-n·"$f
0003c6d0:·2d43·4d2d·3628·6429·0a20·202d·204e·4953··-CM-6(d).··-·NIS0003c6d0:·696c·6573·5f77·6974·685f·696e·636f·7272··iles_with_incorr
0003c6e0:·542d·3830·302d·3533·2d53·492d·370a·2020··T-800-53-SI-7.··0003c6e0:·6563·745f·6861·7368·2220·5d3b·2074·6865··ect_hash"·];·the
0003c6f0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003c6f0:·6e0a·2020·2020·2320·4672·6f6d·2066·696c··n.····#·From·fil
0003c700:·2d37·2831·290a·2020·2d20·4e49·5354·2d38··-7(1).··-·NIST-80003c700:·6573·206e·616d·6573·2067·6574·2070·6163··es·names·get·pac
0003c710:·3030·2d35·332d·5349·2d37·2836·290a·2020··00-53-SI-7(6).··0003c710:·6b61·6765·206e·616d·6573·2061·6e64·2063··kage·names·and·c
0003c720:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-110003c720:·6861·6e67·6520·6e65·776c·696e·6520·746f··hange·newline·to
0003c730:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv40003c730:·2073·7061·6365·2c20·6265·6361·7573·6520···space,·because·
0003c740:·2d31·312e·352e·320a·2020·2d20·6869·6768··-11.5.2.··-·high0003c740:·7270·6d20·7772·6974·6573·2065·6163·6820··rpm·writes·each·
0003c750:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·0003c750:·7061·636b·6167·6520·746f·206e·6577·206c··package·to·new·l
0003c760:·6869·6768·5f73·6576·6572·6974·790a·2020··high_severity.··0003c760:·696e·650a·2020·2020·7061·636b·6167·6573··ine.····packages
0003c770:·2d20·6d65·6469·756d·5f64·6973·7275·7074··-·medium_disrupt0003c770:·5f74·6f5f·7265·696e·7374·616c·6c3d·2224··_to_reinstall="$
0003c780:·696f·6e0a·2020·2d20·6e6f·5f72·6562·6f6f··ion.··-·no_reboo0003c780:·2872·706d·202d·7166·2024·6669·6c65·735f··(rpm·-qf·$files_
0003c790:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res0003c790:·7769·7468·5f69·6e63·6f72·7265·6374·5f68··with_incorrect_h
0003c7a0:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.·0003c7a0:·6173·6820·7c20·7472·2027·5c6e·2720·2720··ash·|·tr·'\n'·'·
0003c7b0:·202d·2072·706d·5f76·6572·6966·795f·6861···-·rpm_verify_ha0003c7b0:·2729·220a·0a20·2020·200a·2020·2020·7975··')"..····.····yu
0003c7c0:·7368·6573·0a0a·2d20·6e61·6d65·3a20·2753··shes..-·name:·'S0003c7c0:·6d20·7265·696e·7374·616c·6c20·2d79·2024··m·reinstall·-y·$
0003c7d0:·6574·2066·6163·743a·2050·6163·6b61·6765··et·fact:·Package0003c7d0:·7061·636b·6167·6573·5f74·6f5f·7265·696e··packages_to_rein
0003c7e0:·206d·616e·6167·6572·2072·6569·6e73·7461···manager·reinsta0003c7e0:·7374·616c·6c0a·2020·2020·0a66·690a·0a65··stall.····.fi..e
0003c7f0:·6c6c·2063·6f6d·6d61·6e64·270a·2020·7365··ll·command'.··se0003c7f0:·6c73·650a·2020·2020·2667·743b·2661·6d70··lse.····&gt;&amp
0003c800:·745f·6661·6374·3a0a·2020·2020·7061·636b··t_fact:.····pack0003c800:·3b32·2065·6368·6f20·2752·656d·6564·6961··;2·echo·'Remedia
0003c810:·6167·655f·6d61·6e61·6765·725f·7265·696e··age_manager_rein0003c810:·7469·6f6e·2069·7320·6e6f·7420·6170·706c··tion·is·not·appl
0003c820:·7374·616c·6c5f·636d·643a·2079·756d·2072··stall_cmd:·yum·r0003c820:·6963·6162·6c65·2c20·6e6f·7468·696e·6720··icable,·nothing·
0003c830:·6569·6e73·7461·6c6c·202d·790a·2020·7768··einstall·-y.··wh0003c830:·7761·7320·646f·6e65·270a·6669·0a3c·2f63··was·done'.fi.</c
0003c840:·656e·3a0a·2020·2d20·6e6f·7420·2820·226b··en:.··-·not·(·"k0003c840:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div>
0003c850:·6572·6e65·6c22·2069·6e20·616e·7369·626c··ernel"·in·ansibl0003c850:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt
0003c860:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003c860:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data-
0003c870:·2061·6e64·2022·7270·6d2d·6f73·7472·6565···and·"rpm-ostree0003c870:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse
0003c880:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003c880:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003c890:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003c890:·6964·6d37·3637·3422·2074·6162·696e·6465··idm7674"·tabinde
0003c8a0:·616e·6420·2262·6f6f·7463·2220·696e·2061··and·"bootc"·in·a0003c8a0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003c8b0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003c8b0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003c8c0:·6b61·6765·7320·616e·6420·6e6f·7420·226f··kages·and·not·"o0003c8c0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003c8d0:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet0003c8d0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003c8e0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003c8e0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003c8f0:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003c8f0:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib
0003c900:·290a·2020·2d20·616e·7369·626c·655f·6469··).··-·ansible_di0003c900:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</
0003c910:·7374·7269·6275·7469·6f6e·2069·6e20·5b20··stribution·in·[·0003c910:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0003c920:·2246·6564·6f72·6122·2c20·2252·6564·4861··"Fedora",·"RedHa0003c920:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0003c930:·7422·2c20·2243·656e·744f·5322·2c20·224f··t",·"CentOS",·"O0003c930:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0003c940:·7261·636c·654c·696e·7578·2220·5d0a·2020··racleLinux"·].··0003c940:·646d·3736·3734·223e·3c74·6162·6c65·2063··dm7674"><table·c
0003c950:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-50003c950:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
0003c960:·2e31·302e·342e·310a·2020·2d20·4e49·5354··.10.4.1.··-·NIST0003c960:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
0003c970:·2d38·3030·2d31·3731·2d33·2e33·2e38·0a20··-800-171-3.3.8.·0003c970:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
0003c980:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-0003c980:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
0003c990:·332e·342e·310a·2020·2d20·4e49·5354·2d38··3.4.1.··-·NIST-80003c990:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
0003c9a0:·3030·2d35·332d·4155·2d39·2833·290a·2020··00-53-AU-9(3).··0003c9a0:·683e·3c74·643e·6869·6768·3c2f·7464·3e3c··h><td>high</td><
0003c9b0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003c9b0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
0003c9c0:·2d36·2863·290a·2020·2d20·4e49·5354·2d38··-6(c).··-·NIST-80003c9c0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
0003c9d0:·3030·2d35·332d·434d·2d36·2864·290a·2020··00-53-CM-6(d).··0003c9d0:·6d65·6469·756d·3c2f·7464·3e3c·2f74·723e··medium</td></tr>
0003c9e0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003c9e0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
0003c9f0:·2d37·0a20·202d·204e·4953·542d·3830·302d··-7.··-·NIST-800-0003c9f0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
0003ca00:·3533·2d53·492d·3728·3129·0a20·202d·204e··53-SI-7(1).··-·N0003ca00:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
0003ca10:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003ca10:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
0003ca20:·3629·0a20·202d·2050·4349·2d44·5353·2d52··6).··-·PCI-DSS-R0003ca20:·3e72·6573·7472·6963·743c·2f74·643e·3c2f··>restrict</td></
0003ca30:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI-0003ca30:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
0003ca40:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··-0003ca40:·3c63·6f64·653e·2d20·6e61·6d65·3a20·4761··<code>-·name:·Ga
0003ca50:·2068·6967·685f·636f·6d70·6c65·7869·7479···high_complexity0003ca50:·7468·6572·2074·6865·2070·6163·6b61·6765··ther·the·package
0003ca60:·0a20·202d·2068·6967·685f·7365·7665·7269··.··-·high_severi0003ca60:·2066·6163·7473·0a20·2070·6163·6b61·6765···facts.··package
0003ca70:·7479·0a20·202d·206d·6564·6975·6d5f·6469··ty.··-·medium_di0003ca70:·5f66·6163·7473·3a0a·2020·2020·6d61·6e61··_facts:.····mana
0003ca80:·7372·7570·7469·6f6e·0a20·202d·206e·6f5f··sruption.··-·no_0003ca80:·6765·723a·2061·7574·6f0a·2020·7461·6773··ger:·auto.··tags
0003ca90:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.··0003ca90:·3a0a·2020·2d20·434a·4953·2d35·2e31·302e··:.··-·CJIS-5.10.
0003caa0:·2d20·7265·7374·7269·6374·5f73·7472·6174··-·restrict_strat0003caa0:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-800
0003cab0:·6567·790a·2020·2d20·7270·6d5f·7665·7269··egy.··-·rpm_veri0003cab0:·2d31·3731·2d33·2e33·2e38·0a20·202d·204e··-171-3.3.8.··-·N
0003cac0:·6679·5f68·6173·6865·730a·0a2d·206e·616d··fy_hashes..-·nam0003cac0:·4953·542d·3830·302d·3137·312d·332e·342e··IST-800-171-3.4.
0003cad0:·653a·2027·5365·7420·6661·6374·3a20·5061··e:·'Set·fact:·Pa0003cad0:·310a·2020·2d20·4e49·5354·2d38·3030·2d35··1.··-·NIST-800-5
0003cae0:·636b·6167·6520·6d61·6e61·6765·7220·7265··ckage·manager·re0003cae0:·332d·4155·2d39·2833·290a·2020·2d20·4e49··3-AU-9(3).··-·NI
0003caf0:·696e·7374·616c·6c20·636f·6d6d·616e·6420··install·command·0003caf0:·5354·2d38·3030·2d35·332d·434d·2d36·2863··ST-800-53-CM-6(c
0003cb00:·287a·7970·7065·7229·270a·2020·7365·745f··(zypper)'.··set_0003cb00:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003cb10:·6661·6374·3a0a·2020·2020·7061·636b·6167··fact:.····packag0003cb10:·332d·434d·2d36·2864·290a·2020·2d20·4e49··3-CM-6(d).··-·NI
0003cb20:·655f·6d61·6e61·6765·725f·7265·696e·7374··e_manager_reinst0003cb20:·5354·2d38·3030·2d35·332d·5349·2d37·0a20··ST-800-53-SI-7.·
0003cb30:·616c·6c5f·636d·643a·207a·7970·7065·7220··all_cmd:·zypper·0003cb30:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S
0003cb40:·696e·202d·6620·2d79·0a20·2077·6865·6e3a··in·-f·-y.··when:0003cb40:·492d·3728·3129·0a20·202d·204e·4953·542d··I-7(1).··-·NIST-
0003cb50:·0a20·202d·206e·6f74·2028·2022·6b65·726e··.··-·not·(·"kern0003cb50:·3830·302d·3533·2d53·492d·3728·3629·0a20··800-53-SI-7(6).·
0003cb60:·656c·2220·696e·2061·6e73·6962·6c65·5f66··el"·in·ansible_f0003cb60:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1
0003cb70:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003cb70:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv
0003cb80:·6420·2272·706d·2d6f·7374·7265·6522·2069··d·"rpm-ostree"·i0003cb80:·342d·3131·2e35·2e32·0a20·202d·2068·6967··4-11.5.2.··-·hig
0003cb90:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003cb90:·685f·636f·6d70·6c65·7869·7479·0a20·202d··h_complexity.··-
0003cba0:·7061·636b·6167·6573·0a20·2020·2061·6e64··packages.····and0003cba0:·2068·6967·685f·7365·7665·7269·7479·0a20···high_severity.·
0003cbb0:·2022·626f·6f74·6322·2069·6e20·616e·7369···"bootc"·in·ansi0003cbb0:·202d·206d·6564·6975·6d5f·6469·7372·7570···-·medium_disrup
0003cbc0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003cbc0:·7469·6f6e·0a20·202d·206e·6f5f·7265·626f··tion.··-·no_rebo
0003cbd0:·6573·2061·6e64·206e·6f74·2022·6f70·656e··es·and·not·"open0003cbd0:·6f74·5f6e·6565·6465·640a·2020·2d20·7265··ot_needed.··-·re
0003cbe0:·7368·6966·742d·6b75·6265·6c65·7422·2069··shift-kubelet"·i0003cbe0:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.
0003cbf0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003cbf0:·2020·2d20·7270·6d5f·7665·7269·6679·5f68····-·rpm_verify_h
0003cc00:·7061·636b·6167·6573·0a20·2020·2029·0a20··packages.····).·0003cc00:·6173·6865·730a·0a2d·206e·616d·653a·2027··ashes..-·name:·'
0003cc10:·202d·2061·6e73·6962·6c65·5f64·6973·7472···-·ansible_distr0003cc10:·5365·7420·6661·6374·3a20·5061·636b·6167··Set·fact:·Packag
Max diff block lines reached; 17690284/17745236 bytes (99.69%) of diff not shown.
1.63 MB
html2text {}
Max HTML report size reached
29.8 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-stig.html
    
Offset 15363, 282 lines modifiedOffset 15363, 282 lines modified
0003c020:·6172·6765·743d·2223·6964·6d38·3031·3222··arget="#idm8012"0003c020:·6172·6765·743d·2223·6964·6d38·3031·3222··arget="#idm8012"
0003c030:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003c030:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003c040:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003c040:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003c050:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003c050:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003c060:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003c060:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003c070:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003c070:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003c080:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003c080:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003c090:·6f6e·2041·6e61·636f·6e64·6120·736e·6970··on·Anaconda·snip 
0003c0a0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003c0b0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003c0c0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003c0d0:·7365·2220·6964·3d22·6964·6d38·3031·3222··se"·id="idm8012" 
0003c0e0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t 
0003c0f0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip 
0003c100:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere 
0003c110:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003c120:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl 
0003c130:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l 
0003c140:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003c150:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:< 
0003c160:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003c170:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb 
0003c180:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal 
0003c190:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr> 
0003c1a0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t 
0003c1b0:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td 
0003c1c0:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p 
0003c1d0:·7265·3e3c·636f·6465·3e0a·7061·636b·6167··re><code>.packag 
0003c1e0:·6520·2d2d·6164·643d·6169·6465·0a3c·2f63··e·--add=aide.</c 
0003c1f0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003c200:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003c210:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003c220:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003c230:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003c240:·6964·6d38·3031·3322·2074·6162·696e·6465··idm8013"·tabinde 
0003c250:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003c260:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003c270:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003c280:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003c290:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003c2a0:·656d·6564·6961·7469·6f6e·2050·7570·7065··emediation·Puppe 
0003c2b0:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a0003c090:·6f6e·2073·6372·6970·7420·e287·b23c·2f61··on·script·...</a
0003c2c0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=0003c0a0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003c2d0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·0003c0b0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003c2e0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id0003c0c0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003c2f0:·6d38·3031·3322·3e3c·7461·626c·6520·636c··m8013"><table·cl0003c0d0:·6d38·3031·3222·3e3c·7461·626c·6520·636c··m8012"><table·cl
0003c300:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table0003c0e0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
0003c310:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b0003c0f0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003c320:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co0003c100:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
0003c330:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th0003c110:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
0003c340:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th0003c120:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003c350:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t0003c130:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
0003c360:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup0003c140:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
0003c370:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo0003c150:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
0003c380:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><0003c160:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
0003c390:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><0003c170:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
0003c3a0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t0003c180:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
0003c3b0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate0003c190:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
0003c3c0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab0003c1a0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab
0003c3d0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta0003c1b0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta
0003c3e0:·626c·653e·3c70·7265·3e3c·636f·6465·3e69··ble><pre><code>i0003c1c0:·626c·653e·3c70·7265·3e3c·636f·6465·3e0a··ble><pre><code>.
 0003c1d0:·646e·6620·696e·7374·616c·6c20·6169·6465··dnf·install·aide
 0003c1e0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
 0003c1f0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
 0003c200:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
 0003c210:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
 0003c220:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
 0003c230:·743d·2223·6964·6d38·3031·3322·2074·6162··t="#idm8013"·tab
 0003c240:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
 0003c250:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
 0003c260:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
 0003c270:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
 0003c280:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
 0003c290:·2122·3e52·656d·6564·6961·7469·6f6e·2050··!">Remediation·P
 0003c2a0:·7570·7065·7420·736e·6970·7065·7420·e287··uppet·snippet·..
 0003c2b0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
 0003c2c0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
 0003c2d0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
 0003c2e0:·3d22·6964·6d38·3031·3322·3e3c·7461·626c··="idm8013"><tabl
 0003c2f0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
 0003c300:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
 0003c310:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
 0003c320:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
 0003c330:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
 0003c340:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003c350:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di
 0003c360:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t
 0003c370:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
 0003c380:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</
 0003c390:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td
 0003c3a0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
 0003c3b0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
 0003c3c0:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr>
 0003c3d0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
0003c3f0:·6e63·6c75·6465·2069·6e73·7461·6c6c·5f61··nclude·install_a0003c3e0:·6465·3e69·6e63·6c75·6465·2069·6e73·7461··de>include·insta
0003c400:·6964·650a·0a63·6c61·7373·2069·6e73·7461··ide..class·insta0003c3f0:·6c6c·5f61·6964·650a·0a63·6c61·7373·2069··ll_aide..class·i
0003c410:·6c6c·5f61·6964·6520·7b0a·2020·7061·636b··ll_aide·{.··pack0003c400:·6e73·7461·6c6c·5f61·6964·6520·7b0a·2020··nstall_aide·{.··
0003c420:·6167·6520·7b20·2761·6964·6527·3a0a·2020··age·{·'aide':.··0003c410:·7061·636b·6167·6520·7b20·2761·6964·6527··package·{·'aide'
0003c430:·2020·656e·7375·7265·203d·2667·743b·2027····ensure·=&gt;·'0003c420:·3a0a·2020·2020·656e·7375·7265·203d·2667··:.····ensure·=&g
0003c440:·696e·7374·616c·6c65·6427·2c0a·2020·7d0a··installed',.··}.0003c430:·743b·2027·696e·7374·616c·6c65·6427·2c0a··t;·'installed',.
0003c450:·7d0a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··}.</code></pre><0003c440:·2020·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70····}.}.</code></p
0003c460:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b0003c450:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas
0003c470:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"·0003c460:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe
0003c480:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col0003c470:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle=
0003c490:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ0003c480:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data-
0003c4a0:·6574·3d22·2369·646d·3830·3134·2220·7461··et="#idm8014"·ta0003c490:·7461·7267·6574·3d22·2369·646d·3830·3134··target="#idm8014
0003c4b0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003c4a0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003c4c0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003c4b0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003c4d0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003c4c0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003c4e0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003c4d0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003c4f0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003c4e0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003c500:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003c4f0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
 0003c500:·696f·6e20·5368·656c·6c20·7363·7269·7074··ion·Shell·script
0003c510:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
0003c520:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003c530:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003c540:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003c550:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003c560:·6d38·3031·3422·3e3c·7072·653e·3c63·6f64··m8014"><pre><cod 
0003c570:·653e·0a5b·5b70·6163·6b61·6765·735d·5d0a··e>.[[packages]]. 
0003c580:·6e61·6d65·203d·2022·6169·6465·220a·7665··name·=·"aide".ve 
0003c590:·7273·696f·6e20·3d20·222a·220a·3c2f·636f··rsion·=·"*".</co 
0003c5a0:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003c5b0:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003c5c0:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003c5d0:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003c5e0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
Max diff block lines reached; 28723760/28761324 bytes (99.87%) of diff not shown.
2.38 MB
html2text {}
Max HTML report size reached
29.6 MB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-stig_gui.html
    
Offset 15382, 282 lines modifiedOffset 15382, 282 lines modified
0003c150:·7461·7267·6574·3d22·2369·646d·3830·3132··target="#idm80120003c150:·7461·7267·6574·3d22·2369·646d·3830·3132··target="#idm8012
0003c160:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003c160:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003c170:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003c170:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003c180:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003c180:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003c190:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003c190:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003c1a0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003c1a0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003c1b0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003c1b0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
 0003c1c0:·696f·6e20·7363·7269·7074·20e2·87b2·3c2f··ion·script·...</
0003c1c0:·696f·6e20·416e·6163·6f6e·6461·2073·6e69··ion·Anaconda·sni 
0003c1d0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003c1e0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003c1f0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003c200:·7073·6522·2069·643d·2269·646d·3830·3132··pse"·id="idm8012 
0003c210:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003c220:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003c230:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003c240:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003c250:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003c260:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003c270:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003c280:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003c290:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003c2a0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003c2b0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003c2c0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003c2d0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003c2e0:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003c2f0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003c300:·7072·653e·3c63·6f64·653e·0a70·6163·6b61··pre><code>.packa 
0003c310:·6765·202d·2d61·6464·3d61·6964·650a·3c2f··ge·--add=aide.</ 
0003c320:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003c330:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003c340:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003c350:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003c360:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003c370:·2369·646d·3830·3133·2220·7461·6269·6e64··#idm8013"·tabind 
0003c380:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003c390:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003c3a0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003c3b0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003c3c0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003c3d0:·5265·6d65·6469·6174·696f·6e20·5075·7070··Remediation·Pupp 
0003c3e0:·6574·2073·6e69·7070·6574·20e2·87b2·3c2f··et·snippet·...</ 
0003c3f0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0003c1d0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0003c400:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0003c1e0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0003c410:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0003c1f0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0003c420:·646d·3830·3133·223e·3c74·6162·6c65·2063··dm8013"><table·c0003c200:·646d·3830·3132·223e·3c74·6162·6c65·2063··dm8012"><table·c
0003c430:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl0003c210:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
0003c440:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-0003c220:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
0003c450:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c0003c230:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
0003c460:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t0003c240:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
0003c470:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t0003c250:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
0003c480:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003c490:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003c4a0:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003c4b0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003c4c0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003c4d0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003c4e0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003c4f0:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003c500:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003c510:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003c520:·696e·636c·7564·6520·696e·7374·616c·6c5f··include·install_ 
0003c530:·6169·6465·0a0a·636c·6173·7320·696e·7374··aide..class·inst 
0003c540:·616c·6c5f·6169·6465·207b·0a20·2070·6163··all_aide·{.··pac 
0003c550:·6b61·6765·207b·2027·6169·6465·273a·0a20··kage·{·'aide':.· 
0003c560:·2020·2065·6e73·7572·6520·3d26·6774·3b20·····ensure·=&gt;· 
0003c570:·2769·6e73·7461·6c6c·6564·272c·0a20·207d··'installed',.··} 
0003c580:·0a7d·0a3c·2f63·6f64·653e·3c2f·7072·653e··.}.</code></pre> 
0003c590:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003c5a0:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003c5b0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003c5c0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003c5d0:·6765·743d·2223·6964·6d38·3031·3422·2074··get="#idm8014"·t 
0003c5e0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003c5f0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003c600:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003c610:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003c620:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003c630:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003c640:·204f·5342·7569·6c64·2042·6c75·6570·7269···OSBuild·Bluepri 
0003c650:·6e74·2073·6e69·7070·6574·20e2·87b2·3c2f··nt·snippet·...</ 
0003c660:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003c670:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003c680:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003c690:·646d·3830·3134·223e·3c70·7265·3e3c·636f··dm8014"><pre><co 
0003c6a0:·6465·3e0a·5b5b·7061·636b·6167·6573·5d5d··de>.[[packages]] 
0003c6b0:·0a6e·616d·6520·3d20·2261·6964·6522·0a76··.name·=·"aide".v 
0003c6c0:·6572·7369·6f6e·203d·2022·2a22·0a3c·2f63··ersion·=·"*".</c 
0003c6d0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003c6e0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003c6f0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003c700:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003c710:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003c720:·6964·6d38·3031·3522·2074·6162·696e·6465··idm8015"·tabinde 
0003c730:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003c740:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003c750:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003c760:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003c770:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003c780:·656d·6564·6961·7469·6f6e·2073·6372·6970··emediation·scrip 
0003c790:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003c7a0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003c7b0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003c7c0:·2220·6964·3d22·6964·6d38·3031·3522·3e3c··"·id="idm8015">< 
0003c7d0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003c7e0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003c7f0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003c800:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003c810:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003c820:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003c830:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003c840:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003c850:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003c860:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003c870:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003c880:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003c890:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003c8a0:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003c8b0:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003c8c0:·3e3c·636f·6465·3e0a·7061·636b·6167·6520··><code>.package· 
0003c8d0:·696e·7374·616c·6c20·6169·6465·0a3c·2f63··install·aide.</c 
0003c8e0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003c8f0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003c900:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003c910:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003c920:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
Max diff block lines reached; 28565600/28603164 bytes (99.87%) of diff not shown.
2.36 MB
html2text {}
Max HTML report size reached
22.2 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-anssi_bp28_enhanced.html
    
Offset 15178, 279 lines modifiedOffset 15178, 279 lines modified
0003b490:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b490:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b4a0:·3d22·2369·646d·3733·3331·2220·7461·6269··="#idm7331"·tabi0003b4a0:·3d22·2369·646d·3733·3331·2220·7461·6269··="#idm7331"·tabi
0003b4b0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b4b0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b4c0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b4c0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b4d0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b4d0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b4e0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b4e0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b4f0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b4f0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b500:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003b500:·223e·5265·6d65·6469·6174·696f·6e20·7363··">Remediation·sc
0003b510:·6163·6f6e·6461·2073·6e69·7070·6574·20e2··aconda·snippet·. 
0003b520:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003b530:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003b540:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003b550:·643d·2269·646d·3733·3331·223e·3c74·6162··d="idm7331"><tab 
0003b560:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003b570:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003b580:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003b590:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003b5a0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003b5b0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b5c0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003b5d0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003b5e0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b5f0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003b600:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003b610:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003b620:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003b630:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003b640:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003b650:·6f64·653e·0a70·6163·6b61·6765·202d·2d61··ode>.package·--a 
0003b660:·6464·3d61·6964·650a·3c2f·636f·6465·3e3c··dd=aide.</code>< 
0003b670:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003b680:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003b690:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003b6a0:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003b6b0:·612d·7461·7267·6574·3d22·2369·646d·3733··a-target="#idm73 
0003b6c0:·3332·2220·7461·6269·6e64·6578·3d22·3022··32"·tabindex="0" 
0003b6d0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003b6e0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003b6f0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003b700:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003b710:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi 
0003b720:·6174·696f·6e20·5075·7070·6574·2073·6e69··ation·Puppet·sni 
0003b730:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003b510:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
0003b740:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003b520:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003b750:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003b530:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003b760:·7073·6522·2069·643d·2269·646d·3733·3332··pse"·id="idm73320003b540:·7073·6522·2069·643d·2269·646d·3733·3331··pse"·id="idm7331
0003b770:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="0003b550:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003b780:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri0003b560:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
0003b790:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border0003b570:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
0003b7a0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens0003b580:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
0003b7b0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp0003b590:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
0003b7c0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>0003b5a0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
0003b7d0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b7e0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003b7f0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b800:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003b810:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003b820:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003b830:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003b840:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003b850:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003b860:·7072·653e·3c63·6f64·653e·696e·636c·7564··pre><code>includ 
0003b870:·6520·696e·7374·616c·6c5f·6169·6465·0a0a··e·install_aide.. 
0003b880:·636c·6173·7320·696e·7374·616c·6c5f·6169··class·install_ai 
0003b890:·6465·207b·0a20·2070·6163·6b61·6765·207b··de·{.··package·{ 
0003b8a0:·2027·6169·6465·273a·0a20·2020·2065·6e73···'aide':.····ens 
0003b8b0:·7572·6520·3d26·6774·3b20·2769·6e73·7461··ure·=&gt;·'insta 
0003b8c0:·6c6c·6564·272c·0a20·207d·0a7d·0a3c·2f63··lled',.··}.}.</c 
0003b8d0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b8e0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b8f0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b900:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b910:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b920:·6964·6d37·3333·3322·2074·6162·696e·6465··idm7333"·tabinde 
0003b930:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b940:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b950:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b960:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b970:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b980:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui 
0003b990:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
0003b9a0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b9b0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b9c0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b9d0:·7073·6522·2069·643d·2269·646d·3733·3333··pse"·id="idm7333 
0003b9e0:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[ 
0003b9f0:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name· 
0003ba00:·3d20·2261·6964·6522·0a76·6572·7369·6f6e··=·"aide".version 
0003ba10:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></ 
0003ba20:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003ba30:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003ba40:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003ba50:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003ba60:·2d74·6172·6765·743d·2223·6964·6d37·3333··-target="#idm733 
0003ba70:·3422·2074·6162·696e·6465·783d·2230·2220··4"·tabindex="0"· 
0003ba80:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003ba90:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003baa0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003bab0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003bac0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003bad0:·7469·6f6e·2073·6372·6970·7420·e287·b23c··tion·script·...< 
0003bae0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003baf0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003bb00:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003bb10:·6964·6d37·3333·3422·3e3c·7461·626c·6520··idm7334"><table· 
0003bb20:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003bb30:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003bb40:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003bb50:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003bb60:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003bb70:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003bb80:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003bb90:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003bba0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr0003b5b0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
0003bbb0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003bbc0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><0003b5c0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
 0003b5d0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
0003bbd0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra0003b5e0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
0003bbe0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en0003b5f0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
0003bbf0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003bc00:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003bc10:·3e0a·7061·636b·6167·6520·696e·7374·616c··>.package·instal 
0003bc20:·6c20·6169·6465·0a3c·2f63·6f64·653e·3c2f··l·aide.</code></ 
0003bc30:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003bc40:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003bc50:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003bc60:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
Max diff block lines reached; 21213706/21250856 bytes (99.83%) of diff not shown.
1.92 MB
html2text {}
Max HTML report size reached
22.5 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-anssi_bp28_high.html
    
Offset 15184, 278 lines modifiedOffset 15184, 278 lines modified
0003b4f0:·6765·743d·2223·6964·6d37·3333·3122·2074··get="#idm7331"·t0003b4f0:·6765·743d·2223·6964·6d37·3333·3122·2074··get="#idm7331"·t
0003b500:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003b500:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003b510:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003b510:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003b520:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003b520:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003b530:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003b530:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003b540:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003b540:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003b550:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003b550:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003b560:·2041·6e61·636f·6e64·6120·736e·6970·7065···Anaconda·snippe 
0003b570:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b580:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b590:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b5a0:·2220·6964·3d22·6964·6d37·3333·3122·3e3c··"·id="idm7331">< 
0003b5b0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003b5c0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003b5d0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003b5e0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003b5f0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003b600:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003b610:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b620:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b630:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b640:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b650:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b660:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b670:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b680:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b690:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b6a0:·3e3c·636f·6465·3e0a·7061·636b·6167·6520··><code>.package· 
0003b6b0:·2d2d·6164·643d·6169·6465·0a3c·2f63·6f64··--add=aide.</cod 
0003b6c0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003b6d0:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003b6e0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003b6f0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003b700:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003b710:·6d37·3333·3222·2074·6162·696e·6465·783d··m7332"·tabindex= 
0003b720:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003b730:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003b740:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003b750:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003b760:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003b770:·6564·6961·7469·6f6e·2050·7570·7065·7420··ediation·Puppet· 
0003b780:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003b560:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
0003b790:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003b570:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003b7a0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003b580:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003b7b0:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm70003b590:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm7
0003b7c0:·3333·3222·3e3c·7461·626c·6520·636c·6173··332"><table·clas0003b5a0:·3333·3122·3e3c·7461·626c·6520·636c·6173··331"><table·clas
0003b7d0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s0003b5b0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003b7e0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor0003b5c0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003b7f0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond0003b5d0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003b800:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C0003b5e0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003b810:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><0003b5f0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003b820:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b830:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b840:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b850:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b860:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b870:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b880:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b890:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b8a0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b8b0:·653e·3c70·7265·3e3c·636f·6465·3e69·6e63··e><pre><code>inc 
0003b8c0:·6c75·6465·2069·6e73·7461·6c6c·5f61·6964··lude·install_aid 
0003b8d0:·650a·0a63·6c61·7373·2069·6e73·7461·6c6c··e..class·install 
0003b8e0:·5f61·6964·6520·7b0a·2020·7061·636b·6167··_aide·{.··packag 
0003b8f0:·6520·7b20·2761·6964·6527·3a0a·2020·2020··e·{·'aide':.···· 
0003b900:·656e·7375·7265·203d·2667·743b·2027·696e··ensure·=&gt;·'in 
0003b910:·7374·616c·6c65·6427·2c0a·2020·7d0a·7d0a··stalled',.··}.}. 
0003b920:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003b930:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003b940:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003b950:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003b960:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003b970:·3d22·2369·646d·3733·3333·2220·7461·6269··="#idm7333"·tabi 
0003b980:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003b990:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003b9a0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003b9b0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003b9c0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003b9d0:·223e·5265·6d65·6469·6174·696f·6e20·4f53··">Remediation·OS 
0003b9e0:·4275·696c·6420·426c·7565·7072·696e·7420··Build·Blueprint· 
0003b9f0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003ba00:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003ba10:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003ba20:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm7 
0003ba30:·3333·3322·3e3c·7072·653e·3c63·6f64·653e··333"><pre><code> 
0003ba40:·0a5b·5b70·6163·6b61·6765·735d·5d0a·6e61··.[[packages]].na 
0003ba50:·6d65·203d·2022·6169·6465·220a·7665·7273··me·=·"aide".vers 
0003ba60:·696f·6e20·3d20·222a·220a·3c2f·636f·6465··ion·=·"*".</code 
0003ba70:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003ba80:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003ba90:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003baa0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003bab0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003bac0:·3733·3334·2220·7461·6269·6e64·6578·3d22··7334"·tabindex=" 
0003bad0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003bae0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003baf0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003bb00:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003bb10:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003bb20:·6469·6174·696f·6e20·7363·7269·7074·20e2··diation·script·. 
0003bb30:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003bb40:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003bb50:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003bb60:·643d·2269·646d·3733·3334·223e·3c74·6162··d="idm7334"><tab 
0003bb70:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003bb80:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003bb90:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003bba0:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003bbb0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003bbc0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003bbd0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003bbe0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003bbf0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003bc00:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003bc10:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003bc20:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003bc30:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003bc40:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003bc50:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003bc60:·6f64·653e·0a70·6163·6b61·6765·2069·6e73··ode>.package·ins 
0003bc70:·7461·6c6c·2061·6964·650a·3c2f·636f·6465··tall·aide.</code 
0003bc80:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003bc90:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003bca0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003bcb0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003bcc0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003bcd0:·3733·3335·2220·7461·6269·6e64·6578·3d22··7335"·tabindex=" 
Max diff block lines reached; 21506113/21543125 bytes (99.83%) of diff not shown.
1.96 MB
html2text {}
Max HTML report size reached
9.81 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-anssi_bp28_intermediary.html
    
Offset 15174, 279 lines modifiedOffset 15174, 279 lines modified
0003b450:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003b450:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003b460:·6964·6d37·3333·3122·2074·6162·696e·6465··idm7331"·tabinde0003b460:·6964·6d37·3333·3122·2074·6162·696e·6465··idm7331"·tabinde
0003b470:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003b470:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003b480:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003b480:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003b490:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003b490:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003b4a0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003b4a0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003b4b0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003b4b0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003b4c0:·656d·6564·6961·7469·6f6e·2041·6e61·636f··emediation·Anaco0003b4c0:·656d·6564·6961·7469·6f6e·2073·6372·6970··emediation·scrip
0003b4d0:·6e64·6120·736e·6970·7065·7420·e287·b23c··nda·snippet·...< 
0003b4e0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b4f0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b500:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b510:·6964·6d37·3333·3122·3e3c·7461·626c·6520··idm7331"><table· 
0003b520:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003b530:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003b540:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003b550:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003b560:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003b570:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b580:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003b590:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003b5a0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b5b0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003b5c0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003b5d0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003b5e0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003b5f0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003b600:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b610:·3e0a·7061·636b·6167·6520·2d2d·6164·643d··>.package·--add= 
0003b620:·6169·6465·0a3c·2f63·6f64·653e·3c2f·7072··aide.</code></pr 
0003b630:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003b640:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003b650:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003b660:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003b670:·6172·6765·743d·2223·6964·6d37·3333·3222··arget="#idm7332" 
0003b680:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003b690:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003b6a0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003b6b0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003b6c0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003b6d0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003b6e0:·6f6e·2050·7570·7065·7420·736e·6970·7065··on·Puppet·snippe 
0003b6f0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di0003b4d0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003b700:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c0003b4e0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003b710:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse0003b4f0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003b720:·2220·6964·3d22·6964·6d37·3333·3222·3e3c··"·id="idm7332"><0003b500:·2220·6964·3d22·6964·6d37·3333·3122·3e3c··"·id="idm7331"><
0003b730:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab0003b510:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
0003b740:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped0003b520:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
0003b750:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·0003b530:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
0003b760:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"0003b540:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
0003b770:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex0003b550:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
0003b780:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low0003b560:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
0003b790:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003b570:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003b7a0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t0003b580:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
0003b7b0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></0003b590:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
0003b7c0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo0003b5a0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003b7d0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false0003b5b0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
0003b7e0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003b5c0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003b7f0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>0003b5d0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
0003b800:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><0003b5e0:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><
0003b810:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre0003b5f0:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
 0003b600:·3e3c·636f·6465·3e0a·646e·6620·696e·7374··><code>.dnf·inst
 0003b610:·616c·6c20·6169·6465·0a3c·2f63·6f64·653e··all·aide.</code>
 0003b620:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
 0003b630:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
 0003b640:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
 0003b650:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
 0003b660:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm7
 0003b670:·3333·3222·2074·6162·696e·6465·783d·2230··332"·tabindex="0
 0003b680:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
 0003b690:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
 0003b6a0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
 0003b6b0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
 0003b6c0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003b6d0:·6961·7469·6f6e·2050·7570·7065·7420·736e··iation·Puppet·sn
 0003b6e0:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br
 0003b6f0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
 0003b700:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
 0003b710:·6170·7365·2220·6964·3d22·6964·6d37·3333··apse"·id="idm733
 0003b720:·3222·3e3c·7461·626c·6520·636c·6173·733d··2"><table·class=
 0003b730:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
 0003b740:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
 0003b750:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
 0003b760:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
 0003b770:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
 0003b780:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003b790:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
 0003b7a0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003b7b0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
 0003b7c0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
 0003b7d0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
 0003b7e0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
 0003b7f0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
 0003b800:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
0003b820:·3e3c·636f·6465·3e69·6e63·6c75·6465·2069··><code>include·i0003b810:·3c70·7265·3e3c·636f·6465·3e69·6e63·6c75··<pre><code>inclu
0003b830:·6e73·7461·6c6c·5f61·6964·650a·0a63·6c61··nstall_aide..cla 
0003b840:·7373·2069·6e73·7461·6c6c·5f61·6964·6520··ss·install_aide·0003b820:·6465·2069·6e73·7461·6c6c·5f61·6964·650a··de·install_aide.
 0003b830:·0a63·6c61·7373·2069·6e73·7461·6c6c·5f61··.class·install_a
0003b850:·7b0a·2020·7061·636b·6167·6520·7b20·2761··{.··package·{·'a0003b840:·6964·6520·7b0a·2020·7061·636b·6167·6520··ide·{.··package·
0003b860:·6964·6527·3a0a·2020·2020·656e·7375·7265··ide':.····ensure0003b850:·7b20·2761·6964·6527·3a0a·2020·2020·656e··{·'aide':.····en
0003b870:·203d·2667·743b·2027·696e·7374·616c·6c65···=&gt;·'installe0003b860:·7375·7265·203d·2667·743b·2027·696e·7374··sure·=&gt;·'inst
0003b880:·6427·2c0a·2020·7d0a·7d0a·3c2f·636f·6465··d',.··}.}.</code0003b870:·616c·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f··alled',.··}.}.</
0003b890:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·0003b880:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div
0003b8a0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s0003b890:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b
0003b8b0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog0003b8a0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data
0003b8c0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d0003b8b0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps
0003b8d0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003b8c0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003b8e0:·3733·3333·2220·7461·6269·6e64·6578·3d22··7333"·tabindex="0003b8d0:·2369·646d·3733·3333·2220·7461·6269·6e64··#idm7333"·tabind
0003b8f0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003b8e0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003b900:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003b8f0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003b910:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003b900:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003b920:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003b910:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
0003b930:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003b920:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
 0003b930:·5265·6d65·6469·6174·696f·6e20·5368·656c··Remediation·Shel
0003b940:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild· 
0003b950:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003b960:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b970:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b980:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b990:·2220·6964·3d22·6964·6d37·3333·3322·3e3c··"·id="idm7333">< 
0003b9a0:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac 
0003b9b0:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·" 
0003b9c0:·6169·6465·220a·7665·7273·696f·6e20·3d20··aide".version·=· 
0003b9d0:·222a·220a·3c2f·636f·6465·3e3c·2f70·7265··"*".</code></pre 
0003b9e0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b9f0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003ba00:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
Max diff block lines reached; 9186010/9223160 bytes (99.60%) of diff not shown.
1.01 MB
html2text {}
    
Offset 135, 52 lines modifiedOffset 135, 48 lines modified
135 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)135 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
136 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3136 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
137 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5137 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
138 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199138 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
139 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79139 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
140 ············_\x8c_\x8i_\x8s············6.1.1140 ············_\x8c_\x8i_\x8s············6.1.1
141 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2141 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
147 package·--add=aide147 dnf·install·aide
148 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8148 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
149 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low149 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
150 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low150 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
151 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false151 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
152 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable152 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
153 include·install_aide153 include·install_aide
  
154 class·install_aide·{154 class·install_aide·{
155 ··package·{·'aide':155 ··package·{·'aide':
156 ····ensure·=>·'installed',156 ····ensure·=>·'installed',
157 ··}157 ··}
158 }158 }
159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
160 [[packages]] 
161 name·=·"aide" 
162 version·=·"*" 
163 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
164 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low160 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
165 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low161 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
166 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false162 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
167 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable163 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 164 #·Remediation·is·applicable·only·in·certain·platforms
 165 if·rpm·--quiet·-q·kernel;·then
  
 166 if·!·rpm·-q·--quiet·"aide"·;·then
 167 ····dnf·install·-y·"aide"
 168 fi
168 package·install·aide 
169 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
170 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
171 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
172 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
173 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
174 dnf·install·aide169 else
 170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 171 fi
175 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8172 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
176 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low173 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
177 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low174 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
178 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false175 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
179 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable176 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
180 -·name:·Gather·the·package·facts177 -·name:·Gather·the·package·facts
181 ··package_facts:178 ··package_facts:
Offset 209, 29 lines modifiedOffset 205, 33 lines modified
209 ··-·PCI-DSSv4-11.5.2205 ··-·PCI-DSSv4-11.5.2
210 ··-·enable_strategy206 ··-·enable_strategy
211 ··-·low_complexity207 ··-·low_complexity
212 ··-·low_disruption208 ··-·low_disruption
213 ··-·medium_severity209 ··-·medium_severity
214 ··-·no_reboot_needed210 ··-·no_reboot_needed
215 ··-·package_aide_installed211 ··-·package_aide_installed
 212 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 213 [[packages]]
 214 name·=·"aide"
 215 version·=·"*"
216 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8216 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
217 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low217 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
218 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low218 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
219 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false219 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
220 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable220 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
221 #·Remediation·is·applicable·only·in·certain·platforms 
222 if·rpm·--quiet·-q·kernel;·then 
  
223 if·!·rpm·-q·--quiet·"aide"·;·then 
224 ····dnf·install·-y·"aide" 
225 fi221 package·install·aide
 222 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 223 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 224 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 225 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 226 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 227 package·--add=aide
226 else 
227 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
228 fi 
229 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*228 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
230 Run·the·following·command·to·generate·a·new·database:229 Run·the·following·command·to·generate·a·new·database:
231 $·sudo·/usr/sbin/aide·--init230 $·sudo·/usr/sbin/aide·--init
232 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the231 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the
233 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these232 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these
234 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their233 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
235 integrity.·The·newly-generated·database·can·be·installed·as·follows:234 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 256, 14 lines modifiedOffset 256, 28 lines modified
256 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)256 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
257 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3257 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
258 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5258 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
259 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199259 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
260 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79260 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
261 ············_\x8c_\x8i_\x8s············6.1.1261 ············_\x8c_\x8i_\x8s············6.1.1
262 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2262 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 263 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 264 #·Remediation·is·applicable·only·in·certain·platforms
 265 if·rpm·--quiet·-q·kernel;·then
  
 266 if·!·rpm·-q·--quiet·"aide"·;·then
 267 ····dnf·install·-y·"aide"
 268 fi
  
 269 /usr/sbin/aide·--init
 270 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 271 else
 272 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 273 fi
263 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8274 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
264 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low275 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
265 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low276 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
266 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false277 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
267 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict278 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1057772/1062948 bytes (99.51%) of diff not shown.
2.91 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-anssi_bp28_minimal.html
    
Offset 14855, 295 lines modifiedOffset 14855, 295 lines modified
0003a060:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003a060:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003a070:·2223·6964·6d31·3035·3432·2220·7461·6269··"#idm10542"·tabi0003a070:·2223·6964·6d31·3035·3432·2220·7461·6269··"#idm10542"·tabi
0003a080:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003a080:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003a090:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003a090:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003a0a0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003a0a0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003a0b0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003a0b0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003a0c0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003a0c0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003a0d0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003a0d0:·223e·5265·6d65·6469·6174·696f·6e20·7363··">Remediation·sc
 0003a0e0:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
 0003a0f0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
 0003a100:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
 0003a110:·7073·6522·2069·643d·2269·646d·3130·3534··pse"·id="idm1054
 0003a120:·3222·3e3c·7461·626c·6520·636c·6173·733d··2"><table·class=
 0003a130:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
 0003a140:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
 0003a150:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
 0003a160:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
 0003a170:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
 0003a180:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003a190:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003a0e0:·6163·6f6e·6461·2073·6e69·7070·6574·20e2··aconda·snippet·. 
0003a0f0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003a100:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003a110:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003a120:·643d·2269·646d·3130·3534·3222·3e3c·7461··d="idm10542"><ta 
0003a130:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003a140:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003a150:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
0003a160:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
0003a170:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
0003a180:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</ 
0003a190:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003a1a0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
0003a1b0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003a1c0:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003a1d0:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</ 
0003a1e0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003a1f0:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t 
0003a200:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t 
0003a210:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003a220:·636f·6465·3e0a·7061·636b·6167·6520·2d2d··code>.package·-- 
0003a230:·6164·643d·646e·662d·6175·746f·6d61·7469··add=dnf-automati 
0003a240:·630a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··c.</code></pre>< 
0003a250:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003a260:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003a270:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003a280:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003a290:·6574·3d22·2369·646d·3130·3534·3322·2074··et="#idm10543"·t 
0003a2a0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003a2b0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003a2c0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003a2d0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003a2e0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003a2f0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003a300:·2050·7570·7065·7420·736e·6970·7065·7420···Puppet·snippet· 
0003a310:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003a320:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003a330:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003a340:·6964·3d22·6964·6d31·3035·3433·223e·3c74··id="idm10543"><t 
0003a350:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003a360:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003a370:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003a380:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003a390:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003a3a0:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<0003a1a0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
0003a3b0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003a1b0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
0003a3c0:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003a3d0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003a3e0:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot0003a1c0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
 0003a1d0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
 0003a1e0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0003a3f0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<0003a1f0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
 0003a200:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
 0003a210:·3c70·7265·3e3c·636f·6465·3e0a·646e·6620··<pre><code>.dnf·
0003a400:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003a410:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003a420:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003a430:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003a440:·3c63·6f64·653e·696e·636c·7564·6520·696e··<code>include·in 
0003a450:·7374·616c·6c5f·646e·662d·6175·746f·6d61··stall_dnf-automa 
0003a460:·7469·630a·0a63·6c61·7373·2069·6e73·7461··tic..class·insta 
0003a470:·6c6c·5f64·6e66·2d61·7574·6f6d·6174·6963··ll_dnf-automatic 
0003a480:·207b·0a20·2070·6163·6b61·6765·207b·2027···{.··package·{·' 
0003a490:·646e·662d·6175·746f·6d61·7469·6327·3a0a··dnf-automatic':. 
0003a4a0:·2020·2020·656e·7375·7265·203d·2667·743b······ensure·=&gt; 
0003a4b0:·2027·696e·7374·616c·6c65·6427·2c0a·2020···'installed',.·· 
0003a4c0:·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70·7265··}.}.</code></pre 
0003a4d0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003a4e0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003a4f0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003a500:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003a510:·7267·6574·3d22·2369·646d·3130·3534·3422··rget="#idm10544" 
0003a520:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003a530:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003a540:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003a550:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003a560:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003a570:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003a580:·6f6e·204f·5342·7569·6c64·2042·6c75·6570··on·OSBuild·Bluep 
0003a590:·7269·6e74·2073·6e69·7070·6574·20e2·87b2··rint·snippet·... 
0003a5a0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003a5b0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003a5c0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003a5d0:·2269·646d·3130·3534·3422·3e3c·7072·653e··"idm10544"><pre> 
0003a5e0:·3c63·6f64·653e·0a5b·5b70·6163·6b61·6765··<code>.[[package 
0003a5f0:·735d·5d0a·6e61·6d65·203d·2022·646e·662d··s]].name·=·"dnf- 
0003a600:·6175·746f·6d61·7469·6322·0a76·6572·7369··automatic".versi 
0003a610:·6f6e·203d·2022·2a22·0a3c·2f63·6f64·653e··on·=·"*".</code> 
0003a620:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003a630:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003a640:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003a650:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003a660:·7461·2d74·6172·6765·743d·2223·6964·6d31··ta-target="#idm1 
0003a670:·3035·3435·2220·7461·6269·6e64·6578·3d22··0545"·tabindex=" 
0003a680:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003a690:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003a6a0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003a6b0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003a6c0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003a6d0:·6469·6174·696f·6e20·7363·7269·7074·20e2··diation·script·. 
0003a6e0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003a6f0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003a700:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003a710:·643d·2269·646d·3130·3534·3522·3e3c·7461··d="idm10545"><ta 
0003a720:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003a730:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003a740:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
Max diff block lines reached; 2813917/2853275 bytes (98.62%) of diff not shown.
194 KB
html2text {}
    
Offset 101, 52 lines modifiedOffset 101, 49 lines modified
101 Rationale:··dnf-automatic·is·an·alternative·command·line·interface·(CLI)·to·dnf·upgrade101 Rationale:··dnf-automatic·is·an·alternative·command·line·interface·(CLI)·to·dnf·upgrade
102 ············suitable·for·automatic,·regular·execution.102 ············suitable·for·automatic,·regular·execution.
103 Severity: ··medium103 Severity: ··medium
104 Rule·ID:····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed104 Rule·ID:····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed
105 ············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.2105 ············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.2
106 References:·_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-00080106 References:·_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-00080
107 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61107 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
113 package·--add=dnf-automatic113 dnf·install·dnf-automatic
114 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8114 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
115 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low115 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
116 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low116 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
117 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false117 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
118 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable118 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
119 include·install_dnf-automatic119 include·install_dnf-automatic
  
120 class·install_dnf-automatic·{120 class·install_dnf-automatic·{
121 ··package·{·'dnf-automatic':121 ··package·{·'dnf-automatic':
122 ····ensure·=>·'installed',122 ····ensure·=>·'installed',
123 ··}123 ··}
124 }124 }
125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
126 [[packages]] 
127 name·=·"dnf-automatic" 
128 version·=·"*" 
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low126 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low127 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false128 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable129 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 130 #·Remediation·is·applicable·only·in·certain·platforms
 131 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-
 132 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 133 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then
 134 ····dnf·install·-y·"dnf-automatic"
 135 fi
134 package·install·dnf-automatic 
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
140 dnf·install·dnf-automatic136 else
 137 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 138 fi
141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
142 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low140 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
143 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low141 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
144 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false142 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
145 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable143 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
146 -·name:·Gather·the·package·facts144 -·name:·Gather·the·package·facts
147 ··package_facts:145 ··package_facts:
Offset 170, 30 lines modifiedOffset 167, 33 lines modified
170 ··tags:167 ··tags:
171 ··-·enable_strategy168 ··-·enable_strategy
172 ··-·low_complexity169 ··-·low_complexity
173 ··-·low_disruption170 ··-·low_disruption
174 ··-·medium_severity171 ··-·medium_severity
175 ··-·no_reboot_needed172 ··-·no_reboot_needed
176 ··-·package_dnf-automatic_installed173 ··-·package_dnf-automatic_installed
 174 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 175 [[packages]]
 176 name·=·"dnf-automatic"
 177 version·=·"*"
177 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8178 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
178 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low179 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
179 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low180 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
180 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false181 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
181 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable182 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
182 #·Remediation·is·applicable·only·in·certain·platforms 
183 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·- 
184 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
185 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then 
186 ····dnf·install·-y·"dnf-automatic" 
187 fi183 package·install·dnf-automatic
 184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 185 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 186 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 187 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 188 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 189 package·--add=dnf-automatic
188 else 
189 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
190 fi 
191 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*190 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
192 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed191 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed
193 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/192 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/
194 automatic.conf.193 automatic.conf.
195 ············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation194 ············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation
196 ············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and195 ············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and
197 Rationale:··updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in196 Rationale:··updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in
Offset 203, 54 lines modifiedOffset 203, 14 lines modified
203 Severity: ··medium203 Severity: ··medium
204 Rule·ID:····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates204 Rule·ID:····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates
205 ············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495205 ············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495
206 ············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)206 ············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)
207 References:·_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1207 References:·_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1
208 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260208 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260
209 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61209 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
210 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
211 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
212 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
213 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
214 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···unknown 
215 -·name:·Gather·the·package·facts 
216 ··package_facts: 
217 ····manager:·auto 
218 ··tags: 
219 ··-·NIST-800-53-CM-6(a) 
220 ··-·NIST-800-53-SI-2(5) 
221 ··-·NIST-800-53-SI-2(c) 
222 ··-·dnf-automatic_apply_updates 
223 ··-·low_complexity 
224 ··-·medium_disruption 
225 ··-·medium_severity 
226 ··-·no_reboot_needed 
Max diff block lines reached; 192829/199026 bytes (96.89%) of diff not shown.
25.3 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-cis.html
    
Offset 15225, 279 lines modifiedOffset 15225, 279 lines modified
0003b780:·2d74·6172·6765·743d·2223·6964·6d37·3333··-target="#idm7330003b780:·2d74·6172·6765·743d·2223·6964·6d37·3333··-target="#idm733
0003b790:·3122·2074·6162·696e·6465·783d·2230·2220··1"·tabindex="0"·0003b790:·3122·2074·6162·696e·6465·783d·2230·2220··1"·tabindex="0"·
0003b7a0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003b7a0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003b7b0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003b7b0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003b7c0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003b7c0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003b7d0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003b7d0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003b7e0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003b7e0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
 0003b7f0:·7469·6f6e·2073·6372·6970·7420·e287·b23c··tion·script·...<
0003b7f0:·7469·6f6e·2041·6e61·636f·6e64·6120·736e··tion·Anaconda·sn 
0003b800:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br 
0003b810:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003b820:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003b830:·6170·7365·2220·6964·3d22·6964·6d37·3333··apse"·id="idm733 
0003b840:·3122·3e3c·7461·626c·6520·636c·6173·733d··1"><table·class= 
0003b850:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str 
0003b860:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde 
0003b870:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden 
0003b880:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com 
0003b890:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td 
0003b8a0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003b8b0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption 
0003b8c0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b8d0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R 
0003b8e0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f 
0003b8f0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t 
0003b900:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:< 
0003b910:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</ 
0003b920:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table> 
0003b930:·3c70·7265·3e3c·636f·6465·3e0a·7061·636b··<pre><code>.pack 
0003b940:·6167·6520·2d2d·6164·643d·6169·6465·0a3c··age·--add=aide.< 
0003b950:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003b960:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003b970:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003b980:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003b990:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003b9a0:·2223·6964·6d37·3333·3222·2074·6162·696e··"#idm7332"·tabin 
0003b9b0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003b9c0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003b9d0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003b9e0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003b9f0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003ba00:·3e52·656d·6564·6961·7469·6f6e·2050·7570··>Remediation·Pup 
0003ba10:·7065·7420·736e·6970·7065·7420·e287·b23c··pet·snippet·...< 
0003ba20:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003b800:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
0003ba30:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003b810:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
0003ba40:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003b820:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
0003ba50:·6964·6d37·3333·3222·3e3c·7461·626c·6520··idm7332"><table·0003b830:·6964·6d37·3333·3122·3e3c·7461·626c·6520··idm7331"><table·
0003ba60:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003b840:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
0003ba70:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003b850:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
0003ba80:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003b860:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
0003ba90:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003b870:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
0003baa0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003b880:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
0003bab0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003bac0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003bad0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003bae0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003baf0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003bb00:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003bb10:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003bb20:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003bb30:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003bb40:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003bb50:·3e69·6e63·6c75·6465·2069·6e73·7461·6c6c··>include·install 
0003bb60:·5f61·6964·650a·0a63·6c61·7373·2069·6e73··_aide..class·ins 
0003bb70:·7461·6c6c·5f61·6964·6520·7b0a·2020·7061··tall_aide·{.··pa 
0003bb80:·636b·6167·6520·7b20·2761·6964·6527·3a0a··ckage·{·'aide':. 
0003bb90:·2020·2020·656e·7375·7265·203d·2667·743b······ensure·=&gt; 
0003bba0:·2027·696e·7374·616c·6c65·6427·2c0a·2020···'installed',.·· 
0003bbb0:·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70·7265··}.}.</code></pre 
0003bbc0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003bbd0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003bbe0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003bbf0:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003bc00:·7267·6574·3d22·2369·646d·3733·3333·2220··rget="#idm7333"· 
0003bc10:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003bc20:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003bc30:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003bc40:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003bc50:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003bc60:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003bc70:·6e20·4f53·4275·696c·6420·426c·7565·7072··n·OSBuild·Bluepr 
0003bc80:·696e·7420·736e·6970·7065·7420·e287·b23c··int·snippet·...< 
0003bc90:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003bca0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003bcb0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003bcc0:·6964·6d37·3333·3322·3e3c·7072·653e·3c63··idm7333"><pre><c 
0003bcd0:·6f64·653e·0a5b·5b70·6163·6b61·6765·735d··ode>.[[packages] 
0003bce0:·5d0a·6e61·6d65·203d·2022·6169·6465·220a··].name·=·"aide". 
0003bcf0:·7665·7273·696f·6e20·3d20·222a·220a·3c2f··version·=·"*".</ 
0003bd00:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003bd10:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003bd20:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003bd30:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003bd40:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003bd50:·2369·646d·3733·3334·2220·7461·6269·6e64··#idm7334"·tabind 
0003bd60:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003bd70:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003bd80:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003bd90:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003bda0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003bdb0:·5265·6d65·6469·6174·696f·6e20·7363·7269··Remediation·scri 
0003bdc0:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d 
0003bdd0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003bde0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003bdf0:·6522·2069·643d·2269·646d·3733·3334·223e··e"·id="idm7334"> 
0003be00:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta 
0003be10:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe 
0003be20:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered 
0003be30:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed 
0003be40:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple 
0003be50:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo 
0003be60:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003be70:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</ 
0003be80:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><0003b890:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003b8a0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 0003b8b0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
 0003b8c0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003b8d0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 0003b8e0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 0003b8f0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 0003b900:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
 0003b910:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
 0003b920:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
 0003b930:·3e0a·646e·6620·696e·7374·616c·6c20·6169··>.dnf·install·ai
 0003b940:·6465·0a3c·2f63·6f64·653e·3c2f·7072·653e··de.</code></pre>
 0003b950:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="
 0003b960:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"
Max diff block lines reached; 24212091/24249241 bytes (99.85%) of diff not shown.
2.21 MB
html2text {}
Max HTML report size reached
11.9 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-cis_server_l1.html
    
Offset 15187, 278 lines modifiedOffset 15187, 278 lines modified
0003b520:·6574·3d22·2369·646d·3733·3331·2220·7461··et="#idm7331"·ta0003b520:·6574·3d22·2369·646d·3733·3331·2220·7461··et="#idm7331"·ta
0003b530:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003b530:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b540:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003b540:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b550:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003b550:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b560:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003b560:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b570:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003b570:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003b580:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003b580:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b590:·416e·6163·6f6e·6461·2073·6e69·7070·6574··Anaconda·snippet 
0003b5a0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003b5b0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003b5c0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003b5d0:·2069·643d·2269·646d·3733·3331·223e·3c74···id="idm7331"><t 
0003b5e0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003b5f0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003b600:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003b610:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003b620:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003b630:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003b640:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b650:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003b660:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b670:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003b680:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003b690:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b6a0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003b6b0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003b6c0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003b6d0:·3c63·6f64·653e·0a70·6163·6b61·6765·202d··<code>.package·- 
0003b6e0:·2d61·6464·3d61·6964·650a·3c2f·636f·6465··-add=aide.</code 
0003b6f0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b700:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b710:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b720:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b730:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b740:·3733·3332·2220·7461·6269·6e64·6578·3d22··7332"·tabindex=" 
0003b750:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b760:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b770:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b780:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b790:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b7a0:·6469·6174·696f·6e20·5075·7070·6574·2073··diation·Puppet·s 
0003b7b0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b0003b590:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b
0003b7c0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003b7d0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003b7e0:·6c61·7073·6522·2069·643d·2269·646d·3733··lapse"·id="idm73 
0003b7f0:·3332·223e·3c74·6162·6c65·2063·6c61·7373··32"><table·class 
0003b800:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
0003b810:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord 
0003b820:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
0003b830:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
0003b840:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
0003b850:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003b860:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003b870:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003b880:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b890:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
0003b8a0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003b8b0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003b8c0:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003b8d0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003b8e0:·3e3c·7072·653e·3c63·6f64·653e·696e·636c··><pre><code>incl 
0003b8f0:·7564·6520·696e·7374·616c·6c5f·6169·6465··ude·install_aide 
0003b900:·0a0a·636c·6173·7320·696e·7374·616c·6c5f··..class·install_ 
0003b910:·6169·6465·207b·0a20·2070·6163·6b61·6765··aide·{.··package 
0003b920:·207b·2027·6169·6465·273a·0a20·2020·2065···{·'aide':.····e 
0003b930:·6e73·7572·6520·3d26·6774·3b20·2769·6e73··nsure·=&gt;·'ins 
0003b940:·7461·6c6c·6564·272c·0a20·207d·0a7d·0a3c··talled',.··}.}.< 
0003b950:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003b960:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003b970:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003b980:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003b990:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003b9a0:·2223·6964·6d37·3333·3322·2074·6162·696e··"#idm7333"·tabin 
0003b9b0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003b9c0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003b9d0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003b9e0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003b9f0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003ba00:·3e52·656d·6564·6961·7469·6f6e·204f·5342··>Remediation·OSB 
0003ba10:·7569·6c64·2042·6c75·6570·7269·6e74·2073··uild·Blueprint·s 
0003ba20:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003ba30:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa0003b5a0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
0003ba40:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col0003b5b0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
0003ba50:·6c61·7073·6522·2069·643d·2269·646d·3733··lapse"·id="idm730003b5c0:·6c61·7073·6522·2069·643d·2269·646d·3733··lapse"·id="idm73
 0003b5d0:·3331·223e·3c74·6162·6c65·2063·6c61·7373··31"><table·class
 0003b5e0:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
 0003b5f0:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
 0003b600:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
 0003b610:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
 0003b620:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
0003ba60:·3333·223e·3c70·7265·3e3c·636f·6465·3e0a··33"><pre><code>. 
0003ba70:·5b5b·7061·636b·6167·6573·5d5d·0a6e·616d··[[packages]].nam 
0003ba80:·6520·3d20·2261·6964·6522·0a76·6572·7369··e·=·"aide".versi 
0003ba90:·6f6e·203d·2022·2a22·0a3c·2f63·6f64·653e··on·=·"*".</code> 
0003baa0:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003bab0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003bac0:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003bad0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003bae0:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm7 
0003baf0:·3333·3422·2074·6162·696e·6465·783d·2230··334"·tabindex="0 
0003bb00:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003bb10:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003bb20:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003bb30:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003bb40:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003bb50:·6961·7469·6f6e·2073·6372·6970·7420·e287··iation·script·.. 
0003bb60:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003bb70:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003bb80:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003bb90:·3d22·6964·6d37·3333·3422·3e3c·7461·626c··="idm7334"><tabl 
0003bba0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003bbb0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003bbc0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003bbd0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003bbe0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003bbf0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003bc00:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003bc10:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003bc20:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003bc30:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003bc40:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003bc50:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003bc60:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003bc70:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003bc80:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003bc90:·6465·3e0a·7061·636b·6167·6520·696e·7374··de>.package·inst 
0003bca0:·616c·6c20·6169·6465·0a3c·2f63·6f64·653e··all·aide.</code> 
Max diff block lines reached; 11092870/11129882 bytes (99.67%) of diff not shown.
1.24 MB
html2text {}
    
Offset 120, 52 lines modifiedOffset 120, 48 lines modified
120 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)120 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
121 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3121 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
122 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5122 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
123 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199123 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
124 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79124 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
125 ············_\x8c_\x8i_\x8s············6.1.1125 ············_\x8c_\x8i_\x8s············6.1.1
126 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2126 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
128 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low128 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
129 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low129 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
130 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false130 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
131 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable131 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
132 package·--add=aide132 dnf·install·aide
133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
138 include·install_aide138 include·install_aide
  
139 class·install_aide·{139 class·install_aide·{
140 ··package·{·'aide':140 ··package·{·'aide':
141 ····ensure·=>·'installed',141 ····ensure·=>·'installed',
142 ··}142 ··}
143 }143 }
144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
145 [[packages]] 
146 name·=·"aide" 
147 version·=·"*" 
148 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
149 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low145 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
150 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low146 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
151 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false147 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
152 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable148 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 149 #·Remediation·is·applicable·only·in·certain·platforms
 150 if·rpm·--quiet·-q·kernel;·then
  
 151 if·!·rpm·-q·--quiet·"aide"·;·then
 152 ····dnf·install·-y·"aide"
 153 fi
153 package·install·aide 
154 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
155 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
156 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
157 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
158 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
159 dnf·install·aide154 else
 155 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 156 fi
160 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8157 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
161 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low158 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
162 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low159 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
163 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false160 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
164 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable161 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
165 -·name:·Gather·the·package·facts162 -·name:·Gather·the·package·facts
166 ··package_facts:163 ··package_facts:
Offset 194, 29 lines modifiedOffset 190, 33 lines modified
194 ··-·PCI-DSSv4-11.5.2190 ··-·PCI-DSSv4-11.5.2
195 ··-·enable_strategy191 ··-·enable_strategy
196 ··-·low_complexity192 ··-·low_complexity
197 ··-·low_disruption193 ··-·low_disruption
198 ··-·medium_severity194 ··-·medium_severity
199 ··-·no_reboot_needed195 ··-·no_reboot_needed
200 ··-·package_aide_installed196 ··-·package_aide_installed
 197 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 198 [[packages]]
 199 name·=·"aide"
 200 version·=·"*"
201 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8201 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
202 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low202 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
203 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low203 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
204 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false204 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
205 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable205 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
206 #·Remediation·is·applicable·only·in·certain·platforms 
207 if·rpm·--quiet·-q·kernel;·then 
  
208 if·!·rpm·-q·--quiet·"aide"·;·then 
209 ····dnf·install·-y·"aide" 
210 fi206 package·install·aide
 207 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 208 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 209 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 210 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 211 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 212 package·--add=aide
211 else 
212 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
213 fi 
214 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*213 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
215 Run·the·following·command·to·generate·a·new·database:214 Run·the·following·command·to·generate·a·new·database:
216 $·sudo·/usr/sbin/aide·--init215 $·sudo·/usr/sbin/aide·--init
217 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:216 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
218 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz217 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
219 To·initiate·a·manual·check,·run·the·following·command:218 To·initiate·a·manual·check,·run·the·following·command:
220 $·sudo·/usr/sbin/aide·--check219 $·sudo·/usr/sbin/aide·--check
Offset 234, 14 lines modifiedOffset 234, 28 lines modified
234 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)234 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
235 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3235 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
236 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5236 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
237 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199237 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
238 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79238 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
239 ············_\x8c_\x8i_\x8s············6.1.1239 ············_\x8c_\x8i_\x8s············6.1.1
240 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2240 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 241 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 242 #·Remediation·is·applicable·only·in·certain·platforms
 243 if·rpm·--quiet·-q·kernel;·then
  
 244 if·!·rpm·-q·--quiet·"aide"·;·then
 245 ····dnf·install·-y·"aide"
 246 fi
  
 247 /usr/sbin/aide·--init
 248 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 249 else
 250 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 251 fi
241 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8252 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
242 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low253 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
243 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low254 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
244 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false255 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
245 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict256 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1295510/1300835 bytes (99.59%) of diff not shown.
11.4 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-cis_workstation_l1.html
    
Offset 15178, 278 lines modifiedOffset 15178, 278 lines modified
0003b490:·6765·743d·2223·6964·6d37·3333·3122·2074··get="#idm7331"·t0003b490:·6765·743d·2223·6964·6d37·3333·3122·2074··get="#idm7331"·t
0003b4a0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003b4a0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003b4b0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003b4b0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003b4c0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003b4c0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003b4d0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003b4d0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003b4e0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003b4e0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003b4f0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003b4f0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003b500:·2041·6e61·636f·6e64·6120·736e·6970·7065···Anaconda·snippe 
0003b510:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b520:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b530:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b540:·2220·6964·3d22·6964·6d37·3333·3122·3e3c··"·id="idm7331">< 
0003b550:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003b560:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003b570:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003b580:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003b590:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003b5a0:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003b5b0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b5c0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b5d0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b5e0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b5f0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b600:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b610:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b620:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b630:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b640:·3e3c·636f·6465·3e0a·7061·636b·6167·6520··><code>.package· 
0003b650:·2d2d·6164·643d·6169·6465·0a3c·2f63·6f64··--add=aide.</cod 
0003b660:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003b670:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003b680:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003b690:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003b6a0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003b6b0:·6d37·3333·3222·2074·6162·696e·6465·783d··m7332"·tabindex= 
0003b6c0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003b6d0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003b6e0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003b6f0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003b700:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003b710:·6564·6961·7469·6f6e·2050·7570·7065·7420··ediation·Puppet· 
0003b720:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003b500:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
0003b730:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003b510:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003b740:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003b520:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003b750:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm70003b530:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm7
0003b760:·3333·3222·3e3c·7461·626c·6520·636c·6173··332"><table·clas0003b540:·3333·3122·3e3c·7461·626c·6520·636c·6173··331"><table·clas
0003b770:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s0003b550:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003b780:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor0003b560:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003b790:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond0003b570:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003b7a0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C0003b580:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003b7b0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><0003b590:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003b7c0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b7d0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b7e0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b7f0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b800:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b810:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b820:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b830:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b840:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b850:·653e·3c70·7265·3e3c·636f·6465·3e69·6e63··e><pre><code>inc 
0003b860:·6c75·6465·2069·6e73·7461·6c6c·5f61·6964··lude·install_aid 
0003b870:·650a·0a63·6c61·7373·2069·6e73·7461·6c6c··e..class·install 
0003b880:·5f61·6964·6520·7b0a·2020·7061·636b·6167··_aide·{.··packag 
0003b890:·6520·7b20·2761·6964·6527·3a0a·2020·2020··e·{·'aide':.···· 
0003b8a0:·656e·7375·7265·203d·2667·743b·2027·696e··ensure·=&gt;·'in 
0003b8b0:·7374·616c·6c65·6427·2c0a·2020·7d0a·7d0a··stalled',.··}.}. 
0003b8c0:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003b8d0:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003b8e0:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003b8f0:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003b900:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003b910:·3d22·2369·646d·3733·3333·2220·7461·6269··="#idm7333"·tabi 
0003b920:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003b930:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003b940:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003b950:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003b960:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003b970:·223e·5265·6d65·6469·6174·696f·6e20·4f53··">Remediation·OS 
0003b980:·4275·696c·6420·426c·7565·7072·696e·7420··Build·Blueprint· 
0003b990:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003b9a0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b9b0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b9c0:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm7 
0003b9d0:·3333·3322·3e3c·7072·653e·3c63·6f64·653e··333"><pre><code> 
0003b9e0:·0a5b·5b70·6163·6b61·6765·735d·5d0a·6e61··.[[packages]].na 
0003b9f0:·6d65·203d·2022·6169·6465·220a·7665·7273··me·=·"aide".vers 
0003ba00:·696f·6e20·3d20·222a·220a·3c2f·636f·6465··ion·=·"*".</code 
0003ba10:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003ba20:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003ba30:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003ba40:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003ba50:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003ba60:·3733·3334·2220·7461·6269·6e64·6578·3d22··7334"·tabindex=" 
0003ba70:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003ba80:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003ba90:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003baa0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003bab0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003bac0:·6469·6174·696f·6e20·7363·7269·7074·20e2··diation·script·. 
0003bad0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003bae0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003baf0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003bb00:·643d·2269·646d·3733·3334·223e·3c74·6162··d="idm7334"><tab 
0003bb10:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003bb20:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003bb30:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003bb40:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003bb50:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003bb60:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003bb70:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003bb80:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003bb90:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003bba0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003bbb0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003bbc0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003bbd0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003bbe0:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003bbf0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003bc00:·6f64·653e·0a70·6163·6b61·6765·2069·6e73··ode>.package·ins 
0003bc10:·7461·6c6c·2061·6964·650a·3c2f·636f·6465··tall·aide.</code 
0003bc20:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003bc30:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003bc40:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003bc50:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003bc60:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003bc70:·3733·3335·2220·7461·6269·6e64·6578·3d22··7335"·tabindex=" 
Max diff block lines reached; 10711602/10748614 bytes (99.66%) of diff not shown.
1.19 MB
html2text {}
    
Offset 118, 52 lines modifiedOffset 118, 48 lines modified
118 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)118 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
119 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3119 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
120 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5120 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
121 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199121 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
122 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79122 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
123 ············_\x8c_\x8i_\x8s············6.1.1123 ············_\x8c_\x8i_\x8s············6.1.1
124 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2124 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
126 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low126 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
127 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low127 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
128 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false128 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
129 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable129 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
130 package·--add=aide130 dnf·install·aide
131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
136 include·install_aide136 include·install_aide
  
137 class·install_aide·{137 class·install_aide·{
138 ··package·{·'aide':138 ··package·{·'aide':
139 ····ensure·=>·'installed',139 ····ensure·=>·'installed',
140 ··}140 ··}
141 }141 }
142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
143 [[packages]] 
144 name·=·"aide" 
145 version·=·"*" 
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 147 #·Remediation·is·applicable·only·in·certain·platforms
 148 if·rpm·--quiet·-q·kernel;·then
  
 149 if·!·rpm·-q·--quiet·"aide"·;·then
 150 ····dnf·install·-y·"aide"
 151 fi
151 package·install·aide 
152 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
153 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
154 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
155 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
156 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
157 dnf·install·aide152 else
 153 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 154 fi
158 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8155 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
159 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low156 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
160 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low157 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
161 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false158 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
162 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable159 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
163 -·name:·Gather·the·package·facts160 -·name:·Gather·the·package·facts
164 ··package_facts:161 ··package_facts:
Offset 192, 29 lines modifiedOffset 188, 33 lines modified
192 ··-·PCI-DSSv4-11.5.2188 ··-·PCI-DSSv4-11.5.2
193 ··-·enable_strategy189 ··-·enable_strategy
194 ··-·low_complexity190 ··-·low_complexity
195 ··-·low_disruption191 ··-·low_disruption
196 ··-·medium_severity192 ··-·medium_severity
197 ··-·no_reboot_needed193 ··-·no_reboot_needed
198 ··-·package_aide_installed194 ··-·package_aide_installed
 195 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 196 [[packages]]
 197 name·=·"aide"
 198 version·=·"*"
199 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8199 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
200 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low200 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
201 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low201 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
202 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false202 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
203 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable203 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
204 #·Remediation·is·applicable·only·in·certain·platforms 
205 if·rpm·--quiet·-q·kernel;·then 
  
206 if·!·rpm·-q·--quiet·"aide"·;·then 
207 ····dnf·install·-y·"aide" 
208 fi204 package·install·aide
 205 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 206 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 207 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 208 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 209 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 210 package·--add=aide
209 else 
210 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
211 fi 
212 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*211 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
213 Run·the·following·command·to·generate·a·new·database:212 Run·the·following·command·to·generate·a·new·database:
214 $·sudo·/usr/sbin/aide·--init213 $·sudo·/usr/sbin/aide·--init
215 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:214 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
216 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz215 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
217 To·initiate·a·manual·check,·run·the·following·command:216 To·initiate·a·manual·check,·run·the·following·command:
218 $·sudo·/usr/sbin/aide·--check217 $·sudo·/usr/sbin/aide·--check
Offset 232, 14 lines modifiedOffset 232, 28 lines modified
232 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)232 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
233 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3233 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
234 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5234 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
235 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199235 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
236 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79236 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
237 ············_\x8c_\x8i_\x8s············6.1.1237 ············_\x8c_\x8i_\x8s············6.1.1
238 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2238 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 239 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 240 #·Remediation·is·applicable·only·in·certain·platforms
 241 if·rpm·--quiet·-q·kernel;·then
  
 242 if·!·rpm·-q·--quiet·"aide"·;·then
 243 ····dnf·install·-y·"aide"
 244 fi
  
 245 /usr/sbin/aide·--init
 246 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 247 else
 248 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 249 fi
239 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8250 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
240 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low251 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
241 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low252 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
242 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false253 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
243 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict254 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1246090/1251415 bytes (99.57%) of diff not shown.
25.1 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-cis_workstation_l2.html
    
Offset 15216, 279 lines modifiedOffset 15216, 279 lines modified
0003b6f0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003b6f0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003b700:·646d·3733·3331·2220·7461·6269·6e64·6578··dm7331"·tabindex0003b700:·646d·3733·3331·2220·7461·6269·6e64·6578··dm7331"·tabindex
0003b710:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003b710:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003b720:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003b720:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003b730:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003b730:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003b740:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003b740:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003b750:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003b750:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003b760:·6d65·6469·6174·696f·6e20·416e·6163·6f6e··mediation·Anacon0003b760:·6d65·6469·6174·696f·6e20·7363·7269·7074··mediation·script
0003b770:·6461·2073·6e69·7070·6574·20e2·87b2·3c2f··da·snippet·...</ 
0003b780:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b790:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b7a0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b7b0:·646d·3733·3331·223e·3c74·6162·6c65·2063··dm7331"><table·c 
0003b7c0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003b7d0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003b7e0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003b7f0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003b800:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003b810:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b820:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003b830:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003b840:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b850:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003b860:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003b870:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b880:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003b890:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003b8a0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003b8b0:·0a70·6163·6b61·6765·202d·2d61·6464·3d61··.package·--add=a 
0003b8c0:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre 
0003b8d0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b8e0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b8f0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b900:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b910:·7267·6574·3d22·2369·646d·3733·3332·2220··rget="#idm7332"· 
0003b920:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003b930:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003b940:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003b950:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003b960:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003b970:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003b980:·6e20·5075·7070·6574·2073·6e69·7070·6574··n·Puppet·snippet 
0003b990:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div0003b770:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003b9a0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0003b780:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003b9b0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"0003b790:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003b9c0:·2069·643d·2269·646d·3733·3332·223e·3c74···id="idm7332"><t0003b7a0:·2069·643d·2269·646d·3733·3331·223e·3c74···id="idm7331"><t
0003b9d0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl0003b7b0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
0003b9e0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·0003b7c0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
0003b9f0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t0003b7d0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
0003ba00:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">0003b7e0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
0003ba10:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi0003b7f0:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
0003ba20:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<0003b800:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<
0003ba30:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003ba40:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003ba50:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003ba60:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003ba70:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003ba80:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b810:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b820:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th
0003ba90:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003baa0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003bab0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003bac0:·3c63·6f64·653e·696e·636c·7564·6520·696e··<code>include·in 
0003bad0:·7374·616c·6c5f·6169·6465·0a0a·636c·6173··stall_aide..clas 
0003bae0:·7320·696e·7374·616c·6c5f·6169·6465·207b··s·install_aide·{ 
0003baf0:·0a20·2070·6163·6b61·6765·207b·2027·6169··.··package·{·'ai 
0003bb00:·6465·273a·0a20·2020·2065·6e73·7572·6520··de':.····ensure· 
0003bb10:·3d26·6774·3b20·2769·6e73·7461·6c6c·6564··=&gt;·'installed 
0003bb20:·272c·0a20·207d·0a7d·0a3c·2f63·6f64·653e··',.··}.}.</code> 
0003bb30:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003bb40:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003bb50:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003bb60:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003bb70:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm7 
0003bb80:·3333·3322·2074·6162·696e·6465·783d·2230··333"·tabindex="0 
0003bb90:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003bba0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003bbb0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003bbc0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003bbd0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003bbe0:·6961·7469·6f6e·204f·5342·7569·6c64·2042··iation·OSBuild·B 
0003bbf0:·6c75·6570·7269·6e74·2073·6e69·7070·6574··lueprint·snippet 
0003bc00:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003bc10:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003bc20:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003bc30:·2069·643d·2269·646d·3733·3333·223e·3c70···id="idm7333"><p 
0003bc40:·7265·3e3c·636f·6465·3e0a·5b5b·7061·636b··re><code>.[[pack 
0003bc50:·6167·6573·5d5d·0a6e·616d·6520·3d20·2261··ages]].name·=·"a 
0003bc60:·6964·6522·0a76·6572·7369·6f6e·203d·2022··ide".version·=·" 
0003bc70:·2a22·0a3c·2f63·6f64·653e·3c2f·7072·653e··*".</code></pre> 
0003bc80:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003bc90:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003bca0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003bcb0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003bcc0:·6765·743d·2223·6964·6d37·3333·3422·2074··get="#idm7334"·t 
0003bcd0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003bce0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003bcf0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003bd00:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003bd10:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003bd20:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003bd30:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a>< 
0003bd40:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003bd50:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003bd60:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm7 
0003bd70:·3333·3422·3e3c·7461·626c·6520·636c·6173··334"><table·clas 
0003bd80:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003bd90:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003bda0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003bdb0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003bdc0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003bdd0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>0003b830:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
0003bde0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti0003b840:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
0003bdf0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<0003b850:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
0003be00:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b860:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003be10:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003be20:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003be30:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003be40:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003be50:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003be60:·653e·3c70·7265·3e3c·636f·6465·3e0a·7061··e><pre><code>.pa0003b870:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
 0003b880:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></
 0003b890:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
 0003b8a0:·3c63·6f64·653e·0a64·6e66·2069·6e73·7461··<code>.dnf·insta
 0003b8b0:·6c6c·2061·6964·650a·3c2f·636f·6465·3e3c··ll·aide.</code><
 0003b8c0:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl
 0003b8d0:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc
Max diff block lines reached; 24036476/24073626 bytes (99.85%) of diff not shown.
2.18 MB
html2text {}
Max HTML report size reached
6.73 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-e8.html
    
Offset 15267, 408 lines modifiedOffset 15267, 408 lines modified
0003ba20:·7267·6574·3d22·2369·646d·3639·3933·2220··rget="#idm6993"·0003ba20:·7267·6574·3d22·2369·646d·3639·3933·2220··rget="#idm6993"·
0003ba30:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003ba30:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003ba40:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003ba40:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003ba50:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003ba50:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003ba60:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003ba60:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003ba70:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003ba70:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003ba80:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003ba80:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003ba90:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe0003ba90:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
0003baa0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di0003baa0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
0003bab0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c0003bab0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0003bac0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse0003bac0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0003bad0:·2220·6964·3d22·6964·6d36·3939·3322·3e3c··"·id="idm6993"><0003bad0:·643d·2269·646d·3639·3933·223e·3c70·7265··d="idm6993"><pre
0003bae0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab0003bae0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
0003baf0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped0003baf0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
0003bb00:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·0003bb00:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
0003bb10:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"0003bb10:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
0003bb20:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex0003bb20:·2120·2820·7b20·7270·6d20·2d2d·7175·6965··!·(·{·rpm·--quie
0003bb30:·6974·793a·3c2f·7468·3e3c·7464·3e68·6967··ity:</th><td>hig0003bb30:·7420·2d71·206b·6572·6e65·6c20·3b7d·2026··t·-q·kernel·;}·&
0003bb40:·683c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··h</td></tr><tr><0003bb40:·616d·703b·2661·6d70·3b20·7b20·7270·6d20··amp;&amp;·{·rpm·
0003bb50:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</0003bb50:·2d2d·7175·6965·7420·2d71·2072·706d·2d6f··--quiet·-q·rpm-o
0003bb60:·7468·3e3c·7464·3e6d·6564·6975·6d3c·2f74··th><td>medium</t0003bb60:·7374·7265·6520·3b7d·2026·616d·703b·2661··stree·;}·&amp;&a
0003bb70:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R0003bb70:·6d70·3b20·7b20·7270·6d20·2d2d·7175·6965··mp;·{·rpm·--quie
0003bb80:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f0003bb80:·7420·2d71·2062·6f6f·7463·203b·7d20·2661··t·-q·bootc·;}·&a
0003bb90:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t0003bb90:·6d70·3b26·616d·703b·207b·2021·2072·706d··mp;&amp;·{·!·rpm
0003bba0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0003bba0:·202d·2d71·7569·6574·202d·7120·6f70·656e···--quiet·-q·open
0003bbb0:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict0003bbb0:·7368·6966·742d·6b75·6265·6c65·7420·3b7d··shift-kubelet·;}
0003bbc0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl0003bbc0:·2029·3b20·7468·656e·0a0a·2320·4669·6e64···);·then..#·Find
0003bbd0:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n0003bbd0:·2077·6869·6368·2066·696c·6573·2068·6176···which·files·hav
0003bbe0:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the·0003bbe0:·6520·696e·636f·7272·6563·7420·6861·7368··e·incorrect·hash
0003bbf0:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.··0003bbf0:·2028·6e6f·7420·696e·202f·6574·632c·2062···(not·in·/etc,·b
0003bc00:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.·0003bc00:·6563·6175·7365·206f·6620·7468·6520·7379··ecause·of·the·sy
0003bc10:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto0003bc10:·7374·656d·2072·656c·6174·6564·2063·6f6e··stem·related·con
0003bc20:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003bc20:·6669·6720·6669·6c65·7329·2061·6e64·2074··fig·files)·and·t
0003bc30:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N0003bc30:·6865·6e20·6765·7420·6669·6c65·7320·6e61··hen·get·files·na
0003bc40:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.0003bc40:·6d65·730a·6669·6c65·735f·7769·7468·5f69··mes.files_with_i
0003bc50:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-10003bc50:·6e63·6f72·7265·6374·5f68·6173·683d·2224··ncorrect_hash="$
0003bc60:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS0003bc60:·2872·706d·202d·5661·202d·2d6e·6f63·6f6e··(rpm·-Va·--nocon
0003bc70:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)0003bc70:·6669·6720·7c20·6772·6570·202d·4520·275e··fig·|·grep·-E·'^
0003bc80:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bc80:·2e2e·3527·207c·2061·776b·2027·7b70·7269··..5'·|·awk·'{pri
0003bc90:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS0003bc90:·6e74·2024·4e46·7d27·2029·220a·0a69·6620··nt·$NF}'·)"..if·
0003bca0:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)0003bca0:·5b20·2d6e·2022·2466·696c·6573·5f77·6974··[·-n·"$files_wit
0003bcb0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bcb0:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003bcc0:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-80003bcc0:·2220·5d3b·2074·6865·6e0a·2020·2020·2320··"·];·then.····#·
0003bcd0:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··0003bcd0:·4672·6f6d·2066·696c·6573·206e·616d·6573··From·files·names
0003bce0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003bce0:·2067·6574·2070·6163·6b61·6765·206e·616d···get·package·nam
0003bcf0:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS0003bcf0:·6573·2061·6e64·2063·6861·6e67·6520·6e65··es·and·change·ne
0003bd00:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003bd00:·776c·696e·6520·746f·2073·7061·6365·2c20··wline·to·space,·
0003bd10:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003bd10:·6265·6361·7573·6520·7270·6d20·7772·6974··because·rpm·writ
0003bd20:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex0003bd20:·6573·2065·6163·6820·7061·636b·6167·6520··es·each·package·
0003bd30:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev0003bd30:·746f·206e·6577·206c·696e·650a·2020·2020··to·new·line.····
0003bd40:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium0003bd40:·7061·636b·6167·6573·5f74·6f5f·7265·696e··packages_to_rein
0003bd50:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·0003bd50:·7374·616c·6c3d·2224·2872·706d·202d·7166··stall="$(rpm·-qf
0003bd60:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed0003bd60:·2024·6669·6c65·735f·7769·7468·5f69·6e63···$files_with_inc
0003bd70:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st0003bd70:·6f72·7265·6374·5f68·6173·6820·7c20·7472··orrect_hash·|·tr
0003bd80:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v0003bd80:·2027·5c6e·2720·2720·2729·220a·0a20·2020···'\n'·'·')"..···
0003bd90:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·0003bd90:·200a·2020·2020·646e·6620·7265·696e·7374···.····dnf·reinst
0003bda0:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:0003bda0:·616c·6c20·2d79·2024·7061·636b·6167·6573··all·-y·$packages
0003bdb0:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager0003bdb0:·5f74·6f5f·7265·696e·7374·616c·6c0a·2020··_to_reinstall.··
0003bdc0:·2072·6569·6e73·7461·6c6c·2063·6f6d·6d61···reinstall·comma0003bdc0:·2020·0a66·690a·0a65·6c73·650a·2020·2020····.fi..else.····
0003bdd0:·6e64·270a·2020·7365·745f·6661·6374·3a0a··nd'.··set_fact:.0003bdd0:·2667·743b·2661·6d70·3b32·2065·6368·6f20··&gt;&amp;2·echo·
0003bde0:·2020·2020·7061·636b·6167·655f·6d61·6e61······package_mana0003bde0:·2752·656d·6564·6961·7469·6f6e·2069·7320··'Remediation·is·
0003bdf0:·6765·725f·7265·696e·7374·616c·6c5f·636d··ger_reinstall_cm0003bdf0:·6e6f·7420·6170·706c·6963·6162·6c65·2c20··not·applicable,·
0003be00:·643a·2064·6e66·2072·6569·6e73·7461·6c6c··d:·dnf·reinstall0003be00:·6e6f·7468·696e·6720·7761·7320·646f·6e65··nothing·was·done
0003be10:·202d·790a·2020·7768·656e·3a0a·2020·2d20···-y.··when:.··-·0003be10:·270a·6669·0a3c·2f63·6f64·653e·3c2f·7072··'.fi.</code></pr
0003be20:·6e6f·7420·2820·226b·6572·6e65·6c22·2069··not·(·"kernel"·i0003be20:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class
0003be30:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003be30:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes
0003be40:·7061·636b·6167·6573·2061·6e64·2022·7270··packages·and·"rp0003be40:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="
0003be50:·6d2d·6f73·7472·6565·2220·696e·2061·6e73··m-ostree"·in·ans0003be50:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t
0003be60:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003be60:·6172·6765·743d·2223·6964·6d36·3939·3422··arget="#idm6994"
0003be70:·6765·730a·2020·2020·616e·6420·2262·6f6f··ges.····and·"boo0003be70:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003be80:·7463·2220·696e·2061·6e73·6962·6c65·5f66··tc"·in·ansible_f0003be80:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003be90:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003be90:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003bea0:·6420·6e6f·7420·226f·7065·6e73·6869·6674··d·not·"openshift0003bea0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003beb0:·2d6b·7562·656c·6574·2220·696e·2061·6e73··-kubelet"·in·ans0003beb0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003bec0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003bec0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003bed0:·6765·730a·2020·2020·290a·2020·2d20·616e··ges.····).··-·an0003bed0:·6f6e·2041·6e73·6962·6c65·2073·6e69·7070··on·Ansible·snipp
0003bee0:·7369·626c·655f·6469·7374·7269·6275·7469··sible_distributi0003bee0:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d
0003bef0:·6f6e·2069·6e20·5b20·2246·6564·6f72·6122··on·in·[·"Fedora"0003bef0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0003bf00:·2c20·2252·6564·4861·7422·2c20·2243·656e··,·"RedHat",·"Cen0003bf00:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
0003bf10:·744f·5322·2c20·224f·7261·636c·654c·696e··tOS",·"OracleLin0003bf10:·6522·2069·643d·2269·646d·3639·3934·223e··e"·id="idm6994">
0003bf20:·7578·2220·5d0a·2020·7461·6773·3a0a·2020··ux"·].··tags:.··0003bf20:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
0003bf30:·2d20·434a·4953·2d35·2e31·302e·342e·310a··-·CJIS-5.10.4.1.0003bf30:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
0003bf40:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003bf40:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
0003bf50:·2d33·2e33·2e38·0a20·202d·204e·4953·542d··-3.3.8.··-·NIST-0003bf50:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
0003bf60:·3830·302d·3137·312d·332e·342e·310a·2020··800-171-3.4.1.··0003bf60:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
0003bf70:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU0003bf70:·7869·7479·3a3c·2f74·683e·3c74·643e·6869··xity:</th><td>hi
0003bf80:·2d39·2833·290a·2020·2d20·4e49·5354·2d38··-9(3).··-·NIST-80003bf80:·6768·3c2f·7464·3e3c·2f74·723e·3c74·723e··gh</td></tr><tr>
0003bf90:·3030·2d35·332d·434d·2d36·2863·290a·2020··00-53-CM-6(c).··0003bf90:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
0003bfa0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003bfa0:·2f74·683e·3c74·643e·6d65·6469·756d·3c2f··/th><td>medium</
0003bfb0:·2d36·2864·290a·2020·2d20·4e49·5354·2d38··-6(d).··-·NIST-80003bfb0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003bfc0:·3030·2d35·332d·5349·2d37·0a20·202d·204e··00-53-SI-7.··-·N0003bfc0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>
0003bfd0:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003bfd0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><
0003bfe0:·3129·0a20·202d·204e·4953·542d·3830·302d··1).··-·NIST-800-0003bfe0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
0003bff0:·3533·2d53·492d·3728·3629·0a20·202d·2050··53-SI-7(6).··-·P0003bff0:·3c2f·7468·3e3c·7464·3e72·6573·7472·6963··</th><td>restric
0003c000:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.0003c000:·743c·2f74·643e·3c2f·7472·3e3c·2f74·6162··t</td></tr></tab
0003c010:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-110003c010:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-·
0003c020:·2e35·2e32·0a20·202d·2068·6967·685f·636f··.5.2.··-·high_co0003c020:·6e61·6d65·3a20·4761·7468·6572·2074·6865··name:·Gather·the
0003c030:·6d70·6c65·7869·7479·0a20·202d·2068·6967··mplexity.··-·hig0003c030:·2070·6163·6b61·6765·2066·6163·7473·0a20···package·facts.·
0003c040:·685f·7365·7665·7269·7479·0a20·202d·206d··h_severity.··-·m0003c040:·2070·6163·6b61·6765·5f66·6163·7473·3a0a···package_facts:.
0003c050:·6564·6975·6d5f·6469·7372·7570·7469·6f6e··edium_disruption0003c050:·2020·2020·6d61·6e61·6765·723a·2061·7574······manager:·aut
0003c060:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n0003c060:·6f0a·2020·7461·6773·3a0a·2020·2d20·434a··o.··tags:.··-·CJ
0003c070:·6565·6465·640a·2020·2d20·7265·7374·7269··eeded.··-·restri0003c070:·4953·2d35·2e31·302e·342e·310a·2020·2d20··IS-5.10.4.1.··-·
0003c080:·6374·5f73·7472·6174·6567·790a·2020·2d20··ct_strategy.··-·0003c080:·4e49·5354·2d38·3030·2d31·3731·2d33·2e33··NIST-800-171-3.3
0003c090:·7270·6d5f·7665·7269·6679·5f68·6173·6865··rpm_verify_hashe0003c090:·2e38·0a20·202d·204e·4953·542d·3830·302d··.8.··-·NIST-800-
0003c0a0:·730a·0a2d·206e·616d·653a·2027·5365·7420··s..-·name:·'Set·0003c0a0:·3137·312d·332e·342e·310a·2020·2d20·4e49··171-3.4.1.··-·NI
0003c0b0:·6661·6374·3a20·5061·636b·6167·6520·6d61··fact:·Package·ma0003c0b0:·5354·2d38·3030·2d35·332d·4155·2d39·2833··ST-800-53-AU-9(3
0003c0c0:·6e61·6765·7220·7265·696e·7374·616c·6c20··nager·reinstall·0003c0c0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003c0d0:·636f·6d6d·616e·6420·287a·7970·7065·7229··command·(zypper)0003c0d0:·332d·434d·2d36·2863·290a·2020·2d20·4e49··3-CM-6(c).··-·NI
0003c0e0:·270a·2020·7365·745f·6661·6374·3a0a·2020··'.··set_fact:.··0003c0e0:·5354·2d38·3030·2d35·332d·434d·2d36·2864··ST-800-53-CM-6(d
0003c0f0:·2020·7061·636b·6167·655f·6d61·6e61·6765····package_manage0003c0f0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003c100:·725f·7265·696e·7374·616c·6c5f·636d·643a··r_reinstall_cmd:0003c100:·332d·5349·2d37·0a20·202d·204e·4953·542d··3-SI-7.··-·NIST-
0003c110:·207a·7970·7065·7220·696e·202d·6620·2d79···zypper·in·-f·-y0003c110:·3830·302d·3533·2d53·492d·3728·3129·0a20··800-53-SI-7(1).·
0003c120:·0a20·2077·6865·6e3a·0a20·202d·206e·6f74··.··when:.··-·not0003c120:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S
0003c130:·2028·2022·6b65·726e·656c·2220·696e·2061···(·"kernel"·in·a0003c130:·492d·3728·3629·0a20·202d·2050·4349·2d44··I-7(6).··-·PCI-D
0003c140:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003c140:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·
0003c150:·6b61·6765·7320·616e·6420·2272·706d·2d6f··kages·and·"rpm-o0003c150:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.2
0003c160:·7374·7265·6522·2069·6e20·616e·7369·626c··stree"·in·ansibl0003c160:·0a20·202d·2068·6967·685f·636f·6d70·6c65··.··-·high_comple
0003c170:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003c170:·7869·7479·0a20·202d·2068·6967·685f·7365··xity.··-·high_se
0003c180:·0a20·2020·2061·6e64·2022·626f·6f74·6322··.····and·"bootc"0003c180:·7665·7269·7479·0a20·202d·206d·6564·6975··verity.··-·mediu
0003c190:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003c190:·6d5f·6469·7372·7570·7469·6f6e·0a20·202d··m_disruption.··-
0003c1a0:·732e·7061·636b·6167·6573·2061·6e64·206e··s.packages·and·n0003c1a0:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede
0003c1b0:·6f74·2022·6f70·656e·7368·6966·742d·6b75··ot·"openshift-ku0003c1b0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
0003c1c0:·6265·6c65·7422·2069·6e20·616e·7369·626c··belet"·in·ansibl0003c1c0:·7472·6174·6567·790a·2020·2d20·7270·6d5f··trategy.··-·rpm_
0003c1d0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003c1d0:·7665·7269·6679·5f68·6173·6865·730a·0a2d··verify_hashes..-
0003c1e0:·0a20·2020·2029·0a20·202d·2061·6e73·6962··.····).··-·ansib0003c1e0:·206e·616d·653a·2027·5365·7420·6661·6374···name:·'Set·fact
0003c1f0:·6c65·5f64·6973·7472·6962·7574·696f·6e20··le_distribution·0003c1f0:·3a20·5061·636b·6167·6520·6d61·6e61·6765··:·Package·manage
Max diff block lines reached; 6322750/6377702 bytes (99.14%) of diff not shown.
666 KB
html2text {}
    
Offset 120, 14 lines modifiedOffset 120, 33 lines modified
120 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6120 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
121 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4121 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
122 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)122 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
123 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1123 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
124 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5124 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
125 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227125 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
126 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2126 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 128 #·Remediation·is·applicable·only·in·certain·platforms
 129 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 130 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 131 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 132 if·[·-n·"$files_with_incorrect_hash"·];·then
 133 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 134 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 135 ····dnf·reinstall·-y·$packages_to_reinstall
  
 136 fi
  
 137 else
 138 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 139 fi
127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
128 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
129 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
130 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
131 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
132 -·name:·Gather·the·package·facts145 -·name:·Gather·the·package·facts
133 ··package_facts:146 ··package_facts:
Offset 294, 33 lines modifiedOffset 313, 14 lines modified
294 ··-·PCI-DSSv4-11.5.2313 ··-·PCI-DSSv4-11.5.2
295 ··-·high_complexity314 ··-·high_complexity
296 ··-·high_severity315 ··-·high_severity
297 ··-·medium_disruption316 ··-·medium_disruption
298 ··-·no_reboot_needed317 ··-·no_reboot_needed
299 ··-·restrict_strategy318 ··-·restrict_strategy
300 ··-·rpm_verify_hashes319 ··-·rpm_verify_hashes
301 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
302 #·Remediation·is·applicable·only·in·certain·platforms 
303 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
304 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
305 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
306 if·[·-n·"$files_with_incorrect_hash"·];·then 
307 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
308 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
309 ····dnf·reinstall·-y·$packages_to_reinstall 
  
310 fi 
  
311 else 
312 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
313 fi 
314 Group  ·System·Cryptographic·Policies·  Group·contains·2·rules320 Group  ·System·Cryptographic·Policies·  Group·contains·2·rules
315 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:321 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:
316 ····*·GnuTLS·library322 ····*·GnuTLS·library
317 ····*·OpenSSL·library323 ····*·OpenSSL·library
318 ····*·NSS·library324 ····*·NSS·library
319 ····*·OpenJDK325 ····*·OpenJDK
320 ····*·Libkrb5326 ····*·Libkrb5
Offset 341, 39 lines modifiedOffset 341, 33 lines modified
341 ············_\x8i_\x8s_\x8m······1446341 ············_\x8i_\x8s_\x8m······1446
342 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1342 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
343 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)343 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
344 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1344 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
345 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174345 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
346 ············_\x8c_\x8i_\x8s······1.6.1346 ············_\x8c_\x8i_\x8s······1.6.1
347 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2347 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
348 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8348 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
  
 349 var_system_crypto_policy='DEFAULT'
  
  
 350 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 351 rc=$?
  
 352 if·test·"$rc"·=·127;·then
 353 »       echo·"$stderr_of_call"·>&2
 354 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 355 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 356 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 357 »       false··#·end·with·an·error·code
 358 elif·test·"$rc"·!=·0;·then
 359 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 360 »       false··#·end·with·an·error·code
 361 fi
349 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
350 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
351 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true 
352 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
353 --- 
354 apiVersion:·machineconfiguration.openshift.io/v1 
355 kind:·MachineConfig 
356 spec: 
357 ··config: 
358 ····ignition: 
359 ······version:·3.1.0 
360 ····systemd: 
361 ······units: 
362 ········-·name:·configure-crypto-policy.service 
363 ··········enabled:·true 
364 ··········contents:·| 
365 ············[Unit] 
366 ············Before=kubelet.service 
367 ············[Service] 
368 ············Type=oneshot 
369 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}} 
370 ············RemainAfterExit=yes 
371 ············[Install] 
372 ············WantedBy=multi-user.target 
373 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8362 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
374 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low363 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
375 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low364 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
376 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false365 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
377 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict366 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
378 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable367 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
379 ··set_fact:368 ··set_fact:
Offset 418, 47 lines modifiedOffset 412, 58 lines modified
418 ··-·PCI-DSSv4-2.2.7412 ··-·PCI-DSSv4-2.2.7
Max diff block lines reached; 675652/681651 bytes (99.12%) of diff not shown.
20.1 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-hipaa.html
    
Offset 15293, 408 lines modifiedOffset 15293, 408 lines modified
0003bbc0:·6574·3d22·2369·646d·3639·3933·2220·7461··et="#idm6993"·ta0003bbc0:·6574·3d22·2369·646d·3639·3933·2220·7461··et="#idm6993"·ta
0003bbd0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003bbd0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003bbe0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003bbe0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003bbf0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003bbf0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003bc00:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003bc00:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003bc10:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003bc10:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003bc20:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003bc20:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003bc30:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet·0003bc30:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
0003bc40:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·0003bc40:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003bc50:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col0003bc50:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003bc60:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·0003bc60:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003bc70:·6964·3d22·6964·6d36·3939·3322·3e3c·7461··id="idm6993"><ta0003bc70:·2269·646d·3639·3933·223e·3c70·7265·3e3c··"idm6993"><pre><
0003bc80:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table0003bc80:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
0003bc90:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t0003bc90:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
0003bca0:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta0003bca0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
0003bcb0:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><0003bcb0:·2070·6c61·7466·6f72·6d73·0a69·6620·2120···platforms.if·!·
0003bcc0:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit0003bcc0:·2820·7b20·7270·6d20·2d2d·7175·6965·7420··(·{·rpm·--quiet·
0003bcd0:·793a·3c2f·7468·3e3c·7464·3e68·6967·683c··y:</th><td>high<0003bcd0:·2d71·206b·6572·6e65·6c20·3b7d·2026·616d··-q·kernel·;}·&am
0003bce0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003bce0:·703b·2661·6d70·3b20·7b20·7270·6d20·2d2d··p;&amp;·{·rpm·--
0003bcf0:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th0003bcf0:·7175·6965·7420·2d71·2072·706d·2d6f·7374··quiet·-q·rpm-ost
0003bd00:·3e3c·7464·3e6d·6564·6975·6d3c·2f74·643e··><td>medium</td>0003bd00:·7265·6520·3b7d·2026·616d·703b·2661·6d70··ree·;}·&amp;&amp
0003bd10:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb0003bd10:·3b20·7b20·7270·6d20·2d2d·7175·6965·7420··;·{·rpm·--quiet·
0003bd20:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal0003bd20:·2d71·2062·6f6f·7463·203b·7d20·2661·6d70··-q·bootc·;}·&amp
0003bd30:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>0003bd30:·3b26·616d·703b·207b·2021·2072·706d·202d··;&amp;·{·!·rpm·-
0003bd40:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t0003bd40:·2d71·7569·6574·202d·7120·6f70·656e·7368··-quiet·-q·opensh
0003bd50:·683e·3c74·643e·7265·7374·7269·6374·3c2f··h><td>restrict</0003bd50:·6966·742d·6b75·6265·6c65·7420·3b7d·2029··ift-kubelet·;}·)
0003bd60:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>0003bd60:·3b20·7468·656e·0a0a·2320·4669·6e64·2077··;·then..#·Find·w
0003bd70:·3c70·7265·3e3c·636f·6465·3e2d·206e·616d··<pre><code>-·nam0003bd70:·6869·6368·2066·696c·6573·2068·6176·6520··hich·files·have·
0003bd80:·653a·2047·6174·6865·7220·7468·6520·7061··e:·Gather·the·pa0003bd80:·696e·636f·7272·6563·7420·6861·7368·2028··incorrect·hash·(
0003bd90:·636b·6167·6520·6661·6374·730a·2020·7061··ckage·facts.··pa0003bd90:·6e6f·7420·696e·202f·6574·632c·2062·6563··not·in·/etc,·bec
0003bda0:·636b·6167·655f·6661·6374·733a·0a20·2020··ckage_facts:.···0003bda0:·6175·7365·206f·6620·7468·6520·7379·7374··ause·of·the·syst
0003bdb0:·206d·616e·6167·6572·3a20·6175·746f·0a20···manager:·auto.·0003bdb0:·656d·2072·656c·6174·6564·2063·6f6e·6669··em·related·confi
0003bdc0:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-0003bdc0:·6720·6669·6c65·7329·2061·6e64·2074·6865··g·files)·and·the
0003bdd0:·352e·3130·2e34·2e31·0a20·202d·204e·4953··5.10.4.1.··-·NIS0003bdd0:·6e20·6765·7420·6669·6c65·7320·6e61·6d65··n·get·files·name
0003bde0:·542d·3830·302d·3137·312d·332e·332e·380a··T-800-171-3.3.8.0003bde0:·730a·6669·6c65·735f·7769·7468·5f69·6e63··s.files_with_inc
0003bdf0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003bdf0:·6f72·7265·6374·5f68·6173·683d·2224·2872··orrect_hash="$(r
0003be00:·2d33·2e34·2e31·0a20·202d·204e·4953·542d··-3.4.1.··-·NIST-0003be00:·706d·202d·5661·202d·2d6e·6f63·6f6e·6669··pm·-Va·--noconfi
0003be10:·3830·302d·3533·2d41·552d·3928·3329·0a20··800-53-AU-9(3).·0003be10:·6720·7c20·6772·6570·202d·4520·275e·2e2e··g·|·grep·-E·'^..
0003be20:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C0003be20:·3527·207c·2061·776b·2027·7b70·7269·6e74··5'·|·awk·'{print
0003be30:·4d2d·3628·6329·0a20·202d·204e·4953·542d··M-6(c).··-·NIST-0003be30:·2024·4e46·7d27·2029·220a·0a69·6620·5b20···$NF}'·)"..if·[·
0003be40:·3830·302d·3533·2d43·4d2d·3628·6429·0a20··800-53-CM-6(d).·0003be40:·2d6e·2022·2466·696c·6573·5f77·6974·685f··-n·"$files_with_
0003be50:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003be50:·696e·636f·7272·6563·745f·6861·7368·2220··incorrect_hash"·
0003be60:·492d·370a·2020·2d20·4e49·5354·2d38·3030··I-7.··-·NIST-8000003be60:·5d3b·2074·6865·6e0a·2020·2020·2320·4672··];·then.····#·Fr
0003be70:·2d35·332d·5349·2d37·2831·290a·2020·2d20··-53-SI-7(1).··-·0003be70:·6f6d·2066·696c·6573·206e·616d·6573·2067··om·files·names·g
0003be80:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003be80:·6574·2070·6163·6b61·6765·206e·616d·6573··et·package·names
0003be90:·2836·290a·2020·2d20·5043·492d·4453·532d··(6).··-·PCI-DSS-0003be90:·2061·6e64·2063·6861·6e67·6520·6e65·776c···and·change·newl
0003bea0:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI0003bea0:·696e·6520·746f·2073·7061·6365·2c20·6265··ine·to·space,·be
0003beb0:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.··0003beb0:·6361·7573·6520·7270·6d20·7772·6974·6573··cause·rpm·writes
0003bec0:·2d20·6869·6768·5f63·6f6d·706c·6578·6974··-·high_complexit0003bec0:·2065·6163·6820·7061·636b·6167·6520·746f···each·package·to
0003bed0:·790a·2020·2d20·6869·6768·5f73·6576·6572··y.··-·high_sever0003bed0:·206e·6577·206c·696e·650a·2020·2020·7061···new·line.····pa
0003bee0:·6974·790a·2020·2d20·6d65·6469·756d·5f64··ity.··-·medium_d0003bee0:·636b·6167·6573·5f74·6f5f·7265·696e·7374··ckages_to_reinst
0003bef0:·6973·7275·7074·696f·6e0a·2020·2d20·6e6f··isruption.··-·no0003bef0:·616c·6c3d·2224·2872·706d·202d·7166·2024··all="$(rpm·-qf·$
0003bf00:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·0003bf00:·6669·6c65·735f·7769·7468·5f69·6e63·6f72··files_with_incor
0003bf10:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra0003bf10:·7265·6374·5f68·6173·6820·7c20·7472·2027··rect_hash·|·tr·'
0003bf20:·7465·6779·0a20·202d·2072·706d·5f76·6572··tegy.··-·rpm_ver0003bf20:·5c6e·2720·2720·2729·220a·0a20·2020·200a··\n'·'·')"..····.
0003bf30:·6966·795f·6861·7368·6573·0a0a·2d20·6e61··ify_hashes..-·na0003bf30:·2020·2020·646e·6620·7265·696e·7374·616c······dnf·reinstal
0003bf40:·6d65·3a20·2753·6574·2066·6163·743a·2050··me:·'Set·fact:·P0003bf40:·6c20·2d79·2024·7061·636b·6167·6573·5f74··l·-y·$packages_t
0003bf50:·6163·6b61·6765·206d·616e·6167·6572·2072··ackage·manager·r0003bf50:·6f5f·7265·696e·7374·616c·6c0a·2020·2020··o_reinstall.····
0003bf60:·6569·6e73·7461·6c6c·2063·6f6d·6d61·6e64··einstall·command0003bf60:·0a66·690a·0a65·6c73·650a·2020·2020·2667··.fi..else.····&g
0003bf70:·270a·2020·7365·745f·6661·6374·3a0a·2020··'.··set_fact:.··0003bf70:·743b·2661·6d70·3b32·2065·6368·6f20·2752··t;&amp;2·echo·'R
0003bf80:·2020·7061·636b·6167·655f·6d61·6e61·6765····package_manage0003bf80:·656d·6564·6961·7469·6f6e·2069·7320·6e6f··emediation·is·no
0003bf90:·725f·7265·696e·7374·616c·6c5f·636d·643a··r_reinstall_cmd:0003bf90:·7420·6170·706c·6963·6162·6c65·2c20·6e6f··t·applicable,·no
0003bfa0:·2064·6e66·2072·6569·6e73·7461·6c6c·202d···dnf·reinstall·-0003bfa0:·7468·696e·6720·7761·7320·646f·6e65·270a··thing·was·done'.
0003bfb0:·790a·2020·7768·656e·3a0a·2020·2d20·6e6f··y.··when:.··-·no0003bfb0:·6669·0a3c·2f63·6f64·653e·3c2f·7072·653e··fi.</code></pre>
0003bfc0:·7420·2820·226b·6572·6e65·6c22·2069·6e20··t·(·"kernel"·in·0003bfc0:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="
0003bfd0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003bfd0:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"
0003bfe0:·636b·6167·6573·2061·6e64·2022·7270·6d2d··ckages·and·"rpm-0003bfe0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co
0003bff0:·6f73·7472·6565·2220·696e·2061·6e73·6962··ostree"·in·ansib0003bff0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar
0003c000:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003c000:·6765·743d·2223·6964·6d36·3939·3422·2074··get="#idm6994"·t
0003c010:·730a·2020·2020·616e·6420·2262·6f6f·7463··s.····and·"bootc0003c010:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003c020:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003c020:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003c030:·7473·2e70·6163·6b61·6765·7320·616e·6420··ts.packages·and·0003c030:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003c040:·6e6f·7420·226f·7065·6e73·6869·6674·2d6b··not·"openshift-k0003c040:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003c050:·7562·656c·6574·2220·696e·2061·6e73·6962··ubelet"·in·ansib0003c050:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003c060:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003c060:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003c070:·730a·2020·2020·290a·2020·2d20·616e·7369··s.····).··-·ansi0003c070:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet
0003c080:·626c·655f·6469·7374·7269·6275·7469·6f6e··ble_distribution0003c080:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003c090:·2069·6e20·5b20·2246·6564·6f72·6122·2c20···in·[·"Fedora",·0003c090:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003c0a0:·2252·6564·4861·7422·2c20·2243·656e·744f··"RedHat",·"CentO0003c0a0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003c0b0:·5322·2c20·224f·7261·636c·654c·696e·7578··S",·"OracleLinux0003c0b0:·2069·643d·2269·646d·3639·3934·223e·3c74···id="idm6994"><t
0003c0c0:·2220·5d0a·2020·7461·6773·3a0a·2020·2d20··"·].··tags:.··-·0003c0c0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
0003c0d0:·434a·4953·2d35·2e31·302e·342e·310a·2020··CJIS-5.10.4.1.··0003c0d0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
0003c0e0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003c0e0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
0003c0f0:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-800003c0f0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
0003c100:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·0003c100:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
0003c110:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-90003c110:·7479·3a3c·2f74·683e·3c74·643e·6869·6768··ty:</th><td>high
0003c120:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-8000003c120:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003c130:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·0003c130:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
0003c140:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003c140:·683e·3c74·643e·6d65·6469·756d·3c2f·7464··h><td>medium</td
0003c150:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-8000003c150:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
0003c160:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS0003c160:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
0003c170:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)0003c170:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
0003c180:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003c180:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
0003c190:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI0003c190:·7468·3e3c·7464·3e72·6573·7472·6963·743c··th><td>restrict<
0003c1a0:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··0003c1a0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
0003c1b0:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.50003c1b0:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na
0003c1c0:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp0003c1c0:·6d65·3a20·4761·7468·6572·2074·6865·2070··me:·Gather·the·p
0003c1d0:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_0003c1d0:·6163·6b61·6765·2066·6163·7473·0a20·2070··ackage·facts.··p
0003c1e0:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med0003c1e0:·6163·6b61·6765·5f66·6163·7473·3a0a·2020··ackage_facts:.··
0003c1f0:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·0003c1f0:·2020·6d61·6e61·6765·723a·2061·7574·6f0a····manager:·auto.
0003c200:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee0003c200:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
0003c210:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict0003c210:·2d35·2e31·302e·342e·310a·2020·2d20·4e49··-5.10.4.1.··-·NI
0003c220:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp0003c220:·5354·2d38·3030·2d31·3731·2d33·2e33·2e38··ST-800-171-3.3.8
0003c230:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.0003c230:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0003c240:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa0003c240:·312d·332e·342e·310a·2020·2d20·4e49·5354··1-3.4.1.··-·NIST
0003c250:·6374·3a20·5061·636b·6167·6520·6d61·6e61··ct:·Package·mana0003c250:·2d38·3030·2d35·332d·4155·2d39·2833·290a··-800-53-AU-9(3).
0003c260:·6765·7220·7265·696e·7374·616c·6c20·636f··ger·reinstall·co0003c260:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003c270:·6d6d·616e·6420·287a·7970·7065·7229·270a··mmand·(zypper)'.0003c270:·434d·2d36·2863·290a·2020·2d20·4e49·5354··CM-6(c).··-·NIST
0003c280:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····0003c280:·2d38·3030·2d35·332d·434d·2d36·2864·290a··-800-53-CM-6(d).
0003c290:·7061·636b·6167·655f·6d61·6e61·6765·725f··package_manager_0003c290:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003c2a0:·7265·696e·7374·616c·6c5f·636d·643a·207a··reinstall_cmd:·z0003c2a0:·5349·2d37·0a20·202d·204e·4953·542d·3830··SI-7.··-·NIST-80
0003c2b0:·7970·7065·7220·696e·202d·6620·2d79·0a20··ypper·in·-f·-y.·0003c2b0:·302d·3533·2d53·492d·3728·3129·0a20·202d··0-53-SI-7(1).··-
0003c2c0:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003c2c0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003c2d0:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003c2d0:·3728·3629·0a20·202d·2050·4349·2d44·5353··7(6).··-·PCI-DSS
0003c2e0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003c2e0:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC
0003c2f0:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003c2f0:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·
0003c300:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003c300:·202d·2068·6967·685f·636f·6d70·6c65·7869···-·high_complexi
0003c310:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003c310:·7479·0a20·202d·2068·6967·685f·7365·7665··ty.··-·high_seve
0003c320:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003c320:·7269·7479·0a20·202d·206d·6564·6975·6d5f··rity.··-·medium_
0003c330:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003c330:·6469·7372·7570·7469·6f6e·0a20·202d·206e··disruption.··-·n
0003c340:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003c340:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.
0003c350:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003c350:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str
0003c360:·6c65·7422·2069·6e20·616e·7369·626c·655f··let"·in·ansible_0003c360:·6174·6567·790a·2020·2d20·7270·6d5f·7665··ategy.··-·rpm_ve
0003c370:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003c370:·7269·6679·5f68·6173·6865·730a·0a2d·206e··rify_hashes..-·n
0003c380:·2020·2029·0a20·202d·2061·6e73·6962·6c65·····).··-·ansible0003c380:·616d·653a·2027·5365·7420·6661·6374·3a20··ame:·'Set·fact:·
0003c390:·5f64·6973·7472·6962·7574·696f·6e20·3d3d··_distribution·==0003c390:·5061·636b·6167·6520·6d61·6e61·6765·7220··Package·manager·
Max diff block lines reached; 19366148/19421100 bytes (99.72%) of diff not shown.
1.53 MB
html2text {}
    
Offset 127, 14 lines modifiedOffset 127, 33 lines modified
127 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6127 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
128 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4128 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
129 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)129 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
130 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1130 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
131 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5131 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
132 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227132 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
133 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2133 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 134 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 135 #·Remediation·is·applicable·only·in·certain·platforms
 136 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 137 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 138 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 139 if·[·-n·"$files_with_incorrect_hash"·];·then
 140 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 141 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 142 ····dnf·reinstall·-y·$packages_to_reinstall
  
 143 fi
  
 144 else
 145 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 146 fi
134 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8147 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
135 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high148 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
136 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium149 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
137 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false150 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
138 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict151 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
139 -·name:·Gather·the·package·facts152 -·name:·Gather·the·package·facts
140 ··package_facts:153 ··package_facts:
Offset 301, 33 lines modifiedOffset 320, 14 lines modified
301 ··-·PCI-DSSv4-11.5.2320 ··-·PCI-DSSv4-11.5.2
302 ··-·high_complexity321 ··-·high_complexity
303 ··-·high_severity322 ··-·high_severity
304 ··-·medium_disruption323 ··-·medium_disruption
305 ··-·no_reboot_needed324 ··-·no_reboot_needed
306 ··-·restrict_strategy325 ··-·restrict_strategy
307 ··-·rpm_verify_hashes326 ··-·rpm_verify_hashes
308 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
309 #·Remediation·is·applicable·only·in·certain·platforms 
310 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
311 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
312 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
313 if·[·-n·"$files_with_incorrect_hash"·];·then 
314 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
315 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
316 ····dnf·reinstall·-y·$packages_to_reinstall 
  
317 fi 
  
318 else 
319 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
320 fi 
321 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*327 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
322 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:328 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
323 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'329 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
324 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:330 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
325 $·rpm·-qf·FILENAME331 $·rpm·-qf·FILENAME
  
326 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:332 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 348, 14 lines modifiedOffset 348, 50 lines modified
348 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5348 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
349 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2349 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
350 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)350 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
351 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1351 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
352 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5352 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
353 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108353 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
354 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2354 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 355 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 356 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 357 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 358 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 359 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 360 #·Remediation·is·applicable·only·in·certain·platforms
 361 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 362 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 363 declare·-A·SETPERMS_RPM_DICT
  
 364 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 365 #·is·expected·by·the·RPM·database
 366 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 367 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 368 do
 369 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 370 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 371 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 372 ········do
 373 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 374 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 375 ········done
 376 done
  
 377 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 378 #·correct·values
 379 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 380 do
 381 »       rpm·--restore·"${RPM_PACKAGE}"
 382 done
  
 383 else
 384 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 385 fi
355 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8386 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
356 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high387 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
357 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium388 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
358 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false389 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
359 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict390 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
360 -·name:·Gather·the·package·facts391 -·name:·Gather·the·package·facts
361 ··package_facts:392 ··package_facts:
Offset 467, 50 lines modifiedOffset 503, 14 lines modified
467 ··-·PCI-DSSv4-11.5.2503 ··-·PCI-DSSv4-11.5.2
468 ··-·high_complexity504 ··-·high_complexity
469 ··-·high_severity505 ··-·high_severity
470 ··-·medium_disruption506 ··-·medium_disruption
471 ··-·no_reboot_needed507 ··-·no_reboot_needed
472 ··-·restrict_strategy508 ··-·restrict_strategy
473 ··-·rpm_verify_permissions509 ··-·rpm_verify_permissions
474 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 1597716/1605800 bytes (99.50%) of diff not shown.
11.4 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-ism_o.html
    
Offset 15203, 279 lines modifiedOffset 15203, 279 lines modified
0003b620:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003b620:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003b630:·6d37·3333·3122·2074·6162·696e·6465·783d··m7331"·tabindex=0003b630:·6d37·3333·3122·2074·6162·696e·6465·783d··m7331"·tabindex=
0003b640:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003b640:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003b650:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003b650:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003b660:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003b660:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003b670:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003b670:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
0003b680:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003b680:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
 0003b690:·6564·6961·7469·6f6e·2073·6372·6970·7420··ediation·script·
0003b690:·6564·6961·7469·6f6e·2041·6e61·636f·6e64··ediation·Anacond 
0003b6a0:·6120·736e·6970·7065·7420·e287·b23c·2f61··a·snippet·...</a 
0003b6b0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b6c0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b6d0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b6e0:·6d37·3333·3122·3e3c·7461·626c·6520·636c··m7331"><table·cl 
0003b6f0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003b700:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003b710:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003b720:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003b730:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003b740:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b750:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003b760:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003b770:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b780:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003b790:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003b7a0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003b7b0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003b7c0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
0003b7d0:·626c·653e·3c70·7265·3e3c·636f·6465·3e0a··ble><pre><code>. 
0003b7e0:·7061·636b·6167·6520·2d2d·6164·643d·6169··package·--add=ai 
0003b7f0:·6465·0a3c·2f63·6f64·653e·3c2f·7072·653e··de.</code></pre> 
0003b800:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003b810:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003b820:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003b830:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003b840:·6765·743d·2223·6964·6d37·3333·3222·2074··get="#idm7332"·t 
0003b850:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003b860:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003b870:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003b880:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003b890:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003b8a0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003b8b0:·2050·7570·7065·7420·736e·6970·7065·7420···Puppet·snippet· 
0003b8c0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·0003b6a0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
0003b8d0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003b8e0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003b8f0:·6964·3d22·6964·6d37·3333·3222·3e3c·7461··id="idm7332"><ta 
0003b900:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003b910:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003b920:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
0003b930:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
0003b940:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
0003b950:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</ 
0003b960:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b970:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
0003b980:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b990:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003b9a0:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</ 
0003b9b0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b9c0:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t 
0003b9d0:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t 
0003b9e0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003b9f0:·636f·6465·3e69·6e63·6c75·6465·2069·6e73··code>include·ins 
0003ba00:·7461·6c6c·5f61·6964·650a·0a63·6c61·7373··tall_aide..class 
0003ba10:·2069·6e73·7461·6c6c·5f61·6964·6520·7b0a···install_aide·{. 
0003ba20:·2020·7061·636b·6167·6520·7b20·2761·6964····package·{·'aid 
0003ba30:·6527·3a0a·2020·2020·656e·7375·7265·203d··e':.····ensure·= 
0003ba40:·2667·743b·2027·696e·7374·616c·6c65·6427··&gt;·'installed' 
0003ba50:·2c0a·2020·7d0a·7d0a·3c2f·636f·6465·3e3c··,.··}.}.</code>< 
0003ba60:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003ba70:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003ba80:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003ba90:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003baa0:·612d·7461·7267·6574·3d22·2369·646d·3733··a-target="#idm73 
0003bab0:·3333·2220·7461·6269·6e64·6578·3d22·3022··33"·tabindex="0" 
0003bac0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003bad0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003bae0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003baf0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003bb00:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi 
0003bb10:·6174·696f·6e20·4f53·4275·696c·6420·426c··ation·OSBuild·Bl 
0003bb20:·7565·7072·696e·7420·736e·6970·7065·7420··ueprint·snippet· 
0003bb30:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003bb40:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col0003b6b0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
0003bb50:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·0003b6c0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
0003bb60:·6964·3d22·6964·6d37·3333·3322·3e3c·7072··id="idm7333"><pr0003b6d0:·6964·3d22·6964·6d37·3333·3122·3e3c·7461··id="idm7331"><ta
 0003b6e0:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
 0003b6f0:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
 0003b700:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
 0003b710:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
 0003b720:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
0003bb70:·653e·3c63·6f64·653e·0a5b·5b70·6163·6b61··e><code>.[[packa 
0003bb80:·6765·735d·5d0a·6e61·6d65·203d·2022·6169··ges]].name·=·"ai 
0003bb90:·6465·220a·7665·7273·696f·6e20·3d20·222a··de".version·=·"* 
0003bba0:·220a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··".</code></pre>< 
0003bbb0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003bbc0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003bbd0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003bbe0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003bbf0:·6574·3d22·2369·646d·3733·3334·2220·7461··et="#idm7334"·ta 
0003bc00:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003bc10:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003bc20:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003bc30:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003bc40:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003bc50:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003bc60:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b 
0003bc70:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003bc80:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003bc90:·6c61·7073·6522·2069·643d·2269·646d·3733··lapse"·id="idm73 
0003bca0:·3334·223e·3c74·6162·6c65·2063·6c61·7373··34"><table·class 
0003bcb0:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
0003bcc0:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord 
0003bcd0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
0003bce0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
0003bcf0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
0003bd00:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003bd10:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003bd20:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003bd30:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003bd40:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
0003bd50:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003bd60:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003bd70:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003bd80:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003bd90:·3e3c·7072·653e·3c63·6f64·653e·0a70·6163··><pre><code>.pac 
0003bda0:·6b61·6765·2069·6e73·7461·6c6c·2061·6964··kage·install·aid 
Max diff block lines reached; 10770993/10808143 bytes (99.66%) of diff not shown.
1.07 MB
html2text {}
    
Offset 122, 52 lines modifiedOffset 122, 48 lines modified
122 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)122 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
123 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3123 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
124 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5124 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
125 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199125 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
126 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79126 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
127 ············_\x8c_\x8i_\x8s············6.1.1127 ············_\x8c_\x8i_\x8s············6.1.1
128 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2128 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
134 package·--add=aide134 dnf·install·aide
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
140 include·install_aide140 include·install_aide
  
141 class·install_aide·{141 class·install_aide·{
142 ··package·{·'aide':142 ··package·{·'aide':
143 ····ensure·=>·'installed',143 ····ensure·=>·'installed',
144 ··}144 ··}
145 }145 }
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
147 [[packages]] 
148 name·=·"aide" 
149 version·=·"*" 
150 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
151 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
152 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
153 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
154 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 151 #·Remediation·is·applicable·only·in·certain·platforms
 152 if·rpm·--quiet·-q·kernel;·then
  
 153 if·!·rpm·-q·--quiet·"aide"·;·then
 154 ····dnf·install·-y·"aide"
 155 fi
155 package·install·aide 
156 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
157 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
158 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
159 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
160 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
161 dnf·install·aide156 else
 157 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 158 fi
162 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
163 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low160 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
164 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low161 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
165 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false162 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
166 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable163 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
167 -·name:·Gather·the·package·facts164 -·name:·Gather·the·package·facts
168 ··package_facts:165 ··package_facts:
Offset 196, 29 lines modifiedOffset 192, 33 lines modified
196 ··-·PCI-DSSv4-11.5.2192 ··-·PCI-DSSv4-11.5.2
197 ··-·enable_strategy193 ··-·enable_strategy
198 ··-·low_complexity194 ··-·low_complexity
199 ··-·low_disruption195 ··-·low_disruption
200 ··-·medium_severity196 ··-·medium_severity
201 ··-·no_reboot_needed197 ··-·no_reboot_needed
202 ··-·package_aide_installed198 ··-·package_aide_installed
 199 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 200 [[packages]]
 201 name·=·"aide"
 202 version·=·"*"
203 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8203 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
204 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low204 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
205 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low205 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
206 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false206 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
207 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable207 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
208 #·Remediation·is·applicable·only·in·certain·platforms 
209 if·rpm·--quiet·-q·kernel;·then 
  
210 if·!·rpm·-q·--quiet·"aide"·;·then 
211 ····dnf·install·-y·"aide" 
212 fi208 package·install·aide
 209 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 210 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 211 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 212 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 213 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 214 package·--add=aide
213 else 
214 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
215 fi 
216 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules215 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules
217 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.216 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.
  
218 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·10.217 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·10.
  
219 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.218 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.
220 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*219 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
Offset 234, 31 lines modifiedOffset 234, 31 lines modified
234 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_fips_mode234 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_fips_mode
235 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877235 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
236 ············_\x8i_\x8s_\x8m······1446236 ············_\x8i_\x8s_\x8m······1446
237 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1237 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
238 ············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12238 ············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
239 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1239 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
240 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176240 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
241 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
242 [customizations] 
243 fips·=·true 
244 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8241 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
245 #·Remediation·is·applicable·only·in·certain·platforms242 #·Remediation·is·applicable·only·in·certain·platforms
246 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then243 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
247 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then244 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
248 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF245 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
249 kargs·=·["fips=1"]246 kargs·=·["fips=1"]
250 EOF247 EOF
251 fi248 fi
  
252 else249 else
253 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'250 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
254 fi251 fi
 252 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
Max diff block lines reached; 1116851/1122979 bytes (99.45%) of diff not shown.
11.4 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-ism_o_secret.html
    
Offset 15207, 279 lines modifiedOffset 15207, 279 lines modified
0003b660:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003b660:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b670:·3733·3331·2220·7461·6269·6e64·6578·3d22··7331"·tabindex="0003b670:·3733·3331·2220·7461·6269·6e64·6578·3d22··7331"·tabindex="
0003b680:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003b680:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b690:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003b690:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b6a0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003b6a0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b6b0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003b6b0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003b6c0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003b6c0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
 0003b6d0:·6469·6174·696f·6e20·7363·7269·7074·20e2··diation·script·.
0003b6d0:·6469·6174·696f·6e20·416e·6163·6f6e·6461··diation·Anaconda 
0003b6e0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b6f0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b700:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b710:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b720:·3733·3331·223e·3c74·6162·6c65·2063·6c61··7331"><table·cla 
0003b730:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003b740:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003b750:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003b760:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003b770:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003b780:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b790:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003b7a0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003b7b0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b7c0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b7d0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b7e0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b7f0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b800:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003b810:·6c65·3e3c·7072·653e·3c63·6f64·653e·0a70··le><pre><code>.p 
0003b820:·6163·6b61·6765·202d·2d61·6464·3d61·6964··ackage·--add=aid 
0003b830:·650a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··e.</code></pre>< 
0003b840:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003b850:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003b860:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003b870:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003b880:·6574·3d22·2369·646d·3733·3332·2220·7461··et="#idm7332"·ta 
0003b890:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003b8a0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003b8b0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003b8c0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003b8d0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003b8e0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003b8f0:·5075·7070·6574·2073·6e69·7070·6574·20e2··Puppet·snippet·. 
0003b900:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c0003b6e0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
0003b910:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll0003b6f0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0003b920:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i0003b700:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0003b930:·643d·2269·646d·3733·3332·223e·3c74·6162··d="idm7332"><tab0003b710:·643d·2269·646d·3733·3331·223e·3c74·6162··d="idm7331"><tab
0003b940:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·0003b720:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
0003b950:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta0003b730:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
0003b960:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab0003b740:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
0003b970:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t0003b750:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
0003b980:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity0003b760:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
0003b990:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b9a0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003b9b0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003b9c0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b9d0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003b9e0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003b9f0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003ba00:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003ba10:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003ba20:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003ba30:·6f64·653e·696e·636c·7564·6520·696e·7374··ode>include·inst 
0003ba40:·616c·6c5f·6169·6465·0a0a·636c·6173·7320··all_aide..class· 
0003ba50:·696e·7374·616c·6c5f·6169·6465·207b·0a20··install_aide·{.· 
0003ba60:·2070·6163·6b61·6765·207b·2027·6169·6465···package·{·'aide 
0003ba70:·273a·0a20·2020·2065·6e73·7572·6520·3d26··':.····ensure·=& 
0003ba80:·6774·3b20·2769·6e73·7461·6c6c·6564·272c··gt;·'installed', 
0003ba90:·0a20·207d·0a7d·0a3c·2f63·6f64·653e·3c2f··.··}.}.</code></ 
0003baa0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003bab0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003bac0:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003bad0:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003bae0:·2d74·6172·6765·743d·2223·6964·6d37·3333··-target="#idm733 
0003baf0:·3322·2074·6162·696e·6465·783d·2230·2220··3"·tabindex="0"· 
0003bb00:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003bb10:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003bb20:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003bb30:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003bb40:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003bb50:·7469·6f6e·204f·5342·7569·6c64·2042·6c75··tion·OSBuild·Blu 
0003bb60:·6570·7269·6e74·2073·6e69·7070·6574·20e2··eprint·snippet·. 
0003bb70:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003bb80:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003bb90:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003bba0:·643d·2269·646d·3733·3333·223e·3c70·7265··d="idm7333"><pre 
0003bbb0:·3e3c·636f·6465·3e0a·5b5b·7061·636b·6167··><code>.[[packag 
0003bbc0:·6573·5d5d·0a6e·616d·6520·3d20·2261·6964··es]].name·=·"aid 
0003bbd0:·6522·0a76·6572·7369·6f6e·203d·2022·2a22··e".version·=·"*" 
0003bbe0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003bbf0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003bc00:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003bc10:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003bc20:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
0003bc30:·743d·2223·6964·6d37·3333·3422·2074·6162··t="#idm7334"·tab 
0003bc40:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003bc50:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003bc60:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003bc70:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003bc80:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003bc90:·2122·3e52·656d·6564·6961·7469·6f6e·2073··!">Remediation·s 
0003bca0:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br 
0003bcb0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003bcc0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003bcd0:·6170·7365·2220·6964·3d22·6964·6d37·3333··apse"·id="idm733 
0003bce0:·3422·3e3c·7461·626c·6520·636c·6173·733d··4"><table·class= 
0003bcf0:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str 
0003bd00:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde 
0003bd10:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden 
0003bd20:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com 
0003bd30:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td 
0003bd40:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003bd50:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption 
0003bd60:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003bd70:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R 
0003bd80:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f 
0003bd90:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t 
0003bda0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:< 
0003bdb0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</ 
0003bdc0:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table> 
0003bdd0:·3c70·7265·3e3c·636f·6465·3e0a·7061·636b··<pre><code>.pack 
0003bde0:·6167·6520·696e·7374·616c·6c20·6169·6465··age·install·aide 
0003bdf0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003be00:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003be10:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003be20:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003be30:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
Max diff block lines reached; 10770786/10807936 bytes (99.66%) of diff not shown.
1.07 MB
html2text {}
    
Offset 123, 52 lines modifiedOffset 123, 48 lines modified
123 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)123 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
124 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3124 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
125 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5125 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
126 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199126 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
127 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79127 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
128 ············_\x8c_\x8i_\x8s············6.1.1128 ············_\x8c_\x8i_\x8s············6.1.1
129 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2129 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
131 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low131 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
132 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low132 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
133 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false133 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
134 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable134 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
135 package·--add=aide135 dnf·install·aide
136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
141 include·install_aide141 include·install_aide
  
142 class·install_aide·{142 class·install_aide·{
143 ··package·{·'aide':143 ··package·{·'aide':
144 ····ensure·=>·'installed',144 ····ensure·=>·'installed',
145 ··}145 ··}
146 }146 }
147 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
148 [[packages]] 
149 name·=·"aide" 
150 version·=·"*" 
151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8147 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
152 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low148 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
153 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low149 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
154 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false150 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
155 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable151 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 152 #·Remediation·is·applicable·only·in·certain·platforms
 153 if·rpm·--quiet·-q·kernel;·then
  
 154 if·!·rpm·-q·--quiet·"aide"·;·then
 155 ····dnf·install·-y·"aide"
 156 fi
156 package·install·aide 
157 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
158 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
159 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
160 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
161 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
162 dnf·install·aide157 else
 158 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 159 fi
163 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8160 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
164 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low161 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
165 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low162 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
166 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false163 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
167 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable164 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
168 -·name:·Gather·the·package·facts165 -·name:·Gather·the·package·facts
169 ··package_facts:166 ··package_facts:
Offset 197, 29 lines modifiedOffset 193, 33 lines modified
197 ··-·PCI-DSSv4-11.5.2193 ··-·PCI-DSSv4-11.5.2
198 ··-·enable_strategy194 ··-·enable_strategy
199 ··-·low_complexity195 ··-·low_complexity
200 ··-·low_disruption196 ··-·low_disruption
201 ··-·medium_severity197 ··-·medium_severity
202 ··-·no_reboot_needed198 ··-·no_reboot_needed
203 ··-·package_aide_installed199 ··-·package_aide_installed
 200 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 201 [[packages]]
 202 name·=·"aide"
 203 version·=·"*"
204 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8204 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
205 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low205 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
206 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low206 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
207 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false207 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
208 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable208 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
209 #·Remediation·is·applicable·only·in·certain·platforms 
210 if·rpm·--quiet·-q·kernel;·then 
  
211 if·!·rpm·-q·--quiet·"aide"·;·then 
212 ····dnf·install·-y·"aide" 
213 fi209 package·install·aide
 210 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 211 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 212 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 213 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 214 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 215 package·--add=aide
214 else 
215 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
216 fi 
217 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules216 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules
218 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.217 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.
  
219 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·10.218 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·10.
  
220 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.219 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.
221 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*220 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
Offset 235, 31 lines modifiedOffset 235, 31 lines modified
235 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_fips_mode235 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_fips_mode
236 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877236 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
237 ············_\x8i_\x8s_\x8m······1446237 ············_\x8i_\x8s_\x8m······1446
238 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1238 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
239 ············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12239 ············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
240 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1240 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
241 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176241 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
242 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
243 [customizations] 
244 fips·=·true 
245 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8242 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
246 #·Remediation·is·applicable·only·in·certain·platforms243 #·Remediation·is·applicable·only·in·certain·platforms
247 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then244 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
248 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then245 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
249 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF246 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
250 kargs·=·["fips=1"]247 kargs·=·["fips=1"]
251 EOF248 EOF
252 fi249 fi
  
253 else250 else
254 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
255 fi252 fi
 253 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
Max diff block lines reached; 1116851/1122979 bytes (99.45%) of diff not shown.
11.4 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-ism_o_top_secret.html
    
Offset 15205, 278 lines modifiedOffset 15205, 278 lines modified
0003b640:·6574·3d22·2369·646d·3733·3331·2220·7461··et="#idm7331"·ta0003b640:·6574·3d22·2369·646d·3733·3331·2220·7461··et="#idm7331"·ta
0003b650:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003b650:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b660:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003b660:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b670:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003b670:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b680:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003b680:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b690:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003b690:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003b6a0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003b6a0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b6b0:·416e·6163·6f6e·6461·2073·6e69·7070·6574··Anaconda·snippet 
0003b6c0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003b6d0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003b6e0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003b6f0:·2069·643d·2269·646d·3733·3331·223e·3c74···id="idm7331"><t 
0003b700:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003b710:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003b720:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003b730:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003b740:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003b750:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003b760:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b770:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003b780:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b790:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003b7a0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003b7b0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b7c0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003b7d0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003b7e0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003b7f0:·3c63·6f64·653e·0a70·6163·6b61·6765·202d··<code>.package·- 
0003b800:·2d61·6464·3d61·6964·650a·3c2f·636f·6465··-add=aide.</code 
0003b810:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b820:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b830:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b840:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b850:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b860:·3733·3332·2220·7461·6269·6e64·6578·3d22··7332"·tabindex=" 
0003b870:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b880:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b890:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b8a0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b8b0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b8c0:·6469·6174·696f·6e20·5075·7070·6574·2073··diation·Puppet·s 
0003b8d0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b0003b6b0:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b
0003b8e0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa0003b6c0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
0003b8f0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003b900:·6c61·7073·6522·2069·643d·2269·646d·3733··lapse"·id="idm73 
0003b910:·3332·223e·3c74·6162·6c65·2063·6c61·7373··32"><table·class 
0003b920:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
0003b930:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord 
0003b940:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
0003b950:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
0003b960:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
0003b970:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003b980:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003b990:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003b9a0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b9b0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
0003b9c0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003b9d0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003b9e0:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003b9f0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003ba00:·3e3c·7072·653e·3c63·6f64·653e·696e·636c··><pre><code>incl 
0003ba10:·7564·6520·696e·7374·616c·6c5f·6169·6465··ude·install_aide 
0003ba20:·0a0a·636c·6173·7320·696e·7374·616c·6c5f··..class·install_ 
0003ba30:·6169·6465·207b·0a20·2070·6163·6b61·6765··aide·{.··package 
0003ba40:·207b·2027·6169·6465·273a·0a20·2020·2065···{·'aide':.····e 
0003ba50:·6e73·7572·6520·3d26·6774·3b20·2769·6e73··nsure·=&gt;·'ins 
0003ba60:·7461·6c6c·6564·272c·0a20·207d·0a7d·0a3c··talled',.··}.}.< 
0003ba70:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003ba80:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003ba90:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003baa0:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003bab0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003bac0:·2223·6964·6d37·3333·3322·2074·6162·696e··"#idm7333"·tabin 
0003bad0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003bae0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003baf0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003bb00:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003bb10:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003bb20:·3e52·656d·6564·6961·7469·6f6e·204f·5342··>Remediation·OSB 
0003bb30:·7569·6c64·2042·6c75·6570·7269·6e74·2073··uild·Blueprint·s 
0003bb40:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003bb50:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003bb60:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col0003b6d0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
0003bb70:·6c61·7073·6522·2069·643d·2269·646d·3733··lapse"·id="idm730003b6e0:·6c61·7073·6522·2069·643d·2269·646d·3733··lapse"·id="idm73
 0003b6f0:·3331·223e·3c74·6162·6c65·2063·6c61·7373··31"><table·class
 0003b700:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
 0003b710:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
 0003b720:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
 0003b730:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
 0003b740:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
0003bb80:·3333·223e·3c70·7265·3e3c·636f·6465·3e0a··33"><pre><code>. 
0003bb90:·5b5b·7061·636b·6167·6573·5d5d·0a6e·616d··[[packages]].nam 
0003bba0:·6520·3d20·2261·6964·6522·0a76·6572·7369··e·=·"aide".versi 
0003bbb0:·6f6e·203d·2022·2a22·0a3c·2f63·6f64·653e··on·=·"*".</code> 
0003bbc0:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003bbd0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003bbe0:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003bbf0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003bc00:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm7 
0003bc10:·3333·3422·2074·6162·696e·6465·783d·2230··334"·tabindex="0 
0003bc20:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003bc30:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003bc40:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003bc50:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003bc60:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003bc70:·6961·7469·6f6e·2073·6372·6970·7420·e287··iation·script·.. 
0003bc80:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003bc90:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003bca0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003bcb0:·3d22·6964·6d37·3333·3422·3e3c·7461·626c··="idm7334"><tabl 
0003bcc0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003bcd0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003bce0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003bcf0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003bd00:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003bd10:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003bd20:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003bd30:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003bd40:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003bd50:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003bd60:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003bd70:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003bd80:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003bd90:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003bda0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003bdb0:·6465·3e0a·7061·636b·6167·6520·696e·7374··de>.package·inst 
0003bdc0:·616c·6c20·6169·6465·0a3c·2f63·6f64·653e··all·aide.</code> 
Max diff block lines reached; 10769891/10806903 bytes (99.66%) of diff not shown.
1.07 MB
html2text {}
    
Offset 122, 52 lines modifiedOffset 122, 48 lines modified
122 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)122 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
123 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3123 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
124 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5124 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
125 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199125 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
126 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79126 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
127 ············_\x8c_\x8i_\x8s············6.1.1127 ············_\x8c_\x8i_\x8s············6.1.1
128 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2128 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
134 package·--add=aide134 dnf·install·aide
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
140 include·install_aide140 include·install_aide
  
141 class·install_aide·{141 class·install_aide·{
142 ··package·{·'aide':142 ··package·{·'aide':
143 ····ensure·=>·'installed',143 ····ensure·=>·'installed',
144 ··}144 ··}
145 }145 }
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
147 [[packages]] 
148 name·=·"aide" 
149 version·=·"*" 
150 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
151 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
152 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
153 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
154 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 151 #·Remediation·is·applicable·only·in·certain·platforms
 152 if·rpm·--quiet·-q·kernel;·then
  
 153 if·!·rpm·-q·--quiet·"aide"·;·then
 154 ····dnf·install·-y·"aide"
 155 fi
155 package·install·aide 
156 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
157 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
158 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
159 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
160 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
161 dnf·install·aide156 else
 157 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 158 fi
162 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
163 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low160 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
164 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low161 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
165 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false162 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
166 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable163 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
167 -·name:·Gather·the·package·facts164 -·name:·Gather·the·package·facts
168 ··package_facts:165 ··package_facts:
Offset 196, 29 lines modifiedOffset 192, 33 lines modified
196 ··-·PCI-DSSv4-11.5.2192 ··-·PCI-DSSv4-11.5.2
197 ··-·enable_strategy193 ··-·enable_strategy
198 ··-·low_complexity194 ··-·low_complexity
199 ··-·low_disruption195 ··-·low_disruption
200 ··-·medium_severity196 ··-·medium_severity
201 ··-·no_reboot_needed197 ··-·no_reboot_needed
202 ··-·package_aide_installed198 ··-·package_aide_installed
 199 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 200 [[packages]]
 201 name·=·"aide"
 202 version·=·"*"
203 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8203 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
204 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low204 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
205 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low205 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
206 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false206 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
207 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable207 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
208 #·Remediation·is·applicable·only·in·certain·platforms 
209 if·rpm·--quiet·-q·kernel;·then 
  
210 if·!·rpm·-q·--quiet·"aide"·;·then 
211 ····dnf·install·-y·"aide" 
212 fi208 package·install·aide
 209 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 210 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 211 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 212 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 213 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 214 package·--add=aide
213 else 
214 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
215 fi 
216 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules215 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules
217 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.216 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.
  
218 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·10.217 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·10.
  
219 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.218 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.
220 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*219 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
Offset 234, 31 lines modifiedOffset 234, 31 lines modified
234 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_fips_mode234 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_fips_mode
235 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877235 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
236 ············_\x8i_\x8s_\x8m······1446236 ············_\x8i_\x8s_\x8m······1446
237 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1237 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
238 ············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12238 ············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
239 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1239 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
240 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176240 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
241 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
242 [customizations] 
243 fips·=·true 
244 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8241 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
245 #·Remediation·is·applicable·only·in·certain·platforms242 #·Remediation·is·applicable·only·in·certain·platforms
246 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then243 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
247 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then244 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
248 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF245 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
249 kargs·=·["fips=1"]246 kargs·=·["fips=1"]
250 EOF247 EOF
251 fi248 fi
  
252 else249 else
253 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'250 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
254 fi251 fi
 252 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
Max diff block lines reached; 1116851/1122979 bytes (99.45%) of diff not shown.
7.29 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-ospp.html
    
Offset 15157, 62 lines modifiedOffset 15157, 62 lines modified
0003b340:·6574·3d22·2369·646d·3738·3339·2220·7461··et="#idm7839"·ta0003b340:·6574·3d22·2369·646d·3738·3339·2220·7461··et="#idm7839"·ta
0003b350:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003b350:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b360:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003b360:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b370:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003b370:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b380:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003b380:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b390:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003b390:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003b3a0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003b3a0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b3b0:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
0003b3c0:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003b3d0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b3e0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b3f0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b400:·6d37·3833·3922·3e3c·7072·653e·3c63·6f64··m7839"><pre><cod 
0003b410:·653e·0a5b·6375·7374·6f6d·697a·6174·696f··e>.[customizatio 
0003b420:·6e73·5d0a·6669·7073·203d·2074·7275·650a··ns].fips·=·true. 
0003b430:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003b440:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003b450:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003b460:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003b470:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003b480:·3d22·2369·646d·3738·3430·2220·7461·6269··="#idm7840"·tabi 
0003b490:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003b4a0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003b4b0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003b4c0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003b4d0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003b4e0:·223e·5265·6d65·6469·6174·696f·6e20·5368··">Remediation·Sh 
0003b4f0:·656c·6c20·7363·7269·7074·20e2·87b2·3c2f··ell·script·...</0003b3b0:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
0003b500:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0003b3c0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003b510:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0003b3d0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003b520:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0003b3e0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003b530:·646d·3738·3430·223e·3c70·7265·3e3c·636f··dm7840"><pre><co0003b3f0:·2269·646d·3738·3339·223e·3c70·7265·3e3c··"idm7839"><pre><
0003b540:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation0003b400:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
0003b550:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o0003b410:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
0003b560:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p0003b420:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
0003b570:·6c61·7466·6f72·6d73·0a69·6620·2820·2120··latforms.if·(·!·0003b430:·2070·6c61·7466·6f72·6d73·0a69·6620·2820···platforms.if·(·
0003b580:·2820·5b20·2224·7b63·6f6e·7461·696e·6572··(·[·"${container0003b440:·2120·2820·5b20·2224·7b63·6f6e·7461·696e··!·(·[·"${contain
0003b590:·3a2d·7d22·203d·3d20·2262·7772·6170·2d6f··:-}"·==·"bwrap-o0003b450:·6572·3a2d·7d22·203d·3d20·2262·7772·6170··er:-}"·==·"bwrap
0003b5a0:·7362·7569·6c64·2220·5d20·2920·2661·6d70··sbuild"·]·)·&amp0003b460:·2d6f·7362·7569·6c64·2220·5d20·2920·2661··-osbuild"·]·)·&a
0003b5b0:·3b26·616d·703b·2072·706d·202d·2d71·7569··;&amp;·rpm·--qui0003b470:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q
0003b5c0:·6574·202d·7120·6b65·726e·656c·2029·3b20··et·-q·kernel·);·0003b480:·7569·6574·202d·7120·6b65·726e·656c·2029··uiet·-q·kernel·)
0003b5d0:·7468·656e·0a0a·6966·205b·5b20·2224·4f53··then..if·[[·"$OS0003b490:·3b20·7468·656e·0a0a·6966·205b·5b20·2224··;·then..if·[[·"$
0003b5e0:·4341·505f·424f·4f54·435f·4255·494c·4422··CAP_BOOTC_BUILD"0003b4a0:·4f53·4341·505f·424f·4f54·435f·4255·494c··OSCAP_BOOTC_BUIL
0003b5f0:·203d·3d20·2259·4553·2220·5d5d·3b20·7468···==·"YES"·]];·th0003b4b0:·4422·203d·3d20·2259·4553·2220·5d5d·3b20··D"·==·"YES"·]];·
0003b600:·656e·0a09·6361·7420·2667·743b·202f·7573··en..cat·&gt;·/us0003b4c0:·7468·656e·0a09·6361·7420·2667·743b·202f··then..cat·&gt;·/
0003b610:·722f·6c69·622f·626f·6f74·632f·6b61·7267··r/lib/bootc/karg0003b4d0:·7573·722f·6c69·622f·626f·6f74·632f·6b61··usr/lib/bootc/ka
0003b620:·732e·642f·3031·2d66·6970·732e·746f·6d6c··s.d/01-fips.toml0003b4e0:·7267·732e·642f·3031·2d66·6970·732e·746f··rgs.d/01-fips.to
0003b630:·2026·6c74·3b26·6c74·3b20·454f·460a·6b61···&lt;&lt;·EOF.ka0003b4f0:·6d6c·2026·6c74·3b26·6c74·3b20·454f·460a··ml·&lt;&lt;·EOF.
0003b640:·7267·7320·3d20·5b22·6669·7073·3d31·225d··rgs·=·["fips=1"]0003b500:·6b61·7267·7320·3d20·5b22·6669·7073·3d31··kargs·=·["fips=1
0003b650:·0a45·4f46·0a66·690a·0a65·6c73·650a·2020··.EOF.fi..else.··0003b510:·225d·0a45·4f46·0a66·690a·0a65·6c73·650a··"].EOF.fi..else.
0003b660:·2020·2667·743b·2661·6d70·3b32·2065·6368····&gt;&amp;2·ech0003b520:·2020·2020·2667·743b·2661·6d70·3b32·2065······&gt;&amp;2·e
0003b670:·6f20·2752·656d·6564·6961·7469·6f6e·2069··o·'Remediation·i0003b530:·6368·6f20·2752·656d·6564·6961·7469·6f6e··cho·'Remediation
0003b680:·7320·6e6f·7420·6170·706c·6963·6162·6c65··s·not·applicable0003b540:·2069·7320·6e6f·7420·6170·706c·6963·6162···is·not·applicab
0003b690:·2c20·6e6f·7468·696e·6720·7761·7320·646f··,·nothing·was·do0003b550:·6c65·2c20·6e6f·7468·696e·6720·7761·7320··le,·nothing·was·
0003b6a0:·6e65·270a·6669·0a3c·2f63·6f64·653e·3c2f··ne'.fi.</code></0003b560:·646f·6e65·270a·6669·0a3c·2f63·6f64·653e··done'.fi.</code>
 0003b570:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
 0003b580:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
 0003b590:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
 0003b5a0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
 0003b5b0:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm7
 0003b5c0:·3834·3022·2074·6162·696e·6465·783d·2230··840"·tabindex="0
 0003b5d0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
 0003b5e0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
 0003b5f0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
 0003b600:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
 0003b610:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003b620:·6961·7469·6f6e·204f·5342·7569·6c64·2042··iation·OSBuild·B
 0003b630:·6c75·6570·7269·6e74·2073·6e69·7070·6574··lueprint·snippet
 0003b640:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
 0003b650:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
 0003b660:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
 0003b670:·2069·643d·2269·646d·3738·3430·223e·3c70···id="idm7840"><p
 0003b680:·7265·3e3c·636f·6465·3e0a·5b63·7573·746f··re><code>.[custo
 0003b690:·6d69·7a61·7469·6f6e·735d·0a66·6970·7320··mizations].fips·
 0003b6a0:·3d20·7472·7565·0a3c·2f63·6f64·653e·3c2f··=·true.</code></
0003b6b0:·7072·653e·3c2f·6469·763e·3c2f·6469·763e··pre></div></div>0003b6b0:·7072·653e·3c2f·6469·763e·3c2f·6469·763e··pre></div></div>
0003b6c0:·3c2f·7464·3e3c·2f74·723e·3c2f·7462·6f64··</td></tr></tbod0003b6c0:·3c2f·7464·3e3c·2f74·723e·3c2f·7462·6f64··</td></tr></tbod
0003b6d0:·793e·3c2f·7461·626c·653e·3c2f·7464·3e3c··y></table></td><0003b6d0:·793e·3c2f·7461·626c·653e·3c2f·7464·3e3c··y></table></td><
0003b6e0:·2f74·723e·3c74·7220·6461·7461·2d74·742d··/tr><tr·data-tt-0003b6e0:·2f74·723e·3c74·7220·6461·7461·2d74·742d··/tr><tr·data-tt-
0003b6f0:·6964·3d22·6368·696c·6472·656e·2d78·6363··id="children-xcc0003b6f0:·6964·3d22·6368·696c·6472·656e·2d78·6363··id="children-xcc
0003b700:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec0003b700:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
0003b710:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_0003b710:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
Offset 15477, 251 lines modifiedOffset 15477, 251 lines modified
0003c740:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003c740:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003c750:·2223·6964·6d37·3935·3522·2074·6162·696e··"#idm7955"·tabin0003c750:·2223·6964·6d37·3935·3522·2074·6162·696e··"#idm7955"·tabin
0003c760:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003c760:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003c770:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003c770:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003c780:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003c780:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003c790:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003c790:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003c7a0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003c7a0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003c7b0:·3e52·656d·6564·6961·7469·6f6e·2041·6e61··>Remediation·Ana0003c7b0:·3e52·656d·6564·6961·7469·6f6e·2073·6372··>Remediation·scr
0003c7c0:·636f·6e64·6120·736e·6970·7065·7420·e287··conda·snippet·.. 
0003c7d0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003c7e0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003c7f0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003c800:·3d22·6964·6d37·3935·3522·3e3c·7461·626c··="idm7955"><tabl 
0003c810:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003c820:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003c830:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003c840:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003c850:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:0003c7c0:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br><
 0003c7d0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
 0003c7e0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
 0003c7f0:·7365·2220·6964·3d22·6964·6d37·3935·3522··se"·id="idm7955"
 0003c800:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
 0003c810:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
 0003c820:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
 0003c830:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
 0003c840:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
 0003c850:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
 0003c860:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003c870:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
 0003c880:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003c890:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
 0003c8a0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
 0003c8b0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
 0003c8c0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
 0003c8d0:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td
 0003c8e0:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
 0003c8f0:·7265·3e3c·636f·6465·3e0a·646e·6620·696e··re><code>.dnf·in
 0003c900:·7374·616c·6c20·6372·7970·746f·2d70·6f6c··stall·crypto-pol
 0003c910:·6963·6965·730a·3c2f·636f·6465·3e3c·2f70··icies.</code></p
 0003c920:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas
 0003c930:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe
 0003c940:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle=
 0003c950:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data-
 0003c960:·7461·7267·6574·3d22·2369·646d·3739·3536··target="#idm7956
Max diff block lines reached; 6693329/6734231 bytes (99.39%) of diff not shown.
886 KB
html2text {}
    
Offset 109, 31 lines modifiedOffset 109, 31 lines modified
109 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_fips_mode109 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_fips_mode
110 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877110 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
111 ············_\x8i_\x8s_\x8m······1446111 ············_\x8i_\x8s_\x8m······1446
112 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1112 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
113 ············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12113 ············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
114 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1114 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
115 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176115 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
116 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
117 [customizations] 
118 fips·=·true 
119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8116 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
120 #·Remediation·is·applicable·only·in·certain·platforms117 #·Remediation·is·applicable·only·in·certain·platforms
121 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then118 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
122 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then119 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
123 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF120 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
124 kargs·=·["fips=1"]121 kargs·=·["fips=1"]
125 EOF122 EOF
126 fi123 fi
  
127 else124 else
128 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'125 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
129 fi126 fi
 127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 128 [customizations]
 129 fips·=·true
130 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules130 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules
131 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:131 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:
132 ····*·GnuTLS·library132 ····*·GnuTLS·library
133 ····*·OpenSSL·library133 ····*·OpenSSL·library
134 ····*·NSS·library134 ····*·NSS·library
135 ····*·OpenJDK135 ····*·OpenJDK
136 ····*·Libkrb5136 ····*·Libkrb5
Offset 145, 52 lines modifiedOffset 145, 42 lines modified
145 $·sudo·dnf·install·crypto-policies145 $·sudo·dnf·install·crypto-policies
146 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.146 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.
147 Severity: ··medium147 Severity: ··medium
148 Rule·ID:····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed148 Rule·ID:····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed
149 ············_\x8d_\x8i_\x8s_\x8a···CCI-002890,·CCI-002450,·CCI-003123149 ············_\x8d_\x8i_\x8s_\x8a···CCI-002890,·CCI-002450,·CCI-003123
150 References:·_\x8o_\x8s_\x8p_\x8p···FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1150 References:·_\x8o_\x8s_\x8p_\x8p···FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
151 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174151 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
152 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8152 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
153 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low153 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
154 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low154 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
155 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false155 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
156 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable156 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
157 package·--add=crypto-policies157 dnf·install·crypto-policies
158 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8158 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
159 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low159 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
160 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low160 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
161 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false161 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
162 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable162 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
163 include·install_crypto-policies163 include·install_crypto-policies
  
164 class·install_crypto-policies·{164 class·install_crypto-policies·{
165 ··package·{·'crypto-policies':165 ··package·{·'crypto-policies':
166 ····ensure·=>·'installed',166 ····ensure·=>·'installed',
167 ··}167 ··}
168 }168 }
169 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
170 [[packages]] 
171 name·=·"crypto-policies" 
172 version·=·"*" 
173 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8169 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
174 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
175 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
176 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
177 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
178 package·install·crypto-policies 
179 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
180 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low170 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
181 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low171 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
182 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false172 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
183 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable173 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 174 if·!·rpm·-q·--quiet·"crypto-policies"·;·then
184 dnf·install·crypto-policies175 ····dnf·install·-y·"crypto-policies"
 176 fi
185 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8177 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
186 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low178 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
187 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low179 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
188 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false180 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
189 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable181 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
190 -·name:·Ensure·crypto-policies·is·installed182 -·name:·Ensure·crypto-policies·is·installed
191 ··package:183 ··package:
Offset 199, 23 lines modifiedOffset 189, 33 lines modified
199 ··tags:189 ··tags:
200 ··-·enable_strategy190 ··-·enable_strategy
201 ··-·low_complexity191 ··-·low_complexity
202 ··-·low_disruption192 ··-·low_disruption
203 ··-·medium_severity193 ··-·medium_severity
204 ··-·no_reboot_needed194 ··-·no_reboot_needed
205 ··-·package_crypto-policies_installed195 ··-·package_crypto-policies_installed
 196 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 197 [[packages]]
 198 name·=·"crypto-policies"
 199 version·=·"*"
206 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8200 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
207 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low201 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
208 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low202 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
209 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false203 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
210 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable204 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
211 if·!·rpm·-q·--quiet·"crypto-policies"·;·then 
212 ····dnf·install·-y·"crypto-policies" 
213 fi205 package·install·crypto-policies
 206 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 207 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 208 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 209 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 210 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 211 package·--add=crypto-policies
214 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*212 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
215 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·FIPS:OSPP·policy,·run·the·following·command:213 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·FIPS:OSPP·policy,·run·the·following·command:
216 $·sudo·update-crypto-policies·--set·FIPS:OSPP214 $·sudo·update-crypto-policies·--set·FIPS:OSPP
217 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.·Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to·correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case·crypto·policy·customizations·are·applied.·Crypto·policies·may·be·customized·by·crypto·policy·modules,·in·which·case·it·is·delimited·from·the·base·policy·using·a·colon.215 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.·Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to·correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case·crypto·policy·customizations·are·applied.·Crypto·policies·may·be·customized·by·crypto·policy·modules,·in·which·case·it·is·delimited·from·the·base·policy·using·a·colon.
218 Warning: ·The·system·needs·to·be·rebooted·for·these·changes·to·take·effect.216 Warning: ·The·system·needs·to·be·rebooted·for·these·changes·to·take·effect.
219 Warning: ·System·Crypto·Modules·must·be·provided·by·a·vendor·that·undergoes·FIPS-140·certifications.·FIPS-140·is·applicable·to·all·Federal·agencies·that·use·cryptographic-based·security·systems·to·protect·sensitive·information·in·computer·and·telecommunication·systems·(including·voice·systems)·as·defined·in·Section·5131·of·the·Information·Technology·Management·Reform·Act·of·1996,·Public·Law·104-106.·This·standard·shall·be·used·in·designing·and·implementing·cryptographic·modules·that·Federal·departments·and·agencies·operate·or·are·operated·for·them·under·contract.·See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8n\x8n_\x8v\x8v_\x8l\x8l_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8/\x8/_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8/\x8/_\x8N\x8N_\x8I\x8I_\x8S\x8S_\x8T\x8T_\x8.\x8._\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x81\x81_\x84\x84_\x80\x80_\x8-\x8-_\x82\x82_\x8.\x8._\x8p\x8p_\x8d\x8d_\x8f\x8f·To·meet·this,·the·system·has·to·have·cryptographic·software·provided·by·a·vendor·that·has·undergone·this·certification.·This·means·providing·documentation,·test·results,·design·information,·and·independent·third·party·review·by·an·accredited·lab.·While·open·source·software·is·capable·of·meeting·this,·it·does·not·meet·FIPS-140·unless·the·vendor·submits·to·this·process.217 Warning: ·System·Crypto·Modules·must·be·provided·by·a·vendor·that·undergoes·FIPS-140·certifications.·FIPS-140·is·applicable·to·all·Federal·agencies·that·use·cryptographic-based·security·systems·to·protect·sensitive·information·in·computer·and·telecommunication·systems·(including·voice·systems)·as·defined·in·Section·5131·of·the·Information·Technology·Management·Reform·Act·of·1996,·Public·Law·104-106.·This·standard·shall·be·used·in·designing·and·implementing·cryptographic·modules·that·Federal·departments·and·agencies·operate·or·are·operated·for·them·under·contract.·See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8n\x8n_\x8v\x8v_\x8l\x8l_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8/\x8/_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8/\x8/_\x8N\x8N_\x8I\x8I_\x8S\x8S_\x8T\x8T_\x8.\x8._\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x81\x81_\x84\x84_\x80\x80_\x8-\x8-_\x82\x82_\x8.\x8._\x8p\x8p_\x8d\x8d_\x8f\x8f·To·meet·this,·the·system·has·to·have·cryptographic·software·provided·by·a·vendor·that·has·undergone·this·certification.·This·means·providing·documentation,·test·results,·design·information,·and·independent·third·party·review·by·an·accredited·lab.·While·open·source·software·is·capable·of·meeting·this,·it·does·not·meet·FIPS-140·unless·the·vendor·submits·to·this·process.
220 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.218 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.
Offset 226, 39 lines modifiedOffset 226, 33 lines modified
Max diff block lines reached; 899043/907143 bytes (99.11%) of diff not shown.
17.3 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-pci-dss.html
    
Offset 15295, 408 lines modifiedOffset 15295, 408 lines modified
0003bbe0:·6765·743d·2223·6964·6d36·3939·3322·2074··get="#idm6993"·t0003bbe0:·6765·743d·2223·6964·6d36·3939·3322·2074··get="#idm6993"·t
0003bbf0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003bbf0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003bc00:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003bc00:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003bc10:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003bc10:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003bc20:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003bc20:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003bc30:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003bc30:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003bc40:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003bc40:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003bc50:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet0003bc50:·2053·6865·6c6c·2073·6372·6970·7420·e287···Shell·script·..
0003bc60:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div0003bc60:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003bc70:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0003bc70:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003bc80:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"0003bc80:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003bc90:·2069·643d·2269·646d·3639·3933·223e·3c74···id="idm6993"><t0003bc90:·3d22·6964·6d36·3939·3322·3e3c·7072·653e··="idm6993"><pre>
0003bca0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl0003bca0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
0003bcb0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·0003bcb0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
0003bcc0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t0003bcc0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
0003bcd0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">0003bcd0:·6e20·706c·6174·666f·726d·730a·6966·2021··n·platforms.if·!
0003bce0:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi0003bce0:·2028·207b·2072·706d·202d·2d71·7569·6574···(·{·rpm·--quiet
0003bcf0:·7479·3a3c·2f74·683e·3c74·643e·6869·6768··ty:</th><td>high0003bcf0:·202d·7120·6b65·726e·656c·203b·7d20·2661···-q·kernel·;}·&a
0003bd00:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003bd00:·6d70·3b26·616d·703b·207b·2072·706d·202d··mp;&amp;·{·rpm·-
0003bd10:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t0003bd10:·2d71·7569·6574·202d·7120·7270·6d2d·6f73··-quiet·-q·rpm-os
0003bd20:·683e·3c74·643e·6d65·6469·756d·3c2f·7464··h><td>medium</td0003bd20:·7472·6565·203b·7d20·2661·6d70·3b26·616d··tree·;}·&amp;&am
0003bd30:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re0003bd30:·703b·207b·2072·706d·202d·2d71·7569·6574··p;·{·rpm·--quiet
0003bd40:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa0003bd40:·202d·7120·626f·6f74·6320·3b7d·2026·616d···-q·bootc·;}·&am
0003bd50:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr0003bd50:·703b·2661·6d70·3b20·7b20·2120·7270·6d20··p;&amp;·{·!·rpm·
0003bd60:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</0003bd60:·2d2d·7175·6965·7420·2d71·206f·7065·6e73··--quiet·-q·opens
0003bd70:·7468·3e3c·7464·3e72·6573·7472·6963·743c··th><td>restrict<0003bd70:·6869·6674·2d6b·7562·656c·6574·203b·7d20··hift-kubelet·;}·
0003bd80:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table0003bd80:·293b·2074·6865·6e0a·0a23·2046·696e·6420··);·then..#·Find·
0003bd90:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na0003bd90:·7768·6963·6820·6669·6c65·7320·6861·7665··which·files·have
0003bda0:·6d65·3a20·4761·7468·6572·2074·6865·2070··me:·Gather·the·p0003bda0:·2069·6e63·6f72·7265·6374·2068·6173·6820···incorrect·hash·
0003bdb0:·6163·6b61·6765·2066·6163·7473·0a20·2070··ackage·facts.··p0003bdb0:·286e·6f74·2069·6e20·2f65·7463·2c20·6265··(not·in·/etc,·be
0003bdc0:·6163·6b61·6765·5f66·6163·7473·3a0a·2020··ackage_facts:.··0003bdc0:·6361·7573·6520·6f66·2074·6865·2073·7973··cause·of·the·sys
0003bdd0:·2020·6d61·6e61·6765·723a·2061·7574·6f0a····manager:·auto.0003bdd0:·7465·6d20·7265·6c61·7465·6420·636f·6e66··tem·related·conf
0003bde0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS0003bde0:·6967·2066·696c·6573·2920·616e·6420·7468··ig·files)·and·th
0003bdf0:·2d35·2e31·302e·342e·310a·2020·2d20·4e49··-5.10.4.1.··-·NI0003bdf0:·656e·2067·6574·2066·696c·6573·206e·616d··en·get·files·nam
0003be00:·5354·2d38·3030·2d31·3731·2d33·2e33·2e38··ST-800-171-3.3.80003be00:·6573·0a66·696c·6573·5f77·6974·685f·696e··es.files_with_in
0003be10:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170003be10:·636f·7272·6563·745f·6861·7368·3d22·2428··correct_hash="$(
0003be20:·312d·332e·342e·310a·2020·2d20·4e49·5354··1-3.4.1.··-·NIST0003be20:·7270·6d20·2d56·6120·2d2d·6e6f·636f·6e66··rpm·-Va·--noconf
0003be30:·2d38·3030·2d35·332d·4155·2d39·2833·290a··-800-53-AU-9(3).0003be30:·6967·207c·2067·7265·7020·2d45·2027·5e2e··ig·|·grep·-E·'^.
0003be40:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003be40:·2e35·2720·7c20·6177·6b20·277b·7072·696e··.5'·|·awk·'{prin
0003be50:·434d·2d36·2863·290a·2020·2d20·4e49·5354··CM-6(c).··-·NIST0003be50:·7420·244e·467d·2720·2922·0a0a·6966·205b··t·$NF}'·)"..if·[
0003be60:·2d38·3030·2d35·332d·434d·2d36·2864·290a··-800-53-CM-6(d).0003be60:·202d·6e20·2224·6669·6c65·735f·7769·7468···-n·"$files_with
0003be70:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003be70:·5f69·6e63·6f72·7265·6374·5f68·6173·6822··_incorrect_hash"
0003be80:·5349·2d37·0a20·202d·204e·4953·542d·3830··SI-7.··-·NIST-800003be80:·205d·3b20·7468·656e·0a20·2020·2023·2046···];·then.····#·F
0003be90:·302d·3533·2d53·492d·3728·3129·0a20·202d··0-53-SI-7(1).··-0003be90:·726f·6d20·6669·6c65·7320·6e61·6d65·7320··rom·files·names·
0003bea0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003bea0:·6765·7420·7061·636b·6167·6520·6e61·6d65··get·package·name
0003beb0:·3728·3629·0a20·202d·2050·4349·2d44·5353··7(6).··-·PCI-DSS0003beb0:·7320·616e·6420·6368·616e·6765·206e·6577··s·and·change·new
0003bec0:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC0003bec0:·6c69·6e65·2074·6f20·7370·6163·652c·2062··line·to·space,·b
0003bed0:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·0003bed0:·6563·6175·7365·2072·706d·2077·7269·7465··ecause·rpm·write
0003bee0:·202d·2068·6967·685f·636f·6d70·6c65·7869···-·high_complexi0003bee0:·7320·6561·6368·2070·6163·6b61·6765·2074··s·each·package·t
0003bef0:·7479·0a20·202d·2068·6967·685f·7365·7665··ty.··-·high_seve0003bef0:·6f20·6e65·7720·6c69·6e65·0a20·2020·2070··o·new·line.····p
0003bf00:·7269·7479·0a20·202d·206d·6564·6975·6d5f··rity.··-·medium_0003bf00:·6163·6b61·6765·735f·746f·5f72·6569·6e73··ackages_to_reins
0003bf10:·6469·7372·7570·7469·6f6e·0a20·202d·206e··disruption.··-·n0003bf10:·7461·6c6c·3d22·2428·7270·6d20·2d71·6620··tall="$(rpm·-qf·
0003bf20:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003bf20:·2466·696c·6573·5f77·6974·685f·696e·636f··$files_with_inco
0003bf30:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str0003bf30:·7272·6563·745f·6861·7368·207c·2074·7220··rrect_hash·|·tr·
0003bf40:·6174·6567·790a·2020·2d20·7270·6d5f·7665··ategy.··-·rpm_ve0003bf40:·275c·6e27·2027·2027·2922·0a0a·2020·2020··'\n'·'·')"..····
0003bf50:·7269·6679·5f68·6173·6865·730a·0a2d·206e··rify_hashes..-·n0003bf50:·0a20·2020·2064·6e66·2072·6569·6e73·7461··.····dnf·reinsta
0003bf60:·616d·653a·2027·5365·7420·6661·6374·3a20··ame:·'Set·fact:·0003bf60:·6c6c·202d·7920·2470·6163·6b61·6765·735f··ll·-y·$packages_
0003bf70:·5061·636b·6167·6520·6d61·6e61·6765·7220··Package·manager·0003bf70:·746f·5f72·6569·6e73·7461·6c6c·0a20·2020··to_reinstall.···
0003bf80:·7265·696e·7374·616c·6c20·636f·6d6d·616e··reinstall·comman0003bf80:·200a·6669·0a0a·656c·7365·0a20·2020·2026···.fi..else.····&
0003bf90:·6427·0a20·2073·6574·5f66·6163·743a·0a20··d'.··set_fact:.·0003bf90:·6774·3b26·616d·703b·3220·6563·686f·2027··gt;&amp;2·echo·'
0003bfa0:·2020·2070·6163·6b61·6765·5f6d·616e·6167·····package_manag0003bfa0:·5265·6d65·6469·6174·696f·6e20·6973·206e··Remediation·is·n
0003bfb0:·6572·5f72·6569·6e73·7461·6c6c·5f63·6d64··er_reinstall_cmd0003bfb0:·6f74·2061·7070·6c69·6361·626c·652c·206e··ot·applicable,·n
0003bfc0:·3a20·646e·6620·7265·696e·7374·616c·6c20··:·dnf·reinstall·0003bfc0:·6f74·6869·6e67·2077·6173·2064·6f6e·6527··othing·was·done'
0003bfd0:·2d79·0a20·2077·6865·6e3a·0a20·202d·206e··-y.··when:.··-·n0003bfd0:·0a66·690a·3c2f·636f·6465·3e3c·2f70·7265··.fi.</code></pre
0003bfe0:·6f74·2028·2022·6b65·726e·656c·2220·696e··ot·(·"kernel"·in0003bfe0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class=
0003bff0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003bff0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success
0003c000:·6163·6b61·6765·7320·616e·6420·2272·706d··ackages·and·"rpm0003c000:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c
0003c010:·2d6f·7374·7265·6522·2069·6e20·616e·7369··-ostree"·in·ansi0003c010:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta
0003c020:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003c020:·7267·6574·3d22·2369·646d·3639·3934·2220··rget="#idm6994"·
0003c030:·6573·0a20·2020·2061·6e64·2022·626f·6f74··es.····and·"boot0003c030:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003c040:·6322·2069·6e20·616e·7369·626c·655f·6661··c"·in·ansible_fa0003c040:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003c050:·6374·732e·7061·636b·6167·6573·2061·6e64··cts.packages·and0003c050:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003c060:·206e·6f74·2022·6f70·656e·7368·6966·742d···not·"openshift-0003c060:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003c070:·6b75·6265·6c65·7422·2069·6e20·616e·7369··kubelet"·in·ansi0003c070:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003c080:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003c080:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003c090:·6573·0a20·2020·2029·0a20·202d·2061·6e73··es.····).··-·ans0003c090:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe
0003c0a0:·6962·6c65·5f64·6973·7472·6962·7574·696f··ible_distributio0003c0a0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003c0b0:·6e20·696e·205b·2022·4665·646f·7261·222c··n·in·[·"Fedora",0003c0b0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003c0c0:·2022·5265·6448·6174·222c·2022·4365·6e74···"RedHat",·"Cent0003c0c0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003c0d0:·4f53·222c·2022·4f72·6163·6c65·4c69·6e75··OS",·"OracleLinu0003c0d0:·2220·6964·3d22·6964·6d36·3939·3422·3e3c··"·id="idm6994"><
0003c0e0:·7822·205d·0a20·2074·6167·733a·0a20·202d··x"·].··tags:.··-0003c0e0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
0003c0f0:·2043·4a49·532d·352e·3130·2e34·2e31·0a20···CJIS-5.10.4.1.·0003c0f0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
0003c100:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-0003c100:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
0003c110:·332e·332e·380a·2020·2d20·4e49·5354·2d38··3.3.8.··-·NIST-80003c110:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
0003c120:·3030·2d31·3731·2d33·2e34·2e31·0a20·202d··00-171-3.4.1.··-0003c120:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
0003c130:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-0003c130:·6974·793a·3c2f·7468·3e3c·7464·3e68·6967··ity:</th><td>hig
0003c140:·3928·3329·0a20·202d·204e·4953·542d·3830··9(3).··-·NIST-800003c140:·683c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··h</td></tr><tr><
0003c150:·302d·3533·2d43·4d2d·3628·6329·0a20·202d··0-53-CM-6(c).··-0003c150:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
0003c160:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-0003c160:·7468·3e3c·7464·3e6d·6564·6975·6d3c·2f74··th><td>medium</t
0003c170:·3628·6429·0a20·202d·204e·4953·542d·3830··6(d).··-·NIST-800003c170:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
0003c180:·302d·3533·2d53·492d·370a·2020·2d20·4e49··0-53-SI-7.··-·NI0003c180:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
0003c190:·5354·2d38·3030·2d35·332d·5349·2d37·2831··ST-800-53-SI-7(10003c190:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
0003c1a0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003c1a0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0003c1b0:·332d·5349·2d37·2836·290a·2020·2d20·5043··3-SI-7(6).··-·PC0003c1b0:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict
0003c1c0:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.·0003c1c0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
0003c1d0:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11.0003c1d0:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n
0003c1e0:·352e·320a·2020·2d20·6869·6768·5f63·6f6d··5.2.··-·high_com0003c1e0:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the·
0003c1f0:·706c·6578·6974·790a·2020·2d20·6869·6768··plexity.··-·high0003c1f0:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.··
0003c200:·5f73·6576·6572·6974·790a·2020·2d20·6d65··_severity.··-·me0003c200:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.·
0003c210:·6469·756d·5f64·6973·7275·7074·696f·6e0a··dium_disruption.0003c210:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto
0003c220:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne0003c220:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
0003c230:·6564·6564·0a20·202d·2072·6573·7472·6963··eded.··-·restric0003c230:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N
0003c240:·745f·7374·7261·7465·6779·0a20·202d·2072··t_strategy.··-·r0003c240:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.
0003c250:·706d·5f76·6572·6966·795f·6861·7368·6573··pm_verify_hashes0003c250:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-1
0003c260:·0a0a·2d20·6e61·6d65·3a20·2753·6574·2066··..-·name:·'Set·f0003c260:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS
0003c270:·6163·743a·2050·6163·6b61·6765·206d·616e··act:·Package·man0003c270:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)
0003c280:·6167·6572·2072·6569·6e73·7461·6c6c·2063··ager·reinstall·c0003c280:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003c290:·6f6d·6d61·6e64·2028·7a79·7070·6572·2927··ommand·(zypper)'0003c290:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS
0003c2a0:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···0003c2a0:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)
0003c2b0:·2070·6163·6b61·6765·5f6d·616e·6167·6572···package_manager0003c2b0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003c2c0:·5f72·6569·6e73·7461·6c6c·5f63·6d64·3a20··_reinstall_cmd:·0003c2c0:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-8
0003c2d0:·7a79·7070·6572·2069·6e20·2d66·202d·790a··zypper·in·-f·-y.0003c2d0:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··
0003c2e0:·2020·7768·656e·3a0a·2020·2d20·6e6f·7420····when:.··-·not·0003c2e0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI
0003c2f0:·2820·226b·6572·6e65·6c22·2069·6e20·616e··(·"kernel"·in·an0003c2f0:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS
0003c300:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003c300:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P
0003c310:·6167·6573·2061·6e64·2022·7270·6d2d·6f73··ages·and·"rpm-os0003c310:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.
0003c320:·7472·6565·2220·696e·2061·6e73·6962·6c65··tree"·in·ansible0003c320:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex
0003c330:·5f66·6163·7473·2e70·6163·6b61·6765·730a··_facts.packages.0003c330:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev
0003c340:·2020·2020·616e·6420·2262·6f6f·7463·2220······and·"bootc"·0003c340:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium
0003c350:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003c350:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·
0003c360:·2e70·6163·6b61·6765·7320·616e·6420·6e6f··.packages·and·no0003c360:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed
0003c370:·7420·226f·7065·6e73·6869·6674·2d6b·7562··t·"openshift-kub0003c370:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st
0003c380:·656c·6574·2220·696e·2061·6e73·6962·6c65··elet"·in·ansible0003c380:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v
0003c390:·5f66·6163·7473·2e70·6163·6b61·6765·730a··_facts.packages.0003c390:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·
0003c3a0:·2020·2020·290a·2020·2d20·616e·7369·626c······).··-·ansibl0003c3a0:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:
0003c3b0:·655f·6469·7374·7269·6275·7469·6f6e·203d··e_distribution·=0003c3b0:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager
Max diff block lines reached; 16431165/16486117 bytes (99.67%) of diff not shown.
1.55 MB
html2text {}
    
Offset 127, 14 lines modifiedOffset 127, 33 lines modified
127 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6127 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
128 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4128 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
129 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)129 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
130 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1130 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
131 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5131 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
132 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227132 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
133 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2133 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 134 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 135 #·Remediation·is·applicable·only·in·certain·platforms
 136 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 137 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 138 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 139 if·[·-n·"$files_with_incorrect_hash"·];·then
 140 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 141 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 142 ····dnf·reinstall·-y·$packages_to_reinstall
  
 143 fi
  
 144 else
 145 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 146 fi
134 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8147 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
135 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high148 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
136 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium149 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
137 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false150 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
138 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict151 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
139 -·name:·Gather·the·package·facts152 -·name:·Gather·the·package·facts
140 ··package_facts:153 ··package_facts:
Offset 301, 33 lines modifiedOffset 320, 14 lines modified
301 ··-·PCI-DSSv4-11.5.2320 ··-·PCI-DSSv4-11.5.2
302 ··-·high_complexity321 ··-·high_complexity
303 ··-·high_severity322 ··-·high_severity
304 ··-·medium_disruption323 ··-·medium_disruption
305 ··-·no_reboot_needed324 ··-·no_reboot_needed
306 ··-·restrict_strategy325 ··-·restrict_strategy
307 ··-·rpm_verify_hashes326 ··-·rpm_verify_hashes
308 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
309 #·Remediation·is·applicable·only·in·certain·platforms 
310 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
311 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
312 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
313 if·[·-n·"$files_with_incorrect_hash"·];·then 
314 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
315 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
316 ····dnf·reinstall·-y·$packages_to_reinstall 
  
317 fi 
  
318 else 
319 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
320 fi 
321 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*327 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
322 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:328 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
323 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'329 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
324 run·the·following·command·to·determine·which·package·owns·it:330 run·the·following·command·to·determine·which·package·owns·it:
325 $·rpm·-qf·FILENAME331 $·rpm·-qf·FILENAME
326 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:332 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
327 $·sudo·rpm·--restore·PACKAGENAME333 $·sudo·rpm·--restore·PACKAGENAME
Offset 346, 14 lines modifiedOffset 346, 46 lines modified
346 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5346 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
347 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2347 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
348 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)348 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
349 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1349 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
350 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5350 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
351 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108351 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
352 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2352 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 353 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 354 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 355 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 356 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 357 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 358 #·Remediation·is·applicable·only·in·certain·platforms
 359 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 360 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 361 declare·-A·SETPERMS_RPM_DICT
  
 362 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 363 #·is·expected·by·the·RPM·database
 364 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 365 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 366 do
 367 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 368 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 369 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 370 done
  
 371 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 372 #·correct·values
 373 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 374 do
 375 ········rpm·--restore·"${RPM_PACKAGE}"
 376 done
  
 377 else
 378 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 379 fi
353 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8380 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
354 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high381 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
355 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium382 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
356 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false383 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
357 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict384 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
358 -·name:·Gather·the·package·facts385 -·name:·Gather·the·package·facts
359 ··package_facts:386 ··package_facts:
Offset 461, 46 lines modifiedOffset 493, 14 lines modified
461 ··-·PCI-DSSv4-11.5.2493 ··-·PCI-DSSv4-11.5.2
462 ··-·high_complexity494 ··-·high_complexity
463 ··-·high_severity495 ··-·high_severity
464 ··-·medium_disruption496 ··-·medium_disruption
465 ··-·no_reboot_needed497 ··-·no_reboot_needed
466 ··-·restrict_strategy498 ··-·restrict_strategy
467 ··-·rpm_verify_ownership499 ··-·rpm_verify_ownership
468 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
469 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
470 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
471 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
472 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 1621181/1628760 bytes (99.53%) of diff not shown.
34.5 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-stig.html
    
Offset 15212, 279 lines modifiedOffset 15212, 279 lines modified
0003b6b0:·7461·7267·6574·3d22·2369·646d·3733·3331··target="#idm73310003b6b0:·7461·7267·6574·3d22·2369·646d·3733·3331··target="#idm7331
0003b6c0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003b6c0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003b6d0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003b6d0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003b6e0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003b6e0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003b6f0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003b6f0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003b700:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003b700:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003b710:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003b710:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
 0003b720:·696f·6e20·7363·7269·7074·20e2·87b2·3c2f··ion·script·...</
0003b720:·696f·6e20·416e·6163·6f6e·6461·2073·6e69··ion·Anaconda·sni 
0003b730:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b740:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b750:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b760:·7073·6522·2069·643d·2269·646d·3733·3331··pse"·id="idm7331 
0003b770:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003b780:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003b790:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003b7a0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003b7b0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003b7c0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003b7d0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b7e0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003b7f0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b800:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003b810:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003b820:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003b830:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003b840:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003b850:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003b860:·7072·653e·3c63·6f64·653e·0a70·6163·6b61··pre><code>.packa 
0003b870:·6765·202d·2d61·6464·3d61·6964·650a·3c2f··ge·--add=aide.</ 
0003b880:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003b890:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003b8a0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003b8b0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003b8c0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003b8d0:·2369·646d·3733·3332·2220·7461·6269·6e64··#idm7332"·tabind 
0003b8e0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003b8f0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003b900:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003b910:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003b920:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003b930:·5265·6d65·6469·6174·696f·6e20·5075·7070··Remediation·Pupp 
0003b940:·6574·2073·6e69·7070·6574·20e2·87b2·3c2f··et·snippet·...</ 
0003b950:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0003b730:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0003b960:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0003b740:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0003b970:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0003b750:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0003b980:·646d·3733·3332·223e·3c74·6162·6c65·2063··dm7332"><table·c0003b760:·646d·3733·3331·223e·3c74·6162·6c65·2063··dm7331"><table·c
0003b990:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl0003b770:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
0003b9a0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-0003b780:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
0003b9b0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c0003b790:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
0003b9c0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t0003b7a0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
0003b9d0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t0003b7b0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
0003b9e0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b9f0:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003ba00:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003ba10:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003ba20:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003ba30:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003ba40:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003ba50:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003ba60:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003ba70:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003ba80:·696e·636c·7564·6520·696e·7374·616c·6c5f··include·install_ 
0003ba90:·6169·6465·0a0a·636c·6173·7320·696e·7374··aide..class·inst 
0003baa0:·616c·6c5f·6169·6465·207b·0a20·2070·6163··all_aide·{.··pac 
0003bab0:·6b61·6765·207b·2027·6169·6465·273a·0a20··kage·{·'aide':.· 
0003bac0:·2020·2065·6e73·7572·6520·3d26·6774·3b20·····ensure·=&gt;· 
0003bad0:·2769·6e73·7461·6c6c·6564·272c·0a20·207d··'installed',.··} 
0003bae0:·0a7d·0a3c·2f63·6f64·653e·3c2f·7072·653e··.}.</code></pre> 
0003baf0:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003bb00:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003bb10:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003bb20:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003bb30:·6765·743d·2223·6964·6d37·3333·3322·2074··get="#idm7333"·t 
0003bb40:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003bb50:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003bb60:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003bb70:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003bb80:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003bb90:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003bba0:·204f·5342·7569·6c64·2042·6c75·6570·7269···OSBuild·Bluepri 
0003bbb0:·6e74·2073·6e69·7070·6574·20e2·87b2·3c2f··nt·snippet·...</ 
0003bbc0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003bbd0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003bbe0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003bbf0:·646d·3733·3333·223e·3c70·7265·3e3c·636f··dm7333"><pre><co 
0003bc00:·6465·3e0a·5b5b·7061·636b·6167·6573·5d5d··de>.[[packages]] 
0003bc10:·0a6e·616d·6520·3d20·2261·6964·6522·0a76··.name·=·"aide".v 
0003bc20:·6572·7369·6f6e·203d·2022·2a22·0a3c·2f63··ersion·=·"*".</c 
0003bc30:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003bc40:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003bc50:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003bc60:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003bc70:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003bc80:·6964·6d37·3333·3422·2074·6162·696e·6465··idm7334"·tabinde 
0003bc90:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003bca0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003bcb0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003bcc0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003bcd0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003bce0:·656d·6564·6961·7469·6f6e·2073·6372·6970··emediation·scrip 
0003bcf0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003bd00:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003bd10:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003bd20:·2220·6964·3d22·6964·6d37·3333·3422·3e3c··"·id="idm7334">< 
0003bd30:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003bd40:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003bd50:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003bd60:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003bd70:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003bd80:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003bd90:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003bda0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003bdb0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003bdc0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003bdd0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003bde0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003bdf0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003be00:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003be10:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003be20:·3e3c·636f·6465·3e0a·7061·636b·6167·6520··><code>.package· 
0003be30:·696e·7374·616c·6c20·6169·6465·0a3c·2f63··install·aide.</c 
0003be40:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003be50:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003be60:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003be70:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003be80:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
Max diff block lines reached; 33300756/33337906 bytes (99.89%) of diff not shown.
2.75 MB
html2text {}
Max HTML report size reached
34.4 MB
./usr/share/doc/ssg-nondebian/ssg-cs10-guide-stig_gui.html
    
Offset 15207, 279 lines modifiedOffset 15207, 279 lines modified
0003b660:·612d·7461·7267·6574·3d22·2369·646d·3733··a-target="#idm730003b660:·612d·7461·7267·6574·3d22·2369·646d·3733··a-target="#idm73
0003b670:·3331·2220·7461·6269·6e64·6578·3d22·3022··31"·tabindex="0"0003b670:·3331·2220·7461·6269·6e64·6578·3d22·3022··31"·tabindex="0"
0003b680:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a0003b680:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003b690:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa0003b690:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003b6a0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti0003b6a0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003b6b0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·0003b6b0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003b6c0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi0003b6c0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
 0003b6d0:·6174·696f·6e20·7363·7269·7074·20e2·87b2··ation·script·...
0003b6d0:·6174·696f·6e20·416e·6163·6f6e·6461·2073··ation·Anaconda·s 
0003b6e0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003b6f0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003b700:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003b710:·6c61·7073·6522·2069·643d·2269·646d·3733··lapse"·id="idm73 
0003b720:·3331·223e·3c74·6162·6c65·2063·6c61·7373··31"><table·class 
0003b730:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
0003b740:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord 
0003b750:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
0003b760:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
0003b770:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
0003b780:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003b790:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003b7a0:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003b7b0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b7c0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
0003b7d0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003b7e0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003b7f0:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003b800:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003b810:·3e3c·7072·653e·3c63·6f64·653e·0a70·6163··><pre><code>.pac 
0003b820:·6b61·6765·202d·2d61·6464·3d61·6964·650a··kage·--add=aide. 
0003b830:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003b840:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003b850:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003b860:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003b870:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003b880:·3d22·2369·646d·3733·3332·2220·7461·6269··="#idm7332"·tabi 
0003b890:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003b8a0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003b8b0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003b8c0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003b8d0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003b8e0:·223e·5265·6d65·6469·6174·696f·6e20·5075··">Remediation·Pu 
0003b8f0:·7070·6574·2073·6e69·7070·6574·20e2·87b2··ppet·snippet·... 
0003b900:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003b6e0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003b910:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003b6f0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003b920:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003b700:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003b930:·2269·646d·3733·3332·223e·3c74·6162·6c65··"idm7332"><table0003b710:·2269·646d·3733·3331·223e·3c74·6162·6c65··"idm7331"><table
0003b940:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003b720:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
0003b950:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003b730:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
0003b960:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003b740:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
0003b970:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003b750:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
0003b980:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003b760:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
0003b990:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003b9a0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis 
0003b9b0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td 
0003b9c0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003b9d0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
0003b9e0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003b9f0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003ba00:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e 
0003ba10:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr>< 
0003ba20:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod 
0003ba30:·653e·696e·636c·7564·6520·696e·7374·616c··e>include·instal 
0003ba40:·6c5f·6169·6465·0a0a·636c·6173·7320·696e··l_aide..class·in 
0003ba50:·7374·616c·6c5f·6169·6465·207b·0a20·2070··stall_aide·{.··p 
0003ba60:·6163·6b61·6765·207b·2027·6169·6465·273a··ackage·{·'aide': 
0003ba70:·0a20·2020·2065·6e73·7572·6520·3d26·6774··.····ensure·=&gt 
0003ba80:·3b20·2769·6e73·7461·6c6c·6564·272c·0a20··;·'installed',.· 
0003ba90:·207d·0a7d·0a3c·2f63·6f64·653e·3c2f·7072···}.}.</code></pr 
0003baa0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003bab0:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003bac0:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003bad0:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003bae0:·6172·6765·743d·2223·6964·6d37·3333·3322··arget="#idm7333" 
0003baf0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003bb00:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003bb10:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003bb20:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003bb30:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003bb40:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003bb50:·6f6e·204f·5342·7569·6c64·2042·6c75·6570··on·OSBuild·Bluep 
0003bb60:·7269·6e74·2073·6e69·7070·6574·20e2·87b2··rint·snippet·... 
0003bb70:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003bb80:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003bb90:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003bba0:·2269·646d·3733·3333·223e·3c70·7265·3e3c··"idm7333"><pre>< 
0003bbb0:·636f·6465·3e0a·5b5b·7061·636b·6167·6573··code>.[[packages 
0003bbc0:·5d5d·0a6e·616d·6520·3d20·2261·6964·6522··]].name·=·"aide" 
0003bbd0:·0a76·6572·7369·6f6e·203d·2022·2a22·0a3c··.version·=·"*".< 
0003bbe0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003bbf0:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003bc00:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003bc10:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003bc20:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003bc30:·2223·6964·6d37·3333·3422·2074·6162·696e··"#idm7334"·tabin 
0003bc40:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003bc50:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003bc60:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003bc70:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003bc80:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003bc90:·3e52·656d·6564·6961·7469·6f6e·2073·6372··>Remediation·scr 
0003bca0:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br>< 
0003bcb0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003bcc0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003bcd0:·7365·2220·6964·3d22·6964·6d37·3333·3422··se"·id="idm7334" 
0003bce0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t 
0003bcf0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip 
0003bd00:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere 
0003bd10:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003bd20:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl 
0003bd30:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l 
0003bd40:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003bd50:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:< 
0003bd60:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003bd70:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb 
0003bd80:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal 
0003bd90:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr> 
0003bda0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t 
0003bdb0:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td 
0003bdc0:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p 
0003bdd0:·7265·3e3c·636f·6465·3e0a·7061·636b·6167··re><code>.packag 
0003bde0:·6520·696e·7374·616c·6c20·6169·6465·0a3c··e·install·aide.< 
0003bdf0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003be00:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003be10:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003be20:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003be30:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
Max diff block lines reached; 33167050/33204200 bytes (99.89%) of diff not shown.
2.74 MB
html2text {}
Max HTML report size reached
23.7 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-anssi_bp28_enhanced.html
    
Offset 15181, 283 lines modifiedOffset 15181, 283 lines modified
0003b4c0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b4c0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b4d0:·3d22·2369·646d·3834·3830·2220·7461·6269··="#idm8480"·tabi0003b4d0:·3d22·2369·646d·3834·3830·2220·7461·6269··="#idm8480"·tabi
0003b4e0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b4e0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b4f0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b4f0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b500:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b500:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b510:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b510:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b520:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b520:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b530:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003b530:·223e·5265·6d65·6469·6174·696f·6e20·7363··">Remediation·sc
0003b540:·6163·6f6e·6461·2073·6e69·7070·6574·20e2··aconda·snippet·. 
0003b550:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003b560:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003b570:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003b580:·643d·2269·646d·3834·3830·223e·3c74·6162··d="idm8480"><tab 
0003b590:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003b5a0:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003b5b0:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003b5c0:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003b5d0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003b5e0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b5f0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003b600:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003b610:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b620:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003b630:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003b640:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003b650:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003b660:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003b670:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003b680:·6f64·653e·0a70·6163·6b61·6765·202d·2d61··ode>.package·--a 
0003b690:·6464·3d61·6964·650a·3c2f·636f·6465·3e3c··dd=aide.</code>< 
0003b6a0:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003b6b0:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003b6c0:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003b6d0:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003b6e0:·612d·7461·7267·6574·3d22·2369·646d·3834··a-target="#idm84 
0003b6f0:·3831·2220·7461·6269·6e64·6578·3d22·3022··81"·tabindex="0" 
0003b700:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003b710:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003b720:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003b730:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003b740:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi 
0003b750:·6174·696f·6e20·5075·7070·6574·2073·6e69··ation·Puppet·sni 
0003b760:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003b540:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
0003b770:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003b550:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003b780:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003b560:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003b790:·7073·6522·2069·643d·2269·646d·3834·3831··pse"·id="idm84810003b570:·7073·6522·2069·643d·2269·646d·3834·3830··pse"·id="idm8480
0003b7a0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="0003b580:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003b7b0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri0003b590:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
0003b7c0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border0003b5a0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
0003b7d0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens0003b5b0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
0003b7e0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp0003b5c0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
0003b7f0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>0003b5d0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
0003b800:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b810:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003b820:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b830:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003b840:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003b850:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003b860:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003b870:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003b880:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003b890:·7072·653e·3c63·6f64·653e·696e·636c·7564··pre><code>includ 
0003b8a0:·6520·696e·7374·616c·6c5f·6169·6465·0a0a··e·install_aide.. 
0003b8b0:·636c·6173·7320·696e·7374·616c·6c5f·6169··class·install_ai 
0003b8c0:·6465·207b·0a20·2070·6163·6b61·6765·207b··de·{.··package·{ 
0003b8d0:·2027·6169·6465·273a·0a20·2020·2065·6e73···'aide':.····ens 
0003b8e0:·7572·6520·3d26·6774·3b20·2769·6e73·7461··ure·=&gt;·'insta 
0003b8f0:·6c6c·6564·272c·0a20·207d·0a7d·0a3c·2f63··lled',.··}.}.</c 
0003b900:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b910:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b920:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b930:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b940:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b950:·6964·6d38·3438·3222·2074·6162·696e·6465··idm8482"·tabinde 
0003b960:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b970:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b980:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b990:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b9a0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b9b0:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui 
0003b9c0:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
0003b9d0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b9e0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b9f0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003ba00:·7073·6522·2069·643d·2269·646d·3834·3832··pse"·id="idm8482 
0003ba10:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[ 
0003ba20:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name· 
0003ba30:·3d20·2261·6964·6522·0a76·6572·7369·6f6e··=·"aide".version 
0003ba40:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></ 
0003ba50:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003ba60:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003ba70:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003ba80:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003ba90:·2d74·6172·6765·743d·2223·6964·6d38·3438··-target="#idm848 
0003baa0:·3322·2074·6162·696e·6465·783d·2230·2220··3"·tabindex="0"· 
0003bab0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003bac0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003bad0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003bae0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003baf0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003bb00:·7469·6f6e·2073·6372·6970·7420·e287·b23c··tion·script·...< 
0003bb10:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003bb20:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003bb30:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003bb40:·6964·6d38·3438·3322·3e3c·7461·626c·6520··idm8483"><table· 
0003bb50:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003bb60:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003bb70:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003bb80:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003bb90:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003bba0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003bbb0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003bbc0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003bbd0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003bbe0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003bbf0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003bc00:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003bc10:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003bc20:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003bc30:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003bc40:·3e0a·7061·636b·6167·6520·696e·7374·616c··>.package·instal 
0003bc50:·6c20·6169·6465·0a3c·2f63·6f64·653e·3c2f··l·aide.</code></ 
0003bc60:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003bc70:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003bc80:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003bc90:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003bca0:·2d74·6172·6765·743d·2223·6964·6d38·3438··-target="#idm848 
Max diff block lines reached; 22750077/22787779 bytes (99.83%) of diff not shown.
1.97 MB
html2text {}
Max HTML report size reached
24.2 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-anssi_bp28_high.html
    
Offset 15187, 282 lines modifiedOffset 15187, 282 lines modified
0003b520:·6765·743d·2223·6964·6d38·3438·3022·2074··get="#idm8480"·t0003b520:·6765·743d·2223·6964·6d38·3438·3022·2074··get="#idm8480"·t
0003b530:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003b530:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003b540:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003b540:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003b550:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003b550:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003b560:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003b560:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003b570:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003b570:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003b580:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003b580:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003b590:·2041·6e61·636f·6e64·6120·736e·6970·7065···Anaconda·snippe 
0003b5a0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b5b0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b5c0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b5d0:·2220·6964·3d22·6964·6d38·3438·3022·3e3c··"·id="idm8480">< 
0003b5e0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003b5f0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003b600:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003b610:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003b620:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003b630:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003b640:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b650:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b660:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b670:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b680:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b690:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b6a0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b6b0:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b6c0:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b6d0:·3e3c·636f·6465·3e0a·7061·636b·6167·6520··><code>.package· 
0003b6e0:·2d2d·6164·643d·6169·6465·0a3c·2f63·6f64··--add=aide.</cod 
0003b6f0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003b700:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003b710:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003b720:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003b730:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003b740:·6d38·3438·3122·2074·6162·696e·6465·783d··m8481"·tabindex= 
0003b750:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003b760:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003b770:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003b780:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003b790:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003b7a0:·6564·6961·7469·6f6e·2050·7570·7065·7420··ediation·Puppet· 
0003b7b0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003b590:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
0003b7c0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b7d0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b7e0:·6c6c·6170·7365·2220·6964·3d22·6964·6d38··llapse"·id="idm8 
0003b7f0:·3438·3122·3e3c·7461·626c·6520·636c·6173··481"><table·clas 
0003b800:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003b810:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003b820:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003b830:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003b840:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003b850:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b860:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b870:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b880:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b890:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b8a0:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b8b0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b8c0:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b8d0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b8e0:·653e·3c70·7265·3e3c·636f·6465·3e69·6e63··e><pre><code>inc 
0003b8f0:·6c75·6465·2069·6e73·7461·6c6c·5f61·6964··lude·install_aid 
0003b900:·650a·0a63·6c61·7373·2069·6e73·7461·6c6c··e..class·install 
0003b910:·5f61·6964·6520·7b0a·2020·7061·636b·6167··_aide·{.··packag 
0003b920:·6520·7b20·2761·6964·6527·3a0a·2020·2020··e·{·'aide':.···· 
0003b930:·656e·7375·7265·203d·2667·743b·2027·696e··ensure·=&gt;·'in 
0003b940:·7374·616c·6c65·6427·2c0a·2020·7d0a·7d0a··stalled',.··}.}. 
0003b950:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003b960:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003b970:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003b980:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003b990:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003b9a0:·3d22·2369·646d·3834·3832·2220·7461·6269··="#idm8482"·tabi 
0003b9b0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003b9c0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003b9d0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003b9e0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003b9f0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003ba00:·223e·5265·6d65·6469·6174·696f·6e20·4f53··">Remediation·OS 
0003ba10:·4275·696c·6420·426c·7565·7072·696e·7420··Build·Blueprint· 
0003ba20:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003ba30:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003b5a0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003ba40:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003b5b0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003ba50:·6c6c·6170·7365·2220·6964·3d22·6964·6d38··llapse"·id="idm80003b5c0:·6c6c·6170·7365·2220·6964·3d22·6964·6d38··llapse"·id="idm8
 0003b5d0:·3438·3022·3e3c·7461·626c·6520·636c·6173··480"><table·clas
 0003b5e0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
 0003b5f0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
 0003b600:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003ba60:·3438·3222·3e3c·7072·653e·3c63·6f64·653e··482"><pre><code> 
0003ba70:·0a5b·5b70·6163·6b61·6765·735d·5d0a·6e61··.[[packages]].na 
0003ba80:·6d65·203d·2022·6169·6465·220a·7665·7273··me·=·"aide".vers 
0003ba90:·696f·6e20·3d20·222a·220a·3c2f·636f·6465··ion·=·"*".</code 
0003baa0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003bab0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003bac0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003bad0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003bae0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003baf0:·3834·3833·2220·7461·6269·6e64·6578·3d22··8483"·tabindex=" 
0003bb00:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003bb10:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003bb20:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003bb30:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003bb40:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003bb50:·6469·6174·696f·6e20·7363·7269·7074·20e2··diation·script·. 
0003bb60:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003bb70:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003bb80:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003bb90:·643d·2269·646d·3834·3833·223e·3c74·6162··d="idm8483"><tab 
0003bba0:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003bbb0:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003bbc0:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003bbd0:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003bbe0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003bbf0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003bc00:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003bc10:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003bc20:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003bc30:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003bc40:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003bc50:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003bc60:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003bc70:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003bc80:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003bc90:·6f64·653e·0a70·6163·6b61·6765·2069·6e73··ode>.package·ins 
0003bca0:·7461·6c6c·2061·6964·650a·3c2f·636f·6465··tall·aide.</code 
0003bcb0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003bcc0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
Max diff block lines reached; 23180313/23217877 bytes (99.84%) of diff not shown.
2.02 MB
html2text {}
Max HTML report size reached
10.5 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-anssi_bp28_intermediary.html
    
Offset 15177, 283 lines modifiedOffset 15177, 283 lines modified
0003b480:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003b480:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003b490:·6964·6d38·3438·3022·2074·6162·696e·6465··idm8480"·tabinde0003b490:·6964·6d38·3438·3022·2074·6162·696e·6465··idm8480"·tabinde
0003b4a0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003b4a0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003b4b0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003b4b0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003b4c0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003b4c0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003b4d0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003b4d0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003b4e0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003b4e0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003b4f0:·656d·6564·6961·7469·6f6e·2041·6e61·636f··emediation·Anaco0003b4f0:·656d·6564·6961·7469·6f6e·2073·6372·6970··emediation·scrip
0003b500:·6e64·6120·736e·6970·7065·7420·e287·b23c··nda·snippet·...< 
0003b510:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b520:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b530:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b540:·6964·6d38·3438·3022·3e3c·7461·626c·6520··idm8480"><table· 
0003b550:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003b560:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003b570:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003b580:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003b590:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003b5a0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b5b0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003b5c0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003b5d0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b5e0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003b5f0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003b600:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003b610:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003b620:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003b630:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b640:·3e0a·7061·636b·6167·6520·2d2d·6164·643d··>.package·--add= 
0003b650:·6169·6465·0a3c·2f63·6f64·653e·3c2f·7072··aide.</code></pr 
0003b660:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003b670:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003b680:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003b690:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003b6a0:·6172·6765·743d·2223·6964·6d38·3438·3122··arget="#idm8481" 
0003b6b0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003b6c0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003b6d0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003b6e0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003b6f0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003b700:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003b710:·6f6e·2050·7570·7065·7420·736e·6970·7065··on·Puppet·snippe 
0003b720:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di0003b500:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003b730:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c0003b510:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003b740:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse0003b520:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003b750:·2220·6964·3d22·6964·6d38·3438·3122·3e3c··"·id="idm8481"><0003b530:·2220·6964·3d22·6964·6d38·3438·3022·3e3c··"·id="idm8480"><
0003b760:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab0003b540:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
0003b770:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped0003b550:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
0003b780:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·0003b560:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
0003b790:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"0003b570:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
0003b7a0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex0003b580:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
0003b7b0:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low0003b590:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
0003b7c0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b7d0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b7e0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b7f0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b800:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b810:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b820:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b830:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b840:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b850:·3e3c·636f·6465·3e69·6e63·6c75·6465·2069··><code>include·i 
0003b860:·6e73·7461·6c6c·5f61·6964·650a·0a63·6c61··nstall_aide..cla 
0003b870:·7373·2069·6e73·7461·6c6c·5f61·6964·6520··ss·install_aide· 
0003b880:·7b0a·2020·7061·636b·6167·6520·7b20·2761··{.··package·{·'a 
0003b890:·6964·6527·3a0a·2020·2020·656e·7375·7265··ide':.····ensure 
0003b8a0:·203d·2667·743b·2027·696e·7374·616c·6c65···=&gt;·'installe 
0003b8b0:·6427·2c0a·2020·7d0a·7d0a·3c2f·636f·6465··d',.··}.}.</code 
0003b8c0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b8d0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b8e0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b8f0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b900:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b910:·3834·3832·2220·7461·6269·6e64·6578·3d22··8482"·tabindex=" 
0003b920:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b930:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b940:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b950:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b960:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b970:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild· 
0003b980:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003b990:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b9a0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b9b0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b9c0:·2220·6964·3d22·6964·6d38·3438·3222·3e3c··"·id="idm8482">< 
0003b9d0:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac 
0003b9e0:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·" 
0003b9f0:·6169·6465·220a·7665·7273·696f·6e20·3d20··aide".version·=· 
0003ba00:·222a·220a·3c2f·636f·6465·3e3c·2f70·7265··"*".</code></pre 
0003ba10:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003ba20:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003ba30:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003ba40:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003ba50:·7267·6574·3d22·2369·646d·3834·3833·2220··rget="#idm8483"· 
0003ba60:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003ba70:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003ba80:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003ba90:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003baa0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003bab0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003bac0:·6e20·7363·7269·7074·20e2·87b2·3c2f·613e··n·script·...</a> 
0003bad0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003bae0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003baf0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003bb00:·3834·3833·223e·3c74·6162·6c65·2063·6c61··8483"><table·cla 
0003bb10:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003bb20:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003bb30:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003bb40:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003bb50:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003bb60:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003bb70:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003bb80:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003bb90:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003bba0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003bbb0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003bbc0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003bbd0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003bbe0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003bbf0:·6c65·3e3c·7072·653e·3c63·6f64·653e·0a70··le><pre><code>.p 
0003bc00:·6163·6b61·6765·2069·6e73·7461·6c6c·2061··ackage·install·a 
0003bc10:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre 
0003bc20:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003bc30:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003bc40:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003bc50:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003bc60:·7267·6574·3d22·2369·646d·3834·3834·2220··rget="#idm8484"· 
Max diff block lines reached; 9904260/9941962 bytes (99.62%) of diff not shown.
1.07 MB
html2text {}
    
Offset 135, 52 lines modifiedOffset 135, 48 lines modified
135 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3135 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
136 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5136 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
137 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199137 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
138 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79138 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
139 ············_\x8c_\x8i_\x8s············6.1.1139 ············_\x8c_\x8i_\x8s············6.1.1
140 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2140 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
141 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule141 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule
142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
147 package·--add=aide147 dnf·install·aide
148 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8148 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
149 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low149 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
150 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low150 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
151 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false151 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
152 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable152 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
153 include·install_aide153 include·install_aide
  
154 class·install_aide·{154 class·install_aide·{
155 ··package·{·'aide':155 ··package·{·'aide':
156 ····ensure·=>·'installed',156 ····ensure·=>·'installed',
157 ··}157 ··}
158 }158 }
159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
160 [[packages]] 
161 name·=·"aide" 
162 version·=·"*" 
163 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
164 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low160 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
165 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low161 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
166 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false162 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
167 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable163 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 164 #·Remediation·is·applicable·only·in·certain·platforms
 165 if·rpm·--quiet·-q·kernel;·then
  
 166 if·!·rpm·-q·--quiet·"aide"·;·then
 167 ····dnf·install·-y·"aide"
 168 fi
168 package·install·aide 
169 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
170 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
171 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
172 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
173 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
174 dnf·install·aide169 else
 170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 171 fi
175 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8172 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
176 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low173 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
177 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low174 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
178 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false175 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
179 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable176 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
180 -·name:·Gather·the·package·facts177 -·name:·Gather·the·package·facts
181 ··package_facts:178 ··package_facts:
Offset 211, 29 lines modifiedOffset 207, 33 lines modified
211 ··-·PCI-DSSv4-11.5.2207 ··-·PCI-DSSv4-11.5.2
212 ··-·enable_strategy208 ··-·enable_strategy
213 ··-·low_complexity209 ··-·low_complexity
214 ··-·low_disruption210 ··-·low_disruption
215 ··-·medium_severity211 ··-·medium_severity
216 ··-·no_reboot_needed212 ··-·no_reboot_needed
217 ··-·package_aide_installed213 ··-·package_aide_installed
 214 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 215 [[packages]]
 216 name·=·"aide"
 217 version·=·"*"
218 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8218 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
219 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low219 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
220 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low220 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
221 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false221 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
222 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable222 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
223 #·Remediation·is·applicable·only·in·certain·platforms 
224 if·rpm·--quiet·-q·kernel;·then 
  
225 if·!·rpm·-q·--quiet·"aide"·;·then 
226 ····dnf·install·-y·"aide" 
227 fi223 package·install·aide
 224 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 225 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 226 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 227 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 228 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 229 package·--add=aide
228 else 
229 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
230 fi 
231 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*230 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
232 Run·the·following·command·to·generate·a·new·database:231 Run·the·following·command·to·generate·a·new·database:
233 $·sudo·/usr/sbin/aide·--init232 $·sudo·/usr/sbin/aide·--init
234 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the233 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the
235 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these234 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these
236 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their235 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
237 integrity.·The·newly-generated·database·can·be·installed·as·follows:236 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 259, 14 lines modifiedOffset 259, 28 lines modified
259 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3259 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
260 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5260 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
261 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199261 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
262 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79262 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
263 ············_\x8c_\x8i_\x8s············6.1.1263 ············_\x8c_\x8i_\x8s············6.1.1
264 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2264 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
265 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule265 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule
 266 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 267 #·Remediation·is·applicable·only·in·certain·platforms
 268 if·rpm·--quiet·-q·kernel;·then
  
 269 if·!·rpm·-q·--quiet·"aide"·;·then
 270 ····dnf·install·-y·"aide"
 271 fi
  
 272 /usr/sbin/aide·--init
 273 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 274 else
 275 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 276 fi
266 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8277 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
267 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low278 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
268 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low279 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
269 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false280 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
270 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict281 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1113503/1118721 bytes (99.53%) of diff not shown.
3.49 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-anssi_bp28_minimal.html
    
Offset 14856, 295 lines modifiedOffset 14856, 295 lines modified
0003a070:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003a070:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003a080:·6964·6d31·3236·3731·2220·7461·6269·6e64··idm12671"·tabind0003a080:·6964·6d31·3236·3731·2220·7461·6269·6e64··idm12671"·tabind
0003a090:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003a090:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003a0a0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003a0a0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003a0b0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003a0b0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003a0c0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003a0c0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
0003a0d0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003a0d0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003a0e0:·5265·6d65·6469·6174·696f·6e20·416e·6163··Remediation·Anac0003a0e0:·5265·6d65·6469·6174·696f·6e20·7363·7269··Remediation·scri
 0003a0f0:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
0003a0f0:·6f6e·6461·2073·6e69·7070·6574·20e2·87b2··onda·snippet·... 
0003a100:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003a110:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003a120:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003a130:·2269·646d·3132·3637·3122·3e3c·7461·626c··"idm12671"><tabl 
0003a140:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003a150:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003a160:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003a170:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003a180:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003a190:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003a1a0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003a1b0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003a1c0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003a1d0:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003a1e0:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003a1f0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003a200:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003a210:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003a220:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003a230:·6465·3e0a·7061·636b·6167·6520·2d2d·6164··de>.package·--ad 
0003a240:·643d·646e·662d·6175·746f·6d61·7469·630a··d=dnf-automatic. 
0003a250:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003a260:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003a270:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003a280:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003a290:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003a2a0:·3d22·2369·646d·3132·3637·3222·2074·6162··="#idm12672"·tab 
0003a2b0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003a2c0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003a2d0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003a2e0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003a2f0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003a300:·2122·3e52·656d·6564·6961·7469·6f6e·2050··!">Remediation·P 
0003a310:·7570·7065·7420·736e·6970·7065·7420·e287··uppet·snippet·.. 
0003a320:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003a330:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003a340:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003a350:·3d22·6964·6d31·3236·3732·223e·3c74·6162··="idm12672"><tab 
0003a360:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·0003a100:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0003a370:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003a380:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003a390:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003a3a0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity0003a110:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
 0003a120:·6522·2069·643d·2269·646d·3132·3637·3122··e"·id="idm12671"
 0003a130:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
 0003a140:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
 0003a150:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
 0003a160:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
 0003a170:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
 0003a180:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
 0003a190:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003a1a0:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
0003a3b0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t0003a1b0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
0003a3c0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003a3d0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003a3e0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003a3f0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003a400:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003a410:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S0003a1c0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
 0003a1d0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
 0003a1e0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
 0003a1f0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
 0003a200:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td
 0003a210:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
 0003a220:·7265·3e3c·636f·6465·3e0a·646e·6620·696e··re><code>.dnf·in
0003a420:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003a430:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003a440:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003a450:·6f64·653e·696e·636c·7564·6520·696e·7374··ode>include·inst 
0003a460:·616c·6c5f·646e·662d·6175·746f·6d61·7469··all_dnf-automati 
0003a470:·630a·0a63·6c61·7373·2069·6e73·7461·6c6c··c..class·install 
0003a480:·5f64·6e66·2d61·7574·6f6d·6174·6963·207b··_dnf-automatic·{ 
0003a490:·0a20·2070·6163·6b61·6765·207b·2027·646e··.··package·{·'dn 
0003a4a0:·662d·6175·746f·6d61·7469·6327·3a0a·2020··f-automatic':.·· 
0003a4b0:·2020·656e·7375·7265·203d·2667·743b·2027····ensure·=&gt;·' 
0003a4c0:·696e·7374·616c·6c65·6427·2c0a·2020·7d0a··installed',.··}. 
0003a4d0:·7d0a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··}.</code></pre>< 
0003a4e0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003a4f0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003a500:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003a510:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003a520:·6574·3d22·2369·646d·3132·3637·3322·2074··et="#idm12673"·t 
0003a530:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003a540:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003a550:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003a560:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003a570:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003a580:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003a590:·204f·5342·7569·6c64·2042·6c75·6570·7269···OSBuild·Bluepri 
0003a5a0:·6e74·2073·6e69·7070·6574·20e2·87b2·3c2f··nt·snippet·...</ 
0003a5b0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003a5c0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003a5d0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003a5e0:·646d·3132·3637·3322·3e3c·7072·653e·3c63··dm12673"><pre><c 
0003a5f0:·6f64·653e·0a5b·5b70·6163·6b61·6765·735d··ode>.[[packages] 
0003a600:·5d0a·6e61·6d65·203d·2022·646e·662d·6175··].name·=·"dnf-au 
0003a610:·746f·6d61·7469·6322·0a76·6572·7369·6f6e··tomatic".version 
0003a620:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></ 
0003a630:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003a640:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003a650:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003a660:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003a670:·2d74·6172·6765·743d·2223·6964·6d31·3236··-target="#idm126 
0003a680:·3734·2220·7461·6269·6e64·6578·3d22·3022··74"·tabindex="0" 
0003a690:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003a6a0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003a6b0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003a6c0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003a6d0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi 
0003a6e0:·6174·696f·6e20·7363·7269·7074·20e2·87b2··ation·script·... 
0003a6f0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003a700:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003a710:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003a720:·2269·646d·3132·3637·3422·3e3c·7461·626c··"idm12674"><tabl 
0003a730:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003a740:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003a750:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
Max diff block lines reached; 3375652/3415010 bytes (98.85%) of diff not shown.
241 KB
html2text {}
    
Offset 101, 52 lines modifiedOffset 101, 49 lines modified
101 Rationale:··dnf-automatic·is·an·alternative·command·line·interface·(CLI)·to·dnf·upgrade101 Rationale:··dnf-automatic·is·an·alternative·command·line·interface·(CLI)·to·dnf·upgrade
102 ············suitable·for·automatic,·regular·execution.102 ············suitable·for·automatic,·regular·execution.
103 Severity: ··medium103 Severity: ··medium
104 Rule·ID:····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed104 Rule·ID:····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed
105 ············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.2105 ············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.2
106 References:·_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-00080106 References:·_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-00080
107 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61107 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
113 package·--add=dnf-automatic113 dnf·install·dnf-automatic
114 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8114 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
115 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low115 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
116 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low116 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
117 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false117 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
118 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable118 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
119 include·install_dnf-automatic119 include·install_dnf-automatic
  
120 class·install_dnf-automatic·{120 class·install_dnf-automatic·{
121 ··package·{·'dnf-automatic':121 ··package·{·'dnf-automatic':
122 ····ensure·=>·'installed',122 ····ensure·=>·'installed',
123 ··}123 ··}
124 }124 }
125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
126 [[packages]] 
127 name·=·"dnf-automatic" 
128 version·=·"*" 
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low126 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low127 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false128 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable129 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 130 #·Remediation·is·applicable·only·in·certain·platforms
 131 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-
 132 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 133 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then
 134 ····dnf·install·-y·"dnf-automatic"
 135 fi
134 package·install·dnf-automatic 
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
140 dnf·install·dnf-automatic136 else
 137 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 138 fi
141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
142 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low140 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
143 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low141 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
144 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false142 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
145 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable143 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
146 -·name:·Gather·the·package·facts144 -·name:·Gather·the·package·facts
147 ··package_facts:145 ··package_facts:
Offset 170, 30 lines modifiedOffset 167, 33 lines modified
170 ··tags:167 ··tags:
171 ··-·enable_strategy168 ··-·enable_strategy
172 ··-·low_complexity169 ··-·low_complexity
173 ··-·low_disruption170 ··-·low_disruption
174 ··-·medium_severity171 ··-·medium_severity
175 ··-·no_reboot_needed172 ··-·no_reboot_needed
176 ··-·package_dnf-automatic_installed173 ··-·package_dnf-automatic_installed
 174 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 175 [[packages]]
 176 name·=·"dnf-automatic"
 177 version·=·"*"
177 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8178 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
178 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low179 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
179 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low180 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
180 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false181 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
181 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable182 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
182 #·Remediation·is·applicable·only·in·certain·platforms 
183 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·- 
184 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
185 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then 
186 ····dnf·install·-y·"dnf-automatic" 
187 fi183 package·install·dnf-automatic
 184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 185 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 186 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 187 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 188 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 189 package·--add=dnf-automatic
188 else 
189 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
190 fi 
191 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*190 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
192 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed191 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed
193 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/192 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/
194 automatic.conf.193 automatic.conf.
195 ············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation194 ············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation
196 ············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and195 ············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and
197 Rationale:··updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in196 Rationale:··updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in
Offset 203, 54 lines modifiedOffset 203, 14 lines modified
203 Severity: ··medium203 Severity: ··medium
204 Rule·ID:····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates204 Rule·ID:····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates
205 ············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495205 ············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495
206 ············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)206 ············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)
207 References:·_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1207 References:·_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1
208 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260208 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260
209 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61209 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
210 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
211 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
212 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
213 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
214 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···unknown 
215 -·name:·Gather·the·package·facts 
216 ··package_facts: 
217 ····manager:·auto 
218 ··tags: 
219 ··-·NIST-800-53-CM-6(a) 
220 ··-·NIST-800-53-SI-2(5) 
221 ··-·NIST-800-53-SI-2(c) 
222 ··-·dnf-automatic_apply_updates 
223 ··-·low_complexity 
224 ··-·medium_disruption 
225 ··-·medium_severity 
226 ··-·no_reboot_needed 
Max diff block lines reached; 240122/246319 bytes (97.48%) of diff not shown.
13.7 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-ccn_advanced.html
    
Offset 15233, 251 lines modifiedOffset 15233, 251 lines modified
0003b800:·612d·7461·7267·6574·3d22·2369·646d·3932··a-target="#idm920003b800:·612d·7461·7267·6574·3d22·2369·646d·3932··a-target="#idm92
0003b810:·3530·2220·7461·6269·6e64·6578·3d22·3022··50"·tabindex="0"0003b810:·3530·2220·7461·6269·6e64·6578·3d22·3022··50"·tabindex="0"
0003b820:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a0003b820:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003b830:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa0003b830:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003b840:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti0003b840:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003b850:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·0003b850:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003b860:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi0003b860:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
0003b870:·6174·696f·6e20·4b75·6265·726e·6574·6573··ation·Kubernetes 
0003b880:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b890:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b8a0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b8b0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b8c0:·3932·3530·223e·3c74·6162·6c65·2063·6c61··9250"><table·cla 
0003b8d0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003b8e0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo0003b870:·6174·696f·6e20·5368·656c·6c20·7363·7269··ation·Shell·scri
 0003b880:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
 0003b890:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
 0003b8a0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
 0003b8b0:·6522·2069·643d·2269·646d·3932·3530·223e··e"·id="idm9250">
 0003b8c0:·3c70·7265·3e3c·636f·6465·3e0a·7661·725f··<pre><code>.var_
 0003b8d0:·7379·7374·656d·5f63·7279·7074·6f5f·706f··system_crypto_po
 0003b8e0:·6c69·6379·3d27·3c61·6262·7220·7469·746c··licy='<abbr·titl
 0003b8f0:·653d·2266·726f·6d20·5072·6f66·696c·652f··e="from·Profile/
 0003b900:·7265·6669·6e65·2d76·616c·7565·3a20·7863··refine-value:·xc
 0003b910:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
 0003b920:·6374·2e63·6f6e·7465·6e74·5f76·616c·7565··ct.content_value
 0003b930:·5f76·6172·5f73·7973·7465·6d5f·6372·7970··_var_system_cryp
 0003b940:·746f·5f70·6f6c·6963·7922·3e44·4546·4155··to_policy">DEFAU
 0003b950:·4c54·3c2f·6162·6272·3e27·0a0a·0a73·7464··LT</abbr>'...std
 0003b960:·6572·725f·6f66·5f63·616c·6c3d·2428·7570··err_of_call=$(up
 0003b970:·6461·7465·2d63·7279·7074·6f2d·706f·6c69··date-crypto-poli
 0003b980:·6369·6573·202d·2d73·6574·2024·7b76·6172··cies·--set·${var
 0003b990:·5f73·7973·7465·6d5f·6372·7970·746f·5f70··_system_crypto_p
 0003b9a0:·6f6c·6963·797d·2032·2667·743b·2661·6d70··olicy}·2&gt;&amp
 0003b9b0:·3b31·2026·6774·3b20·2f64·6576·2f6e·756c··;1·&gt;·/dev/nul
 0003b9c0:·6c29·0a72·633d·243f·0a0a·6966·2074·6573··l).rc=$?..if·tes
 0003b9d0:·7420·2224·7263·2220·3d20·3132·373b·2074··t·"$rc"·=·127;·t
 0003b9e0:·6865·6e0a·0965·6368·6f20·2224·7374·6465··hen..echo·"$stde
 0003b9f0:·7272·5f6f·665f·6361·6c6c·2220·2667·743b··rr_of_call"·&gt;
 0003ba00:·2661·6d70·3b32·0a09·6563·686f·2022·4d61··&amp;2..echo·"Ma
 0003ba10:·6b65·2073·7572·6520·7468·6174·2074·6865··ke·sure·that·the
 0003ba20:·2073·6372·6970·7420·6973·2069·6e73·7461···script·is·insta
 0003ba30:·6c6c·6564·206f·6e20·7468·6520·7265·6d65··lled·on·the·reme
 0003ba40:·6469·6174·6564·2073·7973·7465·6d2e·2220··diated·system."·
 0003ba50:·2667·743b·2661·6d70·3b32·0a09·6563·686f··&gt;&amp;2..echo
 0003ba60:·2022·5365·6520·6f75·7470·7574·206f·6620···"See·output·of·
 0003ba70:·7468·6520·2764·6e66·2070·726f·7669·6465··the·'dnf·provide
 0003ba80:·7320·7570·6461·7465·2d63·7279·7074·6f2d··s·update-crypto-
 0003ba90:·706f·6c69·6369·6573·2720·636f·6d6d·616e··policies'·comman
 0003baa0:·6422·2026·6774·3b26·616d·703b·320a·0965··d"·&gt;&amp;2..e
 0003bab0:·6368·6f20·2274·6f20·7365·6520·7768·6174··cho·"to·see·what
 0003bac0:·2070·6163·6b61·6765·2074·6f20·2872·6529···package·to·(re)
 0003bad0:·696e·7374·616c·6c22·2026·6774·3b26·616d··install"·&gt;&am
 0003bae0:·703b·320a·0a09·6661·6c73·6520·2023·2065··p;2...false··#·e
 0003baf0:·6e64·2077·6974·6820·616e·2065·7272·6f72··nd·with·an·error
 0003bb00:·2063·6f64·650a·656c·6966·2074·6573·7420···code.elif·test·
 0003bb10:·2224·7263·2220·213d·2030·3b20·7468·656e··"$rc"·!=·0;·then
 0003bb20:·0a09·6563·686f·2022·4572·726f·7220·696e··..echo·"Error·in
 0003bb30:·766f·6b69·6e67·2074·6865·2075·7064·6174··voking·the·updat
 0003bb40:·652d·6372·7970·746f·2d70·6f6c·6963·6965··e-crypto-policie
 0003bb50:·7320·7363·7269·7074·3a20·2473·7464·6572··s·script:·$stder
 0003bb60:·725f·6f66·5f63·616c·6c22·2026·6774·3b26··r_of_call"·&gt;&
 0003bb70:·616d·703b·320a·0966·616c·7365·2020·2320··amp;2..false··#·
 0003bb80:·656e·6420·7769·7468·2061·6e20·6572·726f··end·with·an·erro
 0003bb90:·7220·636f·6465·0a66·690a·3c2f·636f·6465··r·code.fi.</code
 0003bba0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
 0003bbb0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
 0003bbc0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
 0003bbd0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
 0003bbe0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
 0003bbf0:·3932·3532·2220·7461·6269·6e64·6578·3d22··9252"·tabindex="
 0003bc00:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
 0003bc10:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
 0003bc20:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
 0003bc30:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
 0003bc40:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
 0003bc50:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·
 0003bc60:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
 0003bc70:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
 0003bc80:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
 0003bc90:·6c6c·6170·7365·2220·6964·3d22·6964·6d39··llapse"·id="idm9
 0003bca0:·3235·3222·3e3c·7461·626c·6520·636c·6173··252"><table·clas
 0003bcb0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003b8f0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con0003bcc0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
 0003bcd0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
 0003bce0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
 0003bcf0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003b900:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003b910:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003b920:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b930:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003b940:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003b950:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b960:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b970:·643e·7472·7565·3c2f·7464·3e3c·2f74·723e··d>true</td></tr>0003bd00:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003bd10:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
 0003bd20:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
 0003bd30:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003bd40:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
 0003bd50:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
0003b980:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy0003bd60:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
0003b990:·3a3c·2f74·683e·3c74·643e·7265·7374·7269··:</th><td>restri0003bd70:·3a3c·2f74·683e·3c74·643e·7265·7374·7269··:</th><td>restri
0003b9a0:·6374·3c2f·7464·3e3c·2f74·723e·3c2f·7461··ct</td></tr></ta0003bd80:·6374·3c2f·7464·3e3c·2f74·723e·3c2f·7461··ct</td></tr></ta
0003b9b0:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-0003bd90:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-
0003b9c0:·2d2d·0a61·7069·5665·7273·696f·6e3a·206d··--.apiVersion:·m 
0003b9d0:·6163·6869·6e65·636f·6e66·6967·7572·6174··achineconfigurat 
0003b9e0:·696f·6e2e·6f70·656e·7368·6966·742e·696f··ion.openshift.io 
0003b9f0:·2f76·310a·6b69·6e64·3a20·4d61·6368·696e··/v1.kind:·Machin 
0003ba00:·6543·6f6e·6669·670a·7370·6563·3a0a·2020··eConfig.spec:.·· 
0003ba10:·636f·6e66·6967·3a0a·2020·2020·6967·6e69··config:.····igni 
0003ba20:·7469·6f6e·3a0a·2020·2020·2020·7665·7273··tion:.······vers 
0003ba30:·696f·6e3a·2033·2e31·2e30·0a20·2020·2073··ion:·3.1.0.····s 
0003ba40:·7973·7465·6d64·3a0a·2020·2020·2020·756e··ystemd:.······un 
0003ba50:·6974·733a·0a20·2020·2020·2020·202d·206e··its:.········-·n 
0003ba60:·616d·653a·2063·6f6e·6669·6775·7265·2d63··ame:·configure-c 
0003ba70:·7279·7074·6f2d·706f·6c69·6379·2e73·6572··rypto-policy.ser 
0003ba80:·7669·6365·0a20·2020·2020·2020·2020·2065··vice.··········e 
0003ba90:·6e61·626c·6564·3a20·7472·7565·0a20·2020··nabled:·true.··· 
0003baa0:·2020·2020·2020·2063·6f6e·7465·6e74·733a·········contents: 
0003bab0:·207c·0a20·2020·2020·2020·2020·2020·205b···|.············[ 
0003bac0:·556e·6974·5d0a·2020·2020·2020·2020·2020··Unit].·········· 
0003bad0:·2020·4265·666f·7265·3d6b·7562·656c·6574····Before=kubelet 
0003bae0:·2e73·6572·7669·6365·0a20·2020·2020·2020··.service.······· 
0003baf0:·2020·2020·205b·5365·7276·6963·655d·0a20·······[Service].· 
0003bb00:·2020·2020·2020·2020·2020·2054·7970·653d·············Type= 
0003bb10:·6f6e·6573·686f·740a·2020·2020·2020·2020··oneshot.········ 
0003bb20:·2020·2020·4578·6563·5374·6172·743d·7570······ExecStart=up 
Max diff block lines reached; 13130705/13163991 bytes (99.75%) of diff not shown.
1.12 MB
html2text {}
    
Offset 120, 39 lines modifiedOffset 120, 33 lines modified
120 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1120 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
121 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)121 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
122 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1122 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
123 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174123 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
124 ············_\x8c_\x8i_\x8s······1.6.1124 ············_\x8c_\x8i_\x8s······1.6.1
125 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2125 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
126 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258241r1051259_rule,·SV-258230r958408_rule126 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258241r1051259_rule,·SV-258230r958408_rule
127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
  
 128 var_system_crypto_policy='DEFAULT'
  
  
 129 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 130 rc=$?
  
 131 if·test·"$rc"·=·127;·then
 132 »       echo·"$stderr_of_call"·>&2
 133 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 134 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 135 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 136 »       false··#·end·with·an·error·code
 137 elif·test·"$rc"·!=·0;·then
 138 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 139 »       false··#·end·with·an·error·code
 140 fi
128 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
129 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
130 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true 
131 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
132 --- 
133 apiVersion:·machineconfiguration.openshift.io/v1 
134 kind:·MachineConfig 
135 spec: 
136 ··config: 
137 ····ignition: 
138 ······version:·3.1.0 
139 ····systemd: 
140 ······units: 
141 ········-·name:·configure-crypto-policy.service 
142 ··········enabled:·true 
143 ··········contents:·| 
144 ············[Unit] 
145 ············Before=kubelet.service 
146 ············[Service] 
147 ············Type=oneshot 
148 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}} 
149 ············RemainAfterExit=yes 
150 ············[Install] 
151 ············WantedBy=multi-user.target 
152 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
153 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low142 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
154 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low143 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
155 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false144 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
156 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict145 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
157 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable146 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
158 ··set_fact:147 ··set_fact:
Offset 203, 33 lines modifiedOffset 197, 39 lines modified
203 ··-·PCI-DSSv4-2.2.7197 ··-·PCI-DSSv4-2.2.7
204 ··-·configure_crypto_policy198 ··-·configure_crypto_policy
205 ··-·high_severity199 ··-·high_severity
206 ··-·low_complexity200 ··-·low_complexity
207 ··-·low_disruption201 ··-·low_disruption
208 ··-·no_reboot_needed202 ··-·no_reboot_needed
209 ··-·restrict_strategy203 ··-·restrict_strategy
210 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8204 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
  
211 var_system_crypto_policy='DEFAULT' 
  
  
212 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
213 rc=$? 
  
214 if·test·"$rc"·=·127;·then 
215 »       echo·"$stderr_of_call"·>&2 
216 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
217 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
218 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
219 »       false··#·end·with·an·error·code 
220 elif·test·"$rc"·!=·0;·then 
221 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
222 »       false··#·end·with·an·error·code 
223 fi205 C.Co.om.mp.pl.le.ex.xi.it.ty.y:.:·low
 206 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 207 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
 208 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 209 ---
 210 apiVersion:·machineconfiguration.openshift.io/v1
 211 kind:·MachineConfig
 212 spec:
 213 ··config:
 214 ····ignition:
 215 ······version:·3.1.0
 216 ····systemd:
 217 ······units:
 218 ········-·name:·configure-crypto-policy.service
 219 ··········enabled:·true
 220 ··········contents:·|
 221 ············[Unit]
 222 ············Before=kubelet.service
 223 ············[Service]
 224 ············Type=oneshot
 225 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}}
 226 ············RemainAfterExit=yes
 227 ············[Install]
 228 ············WantedBy=multi-user.target
224 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*229 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
225 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is·supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.230 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is·supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.
226 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,·and·makes·system·configuration·more·fragmented.231 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,·and·makes·system·configuration·more·fragmented.
227 Severity: ··medium232 Severity: ··medium
228 Rule·ID:····xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy233 Rule·ID:····xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy
229 ············_\x8d_\x8i_\x8s_\x8a·····CCI-001453234 ············_\x8d_\x8i_\x8s_\x8a·····CCI-001453
230 ············_\x8h_\x8i_\x8p_\x8a_\x8a····164.308(a)(4)(i),·164.308(b)(1),·164.308(b)(3),·164.312(e)(1),·164.312(e)(2)(ii)235 ············_\x8h_\x8i_\x8p_\x8a_\x8a····164.308(a)(4)(i),·164.308(b)(1),·164.308(b)(3),·164.312(e)(1),·164.312(e)(2)(ii)
Offset 237, 14 lines modifiedOffset 237, 19 lines modified
237 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13237 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13
238 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1238 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1
239 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2239 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
240 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093240 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
241 ············_\x8c_\x8i_\x8s······1.6.2241 ············_\x8c_\x8i_\x8s······1.6.2
242 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2242 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
243 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-257991r1051246_rule243 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-257991r1051246_rule
 244 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 245 SSH_CONF="/etc/sysconfig/sshd"
  
 246 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
Max diff block lines reached; 1168928/1174531 bytes (99.52%) of diff not shown.
9.42 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-ccn_basic.html
    
Offset 15193, 251 lines modifiedOffset 15193, 251 lines modified
0003b580:·7461·2d74·6172·6765·743d·2223·6964·6d39··ta-target="#idm90003b580:·7461·2d74·6172·6765·743d·2223·6964·6d39··ta-target="#idm9
0003b590:·3235·3022·2074·6162·696e·6465·783d·2230··250"·tabindex="00003b590:·3235·3022·2074·6162·696e·6465·783d·2230··250"·tabindex="0
0003b5a0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·0003b5a0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003b5b0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f0003b5b0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003b5c0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act0003b5c0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003b5d0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"0003b5d0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
0003b5e0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed0003b5e0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003b5f0:·6961·7469·6f6e·2053·6865·6c6c·2073·6372··iation·Shell·scr
 0003b600:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br><
 0003b610:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
 0003b620:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
 0003b630:·7365·2220·6964·3d22·6964·6d39·3235·3022··se"·id="idm9250"
0003b5f0:·6961·7469·6f6e·204b·7562·6572·6e65·7465··iation·Kubernete 
0003b600:·7320·736e·6970·7065·7420·e287·b23c·2f61··s·snippet·...</a 
0003b610:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b620:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b630:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b640:·6d39·3235·3022·3e3c·7461·626c·6520·636c··m9250"><table·cl 
0003b650:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003b660:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003b670:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003b680:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003b690:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003b6a0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b6b0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003b6c0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003b6d0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b6e0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003b6f0:·7464·3e74·7275·653c·2f74·643e·3c2f·7472··td>true</td></tr 
0003b700:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b710:·793a·3c2f·7468·3e3c·7464·3e72·6573·7472··y:</th><td>restr 
0003b720:·6963·743c·2f74·643e·3c2f·7472·3e3c·2f74··ict</td></tr></t 
0003b730:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>0003b640:·3e3c·7072·653e·3c63·6f64·653e·0a76·6172··><pre><code>.var
 0003b650:·5f73·7973·7465·6d5f·6372·7970·746f·5f70··_system_crypto_p
 0003b660:·6f6c·6963·793d·273c·6162·6272·2074·6974··olicy='<abbr·tit
 0003b670:·6c65·3d22·6672·6f6d·2050·726f·6669·6c65··le="from·Profile
 0003b680:·2f72·6566·696e·652d·7661·6c75·653a·2078··/refine-value:·x
 0003b690:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
 0003b6a0:·6563·742e·636f·6e74·656e·745f·7661·6c75··ect.content_valu
 0003b6b0:·655f·7661·725f·7379·7374·656d·5f63·7279··e_var_system_cry
 0003b6c0:·7074·6f5f·706f·6c69·6379·223e·4445·4641··pto_policy">DEFA
 0003b6d0:·554c·543c·2f61·6262·723e·270a·0a0a·7374··ULT</abbr>'...st
 0003b6e0:·6465·7272·5f6f·665f·6361·6c6c·3d24·2875··derr_of_call=$(u
0003b740:·2d2d·2d0a·6170·6956·6572·7369·6f6e·3a20··---.apiVersion:· 
0003b750:·6d61·6368·696e·6563·6f6e·6669·6775·7261··machineconfigura 
0003b760:·7469·6f6e·2e6f·7065·6e73·6869·6674·2e69··tion.openshift.i 
0003b770:·6f2f·7631·0a6b·696e·643a·204d·6163·6869··o/v1.kind:·Machi 
0003b780:·6e65·436f·6e66·6967·0a73·7065·633a·0a20··neConfig.spec:.· 
0003b790:·2063·6f6e·6669·673a·0a20·2020·2069·676e···config:.····ign 
0003b7a0:·6974·696f·6e3a·0a20·2020·2020·2076·6572··ition:.······ver 
0003b7b0:·7369·6f6e·3a20·332e·312e·300a·2020·2020··sion:·3.1.0.···· 
0003b7c0:·7379·7374·656d·643a·0a20·2020·2020·2075··systemd:.······u 
0003b7d0:·6e69·7473·3a0a·2020·2020·2020·2020·2d20··nits:.········-· 
0003b7e0:·6e61·6d65·3a20·636f·6e66·6967·7572·652d··name:·configure- 
0003b7f0:·6372·7970·746f·2d70·6f6c·6963·792e·7365··crypto-policy.se 
0003b800:·7276·6963·650a·2020·2020·2020·2020·2020··rvice.·········· 
0003b810:·656e·6162·6c65·643a·2074·7275·650a·2020··enabled:·true.·· 
0003b820:·2020·2020·2020·2020·636f·6e74·656e·7473··········contents 
0003b830:·3a20·7c0a·2020·2020·2020·2020·2020·2020··:·|.············ 
0003b840:·5b55·6e69·745d·0a20·2020·2020·2020·2020··[Unit].········· 
0003b850:·2020·2042·6566·6f72·653d·6b75·6265·6c65·····Before=kubele 
0003b860:·742e·7365·7276·6963·650a·2020·2020·2020··t.service.······ 
0003b870:·2020·2020·2020·5b53·6572·7669·6365·5d0a········[Service]. 
0003b880:·2020·2020·2020·2020·2020·2020·5479·7065··············Type 
0003b890:·3d6f·6e65·7368·6f74·0a20·2020·2020·2020··=oneshot.······· 
0003b8a0:·2020·2020·2045·7865·6353·7461·7274·3d75·······ExecStart=u 
0003b8b0:·7064·6174·652d·6372·7970·746f·2d70·6f6c··pdate-crypto-pol0003b6f0:·7064·6174·652d·6372·7970·746f·2d70·6f6c··pdate-crypto-pol
0003b8c0:·6963·6965·7320·2d2d·7365·7420·7b7b·2e76··icies·--set·{{.v0003b700:·6963·6965·7320·2d2d·7365·7420·247b·7661··icies·--set·${va
0003b8d0:·6172·5f73·7973·7465·6d5f·6372·7970·746f··ar_system_crypto 
0003b8e0:·5f70·6f6c·6963·797d·7d0a·2020·2020·2020··_policy}}.······ 
0003b8f0:·2020·2020·2020·5265·6d61·696e·4166·7465········RemainAfte 
0003b900:·7245·7869·743d·7965·730a·2020·2020·2020··rExit=yes.······ 
0003b910:·2020·2020·2020·5b49·6e73·7461·6c6c·5d0a········[Install]. 
0003b920:·2020·2020·2020·2020·2020·2020·5761·6e74··············Want 
0003b930:·6564·4279·3d6d·756c·7469·2d75·7365·722e··edBy=multi-user. 
0003b940:·7461·7267·6574·0a3c·2f63·6f64·653e·3c2f··target.</code></ 
0003b950:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003b960:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003b970:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003b980:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003b990:·2d74·6172·6765·743d·2223·6964·6d39·3235··-target="#idm925 
0003b9a0:·3122·2074·6162·696e·6465·783d·2230·2220··1"·tabindex="0"· 
0003b9b0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003b9c0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003b9d0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003b9e0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003b9f0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003ba00:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni 
0003ba10:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003ba20:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003ba30:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003ba40:·7073·6522·2069·643d·2269·646d·3932·3531··pse"·id="idm9251 
0003ba50:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003ba60:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003ba70:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003ba80:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003ba90:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003baa0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003bab0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003bac0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003bad0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003bae0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003baf0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003bb00:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003bb10:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003bb20:·7468·3e3c·7464·3e72·6573·7472·6963·743c··th><td>restrict< 
0003bb30:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003bb40:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na 
0003bb50:·6d65·3a20·5843·4344·4620·5661·6c75·6520··me:·XCCDF·Value· 
0003bb60:·7661·725f·7379·7374·656d·5f63·7279·7074··var_system_crypt0003b710:·725f·7379·7374·656d·5f63·7279·7074·6f5f··r_system_crypto_
0003bb70:·6f5f·706f·6c69·6379·2023·2070·726f·6d6f··o_policy·#·promo 
0003bb80:·7465·2074·6f20·7661·7269·6162·6c65·0a20··te·to·variable.· 
0003bb90:·2073·6574·5f66·6163·743a·0a20·2020·2076···set_fact:.····v 
0003bba0:·6172·5f73·7973·7465·6d5f·6372·7970·746f··ar_system_crypto 
0003bbb0:·5f70·6f6c·6963·793a·2021·2173·7472·203c··_policy:·!!str·< 
0003bbc0:·6162·6272·2074·6974·6c65·3d22·6672·6f6d··abbr·title="from 
0003bbd0:·2050·726f·6669·6c65·2f72·6566·696e·652d···Profile/refine- 
0003bbe0:·7661·6c75·653a·2078·6363·6466·5f6f·7267··value:·xccdf_org 
0003bbf0:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont 
0003bc00:·656e·745f·7661·6c75·655f·7661·725f·7379··ent_value_var_sy 
0003bc10:·7374·656d·5f63·7279·7074·6f5f·706f·6c69··stem_crypto_poli 
0003bc20:·6379·223e·4445·4641·554c·543c·2f61·6262··cy">DEFAULT</abb 
0003bc30:·723e·0a20·2074·6167·733a·0a20·2020·202d··r>.··tags:.····- 
0003bc40:·2061·6c77·6179·730a·0a2d·206e·616d·653a···always..-·name: 
0003bc50:·2043·6f6e·6669·6775·7265·2053·7973·7465···Configure·Syste 
0003bc60:·6d20·4372·7970·746f·6772·6170·6879·2050··m·Cryptography·P 
0003bc70:·6f6c·6963·790a·2020·6c69·6e65·696e·6669··olicy.··lineinfi 
Max diff block lines reached; 8967490/9000776 bytes (99.63%) of diff not shown.
858 KB
html2text {}
    
Offset 112, 39 lines modifiedOffset 112, 33 lines modified
112 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1112 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
113 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)113 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
114 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1114 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
115 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174115 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
116 ············_\x8c_\x8i_\x8s······1.6.1116 ············_\x8c_\x8i_\x8s······1.6.1
117 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2117 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
118 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258241r1051259_rule,·SV-258230r958408_rule118 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258241r1051259_rule,·SV-258230r958408_rule
119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
  
 120 var_system_crypto_policy='DEFAULT'
  
  
 121 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 122 rc=$?
  
 123 if·test·"$rc"·=·127;·then
 124 »       echo·"$stderr_of_call"·>&2
 125 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 126 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 127 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 128 »       false··#·end·with·an·error·code
 129 elif·test·"$rc"·!=·0;·then
 130 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 131 »       false··#·end·with·an·error·code
 132 fi
120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true 
123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
124 --- 
125 apiVersion:·machineconfiguration.openshift.io/v1 
126 kind:·MachineConfig 
127 spec: 
128 ··config: 
129 ····ignition: 
130 ······version:·3.1.0 
131 ····systemd: 
132 ······units: 
133 ········-·name:·configure-crypto-policy.service 
134 ··········enabled:·true 
135 ··········contents:·| 
136 ············[Unit] 
137 ············Before=kubelet.service 
138 ············[Service] 
139 ············Type=oneshot 
140 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}} 
141 ············RemainAfterExit=yes 
142 ············[Install] 
143 ············WantedBy=multi-user.target 
144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
145 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
146 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
147 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
148 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
149 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable138 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
150 ··set_fact:139 ··set_fact:
Offset 195, 33 lines modifiedOffset 189, 39 lines modified
195 ··-·PCI-DSSv4-2.2.7189 ··-·PCI-DSSv4-2.2.7
196 ··-·configure_crypto_policy190 ··-·configure_crypto_policy
197 ··-·high_severity191 ··-·high_severity
198 ··-·low_complexity192 ··-·low_complexity
199 ··-·low_disruption193 ··-·low_disruption
200 ··-·no_reboot_needed194 ··-·no_reboot_needed
201 ··-·restrict_strategy195 ··-·restrict_strategy
202 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8196 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
  
203 var_system_crypto_policy='DEFAULT' 
  
  
204 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
205 rc=$? 
  
206 if·test·"$rc"·=·127;·then 
207 »       echo·"$stderr_of_call"·>&2 
208 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
209 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
210 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
211 »       false··#·end·with·an·error·code 
212 elif·test·"$rc"·!=·0;·then 
213 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
214 »       false··#·end·with·an·error·code 
215 fi197 C.Co.om.mp.pl.le.ex.xi.it.ty.y:.:·low
 198 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 199 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
 200 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 201 ---
 202 apiVersion:·machineconfiguration.openshift.io/v1
 203 kind:·MachineConfig
 204 spec:
 205 ··config:
 206 ····ignition:
 207 ······version:·3.1.0
 208 ····systemd:
 209 ······units:
 210 ········-·name:·configure-crypto-policy.service
 211 ··········enabled:·true
 212 ··········contents:·|
 213 ············[Unit]
 214 ············Before=kubelet.service
 215 ············[Service]
 216 ············Type=oneshot
 217 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}}
 218 ············RemainAfterExit=yes
 219 ············[Install]
 220 ············WantedBy=multi-user.target
216 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*221 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
217 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is·supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.222 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is·supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.
218 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,·and·makes·system·configuration·more·fragmented.223 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,·and·makes·system·configuration·more·fragmented.
219 Severity: ··medium224 Severity: ··medium
220 Rule·ID:····xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy225 Rule·ID:····xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy
221 ············_\x8d_\x8i_\x8s_\x8a·····CCI-001453226 ············_\x8d_\x8i_\x8s_\x8a·····CCI-001453
222 ············_\x8h_\x8i_\x8p_\x8a_\x8a····164.308(a)(4)(i),·164.308(b)(1),·164.308(b)(3),·164.312(e)(1),·164.312(e)(2)(ii)227 ············_\x8h_\x8i_\x8p_\x8a_\x8a····164.308(a)(4)(i),·164.308(b)(1),·164.308(b)(3),·164.312(e)(1),·164.312(e)(2)(ii)
Offset 229, 14 lines modifiedOffset 229, 19 lines modified
229 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13229 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13
230 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1230 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1
231 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2231 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
232 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093232 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
233 ············_\x8c_\x8i_\x8s······1.6.2233 ············_\x8c_\x8i_\x8s······1.6.2
234 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2234 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
235 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-257991r1051246_rule235 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-257991r1051246_rule
 236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 237 SSH_CONF="/etc/sysconfig/sshd"
  
 238 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
Max diff block lines reached; 872907/878510 bytes (99.36%) of diff not shown.
10.9 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-ccn_intermediate.html
    
Offset 15234, 251 lines modifiedOffset 15234, 251 lines modified
0003b810:·612d·7461·7267·6574·3d22·2369·646d·3932··a-target="#idm920003b810:·612d·7461·7267·6574·3d22·2369·646d·3932··a-target="#idm92
0003b820:·3530·2220·7461·6269·6e64·6578·3d22·3022··50"·tabindex="0"0003b820:·3530·2220·7461·6269·6e64·6578·3d22·3022··50"·tabindex="0"
0003b830:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a0003b830:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003b840:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa0003b840:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003b850:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti0003b850:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003b860:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·0003b860:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003b870:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi0003b870:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
0003b880:·6174·696f·6e20·4b75·6265·726e·6574·6573··ation·Kubernetes 
0003b890:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b8a0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b8b0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b8c0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b8d0:·3932·3530·223e·3c74·6162·6c65·2063·6c61··9250"><table·cla 
0003b8e0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003b8f0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo0003b880:·6174·696f·6e20·5368·656c·6c20·7363·7269··ation·Shell·scri
 0003b890:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
 0003b8a0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
 0003b8b0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
 0003b8c0:·6522·2069·643d·2269·646d·3932·3530·223e··e"·id="idm9250">
 0003b8d0:·3c70·7265·3e3c·636f·6465·3e0a·7661·725f··<pre><code>.var_
 0003b8e0:·7379·7374·656d·5f63·7279·7074·6f5f·706f··system_crypto_po
 0003b8f0:·6c69·6379·3d27·3c61·6262·7220·7469·746c··licy='<abbr·titl
 0003b900:·653d·2266·726f·6d20·5072·6f66·696c·652f··e="from·Profile/
 0003b910:·7265·6669·6e65·2d76·616c·7565·3a20·7863··refine-value:·xc
 0003b920:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
 0003b930:·6374·2e63·6f6e·7465·6e74·5f76·616c·7565··ct.content_value
 0003b940:·5f76·6172·5f73·7973·7465·6d5f·6372·7970··_var_system_cryp
 0003b950:·746f·5f70·6f6c·6963·7922·3e44·4546·4155··to_policy">DEFAU
 0003b960:·4c54·3c2f·6162·6272·3e27·0a0a·0a73·7464··LT</abbr>'...std
 0003b970:·6572·725f·6f66·5f63·616c·6c3d·2428·7570··err_of_call=$(up
 0003b980:·6461·7465·2d63·7279·7074·6f2d·706f·6c69··date-crypto-poli
 0003b990:·6369·6573·202d·2d73·6574·2024·7b76·6172··cies·--set·${var
 0003b9a0:·5f73·7973·7465·6d5f·6372·7970·746f·5f70··_system_crypto_p
 0003b9b0:·6f6c·6963·797d·2032·2667·743b·2661·6d70··olicy}·2&gt;&amp
 0003b9c0:·3b31·2026·6774·3b20·2f64·6576·2f6e·756c··;1·&gt;·/dev/nul
 0003b9d0:·6c29·0a72·633d·243f·0a0a·6966·2074·6573··l).rc=$?..if·tes
 0003b9e0:·7420·2224·7263·2220·3d20·3132·373b·2074··t·"$rc"·=·127;·t
 0003b9f0:·6865·6e0a·0965·6368·6f20·2224·7374·6465··hen..echo·"$stde
 0003ba00:·7272·5f6f·665f·6361·6c6c·2220·2667·743b··rr_of_call"·&gt;
 0003ba10:·2661·6d70·3b32·0a09·6563·686f·2022·4d61··&amp;2..echo·"Ma
 0003ba20:·6b65·2073·7572·6520·7468·6174·2074·6865··ke·sure·that·the
 0003ba30:·2073·6372·6970·7420·6973·2069·6e73·7461···script·is·insta
 0003ba40:·6c6c·6564·206f·6e20·7468·6520·7265·6d65··lled·on·the·reme
 0003ba50:·6469·6174·6564·2073·7973·7465·6d2e·2220··diated·system."·
 0003ba60:·2667·743b·2661·6d70·3b32·0a09·6563·686f··&gt;&amp;2..echo
 0003ba70:·2022·5365·6520·6f75·7470·7574·206f·6620···"See·output·of·
 0003ba80:·7468·6520·2764·6e66·2070·726f·7669·6465··the·'dnf·provide
 0003ba90:·7320·7570·6461·7465·2d63·7279·7074·6f2d··s·update-crypto-
 0003baa0:·706f·6c69·6369·6573·2720·636f·6d6d·616e··policies'·comman
 0003bab0:·6422·2026·6774·3b26·616d·703b·320a·0965··d"·&gt;&amp;2..e
 0003bac0:·6368·6f20·2274·6f20·7365·6520·7768·6174··cho·"to·see·what
 0003bad0:·2070·6163·6b61·6765·2074·6f20·2872·6529···package·to·(re)
 0003bae0:·696e·7374·616c·6c22·2026·6774·3b26·616d··install"·&gt;&am
 0003baf0:·703b·320a·0a09·6661·6c73·6520·2023·2065··p;2...false··#·e
 0003bb00:·6e64·2077·6974·6820·616e·2065·7272·6f72··nd·with·an·error
 0003bb10:·2063·6f64·650a·656c·6966·2074·6573·7420···code.elif·test·
 0003bb20:·2224·7263·2220·213d·2030·3b20·7468·656e··"$rc"·!=·0;·then
 0003bb30:·0a09·6563·686f·2022·4572·726f·7220·696e··..echo·"Error·in
 0003bb40:·766f·6b69·6e67·2074·6865·2075·7064·6174··voking·the·updat
 0003bb50:·652d·6372·7970·746f·2d70·6f6c·6963·6965··e-crypto-policie
 0003bb60:·7320·7363·7269·7074·3a20·2473·7464·6572··s·script:·$stder
 0003bb70:·725f·6f66·5f63·616c·6c22·2026·6774·3b26··r_of_call"·&gt;&
 0003bb80:·616d·703b·320a·0966·616c·7365·2020·2320··amp;2..false··#·
 0003bb90:·656e·6420·7769·7468·2061·6e20·6572·726f··end·with·an·erro
 0003bba0:·7220·636f·6465·0a66·690a·3c2f·636f·6465··r·code.fi.</code
 0003bbb0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
 0003bbc0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
 0003bbd0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
 0003bbe0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
 0003bbf0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
 0003bc00:·3932·3532·2220·7461·6269·6e64·6578·3d22··9252"·tabindex="
 0003bc10:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
 0003bc20:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
 0003bc30:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
 0003bc40:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
 0003bc50:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
 0003bc60:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·
 0003bc70:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
 0003bc80:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
 0003bc90:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
 0003bca0:·6c6c·6170·7365·2220·6964·3d22·6964·6d39··llapse"·id="idm9
 0003bcb0:·3235·3222·3e3c·7461·626c·6520·636c·6173··252"><table·clas
 0003bcc0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003b900:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con0003bcd0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
 0003bce0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
 0003bcf0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
 0003bd00:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003b910:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003b920:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003b930:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b940:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003b950:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003b960:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b970:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b980:·643e·7472·7565·3c2f·7464·3e3c·2f74·723e··d>true</td></tr>0003bd10:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003bd20:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
 0003bd30:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
 0003bd40:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003bd50:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
 0003bd60:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
0003b990:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy0003bd70:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
0003b9a0:·3a3c·2f74·683e·3c74·643e·7265·7374·7269··:</th><td>restri0003bd80:·3a3c·2f74·683e·3c74·643e·7265·7374·7269··:</th><td>restri
0003b9b0:·6374·3c2f·7464·3e3c·2f74·723e·3c2f·7461··ct</td></tr></ta0003bd90:·6374·3c2f·7464·3e3c·2f74·723e·3c2f·7461··ct</td></tr></ta
0003b9c0:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-0003bda0:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-
0003b9d0:·2d2d·0a61·7069·5665·7273·696f·6e3a·206d··--.apiVersion:·m 
0003b9e0:·6163·6869·6e65·636f·6e66·6967·7572·6174··achineconfigurat 
0003b9f0:·696f·6e2e·6f70·656e·7368·6966·742e·696f··ion.openshift.io 
0003ba00:·2f76·310a·6b69·6e64·3a20·4d61·6368·696e··/v1.kind:·Machin 
0003ba10:·6543·6f6e·6669·670a·7370·6563·3a0a·2020··eConfig.spec:.·· 
0003ba20:·636f·6e66·6967·3a0a·2020·2020·6967·6e69··config:.····igni 
0003ba30:·7469·6f6e·3a0a·2020·2020·2020·7665·7273··tion:.······vers 
0003ba40:·696f·6e3a·2033·2e31·2e30·0a20·2020·2073··ion:·3.1.0.····s 
0003ba50:·7973·7465·6d64·3a0a·2020·2020·2020·756e··ystemd:.······un 
0003ba60:·6974·733a·0a20·2020·2020·2020·202d·206e··its:.········-·n 
0003ba70:·616d·653a·2063·6f6e·6669·6775·7265·2d63··ame:·configure-c 
0003ba80:·7279·7074·6f2d·706f·6c69·6379·2e73·6572··rypto-policy.ser 
0003ba90:·7669·6365·0a20·2020·2020·2020·2020·2065··vice.··········e 
0003baa0:·6e61·626c·6564·3a20·7472·7565·0a20·2020··nabled:·true.··· 
0003bab0:·2020·2020·2020·2063·6f6e·7465·6e74·733a·········contents: 
0003bac0:·207c·0a20·2020·2020·2020·2020·2020·205b···|.············[ 
0003bad0:·556e·6974·5d0a·2020·2020·2020·2020·2020··Unit].·········· 
0003bae0:·2020·4265·666f·7265·3d6b·7562·656c·6574····Before=kubelet 
0003baf0:·2e73·6572·7669·6365·0a20·2020·2020·2020··.service.······· 
0003bb00:·2020·2020·205b·5365·7276·6963·655d·0a20·······[Service].· 
0003bb10:·2020·2020·2020·2020·2020·2054·7970·653d·············Type= 
0003bb20:·6f6e·6573·686f·740a·2020·2020·2020·2020··oneshot.········ 
0003bb30:·2020·2020·4578·6563·5374·6172·743d·7570······ExecStart=up 
Max diff block lines reached; 10273118/10306404 bytes (99.68%) of diff not shown.
1.03 MB
html2text {}
    
Offset 120, 39 lines modifiedOffset 120, 33 lines modified
120 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1120 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
121 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)121 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
122 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1122 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
123 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174123 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
124 ············_\x8c_\x8i_\x8s······1.6.1124 ············_\x8c_\x8i_\x8s······1.6.1
125 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2125 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
126 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258241r1051259_rule,·SV-258230r958408_rule126 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258241r1051259_rule,·SV-258230r958408_rule
127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
  
 128 var_system_crypto_policy='DEFAULT'
  
  
 129 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 130 rc=$?
  
 131 if·test·"$rc"·=·127;·then
 132 »       echo·"$stderr_of_call"·>&2
 133 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 134 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 135 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 136 »       false··#·end·with·an·error·code
 137 elif·test·"$rc"·!=·0;·then
 138 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 139 »       false··#·end·with·an·error·code
 140 fi
128 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
129 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
130 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true 
131 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
132 --- 
133 apiVersion:·machineconfiguration.openshift.io/v1 
134 kind:·MachineConfig 
135 spec: 
136 ··config: 
137 ····ignition: 
138 ······version:·3.1.0 
139 ····systemd: 
140 ······units: 
141 ········-·name:·configure-crypto-policy.service 
142 ··········enabled:·true 
143 ··········contents:·| 
144 ············[Unit] 
145 ············Before=kubelet.service 
146 ············[Service] 
147 ············Type=oneshot 
148 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}} 
149 ············RemainAfterExit=yes 
150 ············[Install] 
151 ············WantedBy=multi-user.target 
152 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
153 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low142 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
154 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low143 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
155 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false144 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
156 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict145 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
157 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable146 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
158 ··set_fact:147 ··set_fact:
Offset 203, 33 lines modifiedOffset 197, 39 lines modified
203 ··-·PCI-DSSv4-2.2.7197 ··-·PCI-DSSv4-2.2.7
204 ··-·configure_crypto_policy198 ··-·configure_crypto_policy
205 ··-·high_severity199 ··-·high_severity
206 ··-·low_complexity200 ··-·low_complexity
207 ··-·low_disruption201 ··-·low_disruption
208 ··-·no_reboot_needed202 ··-·no_reboot_needed
209 ··-·restrict_strategy203 ··-·restrict_strategy
210 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8204 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
  
211 var_system_crypto_policy='DEFAULT' 
  
  
212 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
213 rc=$? 
  
214 if·test·"$rc"·=·127;·then 
215 »       echo·"$stderr_of_call"·>&2 
216 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
217 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
218 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
219 »       false··#·end·with·an·error·code 
220 elif·test·"$rc"·!=·0;·then 
221 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
222 »       false··#·end·with·an·error·code 
223 fi205 C.Co.om.mp.pl.le.ex.xi.it.ty.y:.:·low
 206 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 207 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
 208 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 209 ---
 210 apiVersion:·machineconfiguration.openshift.io/v1
 211 kind:·MachineConfig
 212 spec:
 213 ··config:
 214 ····ignition:
 215 ······version:·3.1.0
 216 ····systemd:
 217 ······units:
 218 ········-·name:·configure-crypto-policy.service
 219 ··········enabled:·true
 220 ··········contents:·|
 221 ············[Unit]
 222 ············Before=kubelet.service
 223 ············[Service]
 224 ············Type=oneshot
 225 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}}
 226 ············RemainAfterExit=yes
 227 ············[Install]
 228 ············WantedBy=multi-user.target
224 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*229 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
225 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is·supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.230 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is·supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.
226 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,·and·makes·system·configuration·more·fragmented.231 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,·and·makes·system·configuration·more·fragmented.
227 Severity: ··medium232 Severity: ··medium
228 Rule·ID:····xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy233 Rule·ID:····xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy
229 ············_\x8d_\x8i_\x8s_\x8a·····CCI-001453234 ············_\x8d_\x8i_\x8s_\x8a·····CCI-001453
230 ············_\x8h_\x8i_\x8p_\x8a_\x8a····164.308(a)(4)(i),·164.308(b)(1),·164.308(b)(3),·164.312(e)(1),·164.312(e)(2)(ii)235 ············_\x8h_\x8i_\x8p_\x8a_\x8a····164.308(a)(4)(i),·164.308(b)(1),·164.308(b)(3),·164.312(e)(1),·164.312(e)(2)(ii)
Offset 237, 14 lines modifiedOffset 237, 19 lines modified
237 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13237 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13
238 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1238 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1
239 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2239 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
240 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093240 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
241 ············_\x8c_\x8i_\x8s······1.6.2241 ············_\x8c_\x8i_\x8s······1.6.2
242 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2242 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
243 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-257991r1051246_rule243 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-257991r1051246_rule
 244 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 245 SSH_CONF="/etc/sysconfig/sshd"
  
 246 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
Max diff block lines reached; 1071160/1076763 bytes (99.48%) of diff not shown.
27.2 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis.html
    
Offset 15238, 283 lines modifiedOffset 15238, 283 lines modified
0003b850:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b850:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b860:·3d22·2369·646d·3834·3830·2220·7461·6269··="#idm8480"·tabi0003b860:·3d22·2369·646d·3834·3830·2220·7461·6269··="#idm8480"·tabi
0003b870:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b870:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b880:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b880:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b890:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b890:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b8a0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b8a0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b8b0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b8b0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b8c0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003b8c0:·223e·5265·6d65·6469·6174·696f·6e20·7363··">Remediation·sc
0003b8d0:·6163·6f6e·6461·2073·6e69·7070·6574·20e2··aconda·snippet·. 
0003b8e0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003b8f0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003b900:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003b910:·643d·2269·646d·3834·3830·223e·3c74·6162··d="idm8480"><tab 
0003b920:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003b930:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003b940:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003b950:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003b960:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003b970:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b980:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003b990:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003b9a0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b9b0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003b9c0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003b9d0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003b9e0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003b9f0:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003ba00:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003ba10:·6f64·653e·0a70·6163·6b61·6765·202d·2d61··ode>.package·--a 
0003ba20:·6464·3d61·6964·650a·3c2f·636f·6465·3e3c··dd=aide.</code>< 
0003ba30:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003ba40:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003ba50:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003ba60:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003ba70:·612d·7461·7267·6574·3d22·2369·646d·3834··a-target="#idm84 
0003ba80:·3831·2220·7461·6269·6e64·6578·3d22·3022··81"·tabindex="0" 
0003ba90:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003baa0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003bab0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003bac0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003bad0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi 
0003bae0:·6174·696f·6e20·5075·7070·6574·2073·6e69··ation·Puppet·sni 
0003baf0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003b8d0:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
0003bb00:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003b8e0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003bb10:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003bb20:·7073·6522·2069·643d·2269·646d·3834·3831··pse"·id="idm8481 
0003bb30:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003bb40:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003bb50:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003bb60:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003bb70:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003bb80:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003bb90:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003bba0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003bbb0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003bbc0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003bbd0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003bbe0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003bbf0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003bc00:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003bc10:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003bc20:·7072·653e·3c63·6f64·653e·696e·636c·7564··pre><code>includ 
0003bc30:·6520·696e·7374·616c·6c5f·6169·6465·0a0a··e·install_aide.. 
0003bc40:·636c·6173·7320·696e·7374·616c·6c5f·6169··class·install_ai 
0003bc50:·6465·207b·0a20·2070·6163·6b61·6765·207b··de·{.··package·{ 
0003bc60:·2027·6169·6465·273a·0a20·2020·2065·6e73···'aide':.····ens 
0003bc70:·7572·6520·3d26·6774·3b20·2769·6e73·7461··ure·=&gt;·'insta 
0003bc80:·6c6c·6564·272c·0a20·207d·0a7d·0a3c·2f63··lled',.··}.}.</c 
0003bc90:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003bca0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003bcb0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003bcc0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003bcd0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003bce0:·6964·6d38·3438·3222·2074·6162·696e·6465··idm8482"·tabinde 
0003bcf0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003bd00:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003bd10:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003bd20:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003bd30:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003bd40:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui 
0003bd50:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
0003bd60:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003bd70:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003bd80:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003b8f0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003bd90:·7073·6522·2069·643d·2269·646d·3834·3832··pse"·id="idm84820003b900:·7073·6522·2069·643d·2269·646d·3834·3830··pse"·id="idm8480
0003bda0:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[ 
0003bdb0:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name· 
0003bdc0:·3d20·2261·6964·6522·0a76·6572·7369·6f6e··=·"aide".version 
0003bdd0:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></ 
0003bde0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003bdf0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003be00:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003be10:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003be20:·2d74·6172·6765·743d·2223·6964·6d38·3438··-target="#idm848 
0003be30:·3322·2074·6162·696e·6465·783d·2230·2220··3"·tabindex="0"· 
0003be40:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003be50:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003be60:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003be70:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003be80:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003b910:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
 0003b920:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
 0003b930:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
 0003b940:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
 0003b950:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
 0003b960:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
 0003b970:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003b980:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
 0003b990:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003b9a0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
 0003b9b0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
 0003b9c0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
 0003b9d0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
 0003b9e0:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t
 0003b9f0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
 0003ba00:·7072·653e·3c63·6f64·653e·0a64·6e66·2069··pre><code>.dnf·i
 0003ba10:·6e73·7461·6c6c·2061·6964·650a·3c2f·636f··nstall·aide.</co
 0003ba20:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
 0003ba30:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
 0003ba40:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
 0003ba50:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
 0003ba60:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
 0003ba70:·646d·3834·3831·2220·7461·6269·6e64·6578··dm8481"·tabindex
 0003ba80:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
 0003ba90:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
 0003baa0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
 0003bab0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
 0003bac0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
Max diff block lines reached; 26027731/26065433 bytes (99.86%) of diff not shown.
2.33 MB
html2text {}
Max HTML report size reached
12.4 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis_server_l1.html
    
Offset 15200, 283 lines modifiedOffset 15200, 283 lines modified
0003b5f0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003b5f0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003b600:·6d38·3438·3022·2074·6162·696e·6465·783d··m8480"·tabindex=0003b600:·6d38·3438·3022·2074·6162·696e·6465·783d··m8480"·tabindex=
0003b610:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003b610:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003b620:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003b620:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003b630:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003b630:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003b640:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003b640:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
0003b650:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003b650:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
 0003b660:·6564·6961·7469·6f6e·2073·6372·6970·7420··ediation·script·
0003b660:·6564·6961·7469·6f6e·2041·6e61·636f·6e64··ediation·Anacond 
0003b670:·6120·736e·6970·7065·7420·e287·b23c·2f61··a·snippet·...</a 
0003b680:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b690:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b6a0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b6b0:·6d38·3438·3022·3e3c·7461·626c·6520·636c··m8480"><table·cl 
0003b6c0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003b6d0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003b6e0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003b6f0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003b700:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003b710:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b720:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003b730:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003b740:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b750:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003b760:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003b770:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003b780:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003b790:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
0003b7a0:·626c·653e·3c70·7265·3e3c·636f·6465·3e0a··ble><pre><code>. 
0003b7b0:·7061·636b·6167·6520·2d2d·6164·643d·6169··package·--add=ai 
0003b7c0:·6465·0a3c·2f63·6f64·653e·3c2f·7072·653e··de.</code></pre> 
0003b7d0:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003b7e0:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003b7f0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003b800:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003b810:·6765·743d·2223·6964·6d38·3438·3122·2074··get="#idm8481"·t 
0003b820:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003b830:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003b840:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003b850:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003b860:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003b870:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003b880:·2050·7570·7065·7420·736e·6970·7065·7420···Puppet·snippet· 
0003b890:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·0003b670:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
0003b8a0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col0003b680:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
0003b8b0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·0003b690:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
0003b8c0:·6964·3d22·6964·6d38·3438·3122·3e3c·7461··id="idm8481"><ta0003b6a0:·6964·3d22·6964·6d38·3438·3022·3e3c·7461··id="idm8480"><ta
0003b8d0:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table0003b6b0:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
0003b8e0:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t0003b6c0:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
0003b8f0:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta0003b6d0:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
0003b900:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><0003b6e0:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
0003b910:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit0003b6f0:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
0003b920:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</0003b700:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</
0003b930:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b940:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
0003b950:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b960:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003b970:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</ 
0003b980:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b990:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t 
0003b9a0:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t 
0003b9b0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003b9c0:·636f·6465·3e69·6e63·6c75·6465·2069·6e73··code>include·ins 
0003b9d0:·7461·6c6c·5f61·6964·650a·0a63·6c61·7373··tall_aide..class 
0003b9e0:·2069·6e73·7461·6c6c·5f61·6964·6520·7b0a···install_aide·{. 
0003b9f0:·2020·7061·636b·6167·6520·7b20·2761·6964····package·{·'aid 
0003ba00:·6527·3a0a·2020·2020·656e·7375·7265·203d··e':.····ensure·= 
0003ba10:·2667·743b·2027·696e·7374·616c·6c65·6427··&gt;·'installed' 
0003ba20:·2c0a·2020·7d0a·7d0a·3c2f·636f·6465·3e3c··,.··}.}.</code>< 
0003ba30:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003ba40:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003ba50:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003ba60:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003ba70:·612d·7461·7267·6574·3d22·2369·646d·3834··a-target="#idm84 
0003ba80:·3832·2220·7461·6269·6e64·6578·3d22·3022··82"·tabindex="0" 
0003ba90:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003baa0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003bab0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003bac0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003bad0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi 
0003bae0:·6174·696f·6e20·4f53·4275·696c·6420·426c··ation·OSBuild·Bl 
0003baf0:·7565·7072·696e·7420·736e·6970·7065·7420··ueprint·snippet· 
0003bb00:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003bb10:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003bb20:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003bb30:·6964·3d22·6964·6d38·3438·3222·3e3c·7072··id="idm8482"><pr 
0003bb40:·653e·3c63·6f64·653e·0a5b·5b70·6163·6b61··e><code>.[[packa 
0003bb50:·6765·735d·5d0a·6e61·6d65·203d·2022·6169··ges]].name·=·"ai 
0003bb60:·6465·220a·7665·7273·696f·6e20·3d20·222a··de".version·=·"* 
0003bb70:·220a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··".</code></pre>< 
0003bb80:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003bb90:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003bba0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003bbb0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003bbc0:·6574·3d22·2369·646d·3834·3833·2220·7461··et="#idm8483"·ta 
0003bbd0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003bbe0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003bbf0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003bc00:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003bc10:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003bc20:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003bc30:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b 
0003bc40:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003bc50:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003bc60:·6c61·7073·6522·2069·643d·2269·646d·3834··lapse"·id="idm84 
0003bc70:·3833·223e·3c74·6162·6c65·2063·6c61·7373··83"><table·class 
0003bc80:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
0003bc90:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord 
0003bca0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
0003bcb0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
0003bcc0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
0003bcd0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003bce0:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003bcf0:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003bd00:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003bd10:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
0003bd20:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003bd30:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003bd40:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003bd50:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003bd60:·3e3c·7072·653e·3c63·6f64·653e·0a70·6163··><pre><code>.pac 
0003bd70:·6b61·6765·2069·6e73·7461·6c6c·2061·6964··kage·install·aid 
0003bd80:·650a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··e.</code></pre>< 
0003bd90:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003bda0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003bdb0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003bdc0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
Max diff block lines reached; 11586181/11623883 bytes (99.68%) of diff not shown.
1.29 MB
html2text {}
    
Offset 122, 52 lines modifiedOffset 122, 48 lines modified
122 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3122 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
123 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5123 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
124 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199124 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
125 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79125 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
126 ············_\x8c_\x8i_\x8s············6.1.1126 ············_\x8c_\x8i_\x8s············6.1.1
127 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2127 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
128 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule128 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
134 package·--add=aide134 dnf·install·aide
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
140 include·install_aide140 include·install_aide
  
141 class·install_aide·{141 class·install_aide·{
142 ··package·{·'aide':142 ··package·{·'aide':
143 ····ensure·=>·'installed',143 ····ensure·=>·'installed',
144 ··}144 ··}
145 }145 }
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
147 [[packages]] 
148 name·=·"aide" 
149 version·=·"*" 
150 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
151 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
152 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
153 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
154 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 151 #·Remediation·is·applicable·only·in·certain·platforms
 152 if·rpm·--quiet·-q·kernel;·then
  
 153 if·!·rpm·-q·--quiet·"aide"·;·then
 154 ····dnf·install·-y·"aide"
 155 fi
155 package·install·aide 
156 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
157 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
158 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
159 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
160 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
161 dnf·install·aide156 else
 157 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 158 fi
162 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
163 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low160 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
164 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low161 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
165 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false162 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
166 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable163 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
167 -·name:·Gather·the·package·facts164 -·name:·Gather·the·package·facts
168 ··package_facts:165 ··package_facts:
Offset 198, 29 lines modifiedOffset 194, 33 lines modified
198 ··-·PCI-DSSv4-11.5.2194 ··-·PCI-DSSv4-11.5.2
199 ··-·enable_strategy195 ··-·enable_strategy
200 ··-·low_complexity196 ··-·low_complexity
201 ··-·low_disruption197 ··-·low_disruption
202 ··-·medium_severity198 ··-·medium_severity
203 ··-·no_reboot_needed199 ··-·no_reboot_needed
204 ··-·package_aide_installed200 ··-·package_aide_installed
 201 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 202 [[packages]]
 203 name·=·"aide"
 204 version·=·"*"
205 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8205 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
206 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low206 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
207 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low207 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
208 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false208 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
209 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable209 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
210 #·Remediation·is·applicable·only·in·certain·platforms 
211 if·rpm·--quiet·-q·kernel;·then 
  
212 if·!·rpm·-q·--quiet·"aide"·;·then 
213 ····dnf·install·-y·"aide" 
214 fi210 package·install·aide
 211 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 212 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 213 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 214 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 215 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 216 package·--add=aide
215 else 
216 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
217 fi 
218 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*217 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
219 Run·the·following·command·to·generate·a·new·database:218 Run·the·following·command·to·generate·a·new·database:
220 $·sudo·/usr/sbin/aide·--init219 $·sudo·/usr/sbin/aide·--init
221 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:220 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
222 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz221 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
223 To·initiate·a·manual·check,·run·the·following·command:222 To·initiate·a·manual·check,·run·the·following·command:
224 $·sudo·/usr/sbin/aide·--check223 $·sudo·/usr/sbin/aide·--check
Offset 239, 14 lines modifiedOffset 239, 28 lines modified
239 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3239 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
240 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5240 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
241 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199241 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
242 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79242 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
243 ············_\x8c_\x8i_\x8s············6.1.1243 ············_\x8c_\x8i_\x8s············6.1.1
244 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2244 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
245 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule245 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule
 246 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 247 #·Remediation·is·applicable·only·in·certain·platforms
 248 if·rpm·--quiet·-q·kernel;·then
  
 249 if·!·rpm·-q·--quiet·"aide"·;·then
 250 ····dnf·install·-y·"aide"
 251 fi
  
 252 /usr/sbin/aide·--init
 253 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 254 else
 255 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 256 fi
246 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8257 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
247 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low258 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
248 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low259 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
249 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false260 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
250 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict261 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1346103/1351470 bytes (99.60%) of diff not shown.
12.0 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis_workstation_l1.html
    
Offset 15191, 283 lines modifiedOffset 15191, 283 lines modified
0003b560:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe0003b560:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003b570:·743d·2223·6964·6d38·3438·3022·2074·6162··t="#idm8480"·tab0003b570:·743d·2223·6964·6d38·3438·3022·2074·6162··t="#idm8480"·tab
0003b580:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="0003b580:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003b590:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp0003b590:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003b5a0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti0003b5a0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003b5b0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to0003b5b0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003b5c0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#0003b5c0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003b5d0:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A0003b5d0:·2122·3e52·656d·6564·6961·7469·6f6e·2073··!">Remediation·s
0003b5e0:·6e61·636f·6e64·6120·736e·6970·7065·7420··naconda·snippet· 
0003b5f0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003b600:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003b610:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003b620:·6964·3d22·6964·6d38·3438·3022·3e3c·7461··id="idm8480"><ta 
0003b630:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003b640:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003b650:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
0003b660:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
0003b670:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
0003b680:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</ 
0003b690:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b6a0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
0003b6b0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b6c0:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003b6d0:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</ 
0003b6e0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b6f0:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t 
0003b700:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t 
0003b710:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003b720:·636f·6465·3e0a·7061·636b·6167·6520·2d2d··code>.package·-- 
0003b730:·6164·643d·6169·6465·0a3c·2f63·6f64·653e··add=aide.</code> 
0003b740:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003b750:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003b760:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003b770:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003b780:·7461·2d74·6172·6765·743d·2223·6964·6d38··ta-target="#idm8 
0003b790:·3438·3122·2074·6162·696e·6465·783d·2230··481"·tabindex="0 
0003b7a0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003b7b0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003b7c0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003b7d0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003b7e0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003b7f0:·6961·7469·6f6e·2050·7570·7065·7420·736e··iation·Puppet·sn 
0003b800:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br0003b5e0:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br
0003b810:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan0003b5f0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003b820:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll0003b600:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003b830:·6170·7365·2220·6964·3d22·6964·6d38·3438··apse"·id="idm8480003b610:·6170·7365·2220·6964·3d22·6964·6d38·3438··apse"·id="idm848
0003b840:·3122·3e3c·7461·626c·6520·636c·6173·733d··1"><table·class=0003b620:·3022·3e3c·7461·626c·6520·636c·6173·733d··0"><table·class=
0003b850:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str0003b630:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
0003b860:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde0003b640:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
0003b870:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden0003b650:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
0003b880:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com0003b660:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
0003b890:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td0003b670:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
0003b8a0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t0003b680:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
0003b8b0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption0003b690:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003b8c0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t0003b6a0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
0003b8d0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R0003b6b0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
0003b8e0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f0003b6c0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
0003b8f0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t0003b6d0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
0003b900:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0003b6e0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0003b910:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</0003b6f0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
0003b920:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>0003b700:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
0003b930:·3c70·7265·3e3c·636f·6465·3e69·6e63·6c75··<pre><code>inclu0003b710:·3c70·7265·3e3c·636f·6465·3e0a·646e·6620··<pre><code>.dnf·
0003b940:·6465·2069·6e73·7461·6c6c·5f61·6964·650a··de·install_aide.0003b720:·696e·7374·616c·6c20·6169·6465·0a3c·2f63··install·aide.</c
 0003b730:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div>
 0003b740:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt
 0003b750:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data-
 0003b760:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse
 0003b770:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
 0003b780:·6964·6d38·3438·3122·2074·6162·696e·6465··idm8481"·tabinde
 0003b790:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
 0003b7a0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
 0003b7b0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
 0003b7c0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
 0003b7d0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
 0003b7e0:·656d·6564·6961·7469·6f6e·2050·7570·7065··emediation·Puppe
 0003b7f0:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a
 0003b800:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003b810:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003b820:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003b830:·6d38·3438·3122·3e3c·7461·626c·6520·636c··m8481"><table·cl
 0003b840:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
 0003b850:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
 0003b860:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
 0003b870:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
 0003b880:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
 0003b890:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003b8a0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
 0003b8b0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
 0003b8c0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003b8d0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
 0003b8e0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
 0003b8f0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
 0003b900:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab
 0003b910:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta
 0003b920:·626c·653e·3c70·7265·3e3c·636f·6465·3e69··ble><pre><code>i
0003b950:·0a63·6c61·7373·2069·6e73·7461·6c6c·5f61··.class·install_a0003b930:·6e63·6c75·6465·2069·6e73·7461·6c6c·5f61··nclude·install_a
 0003b940:·6964·650a·0a63·6c61·7373·2069·6e73·7461··ide..class·insta
0003b960:·6964·6520·7b0a·2020·7061·636b·6167·6520··ide·{.··package·0003b950:·6c6c·5f61·6964·6520·7b0a·2020·7061·636b··ll_aide·{.··pack
0003b970:·7b20·2761·6964·6527·3a0a·2020·2020·656e··{·'aide':.····en0003b960:·6167·6520·7b20·2761·6964·6527·3a0a·2020··age·{·'aide':.··
0003b980:·7375·7265·203d·2667·743b·2027·696e·7374··sure·=&gt;·'inst0003b970:·2020·656e·7375·7265·203d·2667·743b·2027····ensure·=&gt;·'
0003b990:·616c·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f··alled',.··}.}.</0003b980:·696e·7374·616c·6c65·6427·2c0a·2020·7d0a··installed',.··}.
0003b9a0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div0003b990:·7d0a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··}.</code></pre><
0003b9b0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b0003b9a0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b
0003b9c0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data0003b9b0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"·
0003b9d0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps0003b9c0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col
0003b9e0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003b9d0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ
0003b9f0:·2369·646d·3834·3832·2220·7461·6269·6e64··#idm8482"·tabind0003b9e0:·6574·3d22·2369·646d·3834·3832·2220·7461··et="#idm8482"·ta
0003ba00:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003b9f0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003ba10:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003ba00:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003ba20:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003ba10:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003ba30:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003ba20:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003ba40:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003ba30:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003ba50:·5265·6d65·6469·6174·696f·6e20·4f53·4275··Remediation·OSBu0003ba40:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003ba60:·696c·6420·426c·7565·7072·696e·7420·736e··ild·Blueprint·sn 
0003ba70:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br 
0003ba80:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003ba90:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003baa0:·6170·7365·2220·6964·3d22·6964·6d38·3438··apse"·id="idm848 
0003bab0:·3222·3e3c·7072·653e·3c63·6f64·653e·0a5b··2"><pre><code>.[ 
0003bac0:·5b70·6163·6b61·6765·735d·5d0a·6e61·6d65··[packages]].name 
0003bad0:·203d·2022·6169·6465·220a·7665·7273·696f···=·"aide".versio 
0003bae0:·6e20·3d20·222a·220a·3c2f·636f·6465·3e3c··n·=·"*".</code>< 
0003baf0:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003bb00:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003bb10:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003bb20:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003bb30:·612d·7461·7267·6574·3d22·2369·646d·3834··a-target="#idm84 
Max diff block lines reached; 11199807/11237509 bytes (99.66%) of diff not shown.
1.24 MB
html2text {}
    
Offset 121, 52 lines modifiedOffset 121, 48 lines modified
121 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3121 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
122 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5122 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
123 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199123 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
124 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79124 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
125 ············_\x8c_\x8i_\x8s············6.1.1125 ············_\x8c_\x8i_\x8s············6.1.1
126 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2126 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
127 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule127 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule
128 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8128 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
129 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low129 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
130 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low130 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
131 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false131 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
132 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable132 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
133 package·--add=aide133 dnf·install·aide
134 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8134 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
135 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low135 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
136 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low136 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
137 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false137 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
138 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable138 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
139 include·install_aide139 include·install_aide
  
140 class·install_aide·{140 class·install_aide·{
141 ··package·{·'aide':141 ··package·{·'aide':
142 ····ensure·=>·'installed',142 ····ensure·=>·'installed',
143 ··}143 ··}
144 }144 }
145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
146 [[packages]] 
147 name·=·"aide" 
148 version·=·"*" 
149 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
150 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
151 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
152 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
153 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 150 #·Remediation·is·applicable·only·in·certain·platforms
 151 if·rpm·--quiet·-q·kernel;·then
  
 152 if·!·rpm·-q·--quiet·"aide"·;·then
 153 ····dnf·install·-y·"aide"
 154 fi
154 package·install·aide 
155 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
156 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
157 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
158 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
159 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
160 dnf·install·aide155 else
 156 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 157 fi
161 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8158 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
162 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low159 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
163 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low160 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
164 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false161 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
165 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable162 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
166 -·name:·Gather·the·package·facts163 -·name:·Gather·the·package·facts
167 ··package_facts:164 ··package_facts:
Offset 197, 29 lines modifiedOffset 193, 33 lines modified
197 ··-·PCI-DSSv4-11.5.2193 ··-·PCI-DSSv4-11.5.2
198 ··-·enable_strategy194 ··-·enable_strategy
199 ··-·low_complexity195 ··-·low_complexity
200 ··-·low_disruption196 ··-·low_disruption
201 ··-·medium_severity197 ··-·medium_severity
202 ··-·no_reboot_needed198 ··-·no_reboot_needed
203 ··-·package_aide_installed199 ··-·package_aide_installed
 200 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 201 [[packages]]
 202 name·=·"aide"
 203 version·=·"*"
204 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8204 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
205 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low205 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
206 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low206 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
207 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false207 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
208 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable208 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
209 #·Remediation·is·applicable·only·in·certain·platforms 
210 if·rpm·--quiet·-q·kernel;·then 
  
211 if·!·rpm·-q·--quiet·"aide"·;·then 
212 ····dnf·install·-y·"aide" 
213 fi209 package·install·aide
 210 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 211 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 212 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 213 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 214 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 215 package·--add=aide
214 else 
215 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
216 fi 
217 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*216 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
218 Run·the·following·command·to·generate·a·new·database:217 Run·the·following·command·to·generate·a·new·database:
219 $·sudo·/usr/sbin/aide·--init218 $·sudo·/usr/sbin/aide·--init
220 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:219 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
221 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz220 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
222 To·initiate·a·manual·check,·run·the·following·command:221 To·initiate·a·manual·check,·run·the·following·command:
223 $·sudo·/usr/sbin/aide·--check222 $·sudo·/usr/sbin/aide·--check
Offset 238, 14 lines modifiedOffset 238, 28 lines modified
238 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3238 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
239 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5239 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
240 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199240 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
241 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79241 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
242 ············_\x8c_\x8i_\x8s············6.1.1242 ············_\x8c_\x8i_\x8s············6.1.1
243 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2243 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
244 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule244 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule
 245 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 246 #·Remediation·is·applicable·only·in·certain·platforms
 247 if·rpm·--quiet·-q·kernel;·then
  
 248 if·!·rpm·-q·--quiet·"aide"·;·then
 249 ····dnf·install·-y·"aide"
 250 fi
  
 251 /usr/sbin/aide·--init
 252 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 253 else
 254 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 255 fi
245 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8256 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
246 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low257 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
247 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low258 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
248 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false259 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
249 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict260 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1296593/1301960 bytes (99.59%) of diff not shown.
27.0 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis_workstation_l2.html
    
Offset 15230, 283 lines modifiedOffset 15230, 283 lines modified
0003b7d0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003b7d0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b7e0:·3834·3830·2220·7461·6269·6e64·6578·3d22··8480"·tabindex="0003b7e0:·3834·3830·2220·7461·6269·6e64·6578·3d22··8480"·tabindex="
0003b7f0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003b7f0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b800:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003b800:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b810:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003b810:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b820:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003b820:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003b830:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003b830:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
 0003b840:·6469·6174·696f·6e20·7363·7269·7074·20e2··diation·script·.
0003b840:·6469·6174·696f·6e20·416e·6163·6f6e·6461··diation·Anaconda 
0003b850:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b860:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b870:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b880:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b890:·3834·3830·223e·3c74·6162·6c65·2063·6c61··8480"><table·cla 
0003b8a0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003b8b0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003b8c0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003b8d0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003b8e0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003b8f0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b900:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003b910:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003b920:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b930:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b940:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b950:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b960:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b970:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003b980:·6c65·3e3c·7072·653e·3c63·6f64·653e·0a70··le><pre><code>.p 
0003b990:·6163·6b61·6765·202d·2d61·6464·3d61·6964··ackage·--add=aid 
0003b9a0:·650a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··e.</code></pre>< 
0003b9b0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003b9c0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003b9d0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003b9e0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003b9f0:·6574·3d22·2369·646d·3834·3831·2220·7461··et="#idm8481"·ta 
0003ba00:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003ba10:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003ba20:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003ba30:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003ba40:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003ba50:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003ba60:·5075·7070·6574·2073·6e69·7070·6574·20e2··Puppet·snippet·. 
0003ba70:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c0003b850:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
0003ba80:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll0003b860:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0003ba90:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i0003b870:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0003baa0:·643d·2269·646d·3834·3831·223e·3c74·6162··d="idm8481"><tab0003b880:·643d·2269·646d·3834·3830·223e·3c74·6162··d="idm8480"><tab
0003bab0:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·0003b890:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
0003bac0:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta0003b8a0:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
0003bad0:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab0003b8b0:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
0003bae0:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t0003b8c0:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
0003baf0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity0003b8d0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
0003bb00:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003bb10:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003bb20:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003bb30:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003bb40:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003bb50:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003bb60:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003bb70:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003bb80:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003bb90:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003bba0:·6f64·653e·696e·636c·7564·6520·696e·7374··ode>include·inst 
0003bbb0:·616c·6c5f·6169·6465·0a0a·636c·6173·7320··all_aide..class· 
0003bbc0:·696e·7374·616c·6c5f·6169·6465·207b·0a20··install_aide·{.· 
0003bbd0:·2070·6163·6b61·6765·207b·2027·6169·6465···package·{·'aide 
0003bbe0:·273a·0a20·2020·2065·6e73·7572·6520·3d26··':.····ensure·=& 
0003bbf0:·6774·3b20·2769·6e73·7461·6c6c·6564·272c··gt;·'installed', 
0003bc00:·0a20·207d·0a7d·0a3c·2f63·6f64·653e·3c2f··.··}.}.</code></ 
0003bc10:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003bc20:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003bc30:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003bc40:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003bc50:·2d74·6172·6765·743d·2223·6964·6d38·3438··-target="#idm848 
0003bc60:·3222·2074·6162·696e·6465·783d·2230·2220··2"·tabindex="0"· 
0003bc70:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003bc80:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003bc90:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003bca0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003bcb0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003bcc0:·7469·6f6e·204f·5342·7569·6c64·2042·6c75··tion·OSBuild·Blu 
0003bcd0:·6570·7269·6e74·2073·6e69·7070·6574·20e2··eprint·snippet·. 
0003bce0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003bcf0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003bd00:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003bd10:·643d·2269·646d·3834·3832·223e·3c70·7265··d="idm8482"><pre 
0003bd20:·3e3c·636f·6465·3e0a·5b5b·7061·636b·6167··><code>.[[packag 
0003bd30:·6573·5d5d·0a6e·616d·6520·3d20·2261·6964··es]].name·=·"aid 
0003bd40:·6522·0a76·6572·7369·6f6e·203d·2022·2a22··e".version·=·"*" 
0003bd50:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003bd60:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003bd70:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003bd80:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003bd90:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
0003bda0:·743d·2223·6964·6d38·3438·3322·2074·6162··t="#idm8483"·tab 
0003bdb0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003bdc0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003bdd0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003bde0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003bdf0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003be00:·2122·3e52·656d·6564·6961·7469·6f6e·2073··!">Remediation·s 
0003be10:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br 
0003be20:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003be30:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003be40:·6170·7365·2220·6964·3d22·6964·6d38·3438··apse"·id="idm848 
0003be50:·3322·3e3c·7461·626c·6520·636c·6173·733d··3"><table·class= 
0003be60:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str 
0003be70:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde 
0003be80:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden 
0003be90:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com 
0003bea0:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td 
0003beb0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003bec0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption 
0003bed0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t0003b8e0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003b8f0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003b900:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
 0003b910:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003b920:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003b930:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
0003bee0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R0003b940:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
0003bef0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f 
0003bf00:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t 
0003bf10:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:< 
0003bf20:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</ 
0003bf30:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table> 
0003bf40:·3c70·7265·3e3c·636f·6465·3e0a·7061·636b··<pre><code>.pack0003b950:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003b960:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr
Max diff block lines reached; 25822282/25859984 bytes (99.85%) of diff not shown.
2.29 MB
html2text {}
Max HTML report size reached
7.4 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cui.html
    
Offset 15508, 62 lines modifiedOffset 15508, 62 lines modified
0003c930:·6574·3d22·2369·646d·3930·3333·2220·7461··et="#idm9033"·ta0003c930:·6574·3d22·2369·646d·3930·3333·2220·7461··et="#idm9033"·ta
0003c940:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003c940:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003c950:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003c950:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003c960:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003c960:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003c970:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003c970:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003c980:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003c980:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003c990:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003c990:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003c9a0:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
0003c9b0:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003c9c0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003c9d0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003c9e0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003c9f0:·6d39·3033·3322·3e3c·7072·653e·3c63·6f64··m9033"><pre><cod 
0003ca00:·653e·0a5b·6375·7374·6f6d·697a·6174·696f··e>.[customizatio 
0003ca10:·6e73·5d0a·6669·7073·203d·2074·7275·650a··ns].fips·=·true. 
0003ca20:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003ca30:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003ca40:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003ca50:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003ca60:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003ca70:·3d22·2369·646d·3930·3334·2220·7461·6269··="#idm9034"·tabi 
0003ca80:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003ca90:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003caa0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003cab0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003cac0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003cad0:·223e·5265·6d65·6469·6174·696f·6e20·5368··">Remediation·Sh 
0003cae0:·656c·6c20·7363·7269·7074·20e2·87b2·3c2f··ell·script·...</0003c9a0:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
0003caf0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0003c9b0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003cb00:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0003c9c0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003cb10:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0003c9d0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003cb20:·646d·3930·3334·223e·3c70·7265·3e3c·636f··dm9034"><pre><co0003c9e0:·2269·646d·3930·3333·223e·3c70·7265·3e3c··"idm9033"><pre><
0003cb30:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation0003c9f0:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
0003cb40:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o0003ca00:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
0003cb50:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p0003ca10:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
0003cb60:·6c61·7466·6f72·6d73·0a69·6620·2820·2120··latforms.if·(·!·0003ca20:·2070·6c61·7466·6f72·6d73·0a69·6620·2820···platforms.if·(·
0003cb70:·2820·5b20·2224·7b63·6f6e·7461·696e·6572··(·[·"${container0003ca30:·2120·2820·5b20·2224·7b63·6f6e·7461·696e··!·(·[·"${contain
0003cb80:·3a2d·7d22·203d·3d20·2262·7772·6170·2d6f··:-}"·==·"bwrap-o0003ca40:·6572·3a2d·7d22·203d·3d20·2262·7772·6170··er:-}"·==·"bwrap
0003cb90:·7362·7569·6c64·2220·5d20·2920·2661·6d70··sbuild"·]·)·&amp0003ca50:·2d6f·7362·7569·6c64·2220·5d20·2920·2661··-osbuild"·]·)·&a
0003cba0:·3b26·616d·703b·2072·706d·202d·2d71·7569··;&amp;·rpm·--qui0003ca60:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q
0003cbb0:·6574·202d·7120·6b65·726e·656c·2029·3b20··et·-q·kernel·);·0003ca70:·7569·6574·202d·7120·6b65·726e·656c·2029··uiet·-q·kernel·)
0003cbc0:·7468·656e·0a0a·6966·205b·5b20·2224·4f53··then..if·[[·"$OS0003ca80:·3b20·7468·656e·0a0a·6966·205b·5b20·2224··;·then..if·[[·"$
0003cbd0:·4341·505f·424f·4f54·435f·4255·494c·4422··CAP_BOOTC_BUILD"0003ca90:·4f53·4341·505f·424f·4f54·435f·4255·494c··OSCAP_BOOTC_BUIL
0003cbe0:·203d·3d20·2259·4553·2220·5d5d·3b20·7468···==·"YES"·]];·th0003caa0:·4422·203d·3d20·2259·4553·2220·5d5d·3b20··D"·==·"YES"·]];·
0003cbf0:·656e·0a09·6361·7420·2667·743b·202f·7573··en..cat·&gt;·/us0003cab0:·7468·656e·0a09·6361·7420·2667·743b·202f··then..cat·&gt;·/
0003cc00:·722f·6c69·622f·626f·6f74·632f·6b61·7267··r/lib/bootc/karg0003cac0:·7573·722f·6c69·622f·626f·6f74·632f·6b61··usr/lib/bootc/ka
0003cc10:·732e·642f·3031·2d66·6970·732e·746f·6d6c··s.d/01-fips.toml0003cad0:·7267·732e·642f·3031·2d66·6970·732e·746f··rgs.d/01-fips.to
0003cc20:·2026·6c74·3b26·6c74·3b20·454f·460a·6b61···&lt;&lt;·EOF.ka0003cae0:·6d6c·2026·6c74·3b26·6c74·3b20·454f·460a··ml·&lt;&lt;·EOF.
0003cc30:·7267·7320·3d20·5b22·6669·7073·3d31·225d··rgs·=·["fips=1"]0003caf0:·6b61·7267·7320·3d20·5b22·6669·7073·3d31··kargs·=·["fips=1
0003cc40:·0a45·4f46·0a66·690a·0a65·6c73·650a·2020··.EOF.fi..else.··0003cb00:·225d·0a45·4f46·0a66·690a·0a65·6c73·650a··"].EOF.fi..else.
0003cc50:·2020·2667·743b·2661·6d70·3b32·2065·6368····&gt;&amp;2·ech0003cb10:·2020·2020·2667·743b·2661·6d70·3b32·2065······&gt;&amp;2·e
0003cc60:·6f20·2752·656d·6564·6961·7469·6f6e·2069··o·'Remediation·i0003cb20:·6368·6f20·2752·656d·6564·6961·7469·6f6e··cho·'Remediation
0003cc70:·7320·6e6f·7420·6170·706c·6963·6162·6c65··s·not·applicable0003cb30:·2069·7320·6e6f·7420·6170·706c·6963·6162···is·not·applicab
0003cc80:·2c20·6e6f·7468·696e·6720·7761·7320·646f··,·nothing·was·do0003cb40:·6c65·2c20·6e6f·7468·696e·6720·7761·7320··le,·nothing·was·
0003cc90:·6e65·270a·6669·0a3c·2f63·6f64·653e·3c2f··ne'.fi.</code></0003cb50:·646f·6e65·270a·6669·0a3c·2f63·6f64·653e··done'.fi.</code>
 0003cb60:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
 0003cb70:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
 0003cb80:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
 0003cb90:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
 0003cba0:·7461·2d74·6172·6765·743d·2223·6964·6d39··ta-target="#idm9
 0003cbb0:·3033·3422·2074·6162·696e·6465·783d·2230··034"·tabindex="0
 0003cbc0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
 0003cbd0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
 0003cbe0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
 0003cbf0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
 0003cc00:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003cc10:·6961·7469·6f6e·204f·5342·7569·6c64·2042··iation·OSBuild·B
 0003cc20:·6c75·6570·7269·6e74·2073·6e69·7070·6574··lueprint·snippet
 0003cc30:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
 0003cc40:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
 0003cc50:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
 0003cc60:·2069·643d·2269·646d·3930·3334·223e·3c70···id="idm9034"><p
 0003cc70:·7265·3e3c·636f·6465·3e0a·5b63·7573·746f··re><code>.[custo
 0003cc80:·6d69·7a61·7469·6f6e·735d·0a66·6970·7320··mizations].fips·
 0003cc90:·3d20·7472·7565·0a3c·2f63·6f64·653e·3c2f··=·true.</code></
0003cca0:·7072·653e·3c2f·6469·763e·3c2f·6469·763e··pre></div></div>0003cca0:·7072·653e·3c2f·6469·763e·3c2f·6469·763e··pre></div></div>
0003ccb0:·3c2f·7464·3e3c·2f74·723e·3c2f·7462·6f64··</td></tr></tbod0003ccb0:·3c2f·7464·3e3c·2f74·723e·3c2f·7462·6f64··</td></tr></tbod
0003ccc0:·793e·3c2f·7461·626c·653e·3c2f·7464·3e3c··y></table></td><0003ccc0:·793e·3c2f·7461·626c·653e·3c2f·7464·3e3c··y></table></td><
0003ccd0:·2f74·723e·3c74·7220·6461·7461·2d74·742d··/tr><tr·data-tt-0003ccd0:·2f74·723e·3c74·7220·6461·7461·2d74·742d··/tr><tr·data-tt-
0003cce0:·6964·3d22·6368·696c·6472·656e·2d78·6363··id="children-xcc0003cce0:·6964·3d22·6368·696c·6472·656e·2d78·6363··id="children-xcc
0003ccf0:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec0003ccf0:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
0003cd00:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_0003cd00:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
Offset 15836, 252 lines modifiedOffset 15836, 252 lines modified
0003ddb0:·7267·6574·3d22·2369·646d·3931·3633·2220··rget="#idm9163"·0003ddb0:·7267·6574·3d22·2369·646d·3931·3633·2220··rget="#idm9163"·
0003ddc0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003ddc0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003ddd0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003ddd0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003dde0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003dde0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003ddf0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003ddf0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003de00:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003de00:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003de10:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003de10:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003de20:·6e20·416e·6163·6f6e·6461·2073·6e69·7070··n·Anaconda·snipp 
0003de30:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d 
0003de40:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003de50:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003de60:·6522·2069·643d·2269·646d·3931·3633·223e··e"·id="idm9163"> 
0003de70:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta 
0003de80:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe 
0003de90:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered 
0003dea0:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed 
0003deb0:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple0003de20:·6e20·7363·7269·7074·20e2·87b2·3c2f·613e··n·script·...</a>
 0003de30:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
 0003de40:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
 0003de50:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
 0003de60:·3931·3633·223e·3c74·6162·6c65·2063·6c61··9163"><table·cla
 0003de70:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
 0003de80:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
 0003de90:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
 0003dea0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
 0003deb0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
 0003dec0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
 0003ded0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
 0003dee0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low
 0003def0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003df00:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
 0003df10:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
 0003df20:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
 0003df30:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl
 0003df40:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
 0003df50:·6c65·3e3c·7072·653e·3c63·6f64·653e·0a64··le><pre><code>.d
 0003df60:·6e66·2069·6e73·7461·6c6c·2063·7279·7074··nf·install·crypt
 0003df70:·6f2d·706f·6c69·6369·6573·0a3c·2f63·6f64··o-policies.</cod
 0003df80:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a
 0003df90:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-
 0003dfa0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to
 0003dfb0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·
 0003dfc0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
 0003dfd0:·6d39·3136·3422·2074·6162·696e·6465·783d··m9164"·tabindex=
Max diff block lines reached; 6806553/6847593 bytes (99.40%) of diff not shown.
894 KB
html2text {}
    
Offset 133, 31 lines modifiedOffset 133, 31 lines modified
133 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877133 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
134 ············_\x8i_\x8s_\x8m······1446134 ············_\x8i_\x8s_\x8m······1446
135 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1135 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
136 References:·_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12136 References:·_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
137 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1137 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
138 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176138 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
139 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258230r958408_rule139 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258230r958408_rule
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
141 [customizations] 
142 fips·=·true 
143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
144 #·Remediation·is·applicable·only·in·certain·platforms141 #·Remediation·is·applicable·only·in·certain·platforms
145 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then142 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
146 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then143 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
147 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF144 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
148 kargs·=·["fips=1"]145 kargs·=·["fips=1"]
149 EOF146 EOF
150 fi147 fi
  
151 else148 else
152 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'149 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
153 fi150 fi
 151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 152 [customizations]
 153 fips·=·true
154 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules154 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules
155 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:155 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:
156 ····*·GnuTLS·library156 ····*·GnuTLS·library
157 ····*·OpenSSL·library157 ····*·OpenSSL·library
158 ····*·NSS·library158 ····*·NSS·library
159 ····*·OpenJDK159 ····*·OpenJDK
160 ····*·Libkrb5160 ····*·Libkrb5
Offset 170, 52 lines modifiedOffset 170, 42 lines modified
170 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.170 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.
171 Severity: ··medium171 Severity: ··medium
172 Rule·ID:····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed172 Rule·ID:····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed
173 ············_\x8d_\x8i_\x8s_\x8a····CCI-002890,·CCI-002450,·CCI-003123173 ············_\x8d_\x8i_\x8s_\x8a····CCI-002890,·CCI-002450,·CCI-003123
174 References:·_\x8o_\x8s_\x8p_\x8p····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1174 References:·_\x8o_\x8s_\x8p_\x8p····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
175 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174175 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
176 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-258234r1051250_rule176 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-258234r1051250_rule
177 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8177 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
178 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low178 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
179 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low179 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
180 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false180 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
181 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable181 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
182 package·--add=crypto-policies182 dnf·install·crypto-policies
183 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8183 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
184 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low184 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
185 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low185 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
186 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false186 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
187 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable187 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
188 include·install_crypto-policies188 include·install_crypto-policies
  
189 class·install_crypto-policies·{189 class·install_crypto-policies·{
190 ··package·{·'crypto-policies':190 ··package·{·'crypto-policies':
191 ····ensure·=>·'installed',191 ····ensure·=>·'installed',
192 ··}192 ··}
193 }193 }
194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
195 [[packages]] 
196 name·=·"crypto-policies" 
197 version·=·"*" 
198 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
199 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
200 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
201 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
202 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
203 package·install·crypto-policies 
204 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
205 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low195 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
206 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low196 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
207 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false197 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
208 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable198 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 199 if·!·rpm·-q·--quiet·"crypto-policies"·;·then
209 dnf·install·crypto-policies200 ····dnf·install·-y·"crypto-policies"
 201 fi
210 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8202 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
211 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low203 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
212 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low204 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
213 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false205 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
214 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable206 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
215 -·name:·Ensure·crypto-policies·is·installed207 -·name:·Ensure·crypto-policies·is·installed
216 ··package:208 ··package:
Offset 225, 23 lines modifiedOffset 215, 33 lines modified
225 ··-·DISA-STIG-RHEL-09-215100215 ··-·DISA-STIG-RHEL-09-215100
226 ··-·enable_strategy216 ··-·enable_strategy
227 ··-·low_complexity217 ··-·low_complexity
228 ··-·low_disruption218 ··-·low_disruption
229 ··-·medium_severity219 ··-·medium_severity
230 ··-·no_reboot_needed220 ··-·no_reboot_needed
231 ··-·package_crypto-policies_installed221 ··-·package_crypto-policies_installed
 222 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 223 [[packages]]
 224 name·=·"crypto-policies"
 225 version·=·"*"
232 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8226 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
233 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low227 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
234 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low228 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
235 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false229 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
236 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable230 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
237 if·!·rpm·-q·--quiet·"crypto-policies"·;·then 
238 ····dnf·install·-y·"crypto-policies" 
239 fi231 package·install·crypto-policies
 232 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 233 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 234 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 235 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 236 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 237 package·--add=crypto-policies
240 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*238 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
241 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·FIPS·policy,·run·the·following·command:239 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·FIPS·policy,·run·the·following·command:
242 $·sudo·update-crypto-policies·--set·FIPS240 $·sudo·update-crypto-policies·--set·FIPS
243 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.·Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to·correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case·crypto·policy·customizations·are·applied.·Crypto·policies·may·be·customized·by·crypto·policy·modules,·in·which·case·it·is·delimited·from·the·base·policy·using·a·colon.241 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.·Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to·correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case·crypto·policy·customizations·are·applied.·Crypto·policies·may·be·customized·by·crypto·policy·modules,·in·which·case·it·is·delimited·from·the·base·policy·using·a·colon.
244 Warning: ·The·system·needs·to·be·rebooted·for·these·changes·to·take·effect.242 Warning: ·The·system·needs·to·be·rebooted·for·these·changes·to·take·effect.
245 Warning: ·System·Crypto·Modules·must·be·provided·by·a·vendor·that·undergoes·FIPS-140·certifications.·FIPS-140·is·applicable·to·all·Federal·agencies·that·use·cryptographic-based·security·systems·to·protect·sensitive·information·in·computer·and·telecommunication·systems·(including·voice·systems)·as·defined·in·Section·5131·of·the·Information·Technology·Management·Reform·Act·of·1996,·Public·Law·104-106.·This·standard·shall·be·used·in·designing·and·implementing·cryptographic·modules·that·Federal·departments·and·agencies·operate·or·are·operated·for·them·under·contract.·See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8n\x8n_\x8v\x8v_\x8l\x8l_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8/\x8/_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8/\x8/_\x8N\x8N_\x8I\x8I_\x8S\x8S_\x8T\x8T_\x8.\x8._\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x81\x81_\x84\x84_\x80\x80_\x8-\x8-_\x82\x82_\x8.\x8._\x8p\x8p_\x8d\x8d_\x8f\x8f·To·meet·this,·the·system·has·to·have·cryptographic·software·provided·by·a·vendor·that·has·undergone·this·certification.·This·means·providing·documentation,·test·results,·design·information,·and·independent·third·party·review·by·an·accredited·lab.·While·open·source·software·is·capable·of·meeting·this,·it·does·not·meet·FIPS-140·unless·the·vendor·submits·to·this·process.243 Warning: ·System·Crypto·Modules·must·be·provided·by·a·vendor·that·undergoes·FIPS-140·certifications.·FIPS-140·is·applicable·to·all·Federal·agencies·that·use·cryptographic-based·security·systems·to·protect·sensitive·information·in·computer·and·telecommunication·systems·(including·voice·systems)·as·defined·in·Section·5131·of·the·Information·Technology·Management·Reform·Act·of·1996,·Public·Law·104-106.·This·standard·shall·be·used·in·designing·and·implementing·cryptographic·modules·that·Federal·departments·and·agencies·operate·or·are·operated·for·them·under·contract.·See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8n\x8n_\x8v\x8v_\x8l\x8l_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8/\x8/_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8/\x8/_\x8N\x8N_\x8I\x8I_\x8S\x8S_\x8T\x8T_\x8.\x8._\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x81\x81_\x84\x84_\x80\x80_\x8-\x8-_\x82\x82_\x8.\x8._\x8p\x8p_\x8d\x8d_\x8f\x8f·To·meet·this,·the·system·has·to·have·cryptographic·software·provided·by·a·vendor·that·has·undergone·this·certification.·This·means·providing·documentation,·test·results,·design·information,·and·independent·third·party·review·by·an·accredited·lab.·While·open·source·software·is·capable·of·meeting·this,·it·does·not·meet·FIPS-140·unless·the·vendor·submits·to·this·process.
246 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.244 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.
Offset 253, 39 lines modifiedOffset 253, 33 lines modified
Max diff block lines reached; 907652/915782 bytes (99.11%) of diff not shown.
7.22 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-e8.html
    
Offset 15267, 408 lines modifiedOffset 15267, 408 lines modified
0003ba20:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003ba20:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003ba30:·2223·6964·6d38·3134·3122·2074·6162·696e··"#idm8141"·tabin0003ba30:·2223·6964·6d38·3134·3122·2074·6162·696e··"#idm8141"·tabin
0003ba40:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003ba40:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003ba50:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003ba50:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003ba60:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003ba60:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003ba70:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003ba70:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003ba80:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003ba80:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003ba90:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003ba90:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
0003baa0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...0003baa0:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
0003bab0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003bab0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003bac0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003bac0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003bad0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003bad0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003bae0:·2269·646d·3831·3431·223e·3c74·6162·6c65··"idm8141"><table0003bae0:·6d38·3134·3122·3e3c·7072·653e·3c63·6f64··m8141"><pre><cod
0003baf0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003baf0:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
0003bb00:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003bb00:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
0003bb10:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003bb10:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
0003bb20:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003bb20:·6174·666f·726d·730a·6966·2021·2028·207b··atforms.if·!·(·{
0003bb30:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003bb30:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003bb40:·2f74·683e·3c74·643e·6869·6768·3c2f·7464··/th><td>high</td0003bb40:·6b65·726e·656c·203b·7d20·2661·6d70·3b26··kernel·;}·&amp;&
0003bb50:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di0003bb50:·616d·703b·207b·2072·706d·202d·2d71·7569··amp;·{·rpm·--qui
0003bb60:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003bb60:·6574·202d·7120·7270·6d2d·6f73·7472·6565··et·-q·rpm-ostree
0003bb70:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t0003bb70:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003bb80:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot0003bb80:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003bb90:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<0003bb90:·626f·6f74·6320·3b7d·2026·616d·703b·2661··bootc·;}·&amp;&a
0003bba0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003bba0:·6d70·3b20·7b20·2120·7270·6d20·2d2d·7175··mp;·{·!·rpm·--qu
0003bbb0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><0003bbb0:·6965·7420·2d71·206f·7065·6e73·6869·6674··iet·-q·openshift
0003bbc0:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>0003bbc0:·2d6b·7562·656c·6574·203b·7d20·293b·2074··-kubelet·;}·);·t
0003bbd0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr0003bbd0:·6865·6e0a·0a23·2046·696e·6420·7768·6963··hen..#·Find·whic
0003bbe0:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·0003bbe0:·6820·6669·6c65·7320·6861·7665·2069·6e63··h·files·have·inc
0003bbf0:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa0003bbf0:·6f72·7265·6374·2068·6173·6820·286e·6f74··orrect·hash·(not
0003bc00:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa0003bc00:·2069·6e20·2f65·7463·2c20·6265·6361·7573···in·/etc,·becaus
0003bc10:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma0003bc10:·6520·6f66·2074·6865·2073·7973·7465·6d20··e·of·the·system·
0003bc20:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta0003bc20:·7265·6c61·7465·6420·636f·6e66·6967·2066··related·config·f
0003bc30:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.10003bc30:·696c·6573·2920·616e·6420·7468·656e·2067··iles)·and·then·g
0003bc40:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-80003bc40:·6574·2066·696c·6573·206e·616d·6573·0a66··et·files·names.f
0003bc50:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-0003bc50:·696c·6573·5f77·6974·685f·696e·636f·7272··iles_with_incorr
0003bc60:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003bc60:·6563·745f·6861·7368·3d22·2428·7270·6d20··ect_hash="$(rpm·
0003bc70:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003bc70:·2d56·6120·2d2d·6e6f·636f·6e66·6967·207c··-Va·--noconfig·|
0003bc80:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·0003bc80:·2067·7265·7020·2d45·2027·5e2e·2e35·2720···grep·-E·'^..5'·
0003bc90:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003bc90:·7c20·6177·6b20·277b·7072·696e·7420·244e··|·awk·'{print·$N
0003bca0:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-8000003bca0:·467d·2720·2922·0a0a·6966·205b·202d·6e20··F}'·)"..if·[·-n·
0003bcb0:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·0003bcb0:·2224·6669·6c65·735f·7769·7468·5f69·6e63··"$files_with_inc
0003bcc0:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003bcc0:·6f72·7265·6374·5f68·6173·6822·205d·3b20··orrect_hash"·];·
0003bcd0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bcd0:·7468·656e·0a20·2020·2023·2046·726f·6d20··then.····#·From·
0003bce0:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS0003bce0:·6669·6c65·7320·6e61·6d65·7320·6765·7420··files·names·get·
0003bcf0:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)0003bcf0:·7061·636b·6167·6520·6e61·6d65·7320·616e··package·names·an
0003bd00:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003bd00:·6420·6368·616e·6765·206e·6577·6c69·6e65··d·change·newline
0003bd10:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS0003bd10:·2074·6f20·7370·6163·652c·2062·6563·6175···to·space,·becau
0003bd20:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h0003bd20:·7365·2072·706d·2077·7269·7465·7320·6561··se·rpm·writes·ea
0003bd30:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·0003bd30:·6368·2070·6163·6b61·6765·2074·6f20·6e65··ch·package·to·ne
0003bd40:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity0003bd40:·7720·6c69·6e65·0a20·2020·2070·6163·6b61··w·line.····packa
0003bd50:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003bd50:·6765·735f·746f·5f72·6569·6e73·7461·6c6c··ges_to_reinstall
0003bd60:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re0003bd60:·3d22·2428·7270·6d20·2d71·6620·2466·696c··="$(rpm·-qf·$fil
0003bd70:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003bd70:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003bd80:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0003bd80:·745f·6861·7368·207c·2074·7220·275c·6e27··t_hash·|·tr·'\n'
0003bd90:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify0003bd90:·2027·2027·2922·0a0a·2020·2020·0a20·2020···'·')"..····.···
0003bda0:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:0003bda0:·2064·6e66·2072·6569·6e73·7461·6c6c·202d···dnf·reinstall·-
0003bdb0:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack0003bdb0:·7920·2470·6163·6b61·6765·735f·746f·5f72··y·$packages_to_r
0003bdc0:·6167·6520·6d61·6e61·6765·7220·7265·696e··age·manager·rein0003bdc0:·6569·6e73·7461·6c6c·0a20·2020·200a·6669··einstall.····.fi
0003bdd0:·7374·616c·6c20·636f·6d6d·616e·6427·0a20··stall·command'.·0003bdd0:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
0003bde0:·2073·6574·5f66·6163·743a·0a20·2020·2070···set_fact:.····p0003bde0:·616d·703b·3220·6563·686f·2027·5265·6d65··amp;2·echo·'Reme
0003bdf0:·6163·6b61·6765·5f6d·616e·6167·6572·5f72··ackage_manager_r0003bdf0:·6469·6174·696f·6e20·6973·206e·6f74·2061··diation·is·not·a
0003be00:·6569·6e73·7461·6c6c·5f63·6d64·3a20·646e··einstall_cmd:·dn0003be00:·7070·6c69·6361·626c·652c·206e·6f74·6869··pplicable,·nothi
0003be10:·6620·7265·696e·7374·616c·6c20·2d79·0a20··f·reinstall·-y.·0003be10:·6e67·2077·6173·2064·6f6e·6527·0a66·690a··ng·was·done'.fi.
0003be20:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003be20:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
0003be30:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003be30:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
0003be40:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003be40:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
0003be50:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003be50:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
0003be60:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003be60:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003be70:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003be70:·3d22·2369·646d·3831·3432·2220·7461·6269··="#idm8142"·tabi
0003be80:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003be80:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003be90:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003be90:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003bea0:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003bea0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003beb0:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003beb0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003bec0:·6c65·7422·2069·6e20·616e·7369·626c·655f··let"·in·ansible_0003bec0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003bed0:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003bed0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An
0003bee0:·2020·2029·0a20·202d·2061·6e73·6962·6c65·····).··-·ansible0003bee0:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..
0003bef0:·5f64·6973·7472·6962·7574·696f·6e20·696e··_distribution·in0003bef0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003bf00:·205b·2022·4665·646f·7261·222c·2022·5265···[·"Fedora",·"Re0003bf00:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003bf10:·6448·6174·222c·2022·4365·6e74·4f53·222c··dHat",·"CentOS",0003bf10:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003bf20:·2022·4f72·6163·6c65·4c69·6e75·7822·205d···"OracleLinux"·]0003bf20:·3d22·6964·6d38·3134·3222·3e3c·7461·626c··="idm8142"><tabl
0003bf30:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003bf30:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
0003bf40:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N0003bf40:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
0003bf50:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.0003bf50:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
0003bf60:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-10003bf60:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
0003bf70:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS0003bf70:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
0003bf80:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)0003bf80:·3c2f·7468·3e3c·7464·3e68·6967·683c·2f74··</th><td>high</t
0003bf90:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bf90:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
0003bfa0:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS0003bfa0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
0003bfb0:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)0003bfb0:·7464·3e6d·6564·6975·6d3c·2f74·643e·3c2f··td>medium</td></
0003bfc0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bfc0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003bfd0:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-80003bfd0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
0003bfe0:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··0003bfe0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003bff0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003bff0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
0003c000:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS0003c000:·3c74·643e·7265·7374·7269·6374·3c2f·7464··<td>restrict</td
0003c010:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003c010:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0003c020:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003c020:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
0003c030:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex0003c030:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
0003c040:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev0003c040:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
0003c050:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium0003c050:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
0003c060:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·0003c060:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
0003c070:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed0003c070:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
0003c080:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st0003c080:·3130·2e34·2e31·0a20·202d·204e·4953·542d··10.4.1.··-·NIST-
0003c090:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v0003c090:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··
0003c0a0:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·0003c0a0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003c0b0:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:0003c0b0:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-80
0003c0c0:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager0003c0c0:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-
0003c0d0:·2072·6569·6e73·7461·6c6c·2063·6f6d·6d61···reinstall·comma0003c0d0:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
0003c0e0:·6e64·2028·7a79·7070·6572·2927·0a20·2073··nd·(zypper)'.··s0003c0e0:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-80
0003c0f0:·6574·5f66·6163·743a·0a20·2020·2070·6163··et_fact:.····pac0003c0f0:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-
0003c100:·6b61·6765·5f6d·616e·6167·6572·5f72·6569··kage_manager_rei0003c100:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003c110:·6e73·7461·6c6c·5f63·6d64·3a20·7a79·7070··nstall_cmd:·zypp0003c110:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
0003c120:·6572·2069·6e20·2d66·202d·790a·2020·7768··er·in·-f·-y.··wh0003c120:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI
0003c130:·656e·3a0a·2020·2d20·6e6f·7420·2820·226b··en:.··-·not·(·"k0003c130:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(6
0003c140:·6572·6e65·6c22·2069·6e20·616e·7369·626c··ernel"·in·ansibl0003c140:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re
0003c150:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003c150:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D
0003c160:·2061·6e64·2022·7270·6d2d·6f73·7472·6565···and·"rpm-ostree0003c160:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·
0003c170:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003c170:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.
0003c180:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003c180:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit
0003c190:·616e·6420·2262·6f6f·7463·2220·696e·2061··and·"bootc"·in·a0003c190:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis
0003c1a0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003c1a0:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r
0003c1b0:·6b61·6765·7320·616e·6420·6e6f·7420·226f··kages·and·not·"o0003c1b0:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-
0003c1c0:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet0003c1c0:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate
0003c1d0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003c1d0:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif
0003c1e0:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003c1e0:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name
0003c1f0:·290a·2020·2d20·616e·7369·626c·655f·6469··).··-·ansible_di0003c1f0:·3a20·2753·6574·2066·6163·743a·2050·6163··:·'Set·fact:·Pac
Max diff block lines reached; 6786048/6841000 bytes (99.20%) of diff not shown.
713 KB
html2text {}
    
Offset 121, 14 lines modifiedOffset 121, 33 lines modified
121 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6121 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
122 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4122 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
123 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)123 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
124 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1124 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
125 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5125 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
126 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227126 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
127 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2127 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 128 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 129 #·Remediation·is·applicable·only·in·certain·platforms
 130 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 131 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 132 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 133 if·[·-n·"$files_with_incorrect_hash"·];·then
 134 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 135 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 136 ····dnf·reinstall·-y·$packages_to_reinstall
  
 137 fi
  
 138 else
 139 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 140 fi
128 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
129 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high142 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
130 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium143 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
131 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false144 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
132 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict145 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
133 -·name:·Gather·the·package·facts146 -·name:·Gather·the·package·facts
134 ··package_facts:147 ··package_facts:
Offset 295, 33 lines modifiedOffset 314, 14 lines modified
295 ··-·PCI-DSSv4-11.5.2314 ··-·PCI-DSSv4-11.5.2
296 ··-·high_complexity315 ··-·high_complexity
297 ··-·high_severity316 ··-·high_severity
298 ··-·medium_disruption317 ··-·medium_disruption
299 ··-·no_reboot_needed318 ··-·no_reboot_needed
300 ··-·restrict_strategy319 ··-·restrict_strategy
301 ··-·rpm_verify_hashes320 ··-·rpm_verify_hashes
302 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
303 #·Remediation·is·applicable·only·in·certain·platforms 
304 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
305 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
306 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
307 if·[·-n·"$files_with_incorrect_hash"·];·then 
308 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
309 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
310 ····dnf·reinstall·-y·$packages_to_reinstall 
  
311 fi 
  
312 else 
313 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
314 fi 
315 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*321 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
316 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:322 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
317 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'323 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
318 run·the·following·command·to·determine·which·package·owns·it:324 run·the·following·command·to·determine·which·package·owns·it:
319 $·rpm·-qf·FILENAME325 $·rpm·-qf·FILENAME
320 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:326 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
321 $·sudo·rpm·--restore·PACKAGENAME327 $·sudo·rpm·--restore·PACKAGENAME
Offset 340, 14 lines modifiedOffset 340, 46 lines modified
340 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5340 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
341 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2341 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
342 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)342 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
343 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1343 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
344 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5344 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
345 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108345 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
346 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2346 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 347 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 348 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 349 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 350 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 351 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 352 #·Remediation·is·applicable·only·in·certain·platforms
 353 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 354 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 355 declare·-A·SETPERMS_RPM_DICT
  
 356 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 357 #·is·expected·by·the·RPM·database
 358 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 359 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 360 do
 361 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 362 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 363 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 364 done
  
 365 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 366 #·correct·values
 367 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 368 do
 369 ········rpm·--restore·"${RPM_PACKAGE}"
 370 done
  
 371 else
 372 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 373 fi
347 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8374 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
348 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high375 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
349 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium376 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
350 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false377 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
351 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict378 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
352 -·name:·Gather·the·package·facts379 -·name:·Gather·the·package·facts
353 ··package_facts:380 ··package_facts:
Offset 455, 46 lines modifiedOffset 487, 14 lines modified
455 ··-·PCI-DSSv4-11.5.2487 ··-·PCI-DSSv4-11.5.2
456 ··-·high_complexity488 ··-·high_complexity
457 ··-·high_severity489 ··-·high_severity
458 ··-·medium_disruption490 ··-·medium_disruption
459 ··-·no_reboot_needed491 ··-·no_reboot_needed
460 ··-·restrict_strategy492 ··-·restrict_strategy
461 ··-·rpm_verify_ownership493 ··-·rpm_verify_ownership
462 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
463 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
464 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
465 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
466 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 722509/730220 bytes (98.94%) of diff not shown.
17.8 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-hipaa.html
    
Offset 15288, 408 lines modifiedOffset 15288, 408 lines modified
0003bb70:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003bb70:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003bb80:·2223·6964·6d38·3134·3122·2074·6162·696e··"#idm8141"·tabin0003bb80:·2223·6964·6d38·3134·3122·2074·6162·696e··"#idm8141"·tabin
0003bb90:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003bb90:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003bba0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003bba0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003bbb0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003bbb0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003bbc0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003bbc0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003bbd0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003bbd0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003bbe0:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003bbe0:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
0003bbf0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...0003bbf0:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
0003bc00:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003bc00:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003bc10:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003bc10:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003bc20:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003bc20:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003bc30:·2269·646d·3831·3431·223e·3c74·6162·6c65··"idm8141"><table0003bc30:·6d38·3134·3122·3e3c·7072·653e·3c63·6f64··m8141"><pre><cod
0003bc40:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003bc40:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
0003bc50:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003bc50:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
0003bc60:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003bc60:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
0003bc70:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003bc70:·6174·666f·726d·730a·6966·2021·2028·207b··atforms.if·!·(·{
0003bc80:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003bc80:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003bc90:·2f74·683e·3c74·643e·6869·6768·3c2f·7464··/th><td>high</td0003bc90:·6b65·726e·656c·203b·7d20·2661·6d70·3b26··kernel·;}·&amp;&
0003bca0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di0003bca0:·616d·703b·207b·2072·706d·202d·2d71·7569··amp;·{·rpm·--qui
0003bcb0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003bcb0:·6574·202d·7120·7270·6d2d·6f73·7472·6565··et·-q·rpm-ostree
0003bcc0:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t0003bcc0:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003bcd0:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot0003bcd0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003bce0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<0003bce0:·626f·6f74·6320·3b7d·2026·616d·703b·2661··bootc·;}·&amp;&a
0003bcf0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003bcf0:·6d70·3b20·7b20·2120·7270·6d20·2d2d·7175··mp;·{·!·rpm·--qu
0003bd00:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><0003bd00:·6965·7420·2d71·206f·7065·6e73·6869·6674··iet·-q·openshift
0003bd10:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>0003bd10:·2d6b·7562·656c·6574·203b·7d20·293b·2074··-kubelet·;}·);·t
0003bd20:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr0003bd20:·6865·6e0a·0a23·2046·696e·6420·7768·6963··hen..#·Find·whic
0003bd30:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·0003bd30:·6820·6669·6c65·7320·6861·7665·2069·6e63··h·files·have·inc
0003bd40:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa0003bd40:·6f72·7265·6374·2068·6173·6820·286e·6f74··orrect·hash·(not
0003bd50:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa0003bd50:·2069·6e20·2f65·7463·2c20·6265·6361·7573···in·/etc,·becaus
0003bd60:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma0003bd60:·6520·6f66·2074·6865·2073·7973·7465·6d20··e·of·the·system·
0003bd70:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta0003bd70:·7265·6c61·7465·6420·636f·6e66·6967·2066··related·config·f
0003bd80:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.10003bd80:·696c·6573·2920·616e·6420·7468·656e·2067··iles)·and·then·g
0003bd90:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-80003bd90:·6574·2066·696c·6573·206e·616d·6573·0a66··et·files·names.f
0003bda0:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-0003bda0:·696c·6573·5f77·6974·685f·696e·636f·7272··iles_with_incorr
0003bdb0:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003bdb0:·6563·745f·6861·7368·3d22·2428·7270·6d20··ect_hash="$(rpm·
0003bdc0:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003bdc0:·2d56·6120·2d2d·6e6f·636f·6e66·6967·207c··-Va·--noconfig·|
0003bdd0:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·0003bdd0:·2067·7265·7020·2d45·2027·5e2e·2e35·2720···grep·-E·'^..5'·
0003bde0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003bde0:·7c20·6177·6b20·277b·7072·696e·7420·244e··|·awk·'{print·$N
0003bdf0:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-8000003bdf0:·467d·2720·2922·0a0a·6966·205b·202d·6e20··F}'·)"..if·[·-n·
0003be00:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·0003be00:·2224·6669·6c65·735f·7769·7468·5f69·6e63··"$files_with_inc
0003be10:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003be10:·6f72·7265·6374·5f68·6173·6822·205d·3b20··orrect_hash"·];·
0003be20:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003be20:·7468·656e·0a20·2020·2023·2046·726f·6d20··then.····#·From·
0003be30:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS0003be30:·6669·6c65·7320·6e61·6d65·7320·6765·7420··files·names·get·
0003be40:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)0003be40:·7061·636b·6167·6520·6e61·6d65·7320·616e··package·names·an
0003be50:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003be50:·6420·6368·616e·6765·206e·6577·6c69·6e65··d·change·newline
0003be60:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS0003be60:·2074·6f20·7370·6163·652c·2062·6563·6175···to·space,·becau
0003be70:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h0003be70:·7365·2072·706d·2077·7269·7465·7320·6561··se·rpm·writes·ea
0003be80:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·0003be80:·6368·2070·6163·6b61·6765·2074·6f20·6e65··ch·package·to·ne
0003be90:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity0003be90:·7720·6c69·6e65·0a20·2020·2070·6163·6b61··w·line.····packa
0003bea0:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003bea0:·6765·735f·746f·5f72·6569·6e73·7461·6c6c··ges_to_reinstall
0003beb0:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re0003beb0:·3d22·2428·7270·6d20·2d71·6620·2466·696c··="$(rpm·-qf·$fil
0003bec0:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003bec0:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003bed0:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0003bed0:·745f·6861·7368·207c·2074·7220·275c·6e27··t_hash·|·tr·'\n'
0003bee0:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify0003bee0:·2027·2027·2922·0a0a·2020·2020·0a20·2020···'·')"..····.···
0003bef0:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:0003bef0:·2064·6e66·2072·6569·6e73·7461·6c6c·202d···dnf·reinstall·-
0003bf00:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack0003bf00:·7920·2470·6163·6b61·6765·735f·746f·5f72··y·$packages_to_r
0003bf10:·6167·6520·6d61·6e61·6765·7220·7265·696e··age·manager·rein0003bf10:·6569·6e73·7461·6c6c·0a20·2020·200a·6669··einstall.····.fi
0003bf20:·7374·616c·6c20·636f·6d6d·616e·6427·0a20··stall·command'.·0003bf20:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
0003bf30:·2073·6574·5f66·6163·743a·0a20·2020·2070···set_fact:.····p0003bf30:·616d·703b·3220·6563·686f·2027·5265·6d65··amp;2·echo·'Reme
0003bf40:·6163·6b61·6765·5f6d·616e·6167·6572·5f72··ackage_manager_r0003bf40:·6469·6174·696f·6e20·6973·206e·6f74·2061··diation·is·not·a
0003bf50:·6569·6e73·7461·6c6c·5f63·6d64·3a20·646e··einstall_cmd:·dn0003bf50:·7070·6c69·6361·626c·652c·206e·6f74·6869··pplicable,·nothi
0003bf60:·6620·7265·696e·7374·616c·6c20·2d79·0a20··f·reinstall·-y.·0003bf60:·6e67·2077·6173·2064·6f6e·6527·0a66·690a··ng·was·done'.fi.
0003bf70:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003bf70:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
0003bf80:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003bf80:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
0003bf90:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003bf90:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
0003bfa0:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003bfa0:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
0003bfb0:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003bfb0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003bfc0:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003bfc0:·3d22·2369·646d·3831·3432·2220·7461·6269··="#idm8142"·tabi
0003bfd0:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003bfd0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003bfe0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003bfe0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003bff0:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003bff0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003c000:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003c000:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003c010:·6c65·7422·2069·6e20·616e·7369·626c·655f··let"·in·ansible_0003c010:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003c020:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003c020:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An
0003c030:·2020·2029·0a20·202d·2061·6e73·6962·6c65·····).··-·ansible0003c030:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..
0003c040:·5f64·6973·7472·6962·7574·696f·6e20·696e··_distribution·in0003c040:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003c050:·205b·2022·4665·646f·7261·222c·2022·5265···[·"Fedora",·"Re0003c050:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003c060:·6448·6174·222c·2022·4365·6e74·4f53·222c··dHat",·"CentOS",0003c060:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003c070:·2022·4f72·6163·6c65·4c69·6e75·7822·205d···"OracleLinux"·]0003c070:·3d22·6964·6d38·3134·3222·3e3c·7461·626c··="idm8142"><tabl
0003c080:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003c080:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
0003c090:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N0003c090:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
0003c0a0:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.0003c0a0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
0003c0b0:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-10003c0b0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
0003c0c0:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS0003c0c0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
0003c0d0:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)0003c0d0:·3c2f·7468·3e3c·7464·3e68·6967·683c·2f74··</th><td>high</t
0003c0e0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003c0e0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
0003c0f0:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS0003c0f0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
0003c100:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)0003c100:·7464·3e6d·6564·6975·6d3c·2f74·643e·3c2f··td>medium</td></
0003c110:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003c110:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003c120:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-80003c120:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
0003c130:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··0003c130:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003c140:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003c140:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
0003c150:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS0003c150:·3c74·643e·7265·7374·7269·6374·3c2f·7464··<td>restrict</td
0003c160:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003c160:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0003c170:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003c170:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
0003c180:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex0003c180:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
0003c190:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev0003c190:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
0003c1a0:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium0003c1a0:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
0003c1b0:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·0003c1b0:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
0003c1c0:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed0003c1c0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
0003c1d0:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st0003c1d0:·3130·2e34·2e31·0a20·202d·204e·4953·542d··10.4.1.··-·NIST-
0003c1e0:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v0003c1e0:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··
0003c1f0:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·0003c1f0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003c200:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:0003c200:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-80
0003c210:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager0003c210:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-
0003c220:·2072·6569·6e73·7461·6c6c·2063·6f6d·6d61···reinstall·comma0003c220:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
0003c230:·6e64·2028·7a79·7070·6572·2927·0a20·2073··nd·(zypper)'.··s0003c230:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-80
0003c240:·6574·5f66·6163·743a·0a20·2020·2070·6163··et_fact:.····pac0003c240:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-
0003c250:·6b61·6765·5f6d·616e·6167·6572·5f72·6569··kage_manager_rei0003c250:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003c260:·6e73·7461·6c6c·5f63·6d64·3a20·7a79·7070··nstall_cmd:·zypp0003c260:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
0003c270:·6572·2069·6e20·2d66·202d·790a·2020·7768··er·in·-f·-y.··wh0003c270:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI
0003c280:·656e·3a0a·2020·2d20·6e6f·7420·2820·226b··en:.··-·not·(·"k0003c280:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(6
0003c290:·6572·6e65·6c22·2069·6e20·616e·7369·626c··ernel"·in·ansibl0003c290:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re
0003c2a0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003c2a0:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D
0003c2b0:·2061·6e64·2022·7270·6d2d·6f73·7472·6565···and·"rpm-ostree0003c2b0:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·
0003c2c0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003c2c0:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.
0003c2d0:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003c2d0:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit
0003c2e0:·616e·6420·2262·6f6f·7463·2220·696e·2061··and·"bootc"·in·a0003c2e0:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis
0003c2f0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003c2f0:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r
0003c300:·6b61·6765·7320·616e·6420·6e6f·7420·226f··kages·and·not·"o0003c300:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-
0003c310:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet0003c310:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate
0003c320:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003c320:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif
0003c330:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003c330:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name
0003c340:·290a·2020·2d20·616e·7369·626c·655f·6469··).··-·ansible_di0003c340:·3a20·2753·6574·2066·6163·743a·2050·6163··:·'Set·fact:·Pac
Max diff block lines reached; 17287096/17342048 bytes (99.68%) of diff not shown.
1.22 MB
html2text {}
    
Offset 126, 14 lines modifiedOffset 126, 33 lines modified
126 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6126 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
127 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4127 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
128 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)128 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
129 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1129 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
130 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5130 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
131 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227131 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
132 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2132 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 134 #·Remediation·is·applicable·only·in·certain·platforms
 135 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 136 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 137 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 138 if·[·-n·"$files_with_incorrect_hash"·];·then
 139 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 140 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 141 ····dnf·reinstall·-y·$packages_to_reinstall
  
 142 fi
  
 143 else
 144 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 145 fi
133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
138 -·name:·Gather·the·package·facts151 -·name:·Gather·the·package·facts
139 ··package_facts:152 ··package_facts:
Offset 300, 33 lines modifiedOffset 319, 14 lines modified
300 ··-·PCI-DSSv4-11.5.2319 ··-·PCI-DSSv4-11.5.2
301 ··-·high_complexity320 ··-·high_complexity
302 ··-·high_severity321 ··-·high_severity
303 ··-·medium_disruption322 ··-·medium_disruption
304 ··-·no_reboot_needed323 ··-·no_reboot_needed
305 ··-·restrict_strategy324 ··-·restrict_strategy
306 ··-·rpm_verify_hashes325 ··-·rpm_verify_hashes
307 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
308 #·Remediation·is·applicable·only·in·certain·platforms 
309 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
310 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
311 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
312 if·[·-n·"$files_with_incorrect_hash"·];·then 
313 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
314 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
315 ····dnf·reinstall·-y·$packages_to_reinstall 
  
316 fi 
  
317 else 
318 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
319 fi 
320 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*326 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
321 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:327 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
322 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'328 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
323 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:329 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
324 $·rpm·-qf·FILENAME330 $·rpm·-qf·FILENAME
  
325 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:331 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 347, 14 lines modifiedOffset 347, 50 lines modified
347 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5347 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
348 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2348 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
349 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)349 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
350 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1350 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
351 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5351 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
352 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108352 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
353 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2353 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 354 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 355 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 356 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 357 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 358 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 359 #·Remediation·is·applicable·only·in·certain·platforms
 360 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 361 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 362 declare·-A·SETPERMS_RPM_DICT
  
 363 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 364 #·is·expected·by·the·RPM·database
 365 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 366 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 367 do
 368 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 369 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 370 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 371 ········do
 372 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 373 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 374 ········done
 375 done
  
 376 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 377 #·correct·values
 378 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 379 do
 380 »       rpm·--restore·"${RPM_PACKAGE}"
 381 done
  
 382 else
 383 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 384 fi
354 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8385 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
355 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high386 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
356 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium387 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
357 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false388 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
358 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict389 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
359 -·name:·Gather·the·package·facts390 -·name:·Gather·the·package·facts
360 ··package_facts:391 ··package_facts:
Offset 466, 50 lines modifiedOffset 502, 14 lines modified
466 ··-·PCI-DSSv4-11.5.2502 ··-·PCI-DSSv4-11.5.2
467 ··-·high_complexity503 ··-·high_complexity
468 ··-·high_severity504 ··-·high_severity
469 ··-·medium_disruption505 ··-·medium_disruption
470 ··-·no_reboot_needed506 ··-·no_reboot_needed
471 ··-·restrict_strategy507 ··-·restrict_strategy
472 ··-·rpm_verify_permissions508 ··-·rpm_verify_permissions
473 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 1274927/1283011 bytes (99.37%) of diff not shown.
10.7 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-ism_o.html
    
Offset 15302, 408 lines modifiedOffset 15302, 408 lines modified
0003bc50:·7267·6574·3d22·2369·646d·3831·3431·2220··rget="#idm8141"·0003bc50:·7267·6574·3d22·2369·646d·3831·3431·2220··rget="#idm8141"·
0003bc60:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003bc60:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003bc70:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003bc70:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003bc80:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003bc80:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003bc90:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003bc90:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003bca0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003bca0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003bcb0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003bcb0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003bcc0:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe0003bcc0:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
0003bcd0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di0003bcd0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
0003bce0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c0003bce0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0003bcf0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse0003bcf0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0003bd00:·2220·6964·3d22·6964·6d38·3134·3122·3e3c··"·id="idm8141"><0003bd00:·643d·2269·646d·3831·3431·223e·3c70·7265··d="idm8141"><pre
0003bd10:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab0003bd10:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
0003bd20:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped0003bd20:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
0003bd30:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·0003bd30:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
0003bd40:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"0003bd40:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
0003bd50:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex0003bd50:·2120·2820·7b20·7270·6d20·2d2d·7175·6965··!·(·{·rpm·--quie
0003bd60:·6974·793a·3c2f·7468·3e3c·7464·3e68·6967··ity:</th><td>hig0003bd60:·7420·2d71·206b·6572·6e65·6c20·3b7d·2026··t·-q·kernel·;}·&
0003bd70:·683c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··h</td></tr><tr><0003bd70:·616d·703b·2661·6d70·3b20·7b20·7270·6d20··amp;&amp;·{·rpm·
0003bd80:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</0003bd80:·2d2d·7175·6965·7420·2d71·2072·706d·2d6f··--quiet·-q·rpm-o
0003bd90:·7468·3e3c·7464·3e6d·6564·6975·6d3c·2f74··th><td>medium</t0003bd90:·7374·7265·6520·3b7d·2026·616d·703b·2661··stree·;}·&amp;&a
0003bda0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R0003bda0:·6d70·3b20·7b20·7270·6d20·2d2d·7175·6965··mp;·{·rpm·--quie
0003bdb0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f0003bdb0:·7420·2d71·2062·6f6f·7463·203b·7d20·2661··t·-q·bootc·;}·&a
0003bdc0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t0003bdc0:·6d70·3b26·616d·703b·207b·2021·2072·706d··mp;&amp;·{·!·rpm
0003bdd0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0003bdd0:·202d·2d71·7569·6574·202d·7120·6f70·656e···--quiet·-q·open
0003bde0:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict0003bde0:·7368·6966·742d·6b75·6265·6c65·7420·3b7d··shift-kubelet·;}
0003bdf0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl0003bdf0:·2029·3b20·7468·656e·0a0a·2320·4669·6e64···);·then..#·Find
0003be00:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n0003be00:·2077·6869·6368·2066·696c·6573·2068·6176···which·files·hav
0003be10:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the·0003be10:·6520·696e·636f·7272·6563·7420·6861·7368··e·incorrect·hash
0003be20:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.··0003be20:·2028·6e6f·7420·696e·202f·6574·632c·2062···(not·in·/etc,·b
0003be30:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.·0003be30:·6563·6175·7365·206f·6620·7468·6520·7379··ecause·of·the·sy
0003be40:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto0003be40:·7374·656d·2072·656c·6174·6564·2063·6f6e··stem·related·con
0003be50:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003be50:·6669·6720·6669·6c65·7329·2061·6e64·2074··fig·files)·and·t
0003be60:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N0003be60:·6865·6e20·6765·7420·6669·6c65·7320·6e61··hen·get·files·na
0003be70:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.0003be70:·6d65·730a·6669·6c65·735f·7769·7468·5f69··mes.files_with_i
0003be80:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-10003be80:·6e63·6f72·7265·6374·5f68·6173·683d·2224··ncorrect_hash="$
0003be90:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS0003be90:·2872·706d·202d·5661·202d·2d6e·6f63·6f6e··(rpm·-Va·--nocon
0003bea0:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)0003bea0:·6669·6720·7c20·6772·6570·202d·4520·275e··fig·|·grep·-E·'^
0003beb0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003beb0:·2e2e·3527·207c·2061·776b·2027·7b70·7269··..5'·|·awk·'{pri
0003bec0:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS0003bec0:·6e74·2024·4e46·7d27·2029·220a·0a69·6620··nt·$NF}'·)"..if·
0003bed0:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)0003bed0:·5b20·2d6e·2022·2466·696c·6573·5f77·6974··[·-n·"$files_wit
0003bee0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bee0:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003bef0:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-80003bef0:·2220·5d3b·2074·6865·6e0a·2020·2020·2320··"·];·then.····#·
0003bf00:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··0003bf00:·4672·6f6d·2066·696c·6573·206e·616d·6573··From·files·names
0003bf10:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003bf10:·2067·6574·2070·6163·6b61·6765·206e·616d···get·package·nam
0003bf20:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS0003bf20:·6573·2061·6e64·2063·6861·6e67·6520·6e65··es·and·change·ne
0003bf30:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003bf30:·776c·696e·6520·746f·2073·7061·6365·2c20··wline·to·space,·
0003bf40:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003bf40:·6265·6361·7573·6520·7270·6d20·7772·6974··because·rpm·writ
0003bf50:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex0003bf50:·6573·2065·6163·6820·7061·636b·6167·6520··es·each·package·
0003bf60:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev0003bf60:·746f·206e·6577·206c·696e·650a·2020·2020··to·new·line.····
0003bf70:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium0003bf70:·7061·636b·6167·6573·5f74·6f5f·7265·696e··packages_to_rein
0003bf80:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·0003bf80:·7374·616c·6c3d·2224·2872·706d·202d·7166··stall="$(rpm·-qf
0003bf90:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed0003bf90:·2024·6669·6c65·735f·7769·7468·5f69·6e63···$files_with_inc
0003bfa0:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st0003bfa0:·6f72·7265·6374·5f68·6173·6820·7c20·7472··orrect_hash·|·tr
0003bfb0:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v0003bfb0:·2027·5c6e·2720·2720·2729·220a·0a20·2020···'\n'·'·')"..···
0003bfc0:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·0003bfc0:·200a·2020·2020·646e·6620·7265·696e·7374···.····dnf·reinst
0003bfd0:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:0003bfd0:·616c·6c20·2d79·2024·7061·636b·6167·6573··all·-y·$packages
0003bfe0:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager0003bfe0:·5f74·6f5f·7265·696e·7374·616c·6c0a·2020··_to_reinstall.··
0003bff0:·2072·6569·6e73·7461·6c6c·2063·6f6d·6d61···reinstall·comma0003bff0:·2020·0a66·690a·0a65·6c73·650a·2020·2020····.fi..else.····
0003c000:·6e64·270a·2020·7365·745f·6661·6374·3a0a··nd'.··set_fact:.0003c000:·2667·743b·2661·6d70·3b32·2065·6368·6f20··&gt;&amp;2·echo·
0003c010:·2020·2020·7061·636b·6167·655f·6d61·6e61······package_mana0003c010:·2752·656d·6564·6961·7469·6f6e·2069·7320··'Remediation·is·
0003c020:·6765·725f·7265·696e·7374·616c·6c5f·636d··ger_reinstall_cm0003c020:·6e6f·7420·6170·706c·6963·6162·6c65·2c20··not·applicable,·
0003c030:·643a·2064·6e66·2072·6569·6e73·7461·6c6c··d:·dnf·reinstall0003c030:·6e6f·7468·696e·6720·7761·7320·646f·6e65··nothing·was·done
0003c040:·202d·790a·2020·7768·656e·3a0a·2020·2d20···-y.··when:.··-·0003c040:·270a·6669·0a3c·2f63·6f64·653e·3c2f·7072··'.fi.</code></pr
0003c050:·6e6f·7420·2820·226b·6572·6e65·6c22·2069··not·(·"kernel"·i0003c050:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class
0003c060:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003c060:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes
0003c070:·7061·636b·6167·6573·2061·6e64·2022·7270··packages·and·"rp0003c070:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="
0003c080:·6d2d·6f73·7472·6565·2220·696e·2061·6e73··m-ostree"·in·ans0003c080:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t
0003c090:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003c090:·6172·6765·743d·2223·6964·6d38·3134·3222··arget="#idm8142"
0003c0a0:·6765·730a·2020·2020·616e·6420·2262·6f6f··ges.····and·"boo0003c0a0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003c0b0:·7463·2220·696e·2061·6e73·6962·6c65·5f66··tc"·in·ansible_f0003c0b0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003c0c0:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003c0c0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003c0d0:·6420·6e6f·7420·226f·7065·6e73·6869·6674··d·not·"openshift0003c0d0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003c0e0:·2d6b·7562·656c·6574·2220·696e·2061·6e73··-kubelet"·in·ans0003c0e0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003c0f0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003c0f0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003c100:·6765·730a·2020·2020·290a·2020·2d20·616e··ges.····).··-·an0003c100:·6f6e·2041·6e73·6962·6c65·2073·6e69·7070··on·Ansible·snipp
0003c110:·7369·626c·655f·6469·7374·7269·6275·7469··sible_distributi0003c110:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d
0003c120:·6f6e·2069·6e20·5b20·2246·6564·6f72·6122··on·in·[·"Fedora"0003c120:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0003c130:·2c20·2252·6564·4861·7422·2c20·2243·656e··,·"RedHat",·"Cen0003c130:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
0003c140:·744f·5322·2c20·224f·7261·636c·654c·696e··tOS",·"OracleLin0003c140:·6522·2069·643d·2269·646d·3831·3432·223e··e"·id="idm8142">
0003c150:·7578·2220·5d0a·2020·7461·6773·3a0a·2020··ux"·].··tags:.··0003c150:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
0003c160:·2d20·434a·4953·2d35·2e31·302e·342e·310a··-·CJIS-5.10.4.1.0003c160:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
0003c170:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003c170:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
0003c180:·2d33·2e33·2e38·0a20·202d·204e·4953·542d··-3.3.8.··-·NIST-0003c180:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
0003c190:·3830·302d·3137·312d·332e·342e·310a·2020··800-171-3.4.1.··0003c190:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
0003c1a0:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU0003c1a0:·7869·7479·3a3c·2f74·683e·3c74·643e·6869··xity:</th><td>hi
0003c1b0:·2d39·2833·290a·2020·2d20·4e49·5354·2d38··-9(3).··-·NIST-80003c1b0:·6768·3c2f·7464·3e3c·2f74·723e·3c74·723e··gh</td></tr><tr>
0003c1c0:·3030·2d35·332d·434d·2d36·2863·290a·2020··00-53-CM-6(c).··0003c1c0:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
0003c1d0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003c1d0:·2f74·683e·3c74·643e·6d65·6469·756d·3c2f··/th><td>medium</
0003c1e0:·2d36·2864·290a·2020·2d20·4e49·5354·2d38··-6(d).··-·NIST-80003c1e0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003c1f0:·3030·2d35·332d·5349·2d37·0a20·202d·204e··00-53-SI-7.··-·N0003c1f0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>
0003c200:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003c200:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><
0003c210:·3129·0a20·202d·204e·4953·542d·3830·302d··1).··-·NIST-800-0003c210:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
0003c220:·3533·2d53·492d·3728·3629·0a20·202d·2050··53-SI-7(6).··-·P0003c220:·3c2f·7468·3e3c·7464·3e72·6573·7472·6963··</th><td>restric
0003c230:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.0003c230:·743c·2f74·643e·3c2f·7472·3e3c·2f74·6162··t</td></tr></tab
0003c240:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-110003c240:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-·
0003c250:·2e35·2e32·0a20·202d·2068·6967·685f·636f··.5.2.··-·high_co0003c250:·6e61·6d65·3a20·4761·7468·6572·2074·6865··name:·Gather·the
0003c260:·6d70·6c65·7869·7479·0a20·202d·2068·6967··mplexity.··-·hig0003c260:·2070·6163·6b61·6765·2066·6163·7473·0a20···package·facts.·
0003c270:·685f·7365·7665·7269·7479·0a20·202d·206d··h_severity.··-·m0003c270:·2070·6163·6b61·6765·5f66·6163·7473·3a0a···package_facts:.
0003c280:·6564·6975·6d5f·6469·7372·7570·7469·6f6e··edium_disruption0003c280:·2020·2020·6d61·6e61·6765·723a·2061·7574······manager:·aut
0003c290:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n0003c290:·6f0a·2020·7461·6773·3a0a·2020·2d20·434a··o.··tags:.··-·CJ
0003c2a0:·6565·6465·640a·2020·2d20·7265·7374·7269··eeded.··-·restri0003c2a0:·4953·2d35·2e31·302e·342e·310a·2020·2d20··IS-5.10.4.1.··-·
0003c2b0:·6374·5f73·7472·6174·6567·790a·2020·2d20··ct_strategy.··-·0003c2b0:·4e49·5354·2d38·3030·2d31·3731·2d33·2e33··NIST-800-171-3.3
0003c2c0:·7270·6d5f·7665·7269·6679·5f68·6173·6865··rpm_verify_hashe0003c2c0:·2e38·0a20·202d·204e·4953·542d·3830·302d··.8.··-·NIST-800-
0003c2d0:·730a·0a2d·206e·616d·653a·2027·5365·7420··s..-·name:·'Set·0003c2d0:·3137·312d·332e·342e·310a·2020·2d20·4e49··171-3.4.1.··-·NI
0003c2e0:·6661·6374·3a20·5061·636b·6167·6520·6d61··fact:·Package·ma0003c2e0:·5354·2d38·3030·2d35·332d·4155·2d39·2833··ST-800-53-AU-9(3
0003c2f0:·6e61·6765·7220·7265·696e·7374·616c·6c20··nager·reinstall·0003c2f0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003c300:·636f·6d6d·616e·6420·287a·7970·7065·7229··command·(zypper)0003c300:·332d·434d·2d36·2863·290a·2020·2d20·4e49··3-CM-6(c).··-·NI
0003c310:·270a·2020·7365·745f·6661·6374·3a0a·2020··'.··set_fact:.··0003c310:·5354·2d38·3030·2d35·332d·434d·2d36·2864··ST-800-53-CM-6(d
0003c320:·2020·7061·636b·6167·655f·6d61·6e61·6765····package_manage0003c320:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003c330:·725f·7265·696e·7374·616c·6c5f·636d·643a··r_reinstall_cmd:0003c330:·332d·5349·2d37·0a20·202d·204e·4953·542d··3-SI-7.··-·NIST-
0003c340:·207a·7970·7065·7220·696e·202d·6620·2d79···zypper·in·-f·-y0003c340:·3830·302d·3533·2d53·492d·3728·3129·0a20··800-53-SI-7(1).·
0003c350:·0a20·2077·6865·6e3a·0a20·202d·206e·6f74··.··when:.··-·not0003c350:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S
0003c360:·2028·2022·6b65·726e·656c·2220·696e·2061···(·"kernel"·in·a0003c360:·492d·3728·3629·0a20·202d·2050·4349·2d44··I-7(6).··-·PCI-D
0003c370:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003c370:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·
0003c380:·6b61·6765·7320·616e·6420·2272·706d·2d6f··kages·and·"rpm-o0003c380:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.2
0003c390:·7374·7265·6522·2069·6e20·616e·7369·626c··stree"·in·ansibl0003c390:·0a20·202d·2068·6967·685f·636f·6d70·6c65··.··-·high_comple
0003c3a0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003c3a0:·7869·7479·0a20·202d·2068·6967·685f·7365··xity.··-·high_se
0003c3b0:·0a20·2020·2061·6e64·2022·626f·6f74·6322··.····and·"bootc"0003c3b0:·7665·7269·7479·0a20·202d·206d·6564·6975··verity.··-·mediu
0003c3c0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003c3c0:·6d5f·6469·7372·7570·7469·6f6e·0a20·202d··m_disruption.··-
0003c3d0:·732e·7061·636b·6167·6573·2061·6e64·206e··s.packages·and·n0003c3d0:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede
0003c3e0:·6f74·2022·6f70·656e·7368·6966·742d·6b75··ot·"openshift-ku0003c3e0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
0003c3f0:·6265·6c65·7422·2069·6e20·616e·7369·626c··belet"·in·ansibl0003c3f0:·7472·6174·6567·790a·2020·2d20·7270·6d5f··trategy.··-·rpm_
0003c400:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003c400:·7665·7269·6679·5f68·6173·6865·730a·0a2d··verify_hashes..-
0003c410:·0a20·2020·2029·0a20·202d·2061·6e73·6962··.····).··-·ansib0003c410:·206e·616d·653a·2027·5365·7420·6661·6374···name:·'Set·fact
0003c420:·6c65·5f64·6973·7472·6962·7574·696f·6e20··le_distribution·0003c420:·3a20·5061·636b·6167·6520·6d61·6e61·6765··:·Package·manage
Max diff block lines reached; 10112392/10167344 bytes (99.46%) of diff not shown.
1010 KB
html2text {}
    
Offset 128, 14 lines modifiedOffset 128, 33 lines modified
128 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6128 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
129 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4129 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
130 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)130 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
131 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1131 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
132 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5132 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
133 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227133 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
134 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2134 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 136 #·Remediation·is·applicable·only·in·certain·platforms
 137 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 138 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 139 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 140 if·[·-n·"$files_with_incorrect_hash"·];·then
 141 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 142 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 143 ····dnf·reinstall·-y·$packages_to_reinstall
  
 144 fi
  
 145 else
 146 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 147 fi
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8148 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high149 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium150 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false151 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict152 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
140 -·name:·Gather·the·package·facts153 -·name:·Gather·the·package·facts
141 ··package_facts:154 ··package_facts:
Offset 302, 33 lines modifiedOffset 321, 14 lines modified
302 ··-·PCI-DSSv4-11.5.2321 ··-·PCI-DSSv4-11.5.2
303 ··-·high_complexity322 ··-·high_complexity
304 ··-·high_severity323 ··-·high_severity
305 ··-·medium_disruption324 ··-·medium_disruption
306 ··-·no_reboot_needed325 ··-·no_reboot_needed
307 ··-·restrict_strategy326 ··-·restrict_strategy
308 ··-·rpm_verify_hashes327 ··-·rpm_verify_hashes
309 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
310 #·Remediation·is·applicable·only·in·certain·platforms 
311 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
312 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
313 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
314 if·[·-n·"$files_with_incorrect_hash"·];·then 
315 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
316 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
317 ····dnf·reinstall·-y·$packages_to_reinstall 
  
318 fi 
  
319 else 
320 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
321 fi 
322 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*328 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
323 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:329 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
324 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'330 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
325 run·the·following·command·to·determine·which·package·owns·it:331 run·the·following·command·to·determine·which·package·owns·it:
326 $·rpm·-qf·FILENAME332 $·rpm·-qf·FILENAME
327 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:333 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
328 $·sudo·rpm·--restore·PACKAGENAME334 $·sudo·rpm·--restore·PACKAGENAME
Offset 347, 14 lines modifiedOffset 347, 46 lines modified
347 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5347 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
348 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2348 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
349 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)349 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
350 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1350 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
351 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5351 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
352 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108352 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
353 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2353 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 354 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 355 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 356 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 357 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 358 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 359 #·Remediation·is·applicable·only·in·certain·platforms
 360 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 361 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 362 declare·-A·SETPERMS_RPM_DICT
  
 363 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 364 #·is·expected·by·the·RPM·database
 365 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 366 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 367 do
 368 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 369 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 370 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 371 done
  
 372 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 373 #·correct·values
 374 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 375 do
 376 ········rpm·--restore·"${RPM_PACKAGE}"
 377 done
  
 378 else
 379 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 380 fi
354 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8381 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
355 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high382 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
356 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium383 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
357 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false384 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
358 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict385 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
359 -·name:·Gather·the·package·facts386 -·name:·Gather·the·package·facts
360 ··package_facts:387 ··package_facts:
Offset 462, 46 lines modifiedOffset 494, 14 lines modified
462 ··-·PCI-DSSv4-11.5.2494 ··-·PCI-DSSv4-11.5.2
463 ··-·high_complexity495 ··-·high_complexity
464 ··-·high_severity496 ··-·high_severity
465 ··-·medium_disruption497 ··-·medium_disruption
466 ··-·no_reboot_needed498 ··-·no_reboot_needed
467 ··-·restrict_strategy499 ··-·restrict_strategy
468 ··-·rpm_verify_ownership500 ··-·rpm_verify_ownership
469 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
470 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
471 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
472 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
473 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 1028133/1035844 bytes (99.26%) of diff not shown.
7.4 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-ospp.html
    
Offset 15476, 62 lines modifiedOffset 15476, 62 lines modified
0003c730:·6765·743d·2223·6964·6d39·3033·3322·2074··get="#idm9033"·t0003c730:·6765·743d·2223·6964·6d39·3033·3322·2074··get="#idm9033"·t
0003c740:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003c740:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003c750:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003c750:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003c760:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003c760:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003c770:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003c770:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003c780:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003c780:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003c790:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003c790:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003c7a0:·204f·5342·7569·6c64·2042·6c75·6570·7269···OSBuild·Bluepri 
0003c7b0:·6e74·2073·6e69·7070·6574·20e2·87b2·3c2f··nt·snippet·...</ 
0003c7c0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003c7d0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003c7e0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003c7f0:·646d·3930·3333·223e·3c70·7265·3e3c·636f··dm9033"><pre><co 
0003c800:·6465·3e0a·5b63·7573·746f·6d69·7a61·7469··de>.[customizati 
0003c810:·6f6e·735d·0a66·6970·7320·3d20·7472·7565··ons].fips·=·true 
0003c820:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003c830:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003c840:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003c850:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003c860:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
0003c870:·743d·2223·6964·6d39·3033·3422·2074·6162··t="#idm9034"·tab 
0003c880:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003c890:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003c8a0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003c8b0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003c8c0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003c8d0:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S 
0003c8e0:·6865·6c6c·2073·6372·6970·7420·e287·b23c··hell·script·...<0003c7a0:·2053·6865·6c6c·2073·6372·6970·7420·e287···Shell·script·..
0003c8f0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003c7b0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003c900:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003c7c0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003c910:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003c7d0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003c920:·6964·6d39·3033·3422·3e3c·7072·653e·3c63··idm9034"><pre><c0003c7e0:·3d22·6964·6d39·3033·3322·3e3c·7072·653e··="idm9033"><pre>
0003c930:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio0003c7f0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
0003c940:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·0003c800:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
0003c950:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·0003c810:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
0003c960:·706c·6174·666f·726d·730a·6966·2028·2021··platforms.if·(·!0003c820:·6e20·706c·6174·666f·726d·730a·6966·2028··n·platforms.if·(
0003c970:·2028·205b·2022·247b·636f·6e74·6169·6e65···(·[·"${containe0003c830:·2021·2028·205b·2022·247b·636f·6e74·6169···!·(·[·"${contai
0003c980:·723a·2d7d·2220·3d3d·2022·6277·7261·702d··r:-}"·==·"bwrap-0003c840:·6e65·723a·2d7d·2220·3d3d·2022·6277·7261··ner:-}"·==·"bwra
0003c990:·6f73·6275·696c·6422·205d·2029·2026·616d··osbuild"·]·)·&am0003c850:·702d·6f73·6275·696c·6422·205d·2029·2026··p-osbuild"·]·)·&
0003c9a0:·703b·2661·6d70·3b20·7270·6d20·2d2d·7175··p;&amp;·rpm·--qu0003c860:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·--
0003c9b0:·6965·7420·2d71·206b·6572·6e65·6c20·293b··iet·-q·kernel·);0003c870:·7175·6965·7420·2d71·206b·6572·6e65·6c20··quiet·-q·kernel·
0003c9c0:·2074·6865·6e0a·0a69·6620·5b5b·2022·244f···then..if·[[·"$O0003c880:·293b·2074·6865·6e0a·0a69·6620·5b5b·2022··);·then..if·[[·"
0003c9d0:·5343·4150·5f42·4f4f·5443·5f42·5549·4c44··SCAP_BOOTC_BUILD0003c890:·244f·5343·4150·5f42·4f4f·5443·5f42·5549··$OSCAP_BOOTC_BUI
0003c9e0:·2220·3d3d·2022·5945·5322·205d·5d3b·2074··"·==·"YES"·]];·t0003c8a0:·4c44·2220·3d3d·2022·5945·5322·205d·5d3b··LD"·==·"YES"·]];
0003c9f0:·6865·6e0a·0963·6174·2026·6774·3b20·2f75··hen..cat·&gt;·/u0003c8b0:·2074·6865·6e0a·0963·6174·2026·6774·3b20···then..cat·&gt;·
0003ca00:·7372·2f6c·6962·2f62·6f6f·7463·2f6b·6172··sr/lib/bootc/kar0003c8c0:·2f75·7372·2f6c·6962·2f62·6f6f·7463·2f6b··/usr/lib/bootc/k
0003ca10:·6773·2e64·2f30·312d·6669·7073·2e74·6f6d··gs.d/01-fips.tom0003c8d0:·6172·6773·2e64·2f30·312d·6669·7073·2e74··args.d/01-fips.t
0003ca20:·6c20·266c·743b·266c·743b·2045·4f46·0a6b··l·&lt;&lt;·EOF.k0003c8e0:·6f6d·6c20·266c·743b·266c·743b·2045·4f46··oml·&lt;&lt;·EOF
0003ca30:·6172·6773·203d·205b·2266·6970·733d·3122··args·=·["fips=1"0003c8f0:·0a6b·6172·6773·203d·205b·2266·6970·733d··.kargs·=·["fips=
0003ca40:·5d0a·454f·460a·6669·0a0a·656c·7365·0a20··].EOF.fi..else.·0003c900:·3122·5d0a·454f·460a·6669·0a0a·656c·7365··1"].EOF.fi..else
0003ca50:·2020·2026·6774·3b26·616d·703b·3220·6563·····&gt;&amp;2·ec0003c910:·0a20·2020·2026·6774·3b26·616d·703b·3220··.····&gt;&amp;2·
0003ca60:·686f·2027·5265·6d65·6469·6174·696f·6e20··ho·'Remediation·0003c920:·6563·686f·2027·5265·6d65·6469·6174·696f··echo·'Remediatio
0003ca70:·6973·206e·6f74·2061·7070·6c69·6361·626c··is·not·applicabl0003c930:·6e20·6973·206e·6f74·2061·7070·6c69·6361··n·is·not·applica
0003ca80:·652c·206e·6f74·6869·6e67·2077·6173·2064··e,·nothing·was·d0003c940:·626c·652c·206e·6f74·6869·6e67·2077·6173··ble,·nothing·was
0003ca90:·6f6e·6527·0a66·690a·3c2f·636f·6465·3e3c··one'.fi.</code><0003c950:·2064·6f6e·6527·0a66·690a·3c2f·636f·6465···done'.fi.</code
 0003c960:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
 0003c970:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
 0003c980:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
 0003c990:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
 0003c9a0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
 0003c9b0:·3930·3334·2220·7461·6269·6e64·6578·3d22··9034"·tabindex="
 0003c9c0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
 0003c9d0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
 0003c9e0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
 0003c9f0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
 0003ca00:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
 0003ca10:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild·
 0003ca20:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe
 0003ca30:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
 0003ca40:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
 0003ca50:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
 0003ca60:·2220·6964·3d22·6964·6d39·3033·3422·3e3c··"·id="idm9034"><
 0003ca70:·7072·653e·3c63·6f64·653e·0a5b·6375·7374··pre><code>.[cust
 0003ca80:·6f6d·697a·6174·696f·6e73·5d0a·6669·7073··omizations].fips
 0003ca90:·203d·2074·7275·650a·3c2f·636f·6465·3e3c···=·true.</code><
0003caa0:·2f70·7265·3e3c·2f64·6976·3e3c·2f64·6976··/pre></div></div0003caa0:·2f70·7265·3e3c·2f64·6976·3e3c·2f64·6976··/pre></div></div
0003cab0:·3e3c·2f74·643e·3c2f·7472·3e3c·2f74·626f··></td></tr></tbo0003cab0:·3e3c·2f74·643e·3c2f·7472·3e3c·2f74·626f··></td></tr></tbo
0003cac0:·6479·3e3c·2f74·6162·6c65·3e3c·2f74·643e··dy></table></td>0003cac0:·6479·3e3c·2f74·6162·6c65·3e3c·2f74·643e··dy></table></td>
0003cad0:·3c2f·7472·3e3c·7472·2064·6174·612d·7474··</tr><tr·data-tt0003cad0:·3c2f·7472·3e3c·7472·2064·6174·612d·7474··</tr><tr·data-tt
0003cae0:·2d69·643d·2263·6869·6c64·7265·6e2d·7863··-id="children-xc0003cae0:·2d69·643d·2263·6869·6c64·7265·6e2d·7863··-id="children-xc
0003caf0:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje0003caf0:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
0003cb00:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group0003cb00:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
Offset 15804, 252 lines modifiedOffset 15804, 252 lines modified
0003dbb0:·6172·6765·743d·2223·6964·6d39·3136·3322··arget="#idm9163"0003dbb0:·6172·6765·743d·2223·6964·6d39·3136·3322··arget="#idm9163"
0003dbc0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003dbc0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003dbd0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003dbd0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003dbe0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003dbe0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003dbf0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003dbf0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003dc00:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003dc00:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003dc10:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003dc10:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003dc20:·6f6e·2041·6e61·636f·6e64·6120·736e·6970··on·Anaconda·snip 
0003dc30:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003dc40:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003dc50:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003dc60:·7365·2220·6964·3d22·6964·6d39·3136·3322··se"·id="idm9163" 
0003dc70:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t 
0003dc80:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip 
0003dc90:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere 
0003dca0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003dcb0:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl0003dc20:·6f6e·2073·6372·6970·7420·e287·b23c·2f61··on·script·...</a
 0003dc30:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003dc40:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003dc50:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003dc60:·6d39·3136·3322·3e3c·7461·626c·6520·636c··m9163"><table·cl
 0003dc70:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
 0003dc80:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
 0003dc90:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
 0003dca0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
 0003dcb0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
 0003dcc0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003dcd0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
 0003dce0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
 0003dcf0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003dd00:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
 0003dd10:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
 0003dd20:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
 0003dd30:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab
 0003dd40:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta
 0003dd50:·626c·653e·3c70·7265·3e3c·636f·6465·3e0a··ble><pre><code>.
 0003dd60:·646e·6620·696e·7374·616c·6c20·6372·7970··dnf·install·cryp
 0003dd70:·746f·2d70·6f6c·6963·6965·730a·3c2f·636f··to-policies.</co
 0003dd80:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
 0003dd90:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
 0003dda0:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
 0003ddb0:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
 0003ddc0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
 0003ddd0:·646d·3931·3634·2220·7461·6269·6e64·6578··dm9164"·tabindex
Max diff block lines reached; 6805378/6846418 bytes (99.40%) of diff not shown.
894 KB
html2text {}
    
Offset 124, 31 lines modifiedOffset 124, 31 lines modified
124 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877124 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
125 ············_\x8i_\x8s_\x8m······1446125 ············_\x8i_\x8s_\x8m······1446
126 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1126 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
127 References:·_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12127 References:·_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
128 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1128 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
129 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176129 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
130 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258230r958408_rule130 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258230r958408_rule
131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
132 [customizations] 
133 fips·=·true 
134 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
135 #·Remediation·is·applicable·only·in·certain·platforms132 #·Remediation·is·applicable·only·in·certain·platforms
136 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then133 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
137 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then134 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
138 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF135 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
139 kargs·=·["fips=1"]136 kargs·=·["fips=1"]
140 EOF137 EOF
141 fi138 fi
  
142 else139 else
143 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'140 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
144 fi141 fi
 142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 143 [customizations]
 144 fips·=·true
145 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules145 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules
146 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:146 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:
147 ····*·GnuTLS·library147 ····*·GnuTLS·library
148 ····*·OpenSSL·library148 ····*·OpenSSL·library
149 ····*·NSS·library149 ····*·NSS·library
150 ····*·OpenJDK150 ····*·OpenJDK
151 ····*·Libkrb5151 ····*·Libkrb5
Offset 161, 52 lines modifiedOffset 161, 42 lines modified
161 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.161 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.
162 Severity: ··medium162 Severity: ··medium
163 Rule·ID:····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed163 Rule·ID:····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed
164 ············_\x8d_\x8i_\x8s_\x8a····CCI-002890,·CCI-002450,·CCI-003123164 ············_\x8d_\x8i_\x8s_\x8a····CCI-002890,·CCI-002450,·CCI-003123
165 References:·_\x8o_\x8s_\x8p_\x8p····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1165 References:·_\x8o_\x8s_\x8p_\x8p····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
166 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174166 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
167 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-258234r1051250_rule167 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-258234r1051250_rule
168 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8168 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
169 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low169 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
170 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low170 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
171 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false171 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
172 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable172 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
173 package·--add=crypto-policies173 dnf·install·crypto-policies
174 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8174 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
175 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low175 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
176 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low176 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
177 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false177 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
178 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable178 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
179 include·install_crypto-policies179 include·install_crypto-policies
  
180 class·install_crypto-policies·{180 class·install_crypto-policies·{
181 ··package·{·'crypto-policies':181 ··package·{·'crypto-policies':
182 ····ensure·=>·'installed',182 ····ensure·=>·'installed',
183 ··}183 ··}
184 }184 }
185 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
186 [[packages]] 
187 name·=·"crypto-policies" 
188 version·=·"*" 
189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8185 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
190 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
191 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
192 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
193 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
194 package·install·crypto-policies 
195 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
196 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low186 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
197 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low187 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
198 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false188 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
199 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable189 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 190 if·!·rpm·-q·--quiet·"crypto-policies"·;·then
200 dnf·install·crypto-policies191 ····dnf·install·-y·"crypto-policies"
 192 fi
201 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8193 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
202 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low194 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
203 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low195 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
204 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false196 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
205 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable197 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
206 -·name:·Ensure·crypto-policies·is·installed198 -·name:·Ensure·crypto-policies·is·installed
207 ··package:199 ··package:
Offset 216, 23 lines modifiedOffset 206, 33 lines modified
216 ··-·DISA-STIG-RHEL-09-215100206 ··-·DISA-STIG-RHEL-09-215100
217 ··-·enable_strategy207 ··-·enable_strategy
218 ··-·low_complexity208 ··-·low_complexity
219 ··-·low_disruption209 ··-·low_disruption
220 ··-·medium_severity210 ··-·medium_severity
221 ··-·no_reboot_needed211 ··-·no_reboot_needed
222 ··-·package_crypto-policies_installed212 ··-·package_crypto-policies_installed
 213 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 214 [[packages]]
 215 name·=·"crypto-policies"
 216 version·=·"*"
223 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8217 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
224 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low218 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
225 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low219 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
226 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false220 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
227 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable221 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
228 if·!·rpm·-q·--quiet·"crypto-policies"·;·then 
229 ····dnf·install·-y·"crypto-policies" 
230 fi222 package·install·crypto-policies
 223 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 224 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 225 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 226 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 227 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 228 package·--add=crypto-policies
231 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*229 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
232 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·FIPS:OSPP·policy,·run·the·following·command:230 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·FIPS:OSPP·policy,·run·the·following·command:
233 $·sudo·update-crypto-policies·--set·FIPS:OSPP231 $·sudo·update-crypto-policies·--set·FIPS:OSPP
234 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.·Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to·correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case·crypto·policy·customizations·are·applied.·Crypto·policies·may·be·customized·by·crypto·policy·modules,·in·which·case·it·is·delimited·from·the·base·policy·using·a·colon.232 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.·Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to·correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case·crypto·policy·customizations·are·applied.·Crypto·policies·may·be·customized·by·crypto·policy·modules,·in·which·case·it·is·delimited·from·the·base·policy·using·a·colon.
235 Warning: ·The·system·needs·to·be·rebooted·for·these·changes·to·take·effect.233 Warning: ·The·system·needs·to·be·rebooted·for·these·changes·to·take·effect.
236 Warning: ·System·Crypto·Modules·must·be·provided·by·a·vendor·that·undergoes·FIPS-140·certifications.·FIPS-140·is·applicable·to·all·Federal·agencies·that·use·cryptographic-based·security·systems·to·protect·sensitive·information·in·computer·and·telecommunication·systems·(including·voice·systems)·as·defined·in·Section·5131·of·the·Information·Technology·Management·Reform·Act·of·1996,·Public·Law·104-106.·This·standard·shall·be·used·in·designing·and·implementing·cryptographic·modules·that·Federal·departments·and·agencies·operate·or·are·operated·for·them·under·contract.·See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8n\x8n_\x8v\x8v_\x8l\x8l_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8/\x8/_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8/\x8/_\x8N\x8N_\x8I\x8I_\x8S\x8S_\x8T\x8T_\x8.\x8._\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x81\x81_\x84\x84_\x80\x80_\x8-\x8-_\x82\x82_\x8.\x8._\x8p\x8p_\x8d\x8d_\x8f\x8f·To·meet·this,·the·system·has·to·have·cryptographic·software·provided·by·a·vendor·that·has·undergone·this·certification.·This·means·providing·documentation,·test·results,·design·information,·and·independent·third·party·review·by·an·accredited·lab.·While·open·source·software·is·capable·of·meeting·this,·it·does·not·meet·FIPS-140·unless·the·vendor·submits·to·this·process.234 Warning: ·System·Crypto·Modules·must·be·provided·by·a·vendor·that·undergoes·FIPS-140·certifications.·FIPS-140·is·applicable·to·all·Federal·agencies·that·use·cryptographic-based·security·systems·to·protect·sensitive·information·in·computer·and·telecommunication·systems·(including·voice·systems)·as·defined·in·Section·5131·of·the·Information·Technology·Management·Reform·Act·of·1996,·Public·Law·104-106.·This·standard·shall·be·used·in·designing·and·implementing·cryptographic·modules·that·Federal·departments·and·agencies·operate·or·are·operated·for·them·under·contract.·See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8n\x8n_\x8v\x8v_\x8l\x8l_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8/\x8/_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8/\x8/_\x8N\x8N_\x8I\x8I_\x8S\x8S_\x8T\x8T_\x8.\x8._\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x81\x81_\x84\x84_\x80\x80_\x8-\x8-_\x82\x82_\x8.\x8._\x8p\x8p_\x8d\x8d_\x8f\x8f·To·meet·this,·the·system·has·to·have·cryptographic·software·provided·by·a·vendor·that·has·undergone·this·certification.·This·means·providing·documentation,·test·results,·design·information,·and·independent·third·party·review·by·an·accredited·lab.·While·open·source·software·is·capable·of·meeting·this,·it·does·not·meet·FIPS-140·unless·the·vendor·submits·to·this·process.
237 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.235 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.
Offset 244, 39 lines modifiedOffset 244, 33 lines modified
Max diff block lines reached; 907662/915802 bytes (99.11%) of diff not shown.
18.6 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-pci-dss.html
    
Offset 15294, 408 lines modifiedOffset 15294, 408 lines modified
0003bbd0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003bbd0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003bbe0:·2369·646d·3831·3431·2220·7461·6269·6e64··#idm8141"·tabind0003bbe0:·2369·646d·3831·3431·2220·7461·6269·6e64··#idm8141"·tabind
0003bbf0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003bbf0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003bc00:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003bc00:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003bc10:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003bc10:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003bc20:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003bc20:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003bc30:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003bc30:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003bc40:·5265·6d65·6469·6174·696f·6e20·416e·7369··Remediation·Ansi0003bc40:·5265·6d65·6469·6174·696f·6e20·5368·656c··Remediation·Shel
0003bc50:·626c·6520·736e·6970·7065·7420·e287·b23c··ble·snippet·...<0003bc50:·6c20·7363·7269·7074·20e2·87b2·3c2f·613e··l·script·...</a>
0003bc60:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003bc60:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003bc70:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003bc70:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003bc80:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003bc80:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003bc90:·6964·6d38·3134·3122·3e3c·7461·626c·6520··idm8141"><table·0003bc90:·3831·3431·223e·3c70·7265·3e3c·636f·6465··8141"><pre><code
0003bca0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003bca0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
0003bcb0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003bcb0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
0003bcc0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003bcc0:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
0003bcd0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003bcd0:·7466·6f72·6d73·0a69·6620·2120·2820·7b20··tforms.if·!·(·{·
0003bce0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003bce0:·7270·6d20·2d2d·7175·6965·7420·2d71·206b··rpm·--quiet·-q·k
0003bcf0:·7468·3e3c·7464·3e68·6967·683c·2f74·643e··th><td>high</td>0003bcf0:·6572·6e65·6c20·3b7d·2026·616d·703b·2661··ernel·;}·&amp;&a
0003bd00:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis0003bd00:·6d70·3b20·7b20·7270·6d20·2d2d·7175·6965··mp;·{·rpm·--quie
0003bd10:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td0003bd10:·7420·2d71·2072·706d·2d6f·7374·7265·6520··t·-q·rpm-ostree·
0003bd20:·3e6d·6564·6975·6d3c·2f74·643e·3c2f·7472··>medium</td></tr0003bd20:·3b7d·2026·616d·703b·2661·6d70·3b20·7b20··;}·&amp;&amp;·{·
0003bd30:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:0003bd30:·7270·6d20·2d2d·7175·6965·7420·2d71·2062··rpm·--quiet·-q·b
0003bd40:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</0003bd40:·6f6f·7463·203b·7d20·2661·6d70·3b26·616d··ootc·;}·&amp;&am
0003bd50:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>0003bd50:·703b·207b·2021·2072·706d·202d·2d71·7569··p;·{·!·rpm·--qui
0003bd60:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t0003bd60:·6574·202d·7120·6f70·656e·7368·6966·742d··et·-q·openshift-
0003bd70:·643e·7265·7374·7269·6374·3c2f·7464·3e3c··d>restrict</td><0003bd70:·6b75·6265·6c65·7420·3b7d·2029·3b20·7468··kubelet·;}·);·th
0003bd80:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre0003bd80:·656e·0a0a·2320·4669·6e64·2077·6869·6368··en..#·Find·which
0003bd90:·3e3c·636f·6465·3e2d·206e·616d·653a·2047··><code>-·name:·G0003bd90:·2066·696c·6573·2068·6176·6520·696e·636f···files·have·inco
0003bda0:·6174·6865·7220·7468·6520·7061·636b·6167··ather·the·packag0003bda0:·7272·6563·7420·6861·7368·2028·6e6f·7420··rrect·hash·(not·
0003bdb0:·6520·6661·6374·730a·2020·7061·636b·6167··e·facts.··packag0003bdb0:·696e·202f·6574·632c·2062·6563·6175·7365··in·/etc,·because
0003bdc0:·655f·6661·6374·733a·0a20·2020·206d·616e··e_facts:.····man0003bdc0:·206f·6620·7468·6520·7379·7374·656d·2072···of·the·system·r
0003bdd0:·6167·6572·3a20·6175·746f·0a20·2074·6167··ager:·auto.··tag0003bdd0:·656c·6174·6564·2063·6f6e·6669·6720·6669··elated·config·fi
0003bde0:·733a·0a20·202d·2043·4a49·532d·352e·3130··s:.··-·CJIS-5.100003bde0:·6c65·7329·2061·6e64·2074·6865·6e20·6765··les)·and·then·ge
0003bdf0:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-800003bdf0:·7420·6669·6c65·7320·6e61·6d65·730a·6669··t·files·names.fi
0003be00:·302d·3137·312d·332e·332e·380a·2020·2d20··0-171-3.3.8.··-·0003be00:·6c65·735f·7769·7468·5f69·6e63·6f72·7265··les_with_incorre
0003be10:·4e49·5354·2d38·3030·2d31·3731·2d33·2e34··NIST-800-171-3.40003be10:·6374·5f68·6173·683d·2224·2872·706d·202d··ct_hash="$(rpm·-
0003be20:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-0003be20:·5661·202d·2d6e·6f63·6f6e·6669·6720·7c20··Va·--noconfig·|·
0003be30:·3533·2d41·552d·3928·3329·0a20·202d·204e··53-AU-9(3).··-·N0003be30:·6772·6570·202d·4520·275e·2e2e·3527·207c··grep·-E·'^..5'·|
0003be40:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003be40:·2061·776b·2027·7b70·7269·6e74·2024·4e46···awk·'{print·$NF
0003be50:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-0003be50:·7d27·2029·220a·0a69·6620·5b20·2d6e·2022··}'·)"..if·[·-n·"
0003be60:·3533·2d43·4d2d·3628·6429·0a20·202d·204e··53-CM-6(d).··-·N0003be60:·2466·696c·6573·5f77·6974·685f·696e·636f··$files_with_inco
0003be70:·4953·542d·3830·302d·3533·2d53·492d·370a··IST-800-53-SI-7.0003be70:·7272·6563·745f·6861·7368·2220·5d3b·2074··rrect_hash"·];·t
0003be80:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003be80:·6865·6e0a·2020·2020·2320·4672·6f6d·2066··hen.····#·From·f
0003be90:·5349·2d37·2831·290a·2020·2d20·4e49·5354··SI-7(1).··-·NIST0003be90:·696c·6573·206e·616d·6573·2067·6574·2070··iles·names·get·p
0003bea0:·2d38·3030·2d35·332d·5349·2d37·2836·290a··-800-53-SI-7(6).0003bea0:·6163·6b61·6765·206e·616d·6573·2061·6e64··ackage·names·and
0003beb0:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-0003beb0:·2063·6861·6e67·6520·6e65·776c·696e·6520···change·newline·
0003bec0:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS0003bec0:·746f·2073·7061·6365·2c20·6265·6361·7573··to·space,·becaus
0003bed0:·7634·2d31·312e·352e·320a·2020·2d20·6869··v4-11.5.2.··-·hi0003bed0:·6520·7270·6d20·7772·6974·6573·2065·6163··e·rpm·writes·eac
0003bee0:·6768·5f63·6f6d·706c·6578·6974·790a·2020··gh_complexity.··0003bee0:·6820·7061·636b·6167·6520·746f·206e·6577··h·package·to·new
0003bef0:·2d20·6869·6768·5f73·6576·6572·6974·790a··-·high_severity.0003bef0:·206c·696e·650a·2020·2020·7061·636b·6167···line.····packag
0003bf00:·2020·2d20·6d65·6469·756d·5f64·6973·7275····-·medium_disru0003bf00:·6573·5f74·6f5f·7265·696e·7374·616c·6c3d··es_to_reinstall=
0003bf10:·7074·696f·6e0a·2020·2d20·6e6f·5f72·6562··ption.··-·no_reb0003bf10:·2224·2872·706d·202d·7166·2024·6669·6c65··"$(rpm·-qf·$file
0003bf20:·6f6f·745f·6e65·6564·6564·0a20·202d·2072··oot_needed.··-·r0003bf20:·735f·7769·7468·5f69·6e63·6f72·7265·6374··s_with_incorrect
0003bf30:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy0003bf30:·5f68·6173·6820·7c20·7472·2027·5c6e·2720··_hash·|·tr·'\n'·
0003bf40:·0a20·202d·2072·706d·5f76·6572·6966·795f··.··-·rpm_verify_0003bf40:·2720·2729·220a·0a20·2020·200a·2020·2020··'·')"..····.····
0003bf50:·6861·7368·6573·0a0a·2d20·6e61·6d65·3a20··hashes..-·name:·0003bf50:·646e·6620·7265·696e·7374·616c·6c20·2d79··dnf·reinstall·-y
0003bf60:·2753·6574·2066·6163·743a·2050·6163·6b61··'Set·fact:·Packa0003bf60:·2024·7061·636b·6167·6573·5f74·6f5f·7265···$packages_to_re
0003bf70:·6765·206d·616e·6167·6572·2072·6569·6e73··ge·manager·reins0003bf70:·696e·7374·616c·6c0a·2020·2020·0a66·690a··install.····.fi.
0003bf80:·7461·6c6c·2063·6f6d·6d61·6e64·270a·2020··tall·command'.··0003bf80:·0a65·6c73·650a·2020·2020·2667·743b·2661··.else.····&gt;&a
0003bf90:·7365·745f·6661·6374·3a0a·2020·2020·7061··set_fact:.····pa0003bf90:·6d70·3b32·2065·6368·6f20·2752·656d·6564··mp;2·echo·'Remed
0003bfa0:·636b·6167·655f·6d61·6e61·6765·725f·7265··ckage_manager_re0003bfa0:·6961·7469·6f6e·2069·7320·6e6f·7420·6170··iation·is·not·ap
0003bfb0:·696e·7374·616c·6c5f·636d·643a·2064·6e66··install_cmd:·dnf0003bfb0:·706c·6963·6162·6c65·2c20·6e6f·7468·696e··plicable,·nothin
0003bfc0:·2072·6569·6e73·7461·6c6c·202d·790a·2020···reinstall·-y.··0003bfc0:·6720·7761·7320·646f·6e65·270a·6669·0a3c··g·was·done'.fi.<
0003bfd0:·7768·656e·3a0a·2020·2d20·6e6f·7420·2820··when:.··-·not·(·0003bfd0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
0003bfe0:·226b·6572·6e65·6c22·2069·6e20·616e·7369··"kernel"·in·ansi0003bfe0:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
0003bff0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003bff0:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
0003c000:·6573·2061·6e64·2022·7270·6d2d·6f73·7472··es·and·"rpm-ostr0003c000:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
0003c010:·6565·2220·696e·2061·6e73·6962·6c65·5f66··ee"·in·ansible_f0003c010:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003c020:·6163·7473·2e70·6163·6b61·6765·730a·2020··acts.packages.··0003c020:·2223·6964·6d38·3134·3222·2074·6162·696e··"#idm8142"·tabin
0003c030:·2020·616e·6420·2262·6f6f·7463·2220·696e····and·"bootc"·in0003c030:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003c040:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003c040:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003c050:·6163·6b61·6765·7320·616e·6420·6e6f·7420··ackages·and·not·0003c050:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003c060:·226f·7065·6e73·6869·6674·2d6b·7562·656c··"openshift-kubel0003c060:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003c070:·6574·2220·696e·2061·6e73·6962·6c65·5f66··et"·in·ansible_f0003c070:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003c080:·6163·7473·2e70·6163·6b61·6765·730a·2020··acts.packages.··0003c080:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans
0003c090:·2020·290a·2020·2d20·616e·7369·626c·655f····).··-·ansible_0003c090:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...
0003c0a0:·6469·7374·7269·6275·7469·6f6e·2069·6e20··distribution·in·0003c0a0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003c0b0:·5b20·2246·6564·6f72·6122·2c20·2252·6564··[·"Fedora",·"Red0003c0b0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003c0c0:·4861·7422·2c20·2243·656e·744f·5322·2c20··Hat",·"CentOS",·0003c0c0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003c0d0:·224f·7261·636c·654c·696e·7578·2220·5d0a··"OracleLinux"·].0003c0d0:·2269·646d·3831·3432·223e·3c74·6162·6c65··"idm8142"><table
0003c0e0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS0003c0e0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
0003c0f0:·2d35·2e31·302e·342e·310a·2020·2d20·4e49··-5.10.4.1.··-·NI0003c0f0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
0003c100:·5354·2d38·3030·2d31·3731·2d33·2e33·2e38··ST-800-171-3.3.80003c100:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
0003c110:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170003c110:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
0003c120:·312d·332e·342e·310a·2020·2d20·4e49·5354··1-3.4.1.··-·NIST0003c120:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
0003c130:·2d38·3030·2d35·332d·4155·2d39·2833·290a··-800-53-AU-9(3).0003c130:·2f74·683e·3c74·643e·6869·6768·3c2f·7464··/th><td>high</td
0003c140:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003c140:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di
0003c150:·434d·2d36·2863·290a·2020·2d20·4e49·5354··CM-6(c).··-·NIST0003c150:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t
0003c160:·2d38·3030·2d35·332d·434d·2d36·2864·290a··-800-53-CM-6(d).0003c160:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t
0003c170:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003c170:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
0003c180:·5349·2d37·0a20·202d·204e·4953·542d·3830··SI-7.··-·NIST-800003c180:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
0003c190:·302d·3533·2d53·492d·3728·3129·0a20·202d··0-53-SI-7(1).··-0003c190:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003c1a0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003c1a0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
0003c1b0:·3728·3629·0a20·202d·2050·4349·2d44·5353··7(6).··-·PCI-DSS0003c1b0:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>
0003c1c0:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC0003c1c0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
0003c1d0:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·0003c1d0:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·
0003c1e0:·202d·2068·6967·685f·636f·6d70·6c65·7869···-·high_complexi0003c1e0:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa
0003c1f0:·7479·0a20·202d·2068·6967·685f·7365·7665··ty.··-·high_seve0003c1f0:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa
0003c200:·7269·7479·0a20·202d·206d·6564·6975·6d5f··rity.··-·medium_0003c200:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma
0003c210:·6469·7372·7570·7469·6f6e·0a20·202d·206e··disruption.··-·n0003c210:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta
0003c220:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003c220:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.1
0003c230:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str0003c230:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-8
0003c240:·6174·6567·790a·2020·2d20·7270·6d5f·7665··ategy.··-·rpm_ve0003c240:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-
0003c250:·7269·6679·5f68·6173·6865·730a·0a2d·206e··rify_hashes..-·n0003c250:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
0003c260:·616d·653a·2027·5365·7420·6661·6374·3a20··ame:·'Set·fact:·0003c260:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-800
0003c270:·5061·636b·6167·6520·6d61·6e61·6765·7220··Package·manager·0003c270:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·
0003c280:·7265·696e·7374·616c·6c20·636f·6d6d·616e··reinstall·comman0003c280:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
0003c290:·6420·287a·7970·7065·7229·270a·2020·7365··d·(zypper)'.··se0003c290:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-800
0003c2a0:·745f·6661·6374·3a0a·2020·2020·7061·636b··t_fact:.····pack0003c2a0:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·
0003c2b0:·6167·655f·6d61·6e61·6765·725f·7265·696e··age_manager_rein0003c2b0:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-7
0003c2c0:·7374·616c·6c5f·636d·643a·207a·7970·7065··stall_cmd:·zyppe0003c2c0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003c2d0:·7220·696e·202d·6620·2d79·0a20·2077·6865··r·in·-f·-y.··whe0003c2d0:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS
0003c2e0:·6e3a·0a20·202d·206e·6f74·2028·2022·6b65··n:.··-·not·(·"ke0003c2e0:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)
0003c2f0:·726e·656c·2220·696e·2061·6e73·6962·6c65··rnel"·in·ansible0003c2f0:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req
0003c300:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003c300:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS
0003c310:·616e·6420·2272·706d·2d6f·7374·7265·6522··and·"rpm-ostree"0003c310:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h
0003c320:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003c320:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·
0003c330:·732e·7061·636b·6167·6573·0a20·2020·2061··s.packages.····a0003c330:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity
0003c340:·6e64·2022·626f·6f74·6322·2069·6e20·616e··nd·"bootc"·in·an0003c340:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr
0003c350:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003c350:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re
0003c360:·6167·6573·2061·6e64·206e·6f74·2022·6f70··ages·and·not·"op0003c360:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·
0003c370:·656e·7368·6966·742d·6b75·6265·6c65·7422··enshift-kubelet"0003c370:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg
0003c380:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003c380:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify
0003c390:·732e·7061·636b·6167·6573·0a20·2020·2029··s.packages.····)0003c390:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:
0003c3a0:·0a20·202d·2061·6e73·6962·6c65·5f64·6973··.··-·ansible_dis0003c3a0:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack
Max diff block lines reached; 17789119/17844071 bytes (99.69%) of diff not shown.
1.62 MB
html2text {}
Max HTML report size reached
33.8 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-stig.html
    
Offset 15233, 282 lines modifiedOffset 15233, 282 lines modified
0003b800:·6765·743d·2223·6964·6d38·3438·3022·2074··get="#idm8480"·t0003b800:·6765·743d·2223·6964·6d38·3438·3022·2074··get="#idm8480"·t
0003b810:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003b810:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003b820:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003b820:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003b830:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003b830:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003b840:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003b840:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003b850:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003b850:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003b860:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003b860:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003b870:·2041·6e61·636f·6e64·6120·736e·6970·7065···Anaconda·snippe 
0003b880:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b890:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b8a0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b8b0:·2220·6964·3d22·6964·6d38·3438·3022·3e3c··"·id="idm8480">< 
0003b8c0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003b8d0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003b8e0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003b8f0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003b900:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003b910:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003b920:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b930:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b940:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b950:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b960:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b970:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b980:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b990:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b9a0:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b9b0:·3e3c·636f·6465·3e0a·7061·636b·6167·6520··><code>.package· 
0003b9c0:·2d2d·6164·643d·6169·6465·0a3c·2f63·6f64··--add=aide.</cod 
0003b9d0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003b9e0:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003b9f0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003ba00:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003ba10:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003ba20:·6d38·3438·3122·2074·6162·696e·6465·783d··m8481"·tabindex= 
0003ba30:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003ba40:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003ba50:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003ba60:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003ba70:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003ba80:·6564·6961·7469·6f6e·2050·7570·7065·7420··ediation·Puppet· 
0003ba90:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003b870:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
0003baa0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003b880:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003bab0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003b890:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003bac0:·6c6c·6170·7365·2220·6964·3d22·6964·6d38··llapse"·id="idm80003b8a0:·6c6c·6170·7365·2220·6964·3d22·6964·6d38··llapse"·id="idm8
0003bad0:·3438·3122·3e3c·7461·626c·6520·636c·6173··481"><table·clas0003b8b0:·3438·3022·3e3c·7461·626c·6520·636c·6173··480"><table·clas
0003bae0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s0003b8c0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003baf0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor0003b8d0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003bb00:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond0003b8e0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003bb10:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C0003b8f0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003bb20:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><0003b900:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003bb30:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>0003b910:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
0003bb40:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti0003b920:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
0003bb50:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<0003b930:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
0003bb60:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b940:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003bb70:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td0003b950:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
0003bb80:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>0003b960:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
0003bb90:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy0003b970:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
0003bba0:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable0003b980:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable
0003bbb0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl0003b990:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
0003bbc0:·653e·3c70·7265·3e3c·636f·6465·3e69·6e63··e><pre><code>inc0003b9a0:·653e·3c70·7265·3e3c·636f·6465·3e0a·646e··e><pre><code>.dn
 0003b9b0:·6620·696e·7374·616c·6c20·6169·6465·0a3c··f·install·aide.<
 0003b9c0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
 0003b9d0:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
 0003b9e0:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
 0003b9f0:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
 0003ba00:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
 0003ba10:·2223·6964·6d38·3438·3122·2074·6162·696e··"#idm8481"·tabin
 0003ba20:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
 0003ba30:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
 0003ba40:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
 0003ba50:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
 0003ba60:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
 0003ba70:·3e52·656d·6564·6961·7469·6f6e·2050·7570··>Remediation·Pup
 0003ba80:·7065·7420·736e·6970·7065·7420·e287·b23c··pet·snippet·...<
 0003ba90:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003baa0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003bab0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003bac0:·6964·6d38·3438·3122·3e3c·7461·626c·6520··idm8481"><table·
 0003bad0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 0003bae0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 0003baf0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 0003bb00:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 0003bb10:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
 0003bb20:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003bb30:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 0003bb40:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
 0003bb50:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003bb60:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 0003bb70:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 0003bb80:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 0003bb90:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
 0003bba0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
 0003bbb0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
0003bbd0:·6c75·6465·2069·6e73·7461·6c6c·5f61·6964··lude·install_aid0003bbc0:·3e69·6e63·6c75·6465·2069·6e73·7461·6c6c··>include·install
0003bbe0:·650a·0a63·6c61·7373·2069·6e73·7461·6c6c··e..class·install0003bbd0:·5f61·6964·650a·0a63·6c61·7373·2069·6e73··_aide..class·ins
0003bbf0:·5f61·6964·6520·7b0a·2020·7061·636b·6167··_aide·{.··packag0003bbe0:·7461·6c6c·5f61·6964·6520·7b0a·2020·7061··tall_aide·{.··pa
0003bc00:·6520·7b20·2761·6964·6527·3a0a·2020·2020··e·{·'aide':.····0003bbf0:·636b·6167·6520·7b20·2761·6964·6527·3a0a··ckage·{·'aide':.
0003bc10:·656e·7375·7265·203d·2667·743b·2027·696e··ensure·=&gt;·'in0003bc00:·2020·2020·656e·7375·7265·203d·2667·743b······ensure·=&gt;
0003bc20:·7374·616c·6c65·6427·2c0a·2020·7d0a·7d0a··stalled',.··}.}.0003bc10:·2027·696e·7374·616c·6c65·6427·2c0a·2020···'installed',.··
0003bc30:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d0003bc20:·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70·7265··}.}.</code></pre
0003bc40:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn0003bc30:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class=
0003bc50:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da0003bc40:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success
0003bc60:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla0003bc50:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c
0003bc70:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003bc60:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta
0003bc80:·3d22·2369·646d·3834·3832·2220·7461·6269··="#idm8482"·tabi0003bc70:·7267·6574·3d22·2369·646d·3834·3832·2220··rget="#idm8482"·
0003bc90:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003bc80:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003bca0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003bc90:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003bcb0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003bca0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003bcc0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003bcb0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003bcd0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003bcc0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003bce0:·223e·5265·6d65·6469·6174·696f·6e20·4f53··">Remediation·OS0003bcd0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
 0003bce0:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
0003bcf0:·4275·696c·6420·426c·7565·7072·696e·7420··Build·Blueprint· 
0003bd00:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003bd10:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003bd20:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003bd30:·6c6c·6170·7365·2220·6964·3d22·6964·6d38··llapse"·id="idm8 
0003bd40:·3438·3222·3e3c·7072·653e·3c63·6f64·653e··482"><pre><code> 
0003bd50:·0a5b·5b70·6163·6b61·6765·735d·5d0a·6e61··.[[packages]].na 
0003bd60:·6d65·203d·2022·6169·6465·220a·7665·7273··me·=·"aide".vers 
0003bd70:·696f·6e20·3d20·222a·220a·3c2f·636f·6465··ion·=·"*".</code 
0003bd80:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003bd90:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003bda0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003bdb0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003bdc0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
Max diff block lines reached; 32529960/32567524 bytes (99.88%) of diff not shown.
2.73 MB
html2text {}
Max HTML report size reached
33.7 MB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-stig_gui.html
    
Offset 15251, 283 lines modifiedOffset 15251, 283 lines modified
0003b920:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003b920:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003b930:·646d·3834·3830·2220·7461·6269·6e64·6578··dm8480"·tabindex0003b930:·646d·3834·3830·2220·7461·6269·6e64·6578··dm8480"·tabindex
0003b940:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003b940:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003b950:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003b950:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003b960:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003b960:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003b970:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003b970:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003b980:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003b980:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003b990:·6d65·6469·6174·696f·6e20·416e·6163·6f6e··mediation·Anacon0003b990:·6d65·6469·6174·696f·6e20·7363·7269·7074··mediation·script
0003b9a0:·6461·2073·6e69·7070·6574·20e2·87b2·3c2f··da·snippet·...</ 
0003b9b0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b9c0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b9d0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b9e0:·646d·3834·3830·223e·3c74·6162·6c65·2063··dm8480"><table·c 
0003b9f0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003ba00:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003ba10:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003ba20:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003ba30:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003ba40:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003ba50:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003ba60:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003ba70:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003ba80:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003ba90:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003baa0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003bab0:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003bac0:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003bad0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003bae0:·0a70·6163·6b61·6765·202d·2d61·6464·3d61··.package·--add=a 
0003baf0:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre 
0003bb00:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003bb10:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003bb20:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003bb30:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003bb40:·7267·6574·3d22·2369·646d·3834·3831·2220··rget="#idm8481"· 
0003bb50:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003bb60:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003bb70:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003bb80:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003bb90:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003bba0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003bbb0:·6e20·5075·7070·6574·2073·6e69·7070·6574··n·Puppet·snippet 
0003bbc0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div0003b9a0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003bbd0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0003b9b0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003bbe0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"0003b9c0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003bbf0:·2069·643d·2269·646d·3834·3831·223e·3c74···id="idm8481"><t0003b9d0:·2069·643d·2269·646d·3834·3830·223e·3c74···id="idm8480"><t
0003bc00:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl0003b9e0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
0003bc10:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·0003b9f0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
0003bc20:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t0003ba00:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
0003bc30:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">0003ba10:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
0003bc40:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi0003ba20:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
0003bc50:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<0003ba30:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<
0003bc60:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003ba40:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003bc70:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th0003ba50:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th
0003bc80:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t0003ba60:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
0003bc90:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot0003ba70:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
0003bca0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<0003ba80:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
0003bcb0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003ba90:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003bcc0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><0003baa0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
0003bcd0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></0003bab0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></
0003bce0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>0003bac0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
 0003bad0:·3c63·6f64·653e·0a64·6e66·2069·6e73·7461··<code>.dnf·insta
 0003bae0:·6c6c·2061·6964·650a·3c2f·636f·6465·3e3c··ll·aide.</code><
 0003baf0:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl
 0003bb00:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc
 0003bb10:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl
 0003bb20:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat
 0003bb30:·612d·7461·7267·6574·3d22·2369·646d·3834··a-target="#idm84
 0003bb40:·3831·2220·7461·6269·6e64·6578·3d22·3022··81"·tabindex="0"
 0003bb50:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
 0003bb60:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
 0003bb70:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
 0003bb80:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
 0003bb90:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
 0003bba0:·6174·696f·6e20·5075·7070·6574·2073·6e69··ation·Puppet·sni
 0003bbb0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>
 0003bbc0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
 0003bbd0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
 0003bbe0:·7073·6522·2069·643d·2269·646d·3834·3831··pse"·id="idm8481
 0003bbf0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
 0003bc00:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
 0003bc10:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
 0003bc20:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
 0003bc30:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
 0003bc40:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
 0003bc50:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003bc60:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
 0003bc70:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003bc80:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
 0003bc90:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
 0003bca0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
 0003bcb0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
 0003bcc0:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t
 0003bcd0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
0003bcf0:·3c63·6f64·653e·696e·636c·7564·6520·696e··<code>include·in0003bce0:·7072·653e·3c63·6f64·653e·696e·636c·7564··pre><code>includ
0003bd00:·7374·616c·6c5f·6169·6465·0a0a·636c·6173··stall_aide..clas 
0003bd10:·7320·696e·7374·616c·6c5f·6169·6465·207b··s·install_aide·{0003bcf0:·6520·696e·7374·616c·6c5f·6169·6465·0a0a··e·install_aide..
 0003bd00:·636c·6173·7320·696e·7374·616c·6c5f·6169··class·install_ai
0003bd20:·0a20·2070·6163·6b61·6765·207b·2027·6169··.··package·{·'ai0003bd10:·6465·207b·0a20·2070·6163·6b61·6765·207b··de·{.··package·{
0003bd30:·6465·273a·0a20·2020·2065·6e73·7572·6520··de':.····ensure·0003bd20:·2027·6169·6465·273a·0a20·2020·2065·6e73···'aide':.····ens
0003bd40:·3d26·6774·3b20·2769·6e73·7461·6c6c·6564··=&gt;·'installed0003bd30:·7572·6520·3d26·6774·3b20·2769·6e73·7461··ure·=&gt;·'insta
0003bd50:·272c·0a20·207d·0a7d·0a3c·2f63·6f64·653e··',.··}.}.</code>0003bd40:·6c6c·6564·272c·0a20·207d·0a7d·0a3c·2f63··lled',.··}.}.</c
0003bd60:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c0003bd50:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div>
0003bd70:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su0003bd60:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt
0003bd80:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg0003bd70:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data-
0003bd90:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da0003bd80:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse
0003bda0:·7461·2d74·6172·6765·743d·2223·6964·6d38··ta-target="#idm80003bd90:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003bdb0:·3438·3222·2074·6162·696e·6465·783d·2230··482"·tabindex="00003bda0:·6964·6d38·3438·3222·2074·6162·696e·6465··idm8482"·tabinde
0003bdc0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·0003bdb0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003bdd0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f0003bdc0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003bde0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act0003bdd0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003bdf0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"0003bde0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003be00:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed0003bdf0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
 0003be00:·656d·6564·6961·7469·6f6e·2053·6865·6c6c··emediation·Shell
0003be10:·6961·7469·6f6e·204f·5342·7569·6c64·2042··iation·OSBuild·B 
0003be20:·6c75·6570·7269·6e74·2073·6e69·7070·6574··lueprint·snippet 
0003be30:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003be40:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003be50:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003be60:·2069·643d·2269·646d·3834·3832·223e·3c70···id="idm8482"><p 
0003be70:·7265·3e3c·636f·6465·3e0a·5b5b·7061·636b··re><code>.[[pack 
0003be80:·6167·6573·5d5d·0a6e·616d·6520·3d20·2261··ages]].name·=·"a 
0003be90:·6964·6522·0a76·6572·7369·6f6e·203d·2022··ide".version·=·" 
0003bea0:·2a22·0a3c·2f63·6f64·653e·3c2f·7072·653e··*".</code></pre> 
0003beb0:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003bec0:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003bed0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
Max diff block lines reached; 32431862/32469564 bytes (99.88%) of diff not shown.
2.72 MB
html2text {}
Max HTML report size reached
19.6 MB
./usr/share/doc/ssg-nondebian/ssg-fedora-guide-cusp_fedora.html
    
Offset 15023, 195 lines modifiedOffset 15023, 195 lines modified
0003aae0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003aae0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003aaf0:·3d22·2369·646d·3235·3130·2220·7461·6269··="#idm2510"·tabi0003aaf0:·3d22·2369·646d·3235·3130·2220·7461·6269··="#idm2510"·tabi
0003ab00:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003ab00:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003ab10:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003ab10:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003ab20:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003ab20:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003ab30:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003ab30:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003ab40:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003ab40:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003ab50:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003ab50:·223e·5265·6d65·6469·6174·696f·6e20·5368··">Remediation·Sh
 0003ab60:·656c·6c20·7363·7269·7074·20e2·87b2·3c2f··ell·script·...</
 0003ab70:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
 0003ab80:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
 0003ab90:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
 0003aba0:·646d·3235·3130·223e·3c70·7265·3e3c·636f··dm2510"><pre><co
 0003abb0:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
 0003abc0:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
 0003abd0:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
 0003abe0:·6c61·7466·6f72·6d73·0a69·6620·7270·6d20··latforms.if·rpm·
 0003abf0:·2d2d·7175·6965·7420·2d71·2062·696e·643b··--quiet·-q·bind;
 0003ac00:·2074·6865·6e0a·0a66·756e·6374·696f·6e20···then..function·
 0003ac10:·7265·6d65·6469·6174·655f·6269·6e64·5f63··remediate_bind_c
 0003ac20:·7279·7074·6f5f·706f·6c69·6379·2829·207b··rypto_policy()·{
 0003ac30:·0a09·434f·4e46·4947·5f46·494c·453d·222f··..CONFIG_FILE="/
 0003ac40:·6574·632f·6e61·6d65·642e·636f·6e66·220a··etc/named.conf".
 0003ac50:·0969·6620·7465·7374·202d·6620·2224·434f··.if·test·-f·"$CO
 0003ac60:·4e46·4947·5f46·494c·4522·3b20·7468·656e··NFIG_FILE";·then
 0003ac70:·0a09·0973·6564·202d·6920·2773·7c6f·7074··...sed·-i·'s|opt
 0003ac80:·696f·6e73·207b·7c26·616d·703b·5c6e·5c74··ions·{|&amp;\n\t
 0003ac90:·696e·636c·7564·6520·222f·6574·632f·6372··include·"/etc/cr
 0003aca0:·7970·746f·2d70·6f6c·6963·6965·732f·6261··ypto-policies/ba
 0003acb0:·636b·2d65·6e64·732f·6269·6e64·2e63·6f6e··ck-ends/bind.con
 0003acc0:·6669·6722·3b7c·2720·2224·434f·4e46·4947··fig";|'·"$CONFIG
 0003acd0:·5f46·494c·4522·0a09·0972·6574·7572·6e20··_FILE"...return·
 0003ace0:·300a·0965·6c73·650a·0909·6563·686f·2022··0..else...echo·"
0003ab60:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·.. 
0003ab70:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003ab80:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003ab90:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003aba0:·3d22·6964·6d32·3531·3022·3e3c·7461·626c··="idm2510"><tabl 
0003abb0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003abc0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003abd0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003abe0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003abf0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003ac00:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003ac10:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003ac20:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003ac30:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003ac40:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003ac50:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003ac60:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003ac70:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003ac80:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></ 
0003ac90:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003aca0:·3c63·6f64·653e·2d20·6e61·6d65·3a20·4761··<code>-·name:·Ga 
0003acb0:·7468·6572·2074·6865·2070·6163·6b61·6765··ther·the·package 
0003acc0:·2066·6163·7473·0a20·2070·6163·6b61·6765···facts.··package 
0003acd0:·5f66·6163·7473·3a0a·2020·2020·6d61·6e61··_facts:.····mana 
0003ace0:·6765·723a·2061·7574·6f0a·2020·7461·6773··ger:·auto.··tags 
0003acf0:·3a0a·2020·2d20·4e49·5354·2d38·3030·2d35··:.··-·NIST-800-5 
0003ad00:·332d·5343·2d31·3228·3229·0a20·202d·204e··3-SC-12(2).··-·N 
0003ad10:·4953·542d·3830·302d·3533·2d53·432d·3132··IST-800-53-SC-12 
0003ad20:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-800 
0003ad30:·2d35·332d·5343·2d31·330a·2020·2d20·636f··-53-SC-13.··-·co 
0003ad40:·6e66·6967·7572·655f·6269·6e64·5f63·7279··nfigure_bind_cry 
0003ad50:·7074·6f5f·706f·6c69·6379·0a20·202d·2063··pto_policy.··-·c 
0003ad60:·6f6e·6669·6775·7265·5f73·7472·6174·6567··onfigure_strateg 
0003ad70:·790a·2020·2d20·6869·6768·5f73·6576·6572··y.··-·high_sever 
0003ad80:·6974·790a·2020·2d20·6c6f·775f·636f·6d70··ity.··-·low_comp 
0003ad90:·6c65·7869·7479·0a20·202d·206c·6f77·5f64··lexity.··-·low_d 
0003ada0:·6973·7275·7074·696f·6e0a·2020·2d20·6e6f··isruption.··-·no 
0003adb0:·5f72·6562·6f6f·745f·6e65·6564·6564·0a0a··_reboot_needed.. 
0003adc0:·2d20·6e61·6d65·3a20·436f·6e66·6967·7572··-·name:·Configur 
0003add0:·6520·4249·4e44·2074·6f20·7573·6520·5379··e·BIND·to·use·Sy 
0003ade0:·7374·656d·2043·7279·7074·6f20·506f·6c69··stem·Crypto·Poli 
0003adf0:·6379·202d·2043·6865·636b·2042·494e·4420··cy·-·Check·BIND· 
0003ae00:·636f·6e66·6967·7572·6174·696f·6e20·6669··configuration·fi 
0003ae10:·6c65·0a20·2020·2065·7869·7374·730a·2020··le.····exists.·· 
0003ae20:·616e·7369·626c·652e·6275·696c·7469·6e2e··ansible.builtin. 
0003ae30:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:· 
0003ae40:·2f65·7463·2f6e·616d·6564·2e63·6f6e·660a··/etc/named.conf. 
0003ae50:·2020·7265·6769·7374·6572·3a20·6269·6e64····register:·bind 
0003ae60:·5f63·6f6e·6669·675f·6669·6c65·0a20·2077··_config_file.··w 
0003ae70:·6865·6e3a·2027·2262·696e·6422·2069·6e20··hen:·'"bind"·in· 
0003ae80:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa 
0003ae90:·636b·6167·6573·270a·2020·7461·6773·3a0a··ckages'.··tags:. 
0003aea0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53- 
0003aeb0:·5343·2d31·3228·3229·0a20·202d·204e·4953··SC-12(2).··-·NIS 
0003aec0:·542d·3830·302d·3533·2d53·432d·3132·2833··T-800-53-SC-12(3 
0003aed0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5 
0003aee0:·332d·5343·2d31·330a·2020·2d20·636f·6e66··3-SC-13.··-·conf 
0003aef0:·6967·7572·655f·6269·6e64·5f63·7279·7074··igure_bind_crypt 
0003af00:·6f5f·706f·6c69·6379·0a20·202d·2063·6f6e··o_policy.··-·con 
0003af10:·6669·6775·7265·5f73·7472·6174·6567·790a··figure_strategy. 
0003af20:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit 
0003af30:·790a·2020·2d20·6c6f·775f·636f·6d70·6c65··y.··-·low_comple 
0003af40:·7869·7479·0a20·202d·206c·6f77·5f64·6973··xity.··-·low_dis 
0003af50:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r 
0003af60:·6562·6f6f·745f·6e65·6564·6564·0a0a·2d20··eboot_needed..-· 
0003af70:·6e61·6d65·3a20·436f·6e66·6967·7572·6520··name:·Configure· 
0003af80:·4249·4e44·2074·6f20·7573·6520·5379·7374··BIND·to·use·Syst 
0003af90:·656d·2043·7279·7074·6f20·506f·6c69·6379··em·Crypto·Policy 
0003afa0:·202d·2041·626f·7274·696e·6720·7265·6d65···-·Aborting·reme 
0003afb0:·6469·6174·696f·6e2c·2066·696c·6520·6e6f··diation,·file·no 
0003afc0:·740a·2020·2020·666f·756e·640a·2020·616e··t.····found.··an 
0003afd0:·7369·626c·652e·6275·696c·7469·6e2e·6465··sible.builtin.de 
0003afe0:·6275·673a·0a20·2020·206d·7367·3a20·4162··bug:.····msg:·Ab 
0003aff0:·6f72·7469·6e67·2072·656d·6564·6961·7469··orting·remediati0003acf0:·4162·6f72·7469·6e67·2072·656d·6564·6961··Aborting·remedia
0003b000:·6f6e·2061·7320·272f·6574·632f·6e61·6d65··on·as·'/etc/name 
0003b010:·642e·636f·6e66·2720·7761·7320·6e6f·7420··d.conf'·was·not· 
0003b020:·666f·756e·642e·0a20·2077·6865·6e3a·0a20··found..··when:.· 
0003b030:·202d·2027·2262·696e·6422·2069·6e20·616e···-·'"bind"·in·an 
0003b040:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
0003b050:·6167·6573·270a·2020·2d20·6e6f·7420·6269··ages'.··-·not·bi 
0003b060:·6e64·5f63·6f6e·6669·675f·6669·6c65·2e73··nd_config_file.s 
0003b070:·7461·742e·6578·6973·7473·0a20·2074·6167··tat.exists.··tag 
0003b080:·733a·0a20·202d·204e·4953·542d·3830·302d··s:.··-·NIST-800- 
0003b090:·3533·2d53·432d·3132·2832·290a·2020·2d20··53-SC-12(2).··-· 
0003b0a0:·4e49·5354·2d38·3030·2d35·332d·5343·2d31··NIST-800-53-SC-1 
0003b0b0:·3228·3329·0a20·202d·204e·4953·542d·3830··2(3).··-·NIST-80 
0003b0c0:·302d·3533·2d53·432d·3133·0a20·202d·2063··0-53-SC-13.··-·c 
0003b0d0:·6f6e·6669·6775·7265·5f62·696e·645f·6372··onfigure_bind_cr 
0003b0e0:·7970·746f·5f70·6f6c·6963·790a·2020·2d20··ypto_policy.··-· 
0003b0f0:·636f·6e66·6967·7572·655f·7374·7261·7465··configure_strate 
0003b100:·6779·0a20·202d·2068·6967·685f·7365·7665··gy.··-·high_seve 
0003b110:·7269·7479·0a20·202d·206c·6f77·5f63·6f6d··rity.··-·low_com 
0003b120:·706c·6578·6974·790a·2020·2d20·6c6f·775f··plexity.··-·low_ 
0003b130:·6469·7372·7570·7469·6f6e·0a20·202d·206e··disruption.··-·n 
Max diff block lines reached; 18688286/18713844 bytes (99.86%) of diff not shown.
1.71 MB
html2text {}
Max HTML report size reached
27.3 MB
./usr/share/doc/ssg-nondebian/ssg-fedora-guide-ospp.html
    
Offset 15236, 408 lines modifiedOffset 15236, 408 lines modified
0003b830:·6574·3d22·2369·646d·3138·3836·2220·7461··et="#idm1886"·ta0003b830:·6574·3d22·2369·646d·3138·3836·2220·7461··et="#idm1886"·ta
0003b840:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003b840:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b850:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003b850:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b860:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003b860:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b870:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003b870:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b880:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003b880:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b890:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003b890:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b8a0:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet·0003b8a0:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
0003b8b0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·0003b8b0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003b8c0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col0003b8c0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003b8d0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·0003b8d0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003b8e0:·6964·3d22·6964·6d31·3838·3622·3e3c·7461··id="idm1886"><ta0003b8e0:·2269·646d·3138·3836·223e·3c70·7265·3e3c··"idm1886"><pre><
0003b8f0:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table0003b8f0:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
0003b900:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t0003b900:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
0003b910:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta0003b910:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
0003b920:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><0003b920:·2070·6c61·7466·6f72·6d73·0a69·6620·2120···platforms.if·!·
0003b930:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit0003b930:·2820·7b20·7270·6d20·2d2d·7175·6965·7420··(·{·rpm·--quiet·
0003b940:·793a·3c2f·7468·3e3c·7464·3e68·6967·683c··y:</th><td>high<0003b940:·2d71·206b·6572·6e65·6c20·3b7d·2026·616d··-q·kernel·;}·&am
0003b950:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b950:·703b·2661·6d70·3b20·7b20·7270·6d20·2d2d··p;&amp;·{·rpm·--
0003b960:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th0003b960:·7175·6965·7420·2d71·2072·706d·2d6f·7374··quiet·-q·rpm-ost
0003b970:·3e3c·7464·3e6d·6564·6975·6d3c·2f74·643e··><td>medium</td>0003b970:·7265·6520·3b7d·2026·616d·703b·2661·6d70··ree·;}·&amp;&amp
0003b980:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb0003b980:·3b20·7b20·7270·6d20·2d2d·7175·6965·7420··;·{·rpm·--quiet·
0003b990:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal0003b990:·2d71·2062·6f6f·7463·203b·7d20·2661·6d70··-q·bootc·;}·&amp
0003b9a0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>0003b9a0:·3b26·616d·703b·207b·2021·2072·706d·202d··;&amp;·{·!·rpm·-
0003b9b0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t0003b9b0:·2d71·7569·6574·202d·7120·6f70·656e·7368··-quiet·-q·opensh
0003b9c0:·683e·3c74·643e·7265·7374·7269·6374·3c2f··h><td>restrict</0003b9c0:·6966·742d·6b75·6265·6c65·7420·3b7d·2029··ift-kubelet·;}·)
0003b9d0:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>0003b9d0:·3b20·7468·656e·0a0a·2320·4669·6e64·2077··;·then..#·Find·w
0003b9e0:·3c70·7265·3e3c·636f·6465·3e2d·206e·616d··<pre><code>-·nam0003b9e0:·6869·6368·2066·696c·6573·2068·6176·6520··hich·files·have·
0003b9f0:·653a·2047·6174·6865·7220·7468·6520·7061··e:·Gather·the·pa0003b9f0:·696e·636f·7272·6563·7420·6861·7368·2028··incorrect·hash·(
0003ba00:·636b·6167·6520·6661·6374·730a·2020·7061··ckage·facts.··pa0003ba00:·6e6f·7420·696e·202f·6574·632c·2062·6563··not·in·/etc,·bec
0003ba10:·636b·6167·655f·6661·6374·733a·0a20·2020··ckage_facts:.···0003ba10:·6175·7365·206f·6620·7468·6520·7379·7374··ause·of·the·syst
0003ba20:·206d·616e·6167·6572·3a20·6175·746f·0a20···manager:·auto.·0003ba20:·656d·2072·656c·6174·6564·2063·6f6e·6669··em·related·confi
0003ba30:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-0003ba30:·6720·6669·6c65·7329·2061·6e64·2074·6865··g·files)·and·the
0003ba40:·352e·3130·2e34·2e31·0a20·202d·204e·4953··5.10.4.1.··-·NIS0003ba40:·6e20·6765·7420·6669·6c65·7320·6e61·6d65··n·get·files·name
0003ba50:·542d·3830·302d·3137·312d·332e·332e·380a··T-800-171-3.3.8.0003ba50:·730a·6669·6c65·735f·7769·7468·5f69·6e63··s.files_with_inc
0003ba60:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003ba60:·6f72·7265·6374·5f68·6173·683d·2224·2872··orrect_hash="$(r
0003ba70:·2d33·2e34·2e31·0a20·202d·204e·4953·542d··-3.4.1.··-·NIST-0003ba70:·706d·202d·5661·202d·2d6e·6f63·6f6e·6669··pm·-Va·--noconfi
0003ba80:·3830·302d·3533·2d41·552d·3928·3329·0a20··800-53-AU-9(3).·0003ba80:·6720·7c20·6772·6570·202d·4520·275e·2e2e··g·|·grep·-E·'^..
0003ba90:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C0003ba90:·3527·207c·2061·776b·2027·7b70·7269·6e74··5'·|·awk·'{print
0003baa0:·4d2d·3628·6329·0a20·202d·204e·4953·542d··M-6(c).··-·NIST-0003baa0:·2024·4e46·7d27·2029·220a·0a69·6620·5b20···$NF}'·)"..if·[·
0003bab0:·3830·302d·3533·2d43·4d2d·3628·6429·0a20··800-53-CM-6(d).·0003bab0:·2d6e·2022·2466·696c·6573·5f77·6974·685f··-n·"$files_with_
0003bac0:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003bac0:·696e·636f·7272·6563·745f·6861·7368·2220··incorrect_hash"·
0003bad0:·492d·370a·2020·2d20·4e49·5354·2d38·3030··I-7.··-·NIST-8000003bad0:·5d3b·2074·6865·6e0a·2020·2020·2320·4672··];·then.····#·Fr
0003bae0:·2d35·332d·5349·2d37·2831·290a·2020·2d20··-53-SI-7(1).··-·0003bae0:·6f6d·2066·696c·6573·206e·616d·6573·2067··om·files·names·g
0003baf0:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003baf0:·6574·2070·6163·6b61·6765·206e·616d·6573··et·package·names
0003bb00:·2836·290a·2020·2d20·5043·492d·4453·532d··(6).··-·PCI-DSS-0003bb00:·2061·6e64·2063·6861·6e67·6520·6e65·776c···and·change·newl
0003bb10:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI0003bb10:·696e·6520·746f·2073·7061·6365·2c20·6265··ine·to·space,·be
0003bb20:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.··0003bb20:·6361·7573·6520·7270·6d20·7772·6974·6573··cause·rpm·writes
0003bb30:·2d20·6869·6768·5f63·6f6d·706c·6578·6974··-·high_complexit0003bb30:·2065·6163·6820·7061·636b·6167·6520·746f···each·package·to
0003bb40:·790a·2020·2d20·6869·6768·5f73·6576·6572··y.··-·high_sever0003bb40:·206e·6577·206c·696e·650a·2020·2020·7061···new·line.····pa
0003bb50:·6974·790a·2020·2d20·6d65·6469·756d·5f64··ity.··-·medium_d0003bb50:·636b·6167·6573·5f74·6f5f·7265·696e·7374··ckages_to_reinst
0003bb60:·6973·7275·7074·696f·6e0a·2020·2d20·6e6f··isruption.··-·no0003bb60:·616c·6c3d·2224·2872·706d·202d·7166·2024··all="$(rpm·-qf·$
0003bb70:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·0003bb70:·6669·6c65·735f·7769·7468·5f69·6e63·6f72··files_with_incor
0003bb80:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra0003bb80:·7265·6374·5f68·6173·6820·7c20·7472·2027··rect_hash·|·tr·'
0003bb90:·7465·6779·0a20·202d·2072·706d·5f76·6572··tegy.··-·rpm_ver0003bb90:·5c6e·2720·2720·2729·220a·0a20·2020·200a··\n'·'·')"..····.
0003bba0:·6966·795f·6861·7368·6573·0a0a·2d20·6e61··ify_hashes..-·na0003bba0:·2020·2020·646e·6620·7265·696e·7374·616c······dnf·reinstal
0003bbb0:·6d65·3a20·2753·6574·2066·6163·743a·2050··me:·'Set·fact:·P0003bbb0:·6c20·2d79·2024·7061·636b·6167·6573·5f74··l·-y·$packages_t
0003bbc0:·6163·6b61·6765·206d·616e·6167·6572·2072··ackage·manager·r0003bbc0:·6f5f·7265·696e·7374·616c·6c0a·2020·2020··o_reinstall.····
0003bbd0:·6569·6e73·7461·6c6c·2063·6f6d·6d61·6e64··einstall·command0003bbd0:·0a66·690a·0a65·6c73·650a·2020·2020·2667··.fi..else.····&g
0003bbe0:·270a·2020·7365·745f·6661·6374·3a0a·2020··'.··set_fact:.··0003bbe0:·743b·2661·6d70·3b32·2065·6368·6f20·2752··t;&amp;2·echo·'R
0003bbf0:·2020·7061·636b·6167·655f·6d61·6e61·6765····package_manage0003bbf0:·656d·6564·6961·7469·6f6e·2069·7320·6e6f··emediation·is·no
0003bc00:·725f·7265·696e·7374·616c·6c5f·636d·643a··r_reinstall_cmd:0003bc00:·7420·6170·706c·6963·6162·6c65·2c20·6e6f··t·applicable,·no
0003bc10:·2064·6e66·2072·6569·6e73·7461·6c6c·202d···dnf·reinstall·-0003bc10:·7468·696e·6720·7761·7320·646f·6e65·270a··thing·was·done'.
0003bc20:·790a·2020·7768·656e·3a0a·2020·2d20·6e6f··y.··when:.··-·no0003bc20:·6669·0a3c·2f63·6f64·653e·3c2f·7072·653e··fi.</code></pre>
0003bc30:·7420·2820·226b·6572·6e65·6c22·2069·6e20··t·(·"kernel"·in·0003bc30:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="
0003bc40:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003bc40:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"
0003bc50:·636b·6167·6573·2061·6e64·2022·7270·6d2d··ckages·and·"rpm-0003bc50:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co
0003bc60:·6f73·7472·6565·2220·696e·2061·6e73·6962··ostree"·in·ansib0003bc60:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar
0003bc70:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003bc70:·6765·743d·2223·6964·6d31·3838·3722·2074··get="#idm1887"·t
0003bc80:·730a·2020·2020·616e·6420·2262·6f6f·7463··s.····and·"bootc0003bc80:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003bc90:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003bc90:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003bca0:·7473·2e70·6163·6b61·6765·7320·616e·6420··ts.packages·and·0003bca0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003bcb0:·6e6f·7420·226f·7065·6e73·6869·6674·2d6b··not·"openshift-k0003bcb0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003bcc0:·7562·656c·6574·2220·696e·2061·6e73·6962··ubelet"·in·ansib0003bcc0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003bcd0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003bcd0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003bce0:·730a·2020·2020·290a·2020·2d20·616e·7369··s.····).··-·ansi0003bce0:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet
0003bcf0:·626c·655f·6469·7374·7269·6275·7469·6f6e··ble_distribution0003bcf0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003bd00:·2069·6e20·5b20·2246·6564·6f72·6122·2c20···in·[·"Fedora",·0003bd00:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003bd10:·2252·6564·4861·7422·2c20·2243·656e·744f··"RedHat",·"CentO0003bd10:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003bd20:·5322·2c20·224f·7261·636c·654c·696e·7578··S",·"OracleLinux0003bd20:·2069·643d·2269·646d·3138·3837·223e·3c74···id="idm1887"><t
0003bd30:·2220·5d0a·2020·7461·6773·3a0a·2020·2d20··"·].··tags:.··-·0003bd30:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
0003bd40:·434a·4953·2d35·2e31·302e·342e·310a·2020··CJIS-5.10.4.1.··0003bd40:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
0003bd50:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003bd50:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
0003bd60:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-800003bd60:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
0003bd70:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·0003bd70:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
0003bd80:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-90003bd80:·7479·3a3c·2f74·683e·3c74·643e·6869·6768··ty:</th><td>high
0003bd90:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-8000003bd90:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003bda0:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·0003bda0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
0003bdb0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003bdb0:·683e·3c74·643e·6d65·6469·756d·3c2f·7464··h><td>medium</td
0003bdc0:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-8000003bdc0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
0003bdd0:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS0003bdd0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
0003bde0:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)0003bde0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
0003bdf0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bdf0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
0003be00:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI0003be00:·7468·3e3c·7464·3e72·6573·7472·6963·743c··th><td>restrict<
0003be10:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··0003be10:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
0003be20:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.50003be20:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na
0003be30:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp0003be30:·6d65·3a20·4761·7468·6572·2074·6865·2070··me:·Gather·the·p
0003be40:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_0003be40:·6163·6b61·6765·2066·6163·7473·0a20·2070··ackage·facts.··p
0003be50:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med0003be50:·6163·6b61·6765·5f66·6163·7473·3a0a·2020··ackage_facts:.··
0003be60:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·0003be60:·2020·6d61·6e61·6765·723a·2061·7574·6f0a····manager:·auto.
0003be70:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee0003be70:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
0003be80:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict0003be80:·2d35·2e31·302e·342e·310a·2020·2d20·4e49··-5.10.4.1.··-·NI
0003be90:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp0003be90:·5354·2d38·3030·2d31·3731·2d33·2e33·2e38··ST-800-171-3.3.8
0003bea0:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.0003bea0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0003beb0:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa0003beb0:·312d·332e·342e·310a·2020·2d20·4e49·5354··1-3.4.1.··-·NIST
0003bec0:·6374·3a20·5061·636b·6167·6520·6d61·6e61··ct:·Package·mana0003bec0:·2d38·3030·2d35·332d·4155·2d39·2833·290a··-800-53-AU-9(3).
0003bed0:·6765·7220·7265·696e·7374·616c·6c20·636f··ger·reinstall·co0003bed0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003bee0:·6d6d·616e·6420·287a·7970·7065·7229·270a··mmand·(zypper)'.0003bee0:·434d·2d36·2863·290a·2020·2d20·4e49·5354··CM-6(c).··-·NIST
0003bef0:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····0003bef0:·2d38·3030·2d35·332d·434d·2d36·2864·290a··-800-53-CM-6(d).
0003bf00:·7061·636b·6167·655f·6d61·6e61·6765·725f··package_manager_0003bf00:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003bf10:·7265·696e·7374·616c·6c5f·636d·643a·207a··reinstall_cmd:·z0003bf10:·5349·2d37·0a20·202d·204e·4953·542d·3830··SI-7.··-·NIST-80
0003bf20:·7970·7065·7220·696e·202d·6620·2d79·0a20··ypper·in·-f·-y.·0003bf20:·302d·3533·2d53·492d·3728·3129·0a20·202d··0-53-SI-7(1).··-
0003bf30:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003bf30:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003bf40:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003bf40:·3728·3629·0a20·202d·2050·4349·2d44·5353··7(6).··-·PCI-DSS
0003bf50:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003bf50:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC
0003bf60:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003bf60:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·
0003bf70:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003bf70:·202d·2068·6967·685f·636f·6d70·6c65·7869···-·high_complexi
0003bf80:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003bf80:·7479·0a20·202d·2068·6967·685f·7365·7665··ty.··-·high_seve
0003bf90:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003bf90:·7269·7479·0a20·202d·206d·6564·6975·6d5f··rity.··-·medium_
0003bfa0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003bfa0:·6469·7372·7570·7469·6f6e·0a20·202d·206e··disruption.··-·n
0003bfb0:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003bfb0:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.
0003bfc0:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003bfc0:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str
0003bfd0:·6c65·7422·2069·6e20·616e·7369·626c·655f··let"·in·ansible_0003bfd0:·6174·6567·790a·2020·2d20·7270·6d5f·7665··ategy.··-·rpm_ve
0003bfe0:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003bfe0:·7269·6679·5f68·6173·6865·730a·0a2d·206e··rify_hashes..-·n
0003bff0:·2020·2029·0a20·202d·2061·6e73·6962·6c65·····).··-·ansible0003bff0:·616d·653a·2027·5365·7420·6661·6374·3a20··ame:·'Set·fact:·
0003c000:·5f64·6973·7472·6962·7574·696f·6e20·3d3d··_distribution·==0003c000:·5061·636b·6167·6520·6d61·6e61·6765·7220··Package·manager·
Max diff block lines reached; 26868615/26923567 bytes (99.80%) of diff not shown.
1.58 MB
html2text {}
Max HTML report size reached
14.6 MB
./usr/share/doc/ssg-nondebian/ssg-fedora-guide-pci-dss.html
    
Offset 15177, 408 lines modifiedOffset 15177, 408 lines modified
0003b480:·6574·3d22·2369·646d·3138·3836·2220·7461··et="#idm1886"·ta0003b480:·6574·3d22·2369·646d·3138·3836·2220·7461··et="#idm1886"·ta
0003b490:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003b490:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b4a0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003b4a0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b4b0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003b4b0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b4c0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003b4c0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b4d0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003b4d0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b4e0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003b4e0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b4f0:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet·0003b4f0:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
0003b500:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·0003b500:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003b510:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col0003b510:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003b520:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·0003b520:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003b530:·6964·3d22·6964·6d31·3838·3622·3e3c·7461··id="idm1886"><ta0003b530:·2269·646d·3138·3836·223e·3c70·7265·3e3c··"idm1886"><pre><
0003b540:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table0003b540:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
0003b550:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t0003b550:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
0003b560:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta0003b560:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
0003b570:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><0003b570:·2070·6c61·7466·6f72·6d73·0a69·6620·2120···platforms.if·!·
0003b580:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit0003b580:·2820·7b20·7270·6d20·2d2d·7175·6965·7420··(·{·rpm·--quiet·
0003b590:·793a·3c2f·7468·3e3c·7464·3e68·6967·683c··y:</th><td>high<0003b590:·2d71·206b·6572·6e65·6c20·3b7d·2026·616d··-q·kernel·;}·&am
0003b5a0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b5a0:·703b·2661·6d70·3b20·7b20·7270·6d20·2d2d··p;&amp;·{·rpm·--
0003b5b0:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th0003b5b0:·7175·6965·7420·2d71·2072·706d·2d6f·7374··quiet·-q·rpm-ost
0003b5c0:·3e3c·7464·3e6d·6564·6975·6d3c·2f74·643e··><td>medium</td>0003b5c0:·7265·6520·3b7d·2026·616d·703b·2661·6d70··ree·;}·&amp;&amp
0003b5d0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb0003b5d0:·3b20·7b20·7270·6d20·2d2d·7175·6965·7420··;·{·rpm·--quiet·
0003b5e0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal0003b5e0:·2d71·2062·6f6f·7463·203b·7d20·2661·6d70··-q·bootc·;}·&amp
0003b5f0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>0003b5f0:·3b26·616d·703b·207b·2021·2072·706d·202d··;&amp;·{·!·rpm·-
0003b600:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t0003b600:·2d71·7569·6574·202d·7120·6f70·656e·7368··-quiet·-q·opensh
0003b610:·683e·3c74·643e·7265·7374·7269·6374·3c2f··h><td>restrict</0003b610:·6966·742d·6b75·6265·6c65·7420·3b7d·2029··ift-kubelet·;}·)
0003b620:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>0003b620:·3b20·7468·656e·0a0a·2320·4669·6e64·2077··;·then..#·Find·w
0003b630:·3c70·7265·3e3c·636f·6465·3e2d·206e·616d··<pre><code>-·nam0003b630:·6869·6368·2066·696c·6573·2068·6176·6520··hich·files·have·
0003b640:·653a·2047·6174·6865·7220·7468·6520·7061··e:·Gather·the·pa0003b640:·696e·636f·7272·6563·7420·6861·7368·2028··incorrect·hash·(
0003b650:·636b·6167·6520·6661·6374·730a·2020·7061··ckage·facts.··pa0003b650:·6e6f·7420·696e·202f·6574·632c·2062·6563··not·in·/etc,·bec
0003b660:·636b·6167·655f·6661·6374·733a·0a20·2020··ckage_facts:.···0003b660:·6175·7365·206f·6620·7468·6520·7379·7374··ause·of·the·syst
0003b670:·206d·616e·6167·6572·3a20·6175·746f·0a20···manager:·auto.·0003b670:·656d·2072·656c·6174·6564·2063·6f6e·6669··em·related·confi
0003b680:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-0003b680:·6720·6669·6c65·7329·2061·6e64·2074·6865··g·files)·and·the
0003b690:·352e·3130·2e34·2e31·0a20·202d·204e·4953··5.10.4.1.··-·NIS0003b690:·6e20·6765·7420·6669·6c65·7320·6e61·6d65··n·get·files·name
0003b6a0:·542d·3830·302d·3137·312d·332e·332e·380a··T-800-171-3.3.8.0003b6a0:·730a·6669·6c65·735f·7769·7468·5f69·6e63··s.files_with_inc
0003b6b0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003b6b0:·6f72·7265·6374·5f68·6173·683d·2224·2872··orrect_hash="$(r
0003b6c0:·2d33·2e34·2e31·0a20·202d·204e·4953·542d··-3.4.1.··-·NIST-0003b6c0:·706d·202d·5661·202d·2d6e·6f63·6f6e·6669··pm·-Va·--noconfi
0003b6d0:·3830·302d·3533·2d41·552d·3928·3329·0a20··800-53-AU-9(3).·0003b6d0:·6720·7c20·6772·6570·202d·4520·275e·2e2e··g·|·grep·-E·'^..
0003b6e0:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C0003b6e0:·3527·207c·2061·776b·2027·7b70·7269·6e74··5'·|·awk·'{print
0003b6f0:·4d2d·3628·6329·0a20·202d·204e·4953·542d··M-6(c).··-·NIST-0003b6f0:·2024·4e46·7d27·2029·220a·0a69·6620·5b20···$NF}'·)"..if·[·
0003b700:·3830·302d·3533·2d43·4d2d·3628·6429·0a20··800-53-CM-6(d).·0003b700:·2d6e·2022·2466·696c·6573·5f77·6974·685f··-n·"$files_with_
0003b710:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003b710:·696e·636f·7272·6563·745f·6861·7368·2220··incorrect_hash"·
0003b720:·492d·370a·2020·2d20·4e49·5354·2d38·3030··I-7.··-·NIST-8000003b720:·5d3b·2074·6865·6e0a·2020·2020·2320·4672··];·then.····#·Fr
0003b730:·2d35·332d·5349·2d37·2831·290a·2020·2d20··-53-SI-7(1).··-·0003b730:·6f6d·2066·696c·6573·206e·616d·6573·2067··om·files·names·g
0003b740:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003b740:·6574·2070·6163·6b61·6765·206e·616d·6573··et·package·names
0003b750:·2836·290a·2020·2d20·5043·492d·4453·532d··(6).··-·PCI-DSS-0003b750:·2061·6e64·2063·6861·6e67·6520·6e65·776c···and·change·newl
0003b760:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI0003b760:·696e·6520·746f·2073·7061·6365·2c20·6265··ine·to·space,·be
0003b770:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.··0003b770:·6361·7573·6520·7270·6d20·7772·6974·6573··cause·rpm·writes
0003b780:·2d20·6869·6768·5f63·6f6d·706c·6578·6974··-·high_complexit0003b780:·2065·6163·6820·7061·636b·6167·6520·746f···each·package·to
0003b790:·790a·2020·2d20·6869·6768·5f73·6576·6572··y.··-·high_sever0003b790:·206e·6577·206c·696e·650a·2020·2020·7061···new·line.····pa
0003b7a0:·6974·790a·2020·2d20·6d65·6469·756d·5f64··ity.··-·medium_d0003b7a0:·636b·6167·6573·5f74·6f5f·7265·696e·7374··ckages_to_reinst
0003b7b0:·6973·7275·7074·696f·6e0a·2020·2d20·6e6f··isruption.··-·no0003b7b0:·616c·6c3d·2224·2872·706d·202d·7166·2024··all="$(rpm·-qf·$
0003b7c0:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·0003b7c0:·6669·6c65·735f·7769·7468·5f69·6e63·6f72··files_with_incor
0003b7d0:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra0003b7d0:·7265·6374·5f68·6173·6820·7c20·7472·2027··rect_hash·|·tr·'
0003b7e0:·7465·6779·0a20·202d·2072·706d·5f76·6572··tegy.··-·rpm_ver0003b7e0:·5c6e·2720·2720·2729·220a·0a20·2020·200a··\n'·'·')"..····.
0003b7f0:·6966·795f·6861·7368·6573·0a0a·2d20·6e61··ify_hashes..-·na0003b7f0:·2020·2020·646e·6620·7265·696e·7374·616c······dnf·reinstal
0003b800:·6d65·3a20·2753·6574·2066·6163·743a·2050··me:·'Set·fact:·P0003b800:·6c20·2d79·2024·7061·636b·6167·6573·5f74··l·-y·$packages_t
0003b810:·6163·6b61·6765·206d·616e·6167·6572·2072··ackage·manager·r0003b810:·6f5f·7265·696e·7374·616c·6c0a·2020·2020··o_reinstall.····
0003b820:·6569·6e73·7461·6c6c·2063·6f6d·6d61·6e64··einstall·command0003b820:·0a66·690a·0a65·6c73·650a·2020·2020·2667··.fi..else.····&g
0003b830:·270a·2020·7365·745f·6661·6374·3a0a·2020··'.··set_fact:.··0003b830:·743b·2661·6d70·3b32·2065·6368·6f20·2752··t;&amp;2·echo·'R
0003b840:·2020·7061·636b·6167·655f·6d61·6e61·6765····package_manage0003b840:·656d·6564·6961·7469·6f6e·2069·7320·6e6f··emediation·is·no
0003b850:·725f·7265·696e·7374·616c·6c5f·636d·643a··r_reinstall_cmd:0003b850:·7420·6170·706c·6963·6162·6c65·2c20·6e6f··t·applicable,·no
0003b860:·2064·6e66·2072·6569·6e73·7461·6c6c·202d···dnf·reinstall·-0003b860:·7468·696e·6720·7761·7320·646f·6e65·270a··thing·was·done'.
0003b870:·790a·2020·7768·656e·3a0a·2020·2d20·6e6f··y.··when:.··-·no0003b870:·6669·0a3c·2f63·6f64·653e·3c2f·7072·653e··fi.</code></pre>
0003b880:·7420·2820·226b·6572·6e65·6c22·2069·6e20··t·(·"kernel"·in·0003b880:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="
0003b890:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003b890:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"
0003b8a0:·636b·6167·6573·2061·6e64·2022·7270·6d2d··ckages·and·"rpm-0003b8a0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co
0003b8b0:·6f73·7472·6565·2220·696e·2061·6e73·6962··ostree"·in·ansib0003b8b0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar
0003b8c0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003b8c0:·6765·743d·2223·6964·6d31·3838·3722·2074··get="#idm1887"·t
0003b8d0:·730a·2020·2020·616e·6420·2262·6f6f·7463··s.····and·"bootc0003b8d0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003b8e0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b8e0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003b8f0:·7473·2e70·6163·6b61·6765·7320·616e·6420··ts.packages·and·0003b8f0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003b900:·6e6f·7420·226f·7065·6e73·6869·6674·2d6b··not·"openshift-k0003b900:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003b910:·7562·656c·6574·2220·696e·2061·6e73·6962··ubelet"·in·ansib0003b910:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003b920:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003b920:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003b930:·730a·2020·2020·290a·2020·2d20·616e·7369··s.····).··-·ansi0003b930:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet
0003b940:·626c·655f·6469·7374·7269·6275·7469·6f6e··ble_distribution0003b940:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003b950:·2069·6e20·5b20·2246·6564·6f72·6122·2c20···in·[·"Fedora",·0003b950:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003b960:·2252·6564·4861·7422·2c20·2243·656e·744f··"RedHat",·"CentO0003b960:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003b970:·5322·2c20·224f·7261·636c·654c·696e·7578··S",·"OracleLinux0003b970:·2069·643d·2269·646d·3138·3837·223e·3c74···id="idm1887"><t
0003b980:·2220·5d0a·2020·7461·6773·3a0a·2020·2d20··"·].··tags:.··-·0003b980:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
0003b990:·434a·4953·2d35·2e31·302e·342e·310a·2020··CJIS-5.10.4.1.··0003b990:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
0003b9a0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003b9a0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
0003b9b0:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-800003b9b0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
0003b9c0:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·0003b9c0:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
0003b9d0:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-90003b9d0:·7479·3a3c·2f74·683e·3c74·643e·6869·6768··ty:</th><td>high
0003b9e0:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-8000003b9e0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003b9f0:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·0003b9f0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
0003ba00:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003ba00:·683e·3c74·643e·6d65·6469·756d·3c2f·7464··h><td>medium</td
0003ba10:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-8000003ba10:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
0003ba20:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS0003ba20:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
0003ba30:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)0003ba30:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
0003ba40:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003ba40:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
0003ba50:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI0003ba50:·7468·3e3c·7464·3e72·6573·7472·6963·743c··th><td>restrict<
0003ba60:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··0003ba60:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
0003ba70:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.50003ba70:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na
0003ba80:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp0003ba80:·6d65·3a20·4761·7468·6572·2074·6865·2070··me:·Gather·the·p
0003ba90:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_0003ba90:·6163·6b61·6765·2066·6163·7473·0a20·2070··ackage·facts.··p
0003baa0:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med0003baa0:·6163·6b61·6765·5f66·6163·7473·3a0a·2020··ackage_facts:.··
0003bab0:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·0003bab0:·2020·6d61·6e61·6765·723a·2061·7574·6f0a····manager:·auto.
0003bac0:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee0003bac0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
0003bad0:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict0003bad0:·2d35·2e31·302e·342e·310a·2020·2d20·4e49··-5.10.4.1.··-·NI
0003bae0:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp0003bae0:·5354·2d38·3030·2d31·3731·2d33·2e33·2e38··ST-800-171-3.3.8
0003baf0:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.0003baf0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0003bb00:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa0003bb00:·312d·332e·342e·310a·2020·2d20·4e49·5354··1-3.4.1.··-·NIST
0003bb10:·6374·3a20·5061·636b·6167·6520·6d61·6e61··ct:·Package·mana0003bb10:·2d38·3030·2d35·332d·4155·2d39·2833·290a··-800-53-AU-9(3).
0003bb20:·6765·7220·7265·696e·7374·616c·6c20·636f··ger·reinstall·co0003bb20:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003bb30:·6d6d·616e·6420·287a·7970·7065·7229·270a··mmand·(zypper)'.0003bb30:·434d·2d36·2863·290a·2020·2d20·4e49·5354··CM-6(c).··-·NIST
0003bb40:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····0003bb40:·2d38·3030·2d35·332d·434d·2d36·2864·290a··-800-53-CM-6(d).
0003bb50:·7061·636b·6167·655f·6d61·6e61·6765·725f··package_manager_0003bb50:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003bb60:·7265·696e·7374·616c·6c5f·636d·643a·207a··reinstall_cmd:·z0003bb60:·5349·2d37·0a20·202d·204e·4953·542d·3830··SI-7.··-·NIST-80
0003bb70:·7970·7065·7220·696e·202d·6620·2d79·0a20··ypper·in·-f·-y.·0003bb70:·302d·3533·2d53·492d·3728·3129·0a20·202d··0-53-SI-7(1).··-
0003bb80:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003bb80:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003bb90:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003bb90:·3728·3629·0a20·202d·2050·4349·2d44·5353··7(6).··-·PCI-DSS
0003bba0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003bba0:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC
0003bbb0:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003bbb0:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·
0003bbc0:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003bbc0:·202d·2068·6967·685f·636f·6d70·6c65·7869···-·high_complexi
0003bbd0:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003bbd0:·7479·0a20·202d·2068·6967·685f·7365·7665··ty.··-·high_seve
0003bbe0:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003bbe0:·7269·7479·0a20·202d·206d·6564·6975·6d5f··rity.··-·medium_
0003bbf0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003bbf0:·6469·7372·7570·7469·6f6e·0a20·202d·206e··disruption.··-·n
0003bc00:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003bc00:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.
0003bc10:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003bc10:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str
0003bc20:·6c65·7422·2069·6e20·616e·7369·626c·655f··let"·in·ansible_0003bc20:·6174·6567·790a·2020·2d20·7270·6d5f·7665··ategy.··-·rpm_ve
0003bc30:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003bc30:·7269·6679·5f68·6173·6865·730a·0a2d·206e··rify_hashes..-·n
0003bc40:·2020·2029·0a20·202d·2061·6e73·6962·6c65·····).··-·ansible0003bc40:·616d·653a·2027·5365·7420·6661·6374·3a20··ame:·'Set·fact:·
0003bc50:·5f64·6973·7472·6962·7574·696f·6e20·3d3d··_distribution·==0003bc50:·5061·636b·6167·6520·6d61·6e61·6765·7220··Package·manager·
Max diff block lines reached; 14182577/14237529 bytes (99.61%) of diff not shown.
1.06 MB
html2text {}
    
Offset 100, 14 lines modifiedOffset 100, 33 lines modified
100 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6100 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
101 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4101 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
102 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)102 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
103 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1103 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
104 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5104 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
105 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227105 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
106 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2106 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 107 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 108 #·Remediation·is·applicable·only·in·certain·platforms
 109 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 110 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 111 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 112 if·[·-n·"$files_with_incorrect_hash"·];·then
 113 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 114 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 115 ····dnf·reinstall·-y·$packages_to_reinstall
  
 116 fi
  
 117 else
 118 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 119 fi
107 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8120 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
108 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high121 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
109 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium122 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
110 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false123 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
111 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict124 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
112 -·name:·Gather·the·package·facts125 -·name:·Gather·the·package·facts
113 ··package_facts:126 ··package_facts:
Offset 274, 33 lines modifiedOffset 293, 14 lines modified
274 ··-·PCI-DSSv4-11.5.2293 ··-·PCI-DSSv4-11.5.2
275 ··-·high_complexity294 ··-·high_complexity
276 ··-·high_severity295 ··-·high_severity
277 ··-·medium_disruption296 ··-·medium_disruption
278 ··-·no_reboot_needed297 ··-·no_reboot_needed
279 ··-·restrict_strategy298 ··-·restrict_strategy
280 ··-·rpm_verify_hashes299 ··-·rpm_verify_hashes
281 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
282 #·Remediation·is·applicable·only·in·certain·platforms 
283 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
284 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
285 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
286 if·[·-n·"$files_with_incorrect_hash"·];·then 
287 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
288 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
289 ····dnf·reinstall·-y·$packages_to_reinstall 
  
290 fi 
  
291 else 
292 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
293 fi 
294 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*300 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
295 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:301 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
296 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'302 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
297 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:303 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
298 $·rpm·-qf·FILENAME304 $·rpm·-qf·FILENAME
  
299 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:305 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 321, 14 lines modifiedOffset 321, 50 lines modified
321 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5321 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
322 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2322 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
323 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)323 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
324 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1324 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
325 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5325 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
326 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108326 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
327 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2327 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 328 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 329 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 330 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 331 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 332 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 333 #·Remediation·is·applicable·only·in·certain·platforms
 334 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 335 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 336 declare·-A·SETPERMS_RPM_DICT
  
 337 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 338 #·is·expected·by·the·RPM·database
 339 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 340 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 341 do
 342 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 343 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 344 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 345 ········do
 346 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 347 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 348 ········done
 349 done
  
 350 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 351 #·correct·values
 352 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 353 do
 354 »       rpm·--restore·"${RPM_PACKAGE}"
 355 done
  
 356 else
 357 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 358 fi
328 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8359 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
329 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high360 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
330 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium361 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
331 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false362 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
332 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict363 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
333 -·name:·Gather·the·package·facts364 -·name:·Gather·the·package·facts
334 ··package_facts:365 ··package_facts:
Offset 440, 50 lines modifiedOffset 476, 14 lines modified
440 ··-·PCI-DSSv4-11.5.2476 ··-·PCI-DSSv4-11.5.2
441 ··-·high_complexity477 ··-·high_complexity
442 ··-·high_severity478 ··-·high_severity
443 ··-·medium_disruption479 ··-·medium_disruption
444 ··-·no_reboot_needed480 ··-·no_reboot_needed
445 ··-·restrict_strategy481 ··-·restrict_strategy
446 ··-·rpm_verify_permissions482 ··-·rpm_verify_permissions
447 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 1101033/1109114 bytes (99.27%) of diff not shown.
7.69 MB
./usr/share/doc/ssg-nondebian/ssg-fedora-guide-standard.html
    
Offset 15168, 408 lines modifiedOffset 15168, 408 lines modified
0003b3f0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003b3f0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b400:·2223·6964·6d31·3838·3622·2074·6162·696e··"#idm1886"·tabin0003b400:·2223·6964·6d31·3838·3622·2074·6162·696e··"#idm1886"·tabin
0003b410:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003b410:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b420:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b420:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b430:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b430:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b440:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b440:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b450:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b450:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b460:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003b460:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
0003b470:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...0003b470:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
0003b480:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003b480:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003b490:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003b490:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003b4a0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003b4a0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003b4b0:·2269·646d·3138·3836·223e·3c74·6162·6c65··"idm1886"><table0003b4b0:·6d31·3838·3622·3e3c·7072·653e·3c63·6f64··m1886"><pre><cod
0003b4c0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003b4c0:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
0003b4d0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003b4d0:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
0003b4e0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003b4e0:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
0003b4f0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003b4f0:·6174·666f·726d·730a·6966·2021·2028·207b··atforms.if·!·(·{
0003b500:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003b500:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b510:·2f74·683e·3c74·643e·6869·6768·3c2f·7464··/th><td>high</td0003b510:·6b65·726e·656c·203b·7d20·2661·6d70·3b26··kernel·;}·&amp;&
0003b520:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di0003b520:·616d·703b·207b·2072·706d·202d·2d71·7569··amp;·{·rpm·--qui
0003b530:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003b530:·6574·202d·7120·7270·6d2d·6f73·7472·6565··et·-q·rpm-ostree
0003b540:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t0003b540:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003b550:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot0003b550:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b560:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<0003b560:·626f·6f74·6320·3b7d·2026·616d·703b·2661··bootc·;}·&amp;&a
0003b570:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b570:·6d70·3b20·7b20·2120·7270·6d20·2d2d·7175··mp;·{·!·rpm·--qu
0003b580:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><0003b580:·6965·7420·2d71·206f·7065·6e73·6869·6674··iet·-q·openshift
0003b590:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>0003b590:·2d6b·7562·656c·6574·203b·7d20·293b·2074··-kubelet·;}·);·t
0003b5a0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr0003b5a0:·6865·6e0a·0a23·2046·696e·6420·7768·6963··hen..#·Find·whic
0003b5b0:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·0003b5b0:·6820·6669·6c65·7320·6861·7665·2069·6e63··h·files·have·inc
0003b5c0:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa0003b5c0:·6f72·7265·6374·2068·6173·6820·286e·6f74··orrect·hash·(not
0003b5d0:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa0003b5d0:·2069·6e20·2f65·7463·2c20·6265·6361·7573···in·/etc,·becaus
0003b5e0:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma0003b5e0:·6520·6f66·2074·6865·2073·7973·7465·6d20··e·of·the·system·
0003b5f0:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta0003b5f0:·7265·6c61·7465·6420·636f·6e66·6967·2066··related·config·f
0003b600:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.10003b600:·696c·6573·2920·616e·6420·7468·656e·2067··iles)·and·then·g
0003b610:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-80003b610:·6574·2066·696c·6573·206e·616d·6573·0a66··et·files·names.f
0003b620:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-0003b620:·696c·6573·5f77·6974·685f·696e·636f·7272··iles_with_incorr
0003b630:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003b630:·6563·745f·6861·7368·3d22·2428·7270·6d20··ect_hash="$(rpm·
0003b640:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003b640:·2d56·6120·2d2d·6e6f·636f·6e66·6967·207c··-Va·--noconfig·|
0003b650:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·0003b650:·2067·7265·7020·2d45·2027·5e2e·2e35·2720···grep·-E·'^..5'·
0003b660:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003b660:·7c20·6177·6b20·277b·7072·696e·7420·244e··|·awk·'{print·$N
0003b670:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-8000003b670:·467d·2720·2922·0a0a·6966·205b·202d·6e20··F}'·)"..if·[·-n·
0003b680:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·0003b680:·2224·6669·6c65·735f·7769·7468·5f69·6e63··"$files_with_inc
0003b690:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003b690:·6f72·7265·6374·5f68·6173·6822·205d·3b20··orrect_hash"·];·
0003b6a0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b6a0:·7468·656e·0a20·2020·2023·2046·726f·6d20··then.····#·From·
0003b6b0:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS0003b6b0:·6669·6c65·7320·6e61·6d65·7320·6765·7420··files·names·get·
0003b6c0:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)0003b6c0:·7061·636b·6167·6520·6e61·6d65·7320·616e··package·names·an
0003b6d0:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003b6d0:·6420·6368·616e·6765·206e·6577·6c69·6e65··d·change·newline
0003b6e0:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS0003b6e0:·2074·6f20·7370·6163·652c·2062·6563·6175···to·space,·becau
0003b6f0:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h0003b6f0:·7365·2072·706d·2077·7269·7465·7320·6561··se·rpm·writes·ea
0003b700:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·0003b700:·6368·2070·6163·6b61·6765·2074·6f20·6e65··ch·package·to·ne
0003b710:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity0003b710:·7720·6c69·6e65·0a20·2020·2070·6163·6b61··w·line.····packa
0003b720:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003b720:·6765·735f·746f·5f72·6569·6e73·7461·6c6c··ges_to_reinstall
0003b730:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re0003b730:·3d22·2428·7270·6d20·2d71·6620·2466·696c··="$(rpm·-qf·$fil
0003b740:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003b740:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003b750:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0003b750:·745f·6861·7368·207c·2074·7220·275c·6e27··t_hash·|·tr·'\n'
0003b760:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify0003b760:·2027·2027·2922·0a0a·2020·2020·0a20·2020···'·')"..····.···
0003b770:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:0003b770:·2064·6e66·2072·6569·6e73·7461·6c6c·202d···dnf·reinstall·-
0003b780:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack0003b780:·7920·2470·6163·6b61·6765·735f·746f·5f72··y·$packages_to_r
0003b790:·6167·6520·6d61·6e61·6765·7220·7265·696e··age·manager·rein0003b790:·6569·6e73·7461·6c6c·0a20·2020·200a·6669··einstall.····.fi
0003b7a0:·7374·616c·6c20·636f·6d6d·616e·6427·0a20··stall·command'.·0003b7a0:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
0003b7b0:·2073·6574·5f66·6163·743a·0a20·2020·2070···set_fact:.····p0003b7b0:·616d·703b·3220·6563·686f·2027·5265·6d65··amp;2·echo·'Reme
0003b7c0:·6163·6b61·6765·5f6d·616e·6167·6572·5f72··ackage_manager_r0003b7c0:·6469·6174·696f·6e20·6973·206e·6f74·2061··diation·is·not·a
0003b7d0:·6569·6e73·7461·6c6c·5f63·6d64·3a20·646e··einstall_cmd:·dn0003b7d0:·7070·6c69·6361·626c·652c·206e·6f74·6869··pplicable,·nothi
0003b7e0:·6620·7265·696e·7374·616c·6c20·2d79·0a20··f·reinstall·-y.·0003b7e0:·6e67·2077·6173·2064·6f6e·6527·0a66·690a··ng·was·done'.fi.
0003b7f0:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003b7f0:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
0003b800:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003b800:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
0003b810:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003b810:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
0003b820:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003b820:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
0003b830:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003b830:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b840:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003b840:·3d22·2369·646d·3138·3837·2220·7461·6269··="#idm1887"·tabi
0003b850:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003b850:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b860:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b860:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b870:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003b870:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b880:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003b880:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b890:·6c65·7422·2069·6e20·616e·7369·626c·655f··let"·in·ansible_0003b890:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b8a0:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003b8a0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An
0003b8b0:·2020·2029·0a20·202d·2061·6e73·6962·6c65·····).··-·ansible0003b8b0:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..
0003b8c0:·5f64·6973·7472·6962·7574·696f·6e20·696e··_distribution·in0003b8c0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003b8d0:·205b·2022·4665·646f·7261·222c·2022·5265···[·"Fedora",·"Re0003b8d0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003b8e0:·6448·6174·222c·2022·4365·6e74·4f53·222c··dHat",·"CentOS",0003b8e0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003b8f0:·2022·4f72·6163·6c65·4c69·6e75·7822·205d···"OracleLinux"·]0003b8f0:·3d22·6964·6d31·3838·3722·3e3c·7461·626c··="idm1887"><tabl
0003b900:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003b900:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
0003b910:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N0003b910:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
0003b920:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.0003b920:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
0003b930:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-10003b930:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
0003b940:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS0003b940:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
0003b950:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)0003b950:·3c2f·7468·3e3c·7464·3e68·6967·683c·2f74··</th><td>high</t
0003b960:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b960:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
0003b970:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS0003b970:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
0003b980:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)0003b980:·7464·3e6d·6564·6975·6d3c·2f74·643e·3c2f··td>medium</td></
0003b990:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b990:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003b9a0:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-80003b9a0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
0003b9b0:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··0003b9b0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003b9c0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003b9c0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
0003b9d0:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS0003b9d0:·3c74·643e·7265·7374·7269·6374·3c2f·7464··<td>restrict</td
0003b9e0:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003b9e0:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0003b9f0:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003b9f0:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
0003ba00:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex0003ba00:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
0003ba10:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev0003ba10:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
0003ba20:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium0003ba20:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
0003ba30:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·0003ba30:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
0003ba40:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed0003ba40:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
0003ba50:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st0003ba50:·3130·2e34·2e31·0a20·202d·204e·4953·542d··10.4.1.··-·NIST-
0003ba60:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v0003ba60:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··
0003ba70:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·0003ba70:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003ba80:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:0003ba80:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-80
0003ba90:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager0003ba90:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-
0003baa0:·2072·6569·6e73·7461·6c6c·2063·6f6d·6d61···reinstall·comma0003baa0:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
0003bab0:·6e64·2028·7a79·7070·6572·2927·0a20·2073··nd·(zypper)'.··s0003bab0:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-80
0003bac0:·6574·5f66·6163·743a·0a20·2020·2070·6163··et_fact:.····pac0003bac0:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-
0003bad0:·6b61·6765·5f6d·616e·6167·6572·5f72·6569··kage_manager_rei0003bad0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003bae0:·6e73·7461·6c6c·5f63·6d64·3a20·7a79·7070··nstall_cmd:·zypp0003bae0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
0003baf0:·6572·2069·6e20·2d66·202d·790a·2020·7768··er·in·-f·-y.··wh0003baf0:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI
0003bb00:·656e·3a0a·2020·2d20·6e6f·7420·2820·226b··en:.··-·not·(·"k0003bb00:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(6
0003bb10:·6572·6e65·6c22·2069·6e20·616e·7369·626c··ernel"·in·ansibl0003bb10:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re
0003bb20:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003bb20:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D
0003bb30:·2061·6e64·2022·7270·6d2d·6f73·7472·6565···and·"rpm-ostree0003bb30:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·
0003bb40:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003bb40:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.
0003bb50:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003bb50:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit
0003bb60:·616e·6420·2262·6f6f·7463·2220·696e·2061··and·"bootc"·in·a0003bb60:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis
0003bb70:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003bb70:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r
0003bb80:·6b61·6765·7320·616e·6420·6e6f·7420·226f··kages·and·not·"o0003bb80:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-
0003bb90:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet0003bb90:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate
0003bba0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003bba0:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif
0003bbb0:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003bbb0:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name
0003bbc0:·290a·2020·2d20·616e·7369·626c·655f·6469··).··-·ansible_di0003bbc0:·3a20·2753·6574·2066·6163·743a·2050·6163··:·'Set·fact:·Pac
Max diff block lines reached; 7311884/7366836 bytes (99.25%) of diff not shown.
681 KB
html2text {}
    
Offset 99, 14 lines modifiedOffset 99, 33 lines modified
99 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.699 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
100 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4100 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
101 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)101 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
102 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1102 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
103 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5103 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
104 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227104 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
105 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2105 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 106 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 107 #·Remediation·is·applicable·only·in·certain·platforms
 108 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 109 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 110 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 111 if·[·-n·"$files_with_incorrect_hash"·];·then
 112 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 113 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 114 ····dnf·reinstall·-y·$packages_to_reinstall
  
 115 fi
  
 116 else
 117 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 118 fi
106 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
107 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
108 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
109 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
110 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
111 -·name:·Gather·the·package·facts124 -·name:·Gather·the·package·facts
112 ··package_facts:125 ··package_facts:
Offset 273, 33 lines modifiedOffset 292, 14 lines modified
273 ··-·PCI-DSSv4-11.5.2292 ··-·PCI-DSSv4-11.5.2
274 ··-·high_complexity293 ··-·high_complexity
275 ··-·high_severity294 ··-·high_severity
276 ··-·medium_disruption295 ··-·medium_disruption
277 ··-·no_reboot_needed296 ··-·no_reboot_needed
278 ··-·restrict_strategy297 ··-·restrict_strategy
279 ··-·rpm_verify_hashes298 ··-·rpm_verify_hashes
280 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
281 #·Remediation·is·applicable·only·in·certain·platforms 
282 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
283 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
284 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
285 if·[·-n·"$files_with_incorrect_hash"·];·then 
286 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
287 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
288 ····dnf·reinstall·-y·$packages_to_reinstall 
  
289 fi 
  
290 else 
291 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
292 fi 
293 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*299 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
294 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:300 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
295 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'301 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
296 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:302 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
297 $·rpm·-qf·FILENAME303 $·rpm·-qf·FILENAME
  
298 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:304 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 320, 14 lines modifiedOffset 320, 50 lines modified
320 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5320 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
321 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2321 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
322 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)322 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
323 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1323 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
324 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5324 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
325 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108325 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
326 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2326 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 327 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 328 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 329 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 330 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 331 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 332 #·Remediation·is·applicable·only·in·certain·platforms
 333 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 334 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 335 declare·-A·SETPERMS_RPM_DICT
  
 336 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 337 #·is·expected·by·the·RPM·database
 338 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 339 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 340 do
 341 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 342 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 343 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 344 ········do
 345 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 346 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 347 ········done
 348 done
  
 349 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 350 #·correct·values
 351 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 352 do
 353 »       rpm·--restore·"${RPM_PACKAGE}"
 354 done
  
 355 else
 356 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 357 fi
327 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8358 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
328 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high359 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
329 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium360 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
330 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false361 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
331 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict362 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
332 -·name:·Gather·the·package·facts363 -·name:·Gather·the·package·facts
333 ··package_facts:364 ··package_facts:
Offset 439, 50 lines modifiedOffset 475, 14 lines modified
439 ··-·PCI-DSSv4-11.5.2475 ··-·PCI-DSSv4-11.5.2
440 ··-·high_complexity476 ··-·high_complexity
441 ··-·high_severity477 ··-·high_severity
442 ··-·medium_disruption478 ··-·medium_disruption
443 ··-·no_reboot_needed479 ··-·no_reboot_needed
444 ··-·restrict_strategy480 ··-·restrict_strategy
445 ··-·rpm_verify_permissions481 ··-·rpm_verify_permissions
446 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 689453/697531 bytes (98.84%) of diff not shown.
2.18 MB
./usr/share/doc/ssg-nondebian/ssg-kylinserver10-guide-standard.html
    
Offset 15102, 94 lines modifiedOffset 15102, 94 lines modified
0003afd0:·7267·6574·3d22·2369·646d·3733·3122·2074··rget="#idm731"·t0003afd0:·7267·6574·3d22·2369·646d·3733·3122·2074··rget="#idm731"·t
0003afe0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003afe0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003aff0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003aff0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003b000:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003b000:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003b010:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003b010:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003b020:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003b020:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003b030:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003b030:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
 0003b040:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet
 0003b050:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
 0003b060:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003b040:·204f·5342·7569·6c64·2042·6c75·6570·7269···OSBuild·Bluepri 
0003b050:·6e74·2073·6e69·7070·6574·20e2·87b2·3c2f··nt·snippet·...</ 
0003b060:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b070:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b080:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b090:·646d·3733·3122·3e3c·7072·653e·3c63·6f64··dm731"><pre><cod 
0003b0a0:·653e·0a5b·5b70·6163·6b61·6765·735d·5d0a··e>.[[packages]]. 
0003b0b0:·6e61·6d65·203d·2022·6169·6465·220a·7665··name·=·"aide".ve 
0003b0c0:·7273·696f·6e20·3d20·222a·220a·3c2f·636f··rsion·=·"*".</co 
0003b0d0:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003b0e0:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003b0f0:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003b100:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"0003b070:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
 0003b080:·2069·643d·2269·646d·3733·3122·3e3c·7461···id="idm731"><ta
 0003b090:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
 0003b0a0:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
 0003b0b0:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
 0003b0c0:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
 0003b0d0:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
 0003b0e0:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</
 0003b0f0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003b100:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th>
 0003b110:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
 0003b120:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:
 0003b130:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</
 0003b140:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003b150:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
0003b110:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003b120:·646d·3733·3222·2074·6162·696e·6465·783d··dm732"·tabindex= 
0003b130:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003b140:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003b150:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003b160:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003b170:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003b180:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible 
0003b190:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b1a0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b1b0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b1c0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b1d0:·3733·3222·3e3c·7461·626c·6520·636c·6173··732"><table·clas 
0003b1e0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003b1f0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003b200:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003b210:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003b220:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003b230:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b240:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b250:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b260:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b270:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b280:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>0003b160:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t
0003b290:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b2a0:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b2b0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b2c0:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n 
0003b2d0:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the· 
0003b2e0:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.·· 
0003b2f0:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.· 
0003b300:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto0003b170:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 0003b180:·636f·6465·3e2d·206e·616d·653a·2047·6174··code>-·name:·Gat
 0003b190:·6865·7220·7468·6520·7061·636b·6167·6520··her·the·package·
 0003b1a0:·6661·6374·730a·2020·7061·636b·6167·655f··facts.··package_
 0003b1b0:·6661·6374·733a·0a20·2020·206d·616e·6167··facts:.····manag
 0003b1c0:·6572·3a20·6175·746f·0a20·2074·6167·733a··er:·auto.··tags:
 0003b1d0:·0a20·202d·2043·4a49·532d·352e·3130·2e31··.··-·CJIS-5.10.1
 0003b1e0:·2e33·0a20·202d·204e·4953·542d·3830·302d··.3.··-·NIST-800-
 0003b1f0:·3533·2d43·4d2d·3628·6129·0a20·202d·2050··53-CM-6(a).··-·P
 0003b200:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.
 0003b210:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-11
 0003b220:·2e35·2e32·0a20·202d·2065·6e61·626c·655f··.5.2.··-·enable_
 0003b230:·7374·7261·7465·6779·0a20·202d·206c·6f77··strategy.··-·low
 0003b240:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·
 0003b250:·6c6f·775f·6469·7372·7570·7469·6f6e·0a20··low_disruption.·
 0003b260:·202d·206d·6564·6975·6d5f·7365·7665·7269···-·medium_severi
 0003b270:·7479·0a20·202d·206e·6f5f·7265·626f·6f74··ty.··-·no_reboot
 0003b280:·5f6e·6565·6465·640a·2020·2d20·7061·636b··_needed.··-·pack
 0003b290:·6167·655f·6169·6465·5f69·6e73·7461·6c6c··age_aide_install
 0003b2a0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu
 0003b2b0:·7265·2061·6964·6520·6973·2069·6e73·7461··re·aide·is·insta
 0003b2c0:·6c6c·6564·0a20·2070·6163·6b61·6765·3a0a··lled.··package:.
 0003b2d0:·2020·2020·6e61·6d65·3a20·6169·6465·0a20······name:·aide.·
 0003b2e0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
 0003b2f0:·740a·2020·7768·656e·3a20·2722·6b65·726e··t.··when:·'"kern
 0003b300:·656c·2220·696e·2061·6e73·6962·6c65·5f66··el"·in·ansible_f
 0003b310:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
0003b310:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003b320:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-
0003b320:·532d·352e·3130·2e31·2e33·0a20·202d·204e··S-5.10.1.3.··-·N0003b330:·352e·3130·2e31·2e33·0a20·202d·204e·4953··5.10.1.3.··-·NIS
0003b330:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003b340:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a)
0003b340:·6129·0a20·202d·2050·4349·2d44·5353·2d52··a).··-·PCI-DSS-R0003b350:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req
0003b350:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI-0003b360:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS
0003b360:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··-0003b370:·5376·342d·3131·2e35·2e32·0a20·202d·2065··Sv4-11.5.2.··-·e
0003b370:·2065·6e61·626c·655f·7374·7261·7465·6779···enable_strategy0003b380:·6e61·626c·655f·7374·7261·7465·6779·0a20··nable_strategy.·
0003b380:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex0003b390:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit
0003b390:·6974·790a·2020·2d20·6c6f·775f·6469·7372··ity.··-·low_disr0003b3a0:·790a·2020·2d20·6c6f·775f·6469·7372·7570··y.··-·low_disrup
0003b3a0:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu0003b3b0:·7469·6f6e·0a20·202d·206d·6564·6975·6d5f··tion.··-·medium_
0003b3b0:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n0003b3c0:·7365·7665·7269·7479·0a20·202d·206e·6f5f··severity.··-·no_
0003b3c0:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003b3d0:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.··
0003b3d0:·2020·2d20·7061·636b·6167·655f·6169·6465····-·package_aide0003b3e0:·2d20·7061·636b·6167·655f·6169·6465·5f69··-·package_aide_i
 0003b3f0:·6e73·7461·6c6c·6564·0a3c·2f63·6f64·653e··nstalled.</code>
 0003b400:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
 0003b410:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
 0003b420:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
 0003b430:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
 0003b440:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm7
 0003b450:·3332·2220·7461·6269·6e64·6578·3d22·3022··32"·tabindex="0"
 0003b460:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
 0003b470:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
 0003b480:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
 0003b490:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
 0003b4a0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
 0003b4b0:·6174·696f·6e20·4f53·4275·696c·6420·426c··ation·OSBuild·Bl
 0003b4c0:·7565·7072·696e·7420·736e·6970·7065·7420··ueprint·snippet·
 0003b4d0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
 0003b4e0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
 0003b4f0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
 0003b500:·6964·3d22·6964·6d37·3332·223e·3c70·7265··id="idm732"><pre
 0003b510:·3e3c·636f·6465·3e0a·5b5b·7061·636b·6167··><code>.[[packag
Max diff block lines reached; 2051302/2062920 bytes (99.44%) of diff not shown.
213 KB
html2text {}
    
Offset 128, 19 lines modifiedOffset 128, 14 lines modified
128 include·install_aide128 include·install_aide
  
129 class·install_aide·{129 class·install_aide·{
130 ··package·{·'aide':130 ··package·{·'aide':
131 ····ensure·=>·'installed',131 ····ensure·=>·'installed',
132 ··}132 ··}
133 }133 }
134 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
135 [[packages]] 
136 name·=·"aide" 
137 version·=·"*" 
138 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8134 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
139 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low135 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
140 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low136 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
141 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false137 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
142 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable138 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
143 -·name:·Gather·the·package·facts139 -·name:·Gather·the·package·facts
144 ··package_facts:140 ··package_facts:
Offset 169, 14 lines modifiedOffset 164, 19 lines modified
169 ··-·PCI-DSSv4-11.5.2164 ··-·PCI-DSSv4-11.5.2
170 ··-·enable_strategy165 ··-·enable_strategy
171 ··-·low_complexity166 ··-·low_complexity
172 ··-·low_disruption167 ··-·low_disruption
173 ··-·medium_severity168 ··-·medium_severity
174 ··-·no_reboot_needed169 ··-·no_reboot_needed
175 ··-·package_aide_installed170 ··-·package_aide_installed
 171 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 172 [[packages]]
 173 name·=·"aide"
 174 version·=·"*"
176 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*175 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
177 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution176 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution
178 of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:177 of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:
179 05·4·*·*·*·root·/usr/sbin/aide·--check178 05·4·*·*·*·root·/usr/sbin/aide·--check
180 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/179 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/
181 crontab:180 crontab:
182 05·4·*·*·0·root·/usr/sbin/aide·--check181 05·4·*·*·0·root·/usr/sbin/aide·--check
Offset 650, 14 lines modifiedOffset 650, 45 lines modified
650 Rationale:··from·retaining·access·to·the·user's·terminal·after·the·main·program·has·finished650 Rationale:··from·retaining·access·to·the·user's·terminal·after·the·main·program·has·finished
651 ············executing.651 ············executing.
652 Severity: ··medium652 Severity: ··medium
653 Rule·ID:····xccdf_org.ssgproject.content_rule_sudo_add_use_pty653 Rule·ID:····xccdf_org.ssgproject.content_rule_sudo_add_use_pty
654 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s··Req-10.2.5654 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s··Req-10.2.5
655 References:·_\x8a_\x8n_\x8s_\x8s_\x8i···R39655 References:·_\x8a_\x8n_\x8s_\x8s_\x8i···R39
656 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84·2.2.6,·2.2656 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84·2.2.6,·2.2
 657 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 658 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 659 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 660 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 661 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 662 #·Remediation·is·applicable·only·in·certain·platforms
 663 if·rpm·--quiet·-q·sudo;·then
  
 664 if·/usr/sbin/visudo·-qcf·/etc/sudoers;·then
 665 ····cp·/etc/sudoers·/etc/sudoers.bak
 666 ····if·!·grep·-P·'^[\s]*Defaults[\s]*\buse_pty\b.*$'·/etc/sudoers;·then
 667 ········#·sudoers·file·doesn't·define·Option·use_pty
 668 ········echo·"Defaults·use_pty"·>>·/etc/sudoers
 669 ····fi
  
 670 ····#·Check·validity·of·sudoers·and·cleanup·bak
 671 ····if·/usr/sbin/visudo·-qcf·/etc/sudoers;·then
 672 ········rm·-f·/etc/sudoers.bak
 673 ····else
 674 ········echo·"Fail·to·validate·remediated·/etc/sudoers,·reverting·to·original·file."
 675 ········mv·/etc/sudoers.bak·/etc/sudoers
 676 ········false
 677 ····fi
 678 else
 679 ····echo·"Skipping·remediation,·/etc/sudoers·failed·to·validate"
 680 ····false
 681 fi
  
 682 else
 683 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 684 fi
657 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8685 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
658 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low686 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
659 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low687 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
660 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false688 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
661 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict689 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
662 -·name:·Gather·the·package·facts690 -·name:·Gather·the·package·facts
663 ··package_facts:691 ··package_facts:
Offset 686, 27 lines modifiedOffset 717, 47 lines modified
686 ··-·PCI-DSSv4-2.2.6717 ··-·PCI-DSSv4-2.2.6
687 ··-·low_complexity718 ··-·low_complexity
688 ··-·low_disruption719 ··-·low_disruption
689 ··-·medium_severity720 ··-·medium_severity
690 ··-·no_reboot_needed721 ··-·no_reboot_needed
691 ··-·restrict_strategy722 ··-·restrict_strategy
692 ··-·sudo_add_use_pty723 ··-·sudo_add_use_pty
 724 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·S\x8Su\x8ud\x8do\x8o·L\x8Lo\x8og\x8gf\x8fi\x8il\x8le\x8e·E\x8Ex\x8xi\x8is\x8st\x8ts\x8s·-\x8-·s\x8su\x8ud\x8do\x8o·l\x8lo\x8og\x8gf\x8fi\x8il\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
 725 A·custom·log·sudo·file·can·be·configured·with·the·'logfile'·tag.·This·rule·configures·a·sudo
 726 custom·logfile·at·the·default·location·suggested·by·CIS,·which·uses·/var/log/sudo.log.
 727 Rationale:··A·sudo·log·file·simplifies·auditing·of·sudo·commands.
 728 Severity: ··low
 729 Rule·ID:····xccdf_org.ssgproject.content_rule_sudo_custom_logfile
 730 References:·_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s··Req-10.2.5
 731 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84·2.2.6,·2.2
693 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8732 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
694 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low733 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
695 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low734 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
696 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false735 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
697 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict736 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
698 #·Remediation·is·applicable·only·in·certain·platforms737 #·Remediation·is·applicable·only·in·certain·platforms
699 if·rpm·--quiet·-q·sudo;·then738 if·rpm·--quiet·-q·sudo;·then
  
 739 var_sudo_logfile='/var/log/sudo.log'
  
  
700 if·/usr/sbin/visudo·-qcf·/etc/sudoers;·then740 if·/usr/sbin/visudo·-qcf·/etc/sudoers;·then
701 ····cp·/etc/sudoers·/etc/sudoers.bak741 ····cp·/etc/sudoers·/etc/sudoers.bak
702 ····if·!·grep·-P·'^[\s]*Defaults[\s]*\buse_pty\b.*$'·/etc/sudoers;·then742 ····if·!·grep·-P·'^[\s]*Defaults[\s]*\blogfile\s*=\s*(?:"?([^",\s]+)"?)\b.*$'·/etc/sudoers;
 743 then
703 ········#·sudoers·file·doesn't·define·Option·use_pty744 ········#·sudoers·file·doesn't·define·Option·logfile
704 ········echo·"Defaults·use_pty"·>>·/etc/sudoers745 ········echo·"Defaults·logfile=${var_sudo_logfile}"·>>·/etc/sudoers
 746 ····else
 747 ········#·sudoers·file·defines·Option·logfile,·remediate·if·appropriate·value·is·not·set
 748 ········if·!·grep·-P·"^[\s]*Defaults.*\blogfile=${var_sudo_logfile}\b.*$"·/etc/sudoers;·then
  
 749 ············escaped_variable=${var_sudo_logfile//$'/'/$'\/'}
 750 ············sed·-Ei·"s/(^[\s]*Defaults.*\blogfile=)[-]?.+(\b.*$)/\1$escaped_variable\2/"·/
 751 etc/sudoers
 752 ········fi
705 ····fi753 ····fi
Max diff block lines reached; 212958/218088 bytes (97.65%) of diff not shown.
22.3 MB
./usr/share/doc/ssg-nondebian/ssg-ol10-guide-anssi_bp28_enhanced.html
    
Offset 15053, 217 lines modifiedOffset 15053, 217 lines modified
0003acc0:·7461·7267·6574·3d22·2369·646d·3530·3937··target="#idm50970003acc0:·7461·7267·6574·3d22·2369·646d·3530·3937··target="#idm5097
0003acd0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003acd0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003ace0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003ace0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003acf0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003acf0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003ad00:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003ad00:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003ad10:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003ad10:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003ad20:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003ad20:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
0003ad30:·696f·6e20·416e·6163·6f6e·6461·2073·6e69··ion·Anaconda·sni0003ad30:·696f·6e20·5075·7070·6574·2073·6e69·7070··ion·Puppet·snipp
0003ad40:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003ad40:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d
0003ad50:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003ad50:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0003ad60:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003ad60:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
0003ad70:·7073·6522·2069·643d·2269·646d·3530·3937··pse"·id="idm50970003ad70:·6522·2069·643d·2269·646d·3530·3937·223e··e"·id="idm5097">
0003ad80:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="0003ad80:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
0003ad90:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri0003ad90:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
0003ada0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border0003ada0:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
0003adb0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens0003adb0:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
0003adc0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp0003adc0:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
0003add0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>0003add0:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo
0003ade0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr0003ade0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
0003adf0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:0003adf0:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
0003ae00:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td0003ae00:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
0003ae10:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re0003ae10:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo
0003ae20:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa0003ae20:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals
0003ae30:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr0003ae30:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><
0003ae40:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</0003ae40:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
0003ae50:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t0003ae50:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td>
0003ae60:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><0003ae60:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
0003ae70:·7072·653e·3c63·6f64·653e·0a70·6163·6b61··pre><code>.packa 
0003ae80:·6765·202d·2d61·6464·3d61·6964·650a·3c2f··ge·--add=aide.</ 
0003ae90:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003aea0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003aeb0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003aec0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003aed0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003aee0:·2369·646d·3530·3938·2220·7461·6269·6e64··#idm5098"·tabind 
0003aef0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003af00:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003af10:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003af20:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003af30:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003af40:·5265·6d65·6469·6174·696f·6e20·5075·7070··Remediation·Pupp 
0003af50:·6574·2073·6e69·7070·6574·20e2·87b2·3c2f··et·snippet·...</ 
0003af60:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003af70:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003af80:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003af90:·646d·3530·3938·223e·3c74·6162·6c65·2063··dm5098"><table·c 
0003afa0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003afb0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003afc0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003afd0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003afe0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003aff0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b000:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003b010:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l0003ae70:·653e·3c63·6f64·653e·696e·636c·7564·6520··e><code>include·
 0003ae80:·696e·7374·616c·6c5f·6169·6465·0a0a·636c··install_aide..cl
 0003ae90:·6173·7320·696e·7374·616c·6c5f·6169·6465··ass·install_aide
 0003aea0:·207b·0a20·2070·6163·6b61·6765·207b·2027···{.··package·{·'
 0003aeb0:·6169·6465·273a·0a20·2020·2065·6e73·7572··aide':.····ensur
 0003aec0:·6520·3d26·6774·3b20·2769·6e73·7461·6c6c··e·=&gt;·'install
 0003aed0:·6564·272c·0a20·207d·0a7d·0a3c·2f63·6f64··ed',.··}.}.</cod
 0003aee0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a
 0003aef0:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-
 0003af00:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to
 0003af10:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·
 0003af20:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
 0003af30:·6d35·3039·3822·2074·6162·696e·6465·783d··m5098"·tabindex=
 0003af40:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
 0003af50:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
 0003af60:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
 0003af70:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
 0003af80:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
 0003af90:·6564·6961·7469·6f6e·2053·6865·6c6c·2073··ediation·Shell·s
 0003afa0:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br
 0003afb0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
 0003afc0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
 0003afd0:·6170·7365·2220·6964·3d22·6964·6d35·3039··apse"·id="idm509
 0003afe0:·3822·3e3c·7461·626c·6520·636c·6173·733d··8"><table·class=
 0003aff0:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
 0003b000:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
 0003b010:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
 0003b020:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
 0003b030:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
0003b020:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>0003b040:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
0003b030:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003b040:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></0003b050:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
 0003b060:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
0003b050:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat0003b070:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
0003b060:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena0003b080:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
0003b070:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003b080:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003b090:·696e·636c·7564·6520·696e·7374·616c·6c5f··include·install_ 
0003b0a0:·6169·6465·0a0a·636c·6173·7320·696e·7374··aide..class·inst 
0003b0b0:·616c·6c5f·6169·6465·207b·0a20·2070·6163··all_aide·{.··pac 
0003b0c0:·6b61·6765·207b·2027·6169·6465·273a·0a20··kage·{·'aide':.· 
0003b0d0:·2020·2065·6e73·7572·6520·3d26·6774·3b20·····ensure·=&gt;· 
0003b0e0:·2769·6e73·7461·6c6c·6564·272c·0a20·207d··'installed',.··} 
0003b0f0:·0a7d·0a3c·2f63·6f64·653e·3c2f·7072·653e··.}.</code></pre> 
0003b100:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003b110:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"0003b090:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
 0003b0a0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
 0003b0b0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
 0003b0c0:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
 0003b0d0:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
 0003b0e0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
 0003b0f0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
 0003b100:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
 0003b110:·0a69·6620·7270·6d20·2d2d·7175·6965·7420··.if·rpm·--quiet·
 0003b120:·2d71·206b·6572·6e65·6c20·7c7c·2072·706d··-q·kernel·||·rpm
 0003b130:·202d·2d71·7569·6574·202d·7120·6b65·726e···--quiet·-q·kern
 0003b140:·656c·2d75·656b·3b20·7468·656e·0a0a·6966··el-uek;·then..if
 0003b150:·2021·2072·706d·202d·7120·2d2d·7175·6965···!·rpm·-q·--quie
 0003b160:·7420·2261·6964·6522·203b·2074·6865·6e0a··t·"aide"·;·then.
 0003b170:·2020·2020·646e·6620·696e·7374·616c·6c20······dnf·install·
 0003b180:·2d79·2022·6169·6465·220a·6669·0a0a·656c··-y·"aide".fi..el
 0003b190:·7365·0a20·2020·2026·6774·3b26·616d·703b··se.····&gt;&amp;
 0003b1a0:·3220·6563·686f·2027·5265·6d65·6469·6174··2·echo·'Remediat
 0003b1b0:·696f·6e20·6973·206e·6f74·2061·7070·6c69··ion·is·not·appli
 0003b1c0:·6361·626c·652c·206e·6f74·6869·6e67·2077··cable,·nothing·w
 0003b1d0:·6173·2064·6f6e·6527·0a66·690a·3c2f·636f··as·done'.fi.</co
 0003b1e0:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
 0003b1f0:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
 0003b200:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
 0003b210:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
0003b120:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co0003b220:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003b130:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003b140:·6765·743d·2223·6964·6d35·3039·3922·2074··get="#idm5099"·t 
0003b150:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
Max diff block lines reached; 21478317/21506911 bytes (99.87%) of diff not shown.
1.84 MB
html2text {}
Max HTML report size reached
22.6 MB
./usr/share/doc/ssg-nondebian/ssg-ol10-guide-anssi_bp28_high.html
    
Offset 15058, 218 lines modifiedOffset 15058, 218 lines modified
0003ad10:·7461·2d74·6172·6765·743d·2223·6964·6d35··ta-target="#idm50003ad10:·7461·2d74·6172·6765·743d·2223·6964·6d35··ta-target="#idm5
0003ad20:·3039·3722·2074·6162·696e·6465·783d·2230··097"·tabindex="00003ad20:·3039·3722·2074·6162·696e·6465·783d·2230··097"·tabindex="0
0003ad30:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·0003ad30:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003ad40:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f0003ad40:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003ad50:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act0003ad50:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003ad60:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"0003ad60:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
0003ad70:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed0003ad70:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
0003ad80:·6961·7469·6f6e·2041·6e61·636f·6e64·6120··iation·Anaconda·0003ad80:·6961·7469·6f6e·2050·7570·7065·7420·736e··iation·Puppet·sn
0003ad90:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003ad90:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br
0003ada0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003ada0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003adb0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003adb0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003adc0:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm50003adc0:·6170·7365·2220·6964·3d22·6964·6d35·3039··apse"·id="idm509
0003add0:·3039·3722·3e3c·7461·626c·6520·636c·6173··097"><table·clas0003add0:·3722·3e3c·7461·626c·6520·636c·6173·733d··7"><table·class=
0003ade0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s0003ade0:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
0003adf0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor0003adf0:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
0003ae00:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond0003ae00:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
0003ae10:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C0003ae10:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
0003ae20:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><0003ae20:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
0003ae30:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>0003ae30:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
0003ae40:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti0003ae40:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003ae50:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<0003ae50:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
0003ae60:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003ae60:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
0003ae70:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td0003ae70:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
0003ae80:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>0003ae80:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
0003ae90:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy0003ae90:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0003aea0:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable0003aea0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
0003aeb0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl0003aeb0:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
0003aec0:·653e·3c70·7265·3e3c·636f·6465·3e0a·7061··e><pre><code>.pa0003aec0:·3c70·7265·3e3c·636f·6465·3e69·6e63·6c75··<pre><code>inclu
0003aed0:·636b·6167·6520·2d2d·6164·643d·6169·6465··ckage·--add=aide 
0003aee0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003aef0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003af00:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003af10:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003af20:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
0003af30:·743d·2223·6964·6d35·3039·3822·2074·6162··t="#idm5098"·tab 
0003af40:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003af50:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003af60:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003af70:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003af80:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003af90:·2122·3e52·656d·6564·6961·7469·6f6e·2050··!">Remediation·P 
0003afa0:·7570·7065·7420·736e·6970·7065·7420·e287··uppet·snippet·.. 
0003afb0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003afc0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003afd0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003afe0:·3d22·6964·6d35·3039·3822·3e3c·7461·626c··="idm5098"><tabl 
0003aff0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003b000:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003b010:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003b020:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003b030:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003b040:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b050:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003b060:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003aed0:·6465·2069·6e73·7461·6c6c·5f61·6964·650a··de·install_aide.
 0003aee0:·0a63·6c61·7373·2069·6e73·7461·6c6c·5f61··.class·install_a
 0003aef0:·6964·6520·7b0a·2020·7061·636b·6167·6520··ide·{.··package·
 0003af00:·7b20·2761·6964·6527·3a0a·2020·2020·656e··{·'aide':.····en
 0003af10:·7375·7265·203d·2667·743b·2027·696e·7374··sure·=&gt;·'inst
 0003af20:·616c·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f··alled',.··}.}.</
 0003af30:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div
 0003af40:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b
 0003af50:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data
 0003af60:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps
 0003af70:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
 0003af80:·2369·646d·3530·3938·2220·7461·6269·6e64··#idm5098"·tabind
 0003af90:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
 0003afa0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
 0003afb0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
 0003afc0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
 0003afd0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
 0003afe0:·5265·6d65·6469·6174·696f·6e20·5368·656c··Remediation·Shel
 0003aff0:·6c20·7363·7269·7074·20e2·87b2·3c2f·613e··l·script·...</a>
 0003b000:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
 0003b010:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
 0003b020:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
 0003b030:·3530·3938·223e·3c74·6162·6c65·2063·6c61··5098"><table·cla
 0003b040:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
 0003b050:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
 0003b060:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
 0003b070:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
 0003b080:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003b070:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><0003b090:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
0003b080:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003b090:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td0003b0a0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
 0003b0b0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low
0003b0a0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St0003b0c0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003b0b0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003b0c0:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003b0d0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003b0e0:·6465·3e69·6e63·6c75·6465·2069·6e73·7461··de>include·insta 
0003b0f0:·6c6c·5f61·6964·650a·0a63·6c61·7373·2069··ll_aide..class·i 
0003b100:·6e73·7461·6c6c·5f61·6964·6520·7b0a·2020··nstall_aide·{.·· 
0003b110:·7061·636b·6167·6520·7b20·2761·6964·6527··package·{·'aide' 
0003b120:·3a0a·2020·2020·656e·7375·7265·203d·2667··:.····ensure·=&g 
0003b130:·743b·2027·696e·7374·616c·6c65·6427·2c0a··t;·'installed',. 
0003b140:·2020·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70····}.}.</code></p 
0003b150:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003b160:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe0003b0d0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
 0003b0e0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
 0003b0f0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
 0003b100:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl
 0003b110:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
 0003b120:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
 0003b130:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
 0003b140:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
 0003b150:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
 0003b160:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
 0003b170:·6574·202d·7120·6b65·726e·656c·207c·7c20··et·-q·kernel·||·
 0003b180:·7270·6d20·2d2d·7175·6965·7420·2d71·206b··rpm·--quiet·-q·k
 0003b190:·6572·6e65·6c2d·7565·6b3b·2074·6865·6e0a··ernel-uek;·then.
 0003b1a0:·0a69·6620·2120·7270·6d20·2d71·202d·2d71··.if·!·rpm·-q·--q
 0003b1b0:·7569·6574·2022·6169·6465·2220·3b20·7468··uiet·"aide"·;·th
 0003b1c0:·656e·0a20·2020·2064·6e66·2069·6e73·7461··en.····dnf·insta
 0003b1d0:·6c6c·202d·7920·2261·6964·6522·0a66·690a··ll·-y·"aide".fi.
 0003b1e0:·0a65·6c73·650a·2020·2020·2667·743b·2661··.else.····&gt;&a
 0003b1f0:·6d70·3b32·2065·6368·6f20·2752·656d·6564··mp;2·echo·'Remed
 0003b200:·6961·7469·6f6e·2069·7320·6e6f·7420·6170··iation·is·not·ap
 0003b210:·706c·6963·6162·6c65·2c20·6e6f·7468·696e··plicable,·nothin
 0003b220:·6720·7761·7320·646f·6e65·270a·6669·0a3c··g·was·done'.fi.<
 0003b230:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
 0003b240:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
 0003b250:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
 0003b260:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
0003b170:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle=0003b270:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
 0003b280:·2223·6964·6d35·3039·3922·2074·6162·696e··"#idm5099"·tabin
 0003b290:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
 0003b2a0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
Max diff block lines reached; 21754511/21783243 bytes (99.87%) of diff not shown.
1.87 MB
html2text {}
Max HTML report size reached
10.1 MB
./usr/share/doc/ssg-nondebian/ssg-ol10-guide-anssi_bp28_intermediary.html
    
Offset 15049, 217 lines modifiedOffset 15049, 217 lines modified
0003ac80:·6765·743d·2223·6964·6d35·3039·3722·2074··get="#idm5097"·t0003ac80:·6765·743d·2223·6964·6d35·3039·3722·2074··get="#idm5097"·t
0003ac90:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003ac90:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003aca0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003aca0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003acb0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003acb0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003acc0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003acc0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003acd0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003acd0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003ace0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003ace0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003acf0:·2041·6e61·636f·6e64·6120·736e·6970·7065···Anaconda·snippe0003acf0:·2050·7570·7065·7420·736e·6970·7065·7420···Puppet·snippet·
0003ad00:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di0003ad00:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
0003ad10:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c0003ad10:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
0003ad20:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse0003ad20:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
0003ad30:·2220·6964·3d22·6964·6d35·3039·3722·3e3c··"·id="idm5097"><0003ad30:·6964·3d22·6964·6d35·3039·3722·3e3c·7461··id="idm5097"><ta
0003ad40:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab0003ad40:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
0003ad50:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped0003ad50:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
0003ad60:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·0003ad60:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
0003ad70:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"0003ad70:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
0003ad80:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex0003ad80:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
0003ad90:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low0003ad90:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</
0003ada0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003ada0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003adb0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t0003adb0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th>
0003adc0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></0003adc0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
0003add0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo0003add0:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:
0003ade0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false0003ade0:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</
0003adf0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003adf0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003ae00:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>0003ae00:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
0003ae10:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><0003ae10:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t
0003ae20:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre0003ae20:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
0003ae30:·3e3c·636f·6465·3e0a·7061·636b·6167·6520··><code>.package· 
0003ae40:·2d2d·6164·643d·6169·6465·0a3c·2f63·6f64··--add=aide.</cod0003ae30:·636f·6465·3e69·6e63·6c75·6465·2069·6e73··code>include·ins
 0003ae40:·7461·6c6c·5f61·6964·650a·0a63·6c61·7373··tall_aide..class
 0003ae50:·2069·6e73·7461·6c6c·5f61·6964·6520·7b0a···install_aide·{.
 0003ae60:·2020·7061·636b·6167·6520·7b20·2761·6964····package·{·'aid
 0003ae70:·6527·3a0a·2020·2020·656e·7375·7265·203d··e':.····ensure·=
 0003ae80:·2667·743b·2027·696e·7374·616c·6c65·6427··&gt;·'installed'
 0003ae90:·2c0a·2020·7d0a·7d0a·3c2f·636f·6465·3e3c··,.··}.}.</code><
 0003aea0:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl
 0003aeb0:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc
 0003aec0:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl
 0003aed0:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat
 0003aee0:·612d·7461·7267·6574·3d22·2369·646d·3530··a-target="#idm50
 0003aef0:·3938·2220·7461·6269·6e64·6578·3d22·3022··98"·tabindex="0"
 0003af00:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
 0003af10:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
 0003af20:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
 0003af30:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
 0003af40:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
 0003af50:·6174·696f·6e20·5368·656c·6c20·7363·7269··ation·Shell·scri
 0003af60:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
 0003af70:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
 0003af80:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
 0003af90:·6522·2069·643d·2269·646d·3530·3938·223e··e"·id="idm5098">
 0003afa0:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
 0003afb0:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
 0003afc0:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
 0003afd0:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
 0003afe0:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
 0003aff0:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo
 0003b000:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003b010:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
 0003b020:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003b030:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo
 0003b040:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals
 0003b050:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><
 0003b060:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
 0003b070:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td>
 0003b080:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
 0003b090:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
 0003b0a0:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
 0003b0b0:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
 0003b0c0:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
 0003b0d0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
 0003b0e0:·6b65·726e·656c·207c·7c20·7270·6d20·2d2d··kernel·||·rpm·--
 0003b0f0:·7175·6965·7420·2d71·206b·6572·6e65·6c2d··quiet·-q·kernel-
 0003b100:·7565·6b3b·2074·6865·6e0a·0a69·6620·2120··uek;·then..if·!·
 0003b110:·7270·6d20·2d71·202d·2d71·7569·6574·2022··rpm·-q·--quiet·"
 0003b120:·6169·6465·2220·3b20·7468·656e·0a20·2020··aide"·;·then.···
 0003b130:·2064·6e66·2069·6e73·7461·6c6c·202d·7920···dnf·install·-y·
 0003b140:·2261·6964·6522·0a66·690a·0a65·6c73·650a··"aide".fi..else.
 0003b150:·2020·2020·2667·743b·2661·6d70·3b32·2065······&gt;&amp;2·e
 0003b160:·6368·6f20·2752·656d·6564·6961·7469·6f6e··cho·'Remediation
 0003b170:·2069·7320·6e6f·7420·6170·706c·6963·6162···is·not·applicab
 0003b180:·6c65·2c20·6e6f·7468·696e·6720·7761·7320··le,·nothing·was·
 0003b190:·646f·6e65·270a·6669·0a3c·2f63·6f64·653e··done'.fi.</code>
0003ae50:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a0003b1a0:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
0003ae60:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-0003b1b0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
0003ae70:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to0003b1c0:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
0003ae80:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·0003b1d0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
0003ae90:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003b1e0:·7461·2d74·6172·6765·743d·2223·6964·6d35··ta-target="#idm5
0003aea0:·6d35·3039·3822·2074·6162·696e·6465·783d··m5098"·tabindex=0003b1f0:·3039·3922·2074·6162·696e·6465·783d·2230··099"·tabindex="0
0003aeb0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003b200:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003aec0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003b210:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003aed0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003b220:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003aee0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003b230:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
0003aef0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003b240:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003b250:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s
0003af00:·6564·6961·7469·6f6e·2050·7570·7065·7420··ediation·Puppet· 
0003af10:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003af20:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003af30:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003af40:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5 
0003af50:·3039·3822·3e3c·7461·626c·6520·636c·6173··098"><table·clas 
0003af60:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003af70:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003af80:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003af90:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003afa0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003afb0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003afc0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003afd0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003afe0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003aff0:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b000:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b010:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b020:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b030:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b040:·653e·3c70·7265·3e3c·636f·6465·3e69·6e63··e><pre><code>inc 
0003b050:·6c75·6465·2069·6e73·7461·6c6c·5f61·6964··lude·install_aid 
0003b060:·650a·0a63·6c61·7373·2069·6e73·7461·6c6c··e..class·install 
0003b070:·5f61·6964·6520·7b0a·2020·7061·636b·6167··_aide·{.··packag 
0003b080:·6520·7b20·2761·6964·6527·3a0a·2020·2020··e·{·'aide':.···· 
0003b090:·656e·7375·7265·203d·2667·743b·2027·696e··ensure·=&gt;·'in 
0003b0a0:·7374·616c·6c65·6427·2c0a·2020·7d0a·7d0a··stalled',.··}.}. 
0003b0b0:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003b0c0:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003b0d0:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003b0e0:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003b0f0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
Max diff block lines reached; 9556040/9584634 bytes (99.70%) of diff not shown.
1010 KB
html2text {}
    
Offset 115, 38 lines modifiedOffset 115, 41 lines modified
115 ···························A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.14.2.7,·A.15.2.1,·A.8.2.3115 ···························A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.14.2.7,·A.15.2.1,·A.8.2.3
116 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)116 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
117 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3117 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
118 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5118 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
119 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199119 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
120 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79120 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
121 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2121 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
122 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
123 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
124 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
125 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
126 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
127 package·--add=aide 
128 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8122 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
129 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low123 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
130 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low124 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
131 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false125 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
132 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable126 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
133 include·install_aide127 include·install_aide
  
134 class·install_aide·{128 class·install_aide·{
135 ··package·{·'aide':129 ··package·{·'aide':
136 ····ensure·=>·'installed',130 ····ensure·=>·'installed',
137 ··}131 ··}
138 }132 }
139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 138 #·Remediation·is·applicable·only·in·certain·platforms
 139 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then
  
140 [[packages]] 
141 name·=·"aide" 
142 version·=·"*"140 if·!·rpm·-q·--quiet·"aide"·;·then
 141 ····dnf·install·-y·"aide"
 142 fi
  
 143 else
 144 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 145 fi
143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
148 -·name:·Gather·the·package·facts151 -·name:·Gather·the·package·facts
149 ··package_facts:152 ··package_facts:
Offset 175, 29 lines modifiedOffset 178, 26 lines modified
175 ··-·PCI-DSSv4-11.5.2178 ··-·PCI-DSSv4-11.5.2
176 ··-·enable_strategy179 ··-·enable_strategy
177 ··-·low_complexity180 ··-·low_complexity
178 ··-·low_disruption181 ··-·low_disruption
179 ··-·medium_severity182 ··-·medium_severity
180 ··-·no_reboot_needed183 ··-·no_reboot_needed
181 ··-·package_aide_installed184 ··-·package_aide_installed
 185 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 186 [[packages]]
 187 name·=·"aide"
 188 version·=·"*"
182 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
183 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low190 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
184 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low191 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
185 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false192 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
186 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable193 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
187 #·Remediation·is·applicable·only·in·certain·platforms 
188 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then 
  
189 if·!·rpm·-q·--quiet·"aide"·;·then 
190 ····dnf·install·-y·"aide" 
191 fi 
  
 194 package·--add=aide
192 else 
193 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
194 fi 
195 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*195 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
196 Run·the·following·command·to·generate·a·new·database:196 Run·the·following·command·to·generate·a·new·database:
197 $·sudo·/usr/sbin/aide·--init197 $·sudo·/usr/sbin/aide·--init
198 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the198 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the
199 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these199 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these
200 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their200 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
201 integrity.·The·newly-generated·database·can·be·installed·as·follows:201 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 221, 14 lines modifiedOffset 221, 28 lines modified
221 ···························A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.14.2.7,·A.15.2.1,·A.8.2.3221 ···························A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.14.2.7,·A.15.2.1,·A.8.2.3
222 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)222 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
223 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3223 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
224 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5224 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
225 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199225 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
226 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79226 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
227 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2227 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 228 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 229 #·Remediation·is·applicable·only·in·certain·platforms
 230 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then
  
 231 if·!·rpm·-q·--quiet·"aide"·;·then
 232 ····dnf·install·-y·"aide"
 233 fi
  
 234 /usr/sbin/aide·--init
 235 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 236 else
 237 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 238 fi
228 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8239 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
229 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low240 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
230 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low241 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
231 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false242 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
232 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict243 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
233 -·name:·Gather·the·package·facts244 -·name:·Gather·the·package·facts
234 ··package_facts:245 ··package_facts:
Offset 313, 28 lines modifiedOffset 327, 14 lines modified
313 ··-·PCI-DSSv4-11.5.2327 ··-·PCI-DSSv4-11.5.2
314 ··-·aide_build_database328 ··-·aide_build_database
315 ··-·low_complexity329 ··-·low_complexity
316 ··-·low_disruption330 ··-·low_disruption
317 ··-·medium_severity331 ··-·medium_severity
318 ··-·no_reboot_needed332 ··-·no_reboot_needed
319 ··-·restrict_strategy333 ··-·restrict_strategy
320 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
321 #·Remediation·is·applicable·only·in·certain·platforms 
322 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then 
  
Max diff block lines reached; 1030985/1036408 bytes (99.48%) of diff not shown.
3.42 MB
./usr/share/doc/ssg-nondebian/ssg-ol10-guide-anssi_bp28_minimal.html
    
Offset 14735, 227 lines modifiedOffset 14735, 227 lines modified
000398e0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i000398e0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
000398f0:·646d·3831·3236·2220·7461·6269·6e64·6578··dm8126"·tabindex000398f0:·646d·3831·3236·2220·7461·6269·6e64·6578··dm8126"·tabindex
00039900:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto00039900:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
00039910:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded00039910:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
00039920:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="00039920:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
00039930:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve00039930:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
00039940:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re00039940:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
00039950:·6d65·6469·6174·696f·6e20·416e·6163·6f6e··mediation·Anacon00039950:·6d65·6469·6174·696f·6e20·5075·7070·6574··mediation·Puppet
00039960:·6461·2073·6e69·7070·6574·20e2·87b2·3c2f··da·snippet·...</00039960:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>
00039970:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class00039970:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
00039980:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse00039980:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
00039990:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i00039990:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
000399a0:·646d·3831·3236·223e·3c74·6162·6c65·2063··dm8126"><table·c000399a0:·3831·3236·223e·3c74·6162·6c65·2063·6c61··8126"><table·cla
000399b0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl000399b0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
000399c0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-000399c0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
000399d0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c000399d0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
000399e0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t000399e0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
000399f0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t000399f0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
00039a00:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></00039a00:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
00039a10:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru00039a10:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
00039a20:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l00039a20:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low
00039a30:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>00039a30:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
00039a40:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>00039a40:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
00039a50:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></00039a50:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
00039a60:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat00039a60:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
00039a70:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena00039a70:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl
00039a80:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t00039a80:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
00039a90:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>00039a90:·6c65·3e3c·7072·653e·3c63·6f64·653e·696e··le><pre><code>in
00039aa0:·0a70·6163·6b61·6765·202d·2d61·6464·3d64··.package·--add=d 
00039ab0:·6e66·2d61·7574·6f6d·6174·6963·0a3c·2f63··nf-automatic.</c 
00039ac0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
00039ad0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
00039ae0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
00039af0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
00039b00:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
00039b10:·6964·6d38·3132·3722·2074·6162·696e·6465··idm8127"·tabinde 
00039b20:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
00039b30:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
00039b40:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
00039b50:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
00039b60:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
00039b70:·656d·6564·6961·7469·6f6e·2050·7570·7065··emediation·Puppe 
00039b80:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
00039b90:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
00039ba0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
00039bb0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
00039bc0:·6d38·3132·3722·3e3c·7461·626c·6520·636c··m8127"><table·cl 
00039bd0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
00039be0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
00039bf0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
00039c00:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
00039c10:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
00039c20:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
00039c30:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
00039c40:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
00039c50:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
00039c60:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
00039c70:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
00039c80:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
00039c90:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
00039ca0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
00039cb0:·626c·653e·3c70·7265·3e3c·636f·6465·3e69··ble><pre><code>i 
00039cc0:·6e63·6c75·6465·2069·6e73·7461·6c6c·5f64··nclude·install_d 
00039cd0:·6e66·2d61·7574·6f6d·6174·6963·0a0a·636c··nf-automatic..cl 
00039ce0:·6173·7320·696e·7374·616c·6c5f·646e·662d··ass·install_dnf-00039aa0:·636c·7564·6520·696e·7374·616c·6c5f·646e··clude·install_dn
00039cf0:·6175·746f·6d61·7469·6320·7b0a·2020·7061··automatic·{.··pa 
00039d00:·636b·6167·6520·7b20·2764·6e66·2d61·7574··ckage·{·'dnf-aut 
00039d10:·6f6d·6174·6963·273a·0a20·2020·2065·6e73··omatic':.····ens 
00039d20:·7572·6520·3d26·6774·3b20·2769·6e73·7461··ure·=&gt;·'insta00039ab0:·662d·6175·746f·6d61·7469·630a·0a63·6c61··f-automatic..cla
 00039ac0:·7373·2069·6e73·7461·6c6c·5f64·6e66·2d61··ss·install_dnf-a
 00039ad0:·7574·6f6d·6174·6963·207b·0a20·2070·6163··utomatic·{.··pac
 00039ae0:·6b61·6765·207b·2027·646e·662d·6175·746f··kage·{·'dnf-auto
 00039af0:·6d61·7469·6327·3a0a·2020·2020·656e·7375··matic':.····ensu
 00039b00:·7265·203d·2667·743b·2027·696e·7374·616c··re·=&gt;·'instal
00039d30:·6c6c·6564·272c·0a20·207d·0a7d·0a3c·2f63··lled',.··}.}.</c00039b10:·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f·636f··led',.··}.}.</co
 00039b20:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
 00039b30:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
 00039b40:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
 00039b50:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
 00039b60:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
 00039b70:·646d·3831·3237·2220·7461·6269·6e64·6578··dm8127"·tabindex
 00039b80:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
 00039b90:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
 00039ba0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
 00039bb0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
 00039bc0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
 00039bd0:·6d65·6469·6174·696f·6e20·5368·656c·6c20··mediation·Shell·
00039d40:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
00039d50:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
00039d60:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
00039d70:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
00039d80:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
00039d90:·6964·6d38·3132·3822·2074·6162·696e·6465··idm8128"·tabinde 
00039da0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
00039db0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
00039dc0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
00039dd0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
00039de0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
00039df0:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui 
00039e00:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
00039e10:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>00039be0:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b
00039e20:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane00039bf0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
00039e30:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla00039c00:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
00039e40:·7073·6522·2069·643d·2269·646d·3831·3238··pse"·id="idm812800039c10:·6c61·7073·6522·2069·643d·2269·646d·3831··lapse"·id="idm81
 00039c20:·3237·223e·3c74·6162·6c65·2063·6c61·7373··27"><table·class
 00039c30:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
 00039c40:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
 00039c50:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
 00039c60:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
 00039c70:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
00039e50:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[ 
00039e60:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name· 
00039e70:·3d20·2264·6e66·2d61·7574·6f6d·6174·6963··=·"dnf-automatic 
00039e80:·220a·7665·7273·696f·6e20·3d20·222a·220a··".version·=·"*". 
00039e90:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
00039ea0:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
00039eb0:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
00039ec0:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
00039ed0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
00039ee0:·3d22·2369·646d·3831·3239·2220·7461·6269··="#idm8129"·tabi 
00039ef0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
00039f00:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
00039f10:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
00039f20:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
00039f30:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
00039f40:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An 
00039f50:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·.. 
Max diff block lines reached; 3341256/3371230 bytes (99.11%) of diff not shown.
206 KB
html2text {}
    
Offset 83, 38 lines modifiedOffset 83, 42 lines modified
83 Rationale:··dnf-automatic·is·an·alternative·command·line·interface·(CLI)·to·dnf·upgrade83 Rationale:··dnf-automatic·is·an·alternative·command·line·interface·(CLI)·to·dnf·upgrade
84 ············suitable·for·automatic,·regular·execution.84 ············suitable·for·automatic,·regular·execution.
85 Severity: ··medium85 Severity: ··medium
86 Rule·ID:····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed86 Rule·ID:····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed
87 ············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.287 ············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.2
88 References:·_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-0008088 References:·_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-00080
89 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R6189 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
90 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
91 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
92 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
93 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
94 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
95 package·--add=dnf-automatic 
96 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x890 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
97 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low91 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
98 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low92 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
99 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false93 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
100 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable94 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
101 include·install_dnf-automatic95 include·install_dnf-automatic
  
102 class·install_dnf-automatic·{96 class·install_dnf-automatic·{
103 ··package·{·'dnf-automatic':97 ··package·{·'dnf-automatic':
104 ····ensure·=>·'installed',98 ····ensure·=>·'installed',
105 ··}99 ··}
106 }100 }
107 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8101 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 102 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 103 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 104 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 105 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 106 #·Remediation·is·applicable·only·in·certain·platforms
 107 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-
 108 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
108 [[packages]] 
109 name·=·"dnf-automatic" 
110 version·=·"*"109 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then
 110 ····dnf·install·-y·"dnf-automatic"
 111 fi
  
 112 else
 113 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 114 fi
111 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8115 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
112 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low116 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
113 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low117 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
114 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false118 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
115 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable119 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
116 -·name:·Gather·the·package·facts120 -·name:·Gather·the·package·facts
117 ··package_facts:121 ··package_facts:
Offset 138, 30 lines modifiedOffset 142, 26 lines modified
138 ··tags:142 ··tags:
139 ··-·enable_strategy143 ··-·enable_strategy
140 ··-·low_complexity144 ··-·low_complexity
141 ··-·low_disruption145 ··-·low_disruption
142 ··-·medium_severity146 ··-·medium_severity
143 ··-·no_reboot_needed147 ··-·no_reboot_needed
144 ··-·package_dnf-automatic_installed148 ··-·package_dnf-automatic_installed
 149 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 150 [[packages]]
 151 name·=·"dnf-automatic"
 152 version·=·"*"
145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8153 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low154 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low155 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false156 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable157 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
150 #·Remediation·is·applicable·only·in·certain·platforms 
151 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·- 
152 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
 158 package·--add=dnf-automatic
153 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then 
154 ····dnf·install·-y·"dnf-automatic" 
155 fi 
  
156 else 
157 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
158 fi 
159 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*159 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
160 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed160 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed
161 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/161 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/
162 automatic.conf.162 automatic.conf.
163 ············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation163 ············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation
164 ············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and164 ············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and
165 Rationale:··updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in165 Rationale:··updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in
Offset 306, 14 lines modifiedOffset 306, 43 lines modified
306 ···························(a),·CM-11(b)306 ···························(a),·CM-11(b)
307 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1307 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
308 ············_\x8o_\x8s_\x8p_\x8p···········FPT_TUD_EXT.1,·FPT_TUD_EXT.2308 ············_\x8o_\x8s_\x8p_\x8p···········FPT_TUD_EXT.1,·FPT_TUD_EXT.2
309 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-6.2309 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-6.2
310 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000366-GPOS-00153310 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000366-GPOS-00153
311 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R59311 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R59
312 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········6.3.3,·6.3312 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········6.3.3,·6.3
 313 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 314 #·Remediation·is·applicable·only·in·certain·platforms
 315 if·rpm·--quiet·-q·dnf;·then
  
 316 #·Strip·any·search·characters·in·the·key·arg·so·that·the·key·can·be·replaced·without
 317 #·adding·any·search·characters·to·the·config·file.
 318 stripped_key=$(sed·'s/[\^=\$,;+]*//g'·<<<·"^gpgcheck")
  
 319 #·shellcheck·disable=SC2059
 320 printf·-v·formatted_output·"%s·=·%s"·"$stripped_key"·"1"
  
 321 #·If·the·key·exists,·change·it.·Otherwise,·add·it·to·the·config_file.
 322 #·We·search·for·the·key·string·followed·by·a·word·boundary·(matched·by·\>),
 323 #·so·if·we·search·for·'setting',·'setting2'·won't·match.
 324 if·LC_ALL=C·grep·-q·-m·1·-i·-e·"^gpgcheck\\>"·"/etc/dnf/dnf.conf";·then
 325 ····escaped_formatted_output=$(sed·-e·'s|/|\\/|g'·<<<·"$formatted_output")
 326 ····LC_ALL=C·sed·-i·--follow-symlinks·"s/^gpgcheck\\>.*/$escaped_formatted_output/gi"·"/etc/
 327 dnf/dnf.conf"
 328 else
 329 ····if·[[·-s·"/etc/dnf/dnf.conf"·]]·&&·[[·-n·"$(tail·-c·1·--·"/etc/dnf/dnf.conf"·||·true)"
 330 ]];·then
 331 ········LC_ALL=C·sed·-i·--follow-symlinks·'$a'\\·"/etc/dnf/dnf.conf"
 332 ····fi
 333 ····printf·'%s\n'·"$formatted_output"·>>·"/etc/dnf/dnf.conf"
 334 fi
  
 335 else
 336 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 337 fi
313 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8338 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
314 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low339 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
Max diff block lines reached; 205202/210923 bytes (97.29%) of diff not shown.
6.37 MB
./usr/share/doc/ssg-nondebian/ssg-ol10-guide-e8.html
    
Offset 15141, 408 lines modifiedOffset 15141, 408 lines modified
0003b240:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b240:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b250:·3d22·2369·646d·3437·3632·2220·7461·6269··="#idm4762"·tabi0003b250:·3d22·2369·646d·3437·3632·2220·7461·6269··="#idm4762"·tabi
0003b260:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b260:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b270:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b270:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b280:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b280:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b290:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b290:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b2a0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b2a0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b2b0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003b2b0:·223e·5265·6d65·6469·6174·696f·6e20·5368··">Remediation·Sh
0003b2c0:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..0003b2c0:·656c·6c20·7363·7269·7074·20e2·87b2·3c2f··ell·script·...</
0003b2d0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl0003b2d0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0003b2e0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla0003b2e0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0003b2f0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id0003b2f0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0003b300:·3d22·6964·6d34·3736·3222·3e3c·7461·626c··="idm4762"><tabl0003b300:·646d·3437·3632·223e·3c70·7265·3e3c·636f··dm4762"><pre><co
0003b310:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t0003b310:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
0003b320:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab0003b320:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
0003b330:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl0003b330:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
0003b340:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr0003b340:·6c61·7466·6f72·6d73·0a69·6620·2120·2820··latforms.if·!·(·
0003b350:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:0003b350:·7b20·7270·6d20·2d2d·7175·6965·7420·2d71··{·rpm·--quiet·-q
0003b360:·3c2f·7468·3e3c·7464·3e68·6967·683c·2f74··</th><td>high</t0003b360:·206b·6572·6e65·6c20·3b7d·2026·616d·703b···kernel·;}·&amp;
0003b370:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D0003b370:·2661·6d70·3b20·7b20·7270·6d20·2d2d·7175··&amp;·{·rpm·--qu
0003b380:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><0003b380:·6965·7420·2d71·2072·706d·2d6f·7374·7265··iet·-q·rpm-ostre
0003b390:·7464·3e6d·6564·6975·6d3c·2f74·643e·3c2f··td>medium</td></0003b390:·6520·3b7d·2026·616d·703b·2661·6d70·3b20··e·;}·&amp;&amp;·
0003b3a0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo0003b3a0:·7b20·7270·6d20·2d2d·7175·6965·7420·2d71··{·rpm·--quiet·-q
0003b3b0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false0003b3b0:·2062·6f6f·7463·203b·7d20·2661·6d70·3b26···bootc·;}·&amp;&
0003b3c0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003b3c0:·616d·703b·207b·2021·2072·706d·202d·2d71··amp;·{·!·rpm·--q
0003b3d0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>0003b3d0:·7569·6574·202d·7120·6f70·656e·7368·6966··uiet·-q·openshif
0003b3e0:·3c74·643e·7265·7374·7269·6374·3c2f·7464··<td>restrict</td0003b3e0:·742d·6b75·6265·6c65·7420·3b7d·2029·3b20··t-kubelet·;}·);·
0003b3f0:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p0003b3f0:·7468·656e·0a0a·2320·4669·6e64·2077·6869··then..#·Find·whi
0003b400:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:0003b400:·6368·2066·696c·6573·2068·6176·6520·696e··ch·files·have·in
0003b410:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack0003b410:·636f·7272·6563·7420·6861·7368·2028·6e6f··correct·hash·(no
0003b420:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack0003b420:·7420·696e·202f·6574·632c·2062·6563·6175··t·in·/etc,·becau
0003b430:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m0003b430:·7365·206f·6620·7468·6520·7379·7374·656d··se·of·the·system
0003b440:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t0003b440:·2072·656c·6174·6564·2063·6f6e·6669·6720···related·config·
0003b450:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.0003b450:·6669·6c65·7329·2061·6e64·2074·6865·6e20··files)·and·then·
0003b460:·3130·2e34·2e31·0a20·202d·204e·4953·542d··10.4.1.··-·NIST-0003b460:·6765·7420·6669·6c65·7320·6e61·6d65·730a··get·files·names.
0003b470:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··0003b470:·6669·6c65·735f·7769·7468·5f69·6e63·6f72··files_with_incor
0003b480:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003b480:·7265·6374·5f68·6173·683d·2224·2872·706d··rect_hash="$(rpm
0003b490:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-800003b490:·202d·5661·202d·2d6e·6f63·6f6e·6669·6720···-Va·--noconfig·
0003b4a0:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-0003b4a0:·7c20·6772·6570·202d·4520·275e·2e2e·3527··|·grep·-E·'^..5'
0003b4b0:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-0003b4b0:·207c·2061·776b·2027·7b70·7269·6e74·2024···|·awk·'{print·$
0003b4c0:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-800003b4c0:·4e46·7d27·2029·220a·0a69·6620·5b20·2d6e··NF}'·)"..if·[·-n
0003b4d0:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-0003b4d0:·2022·2466·696c·6573·5f77·6974·685f·696e···"$files_with_in
0003b4e0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003b4e0:·636f·7272·6563·745f·6861·7368·2220·5d3b··correct_hash"·];
0003b4f0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-50003b4f0:·2074·6865·6e0a·2020·2020·2320·4672·6f6d···then.····#·From
0003b500:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI0003b500:·2066·696c·6573·206e·616d·6573·2067·6574···files·names·get
0003b510:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(60003b510:·2070·6163·6b61·6765·206e·616d·6573·2061···package·names·a
0003b520:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re0003b520:·6e64·2063·6861·6e67·6520·6e65·776c·696e··nd·change·newlin
0003b530:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D0003b530:·6520·746f·2073·7061·6365·2c20·6265·6361··e·to·space,·beca
0003b540:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·0003b540:·7573·6520·7270·6d20·7772·6974·6573·2065··use·rpm·writes·e
0003b550:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.0003b550:·6163·6820·7061·636b·6167·6520·746f·206e··ach·package·to·n
0003b560:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit0003b560:·6577·206c·696e·650a·2020·2020·7061·636b··ew·line.····pack
0003b570:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis0003b570:·6167·6573·5f74·6f5f·7265·696e·7374·616c··ages_to_reinstal
0003b580:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r0003b580:·6c3d·2224·2872·706d·202d·7166·2024·6669··l="$(rpm·-qf·$fi
0003b590:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-0003b590:·6c65·735f·7769·7468·5f69·6e63·6f72·7265··les_with_incorre
0003b5a0:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate0003b5a0:·6374·5f68·6173·6820·7c20·7472·2027·5c6e··ct_hash·|·tr·'\n
0003b5b0:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif0003b5b0:·2720·2720·2729·220a·0a20·2020·200a·2020··'·'·')"..····.··
0003b5c0:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name0003b5c0:·2020·646e·6620·7265·696e·7374·616c·6c20····dnf·reinstall·
0003b5d0:·3a20·2753·6574·2066·6163·743a·2050·6163··:·'Set·fact:·Pac0003b5d0:·2d79·2024·7061·636b·6167·6573·5f74·6f5f··-y·$packages_to_
0003b5e0:·6b61·6765·206d·616e·6167·6572·2072·6569··kage·manager·rei0003b5e0:·7265·696e·7374·616c·6c0a·2020·2020·0a66··reinstall.····.f
0003b5f0:·6e73·7461·6c6c·2063·6f6d·6d61·6e64·270a··nstall·command'.0003b5f0:·690a·0a65·6c73·650a·2020·2020·2667·743b··i..else.····&gt;
0003b600:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····0003b600:·2661·6d70·3b32·2065·6368·6f20·2752·656d··&amp;2·echo·'Rem
0003b610:·7061·636b·6167·655f·6d61·6e61·6765·725f··package_manager_0003b610:·6564·6961·7469·6f6e·2069·7320·6e6f·7420··ediation·is·not·
0003b620:·7265·696e·7374·616c·6c5f·636d·643a·2064··reinstall_cmd:·d0003b620:·6170·706c·6963·6162·6c65·2c20·6e6f·7468··applicable,·noth
0003b630:·6e66·2072·6569·6e73·7461·6c6c·202d·790a··nf·reinstall·-y.0003b630:·696e·6720·7761·7320·646f·6e65·270a·6669··ing·was·done'.fi
0003b640:·2020·7768·656e·3a0a·2020·2d20·6e6f·7420····when:.··-·not·0003b640:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
0003b650:·2820·226b·6572·6e65·6c22·2069·6e20·616e··(·"kernel"·in·an0003b650:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
0003b660:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003b660:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
0003b670:·6167·6573·2061·6e64·2022·7270·6d2d·6f73··ages·and·"rpm-os0003b670:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
0003b680:·7472·6565·2220·696e·2061·6e73·6962·6c65··tree"·in·ansible0003b680:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003b690:·5f66·6163·7473·2e70·6163·6b61·6765·730a··_facts.packages.0003b690:·743d·2223·6964·6d34·3736·3322·2074·6162··t="#idm4763"·tab
0003b6a0:·2020·2020·616e·6420·2262·6f6f·7463·2220······and·"bootc"·0003b6a0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003b6b0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003b6b0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003b6c0:·2e70·6163·6b61·6765·7320·616e·6420·6e6f··.packages·and·no0003b6c0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003b6d0:·7420·226f·7065·6e73·6869·6674·2d6b·7562··t·"openshift-kub0003b6d0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003b6e0:·656c·6574·2220·696e·2061·6e73·6962·6c65··elet"·in·ansible0003b6e0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003b6f0:·5f66·6163·7473·2e70·6163·6b61·6765·730a··_facts.packages.0003b6f0:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A
0003b700:·2020·2020·290a·2020·2d20·616e·7369·626c······).··-·ansibl0003b700:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·.
0003b710:·655f·6469·7374·7269·6275·7469·6f6e·2069··e_distribution·i0003b710:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
0003b720:·6e20·5b20·2246·6564·6f72·6122·2c20·2252··n·[·"Fedora",·"R0003b720:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0003b730:·6564·4861·7422·2c20·2243·656e·744f·5322··edHat",·"CentOS"0003b730:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0003b740:·2c20·224f·7261·636c·654c·696e·7578·2220··,·"OracleLinux"·0003b740:·643d·2269·646d·3437·3633·223e·3c74·6162··d="idm4763"><tab
0003b750:·5d0a·2020·7461·6773·3a0a·2020·2d20·434a··].··tags:.··-·CJ0003b750:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
0003b760:·4953·2d35·2e31·302e·342e·310a·2020·2d20··IS-5.10.4.1.··-·0003b760:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
0003b770:·4e49·5354·2d38·3030·2d31·3731·2d33·2e33··NIST-800-171-3.30003b770:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
0003b780:·2e38·0a20·202d·204e·4953·542d·3830·302d··.8.··-·NIST-800-0003b780:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
0003b790:·3137·312d·332e·342e·310a·2020·2d20·4e49··171-3.4.1.··-·NI0003b790:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
0003b7a0:·5354·2d38·3030·2d35·332d·4155·2d39·2833··ST-800-53-AU-9(30003b7a0:·3a3c·2f74·683e·3c74·643e·6869·6768·3c2f··:</th><td>high</
0003b7b0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003b7b0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003b7c0:·332d·434d·2d36·2863·290a·2020·2d20·4e49··3-CM-6(c).··-·NI0003b7c0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th>
0003b7d0:·5354·2d38·3030·2d35·332d·434d·2d36·2864··ST-800-53-CM-6(d0003b7d0:·3c74·643e·6d65·6469·756d·3c2f·7464·3e3c··<td>medium</td><
0003b7e0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003b7e0:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo
0003b7f0:·332d·5349·2d37·0a20·202d·204e·4953·542d··3-SI-7.··-·NIST-0003b7f0:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals
0003b800:·3830·302d·3533·2d53·492d·3728·3129·0a20··800-53-SI-7(1).·0003b800:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><
0003b810:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003b810:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
0003b820:·492d·3728·3629·0a20·202d·2050·4349·2d44··I-7(6).··-·PCI-D0003b820:·3e3c·7464·3e72·6573·7472·6963·743c·2f74··><td>restrict</t
0003b830:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·0003b830:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
0003b840:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.20003b840:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name
0003b850:·0a20·202d·2068·6967·685f·636f·6d70·6c65··.··-·high_comple0003b850:·3a20·4761·7468·6572·2074·6865·2070·6163··:·Gather·the·pac
0003b860:·7869·7479·0a20·202d·2068·6967·685f·7365··xity.··-·high_se0003b860:·6b61·6765·2066·6163·7473·0a20·2070·6163··kage·facts.··pac
0003b870:·7665·7269·7479·0a20·202d·206d·6564·6975··verity.··-·mediu0003b870:·6b61·6765·5f66·6163·7473·3a0a·2020·2020··kage_facts:.····
0003b880:·6d5f·6469·7372·7570·7469·6f6e·0a20·202d··m_disruption.··-0003b880:·6d61·6e61·6765·723a·2061·7574·6f0a·2020··manager:·auto.··
0003b890:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede0003b890:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5
0003b8a0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s0003b8a0:·2e31·302e·342e·310a·2020·2d20·4e49·5354··.10.4.1.··-·NIST
0003b8b0:·7472·6174·6567·790a·2020·2d20·7270·6d5f··trategy.··-·rpm_0003b8b0:·2d38·3030·2d31·3731·2d33·2e33·2e38·0a20··-800-171-3.3.8.·
0003b8c0:·7665·7269·6679·5f68·6173·6865·730a·0a2d··verify_hashes..-0003b8c0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
0003b8d0:·206e·616d·653a·2027·5365·7420·6661·6374···name:·'Set·fact0003b8d0:·332e·342e·310a·2020·2d20·4e49·5354·2d38··3.4.1.··-·NIST-8
0003b8e0:·3a20·5061·636b·6167·6520·6d61·6e61·6765··:·Package·manage0003b8e0:·3030·2d35·332d·4155·2d39·2833·290a·2020··00-53-AU-9(3).··
0003b8f0:·7220·7265·696e·7374·616c·6c20·636f·6d6d··r·reinstall·comm0003b8f0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM
0003b900:·616e·6420·287a·7970·7065·7229·270a·2020··and·(zypper)'.··0003b900:·2d36·2863·290a·2020·2d20·4e49·5354·2d38··-6(c).··-·NIST-8
0003b910:·7365·745f·6661·6374·3a0a·2020·2020·7061··set_fact:.····pa0003b910:·3030·2d35·332d·434d·2d36·2864·290a·2020··00-53-CM-6(d).··
0003b920:·636b·6167·655f·6d61·6e61·6765·725f·7265··ckage_manager_re0003b920:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI
0003b930:·696e·7374·616c·6c5f·636d·643a·207a·7970··install_cmd:·zyp0003b930:·2d37·0a20·202d·204e·4953·542d·3830·302d··-7.··-·NIST-800-
0003b940:·7065·7220·696e·202d·6620·2d79·0a20·2077··per·in·-f·-y.··w0003b940:·3533·2d53·492d·3728·3129·0a20·202d·204e··53-SI-7(1).··-·N
0003b950:·6865·6e3a·0a20·202d·206e·6f74·2028·2022··hen:.··-·not·(·"0003b950:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(
0003b960:·6b65·726e·656c·2220·696e·2061·6e73·6962··kernel"·in·ansib0003b960:·3629·0a20·202d·2050·4349·2d44·5353·2d52··6).··-·PCI-DSS-R
0003b970:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003b970:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI-
0003b980:·7320·616e·6420·2272·706d·2d6f·7374·7265··s·and·"rpm-ostre0003b980:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··-
0003b990:·6522·2069·6e20·616e·7369·626c·655f·6661··e"·in·ansible_fa0003b990:·2068·6967·685f·636f·6d70·6c65·7869·7479···high_complexity
0003b9a0:·6374·732e·7061·636b·6167·6573·0a20·2020··cts.packages.···0003b9a0:·0a20·202d·2068·6967·685f·7365·7665·7269··.··-·high_severi
0003b9b0:·2061·6e64·2022·626f·6f74·6322·2069·6e20···and·"bootc"·in·0003b9b0:·7479·0a20·202d·206d·6564·6975·6d5f·6469··ty.··-·medium_di
0003b9c0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003b9c0:·7372·7570·7469·6f6e·0a20·202d·206e·6f5f··sruption.··-·no_
0003b9d0:·636b·6167·6573·2061·6e64·206e·6f74·2022··ckages·and·not·"0003b9d0:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.··
0003b9e0:·6f70·656e·7368·6966·742d·6b75·6265·6c65··openshift-kubele0003b9e0:·2d20·7265·7374·7269·6374·5f73·7472·6174··-·restrict_strat
0003b9f0:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa0003b9f0:·6567·790a·2020·2d20·7270·6d5f·7665·7269··egy.··-·rpm_veri
0003ba00:·6374·732e·7061·636b·6167·6573·0a20·2020··cts.packages.···0003ba00:·6679·5f68·6173·6865·730a·0a2d·206e·616d··fy_hashes..-·nam
0003ba10:·2029·0a20·202d·2061·6e73·6962·6c65·5f64···).··-·ansible_d0003ba10:·653a·2027·5365·7420·6661·6374·3a20·5061··e:·'Set·fact:·Pa
Max diff block lines reached; 5990364/6045316 bytes (99.09%) of diff not shown.
620 KB
html2text {}
    
Offset 103, 14 lines modifiedOffset 103, 33 lines modified
103 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6103 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
104 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4104 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
105 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)105 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
106 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1106 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
107 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5107 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
108 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227108 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
109 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2109 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 110 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 111 #·Remediation·is·applicable·only·in·certain·platforms
 112 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 113 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 114 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 115 if·[·-n·"$files_with_incorrect_hash"·];·then
 116 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 117 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 118 ····dnf·reinstall·-y·$packages_to_reinstall
  
 119 fi
  
 120 else
 121 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 122 fi
110 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8123 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
111 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high124 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
112 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium125 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
113 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false126 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
114 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict127 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
115 -·name:·Gather·the·package·facts128 -·name:·Gather·the·package·facts
116 ··package_facts:129 ··package_facts:
Offset 277, 33 lines modifiedOffset 296, 14 lines modified
277 ··-·PCI-DSSv4-11.5.2296 ··-·PCI-DSSv4-11.5.2
278 ··-·high_complexity297 ··-·high_complexity
279 ··-·high_severity298 ··-·high_severity
280 ··-·medium_disruption299 ··-·medium_disruption
281 ··-·no_reboot_needed300 ··-·no_reboot_needed
282 ··-·restrict_strategy301 ··-·restrict_strategy
283 ··-·rpm_verify_hashes302 ··-·rpm_verify_hashes
284 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
285 #·Remediation·is·applicable·only·in·certain·platforms 
286 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
287 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
288 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
289 if·[·-n·"$files_with_incorrect_hash"·];·then 
290 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
291 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
292 ····dnf·reinstall·-y·$packages_to_reinstall 
  
293 fi 
  
294 else 
295 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
296 fi 
297 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*303 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
298 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:304 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
299 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'305 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
300 run·the·following·command·to·determine·which·package·owns·it:306 run·the·following·command·to·determine·which·package·owns·it:
301 $·rpm·-qf·FILENAME307 $·rpm·-qf·FILENAME
302 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:308 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
303 $·sudo·rpm·--restore·PACKAGENAME309 $·sudo·rpm·--restore·PACKAGENAME
Offset 322, 14 lines modifiedOffset 322, 46 lines modified
322 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5322 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
323 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2323 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
324 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)324 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
325 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1325 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
326 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5326 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
327 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108327 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
328 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2328 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 329 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 330 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 331 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 332 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 333 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 334 #·Remediation·is·applicable·only·in·certain·platforms
 335 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 336 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 337 declare·-A·SETPERMS_RPM_DICT
  
 338 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 339 #·is·expected·by·the·RPM·database
 340 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 341 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 342 do
 343 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 344 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 345 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 346 done
  
 347 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 348 #·correct·values
 349 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 350 do
 351 ········rpm·--restore·"${RPM_PACKAGE}"
 352 done
  
 353 else
 354 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 355 fi
329 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8356 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
330 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high357 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
331 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium358 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
332 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false359 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
333 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict360 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
334 -·name:·Gather·the·package·facts361 -·name:·Gather·the·package·facts
335 ··package_facts:362 ··package_facts:
Offset 437, 46 lines modifiedOffset 469, 14 lines modified
437 ··-·PCI-DSSv4-11.5.2469 ··-·PCI-DSSv4-11.5.2
438 ··-·high_complexity470 ··-·high_complexity
439 ··-·high_severity471 ··-·high_severity
440 ··-·medium_disruption472 ··-·medium_disruption
441 ··-·no_reboot_needed473 ··-·no_reboot_needed
442 ··-·restrict_strategy474 ··-·restrict_strategy
443 ··-·rpm_verify_ownership475 ··-·rpm_verify_ownership
444 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
445 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
446 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
447 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
448 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 627545/635256 bytes (98.79%) of diff not shown.
19.4 MB
./usr/share/doc/ssg-nondebian/ssg-ol10-guide-hipaa.html
    
Offset 15167, 408 lines modifiedOffset 15167, 408 lines modified
0003b3e0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003b3e0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003b3f0:·2369·646d·3437·3632·2220·7461·6269·6e64··#idm4762"·tabind0003b3f0:·2369·646d·3437·3632·2220·7461·6269·6e64··#idm4762"·tabind
0003b400:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003b400:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003b410:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003b410:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003b420:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003b420:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003b430:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003b430:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b440:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003b440:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003b450:·5265·6d65·6469·6174·696f·6e20·416e·7369··Remediation·Ansi0003b450:·5265·6d65·6469·6174·696f·6e20·5368·656c··Remediation·Shel
0003b460:·626c·6520·736e·6970·7065·7420·e287·b23c··ble·snippet·...<0003b460:·6c20·7363·7269·7074·20e2·87b2·3c2f·613e··l·script·...</a>
0003b470:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003b470:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003b480:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003b480:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003b490:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003b490:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003b4a0:·6964·6d34·3736·3222·3e3c·7461·626c·6520··idm4762"><table·0003b4a0:·3437·3632·223e·3c70·7265·3e3c·636f·6465··4762"><pre><code
0003b4b0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003b4b0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
0003b4c0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003b4c0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
0003b4d0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003b4d0:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
0003b4e0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003b4e0:·7466·6f72·6d73·0a69·6620·2120·2820·7b20··tforms.if·!·(·{·
0003b4f0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003b4f0:·7270·6d20·2d2d·7175·6965·7420·2d71·206b··rpm·--quiet·-q·k
0003b500:·7468·3e3c·7464·3e68·6967·683c·2f74·643e··th><td>high</td>0003b500:·6572·6e65·6c20·3b7d·2026·616d·703b·2661··ernel·;}·&amp;&a
0003b510:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis0003b510:·6d70·3b20·7b20·7270·6d20·2d2d·7175·6965··mp;·{·rpm·--quie
0003b520:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td0003b520:·7420·2d71·2072·706d·2d6f·7374·7265·6520··t·-q·rpm-ostree·
0003b530:·3e6d·6564·6975·6d3c·2f74·643e·3c2f·7472··>medium</td></tr0003b530:·3b7d·2026·616d·703b·2661·6d70·3b20·7b20··;}·&amp;&amp;·{·
0003b540:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:0003b540:·7270·6d20·2d2d·7175·6965·7420·2d71·2062··rpm·--quiet·-q·b
0003b550:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</0003b550:·6f6f·7463·203b·7d20·2661·6d70·3b26·616d··ootc·;}·&amp;&am
0003b560:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>0003b560:·703b·207b·2021·2072·706d·202d·2d71·7569··p;·{·!·rpm·--qui
0003b570:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t0003b570:·6574·202d·7120·6f70·656e·7368·6966·742d··et·-q·openshift-
0003b580:·643e·7265·7374·7269·6374·3c2f·7464·3e3c··d>restrict</td><0003b580:·6b75·6265·6c65·7420·3b7d·2029·3b20·7468··kubelet·;}·);·th
0003b590:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre0003b590:·656e·0a0a·2320·4669·6e64·2077·6869·6368··en..#·Find·which
0003b5a0:·3e3c·636f·6465·3e2d·206e·616d·653a·2047··><code>-·name:·G0003b5a0:·2066·696c·6573·2068·6176·6520·696e·636f···files·have·inco
0003b5b0:·6174·6865·7220·7468·6520·7061·636b·6167··ather·the·packag0003b5b0:·7272·6563·7420·6861·7368·2028·6e6f·7420··rrect·hash·(not·
0003b5c0:·6520·6661·6374·730a·2020·7061·636b·6167··e·facts.··packag0003b5c0:·696e·202f·6574·632c·2062·6563·6175·7365··in·/etc,·because
0003b5d0:·655f·6661·6374·733a·0a20·2020·206d·616e··e_facts:.····man0003b5d0:·206f·6620·7468·6520·7379·7374·656d·2072···of·the·system·r
0003b5e0:·6167·6572·3a20·6175·746f·0a20·2074·6167··ager:·auto.··tag0003b5e0:·656c·6174·6564·2063·6f6e·6669·6720·6669··elated·config·fi
0003b5f0:·733a·0a20·202d·2043·4a49·532d·352e·3130··s:.··-·CJIS-5.100003b5f0:·6c65·7329·2061·6e64·2074·6865·6e20·6765··les)·and·then·ge
0003b600:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-800003b600:·7420·6669·6c65·7320·6e61·6d65·730a·6669··t·files·names.fi
0003b610:·302d·3137·312d·332e·332e·380a·2020·2d20··0-171-3.3.8.··-·0003b610:·6c65·735f·7769·7468·5f69·6e63·6f72·7265··les_with_incorre
0003b620:·4e49·5354·2d38·3030·2d31·3731·2d33·2e34··NIST-800-171-3.40003b620:·6374·5f68·6173·683d·2224·2872·706d·202d··ct_hash="$(rpm·-
0003b630:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-0003b630:·5661·202d·2d6e·6f63·6f6e·6669·6720·7c20··Va·--noconfig·|·
0003b640:·3533·2d41·552d·3928·3329·0a20·202d·204e··53-AU-9(3).··-·N0003b640:·6772·6570·202d·4520·275e·2e2e·3527·207c··grep·-E·'^..5'·|
0003b650:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003b650:·2061·776b·2027·7b70·7269·6e74·2024·4e46···awk·'{print·$NF
0003b660:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-0003b660:·7d27·2029·220a·0a69·6620·5b20·2d6e·2022··}'·)"..if·[·-n·"
0003b670:·3533·2d43·4d2d·3628·6429·0a20·202d·204e··53-CM-6(d).··-·N0003b670:·2466·696c·6573·5f77·6974·685f·696e·636f··$files_with_inco
0003b680:·4953·542d·3830·302d·3533·2d53·492d·370a··IST-800-53-SI-7.0003b680:·7272·6563·745f·6861·7368·2220·5d3b·2074··rrect_hash"·];·t
0003b690:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b690:·6865·6e0a·2020·2020·2320·4672·6f6d·2066··hen.····#·From·f
0003b6a0:·5349·2d37·2831·290a·2020·2d20·4e49·5354··SI-7(1).··-·NIST0003b6a0:·696c·6573·206e·616d·6573·2067·6574·2070··iles·names·get·p
0003b6b0:·2d38·3030·2d35·332d·5349·2d37·2836·290a··-800-53-SI-7(6).0003b6b0:·6163·6b61·6765·206e·616d·6573·2061·6e64··ackage·names·and
0003b6c0:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-0003b6c0:·2063·6861·6e67·6520·6e65·776c·696e·6520···change·newline·
0003b6d0:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS0003b6d0:·746f·2073·7061·6365·2c20·6265·6361·7573··to·space,·becaus
0003b6e0:·7634·2d31·312e·352e·320a·2020·2d20·6869··v4-11.5.2.··-·hi0003b6e0:·6520·7270·6d20·7772·6974·6573·2065·6163··e·rpm·writes·eac
0003b6f0:·6768·5f63·6f6d·706c·6578·6974·790a·2020··gh_complexity.··0003b6f0:·6820·7061·636b·6167·6520·746f·206e·6577··h·package·to·new
0003b700:·2d20·6869·6768·5f73·6576·6572·6974·790a··-·high_severity.0003b700:·206c·696e·650a·2020·2020·7061·636b·6167···line.····packag
0003b710:·2020·2d20·6d65·6469·756d·5f64·6973·7275····-·medium_disru0003b710:·6573·5f74·6f5f·7265·696e·7374·616c·6c3d··es_to_reinstall=
0003b720:·7074·696f·6e0a·2020·2d20·6e6f·5f72·6562··ption.··-·no_reb0003b720:·2224·2872·706d·202d·7166·2024·6669·6c65··"$(rpm·-qf·$file
0003b730:·6f6f·745f·6e65·6564·6564·0a20·202d·2072··oot_needed.··-·r0003b730:·735f·7769·7468·5f69·6e63·6f72·7265·6374··s_with_incorrect
0003b740:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy0003b740:·5f68·6173·6820·7c20·7472·2027·5c6e·2720··_hash·|·tr·'\n'·
0003b750:·0a20·202d·2072·706d·5f76·6572·6966·795f··.··-·rpm_verify_0003b750:·2720·2729·220a·0a20·2020·200a·2020·2020··'·')"..····.····
0003b760:·6861·7368·6573·0a0a·2d20·6e61·6d65·3a20··hashes..-·name:·0003b760:·646e·6620·7265·696e·7374·616c·6c20·2d79··dnf·reinstall·-y
0003b770:·2753·6574·2066·6163·743a·2050·6163·6b61··'Set·fact:·Packa0003b770:·2024·7061·636b·6167·6573·5f74·6f5f·7265···$packages_to_re
0003b780:·6765·206d·616e·6167·6572·2072·6569·6e73··ge·manager·reins0003b780:·696e·7374·616c·6c0a·2020·2020·0a66·690a··install.····.fi.
0003b790:·7461·6c6c·2063·6f6d·6d61·6e64·270a·2020··tall·command'.··0003b790:·0a65·6c73·650a·2020·2020·2667·743b·2661··.else.····&gt;&a
0003b7a0:·7365·745f·6661·6374·3a0a·2020·2020·7061··set_fact:.····pa0003b7a0:·6d70·3b32·2065·6368·6f20·2752·656d·6564··mp;2·echo·'Remed
0003b7b0:·636b·6167·655f·6d61·6e61·6765·725f·7265··ckage_manager_re0003b7b0:·6961·7469·6f6e·2069·7320·6e6f·7420·6170··iation·is·not·ap
0003b7c0:·696e·7374·616c·6c5f·636d·643a·2064·6e66··install_cmd:·dnf0003b7c0:·706c·6963·6162·6c65·2c20·6e6f·7468·696e··plicable,·nothin
0003b7d0:·2072·6569·6e73·7461·6c6c·202d·790a·2020···reinstall·-y.··0003b7d0:·6720·7761·7320·646f·6e65·270a·6669·0a3c··g·was·done'.fi.<
0003b7e0:·7768·656e·3a0a·2020·2d20·6e6f·7420·2820··when:.··-·not·(·0003b7e0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
0003b7f0:·226b·6572·6e65·6c22·2069·6e20·616e·7369··"kernel"·in·ansi0003b7f0:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
0003b800:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003b800:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
0003b810:·6573·2061·6e64·2022·7270·6d2d·6f73·7472··es·and·"rpm-ostr0003b810:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
0003b820:·6565·2220·696e·2061·6e73·6962·6c65·5f66··ee"·in·ansible_f0003b820:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b830:·6163·7473·2e70·6163·6b61·6765·730a·2020··acts.packages.··0003b830:·2223·6964·6d34·3736·3322·2074·6162·696e··"#idm4763"·tabin
0003b840:·2020·616e·6420·2262·6f6f·7463·2220·696e····and·"bootc"·in0003b840:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b850:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003b850:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b860:·6163·6b61·6765·7320·616e·6420·6e6f·7420··ackages·and·not·0003b860:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b870:·226f·7065·6e73·6869·6674·2d6b·7562·656c··"openshift-kubel0003b870:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003b880:·6574·2220·696e·2061·6e73·6962·6c65·5f66··et"·in·ansible_f0003b880:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b890:·6163·7473·2e70·6163·6b61·6765·730a·2020··acts.packages.··0003b890:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans
0003b8a0:·2020·290a·2020·2d20·616e·7369·626c·655f····).··-·ansible_0003b8a0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...
0003b8b0:·6469·7374·7269·6275·7469·6f6e·2069·6e20··distribution·in·0003b8b0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003b8c0:·5b20·2246·6564·6f72·6122·2c20·2252·6564··[·"Fedora",·"Red0003b8c0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003b8d0:·4861·7422·2c20·2243·656e·744f·5322·2c20··Hat",·"CentOS",·0003b8d0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003b8e0:·224f·7261·636c·654c·696e·7578·2220·5d0a··"OracleLinux"·].0003b8e0:·2269·646d·3437·3633·223e·3c74·6162·6c65··"idm4763"><table
0003b8f0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS0003b8f0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
0003b900:·2d35·2e31·302e·342e·310a·2020·2d20·4e49··-5.10.4.1.··-·NI0003b900:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
0003b910:·5354·2d38·3030·2d31·3731·2d33·2e33·2e38··ST-800-171-3.3.80003b910:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
0003b920:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170003b920:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
0003b930:·312d·332e·342e·310a·2020·2d20·4e49·5354··1-3.4.1.··-·NIST0003b930:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
0003b940:·2d38·3030·2d35·332d·4155·2d39·2833·290a··-800-53-AU-9(3).0003b940:·2f74·683e·3c74·643e·6869·6768·3c2f·7464··/th><td>high</td
0003b950:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b950:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di
0003b960:·434d·2d36·2863·290a·2020·2d20·4e49·5354··CM-6(c).··-·NIST0003b960:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t
0003b970:·2d38·3030·2d35·332d·434d·2d36·2864·290a··-800-53-CM-6(d).0003b970:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t
0003b980:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b980:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
0003b990:·5349·2d37·0a20·202d·204e·4953·542d·3830··SI-7.··-·NIST-800003b990:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
0003b9a0:·302d·3533·2d53·492d·3728·3129·0a20·202d··0-53-SI-7(1).··-0003b9a0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003b9b0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003b9b0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
0003b9c0:·3728·3629·0a20·202d·2050·4349·2d44·5353··7(6).··-·PCI-DSS0003b9c0:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>
0003b9d0:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC0003b9d0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
0003b9e0:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·0003b9e0:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·
0003b9f0:·202d·2068·6967·685f·636f·6d70·6c65·7869···-·high_complexi0003b9f0:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa
0003ba00:·7479·0a20·202d·2068·6967·685f·7365·7665··ty.··-·high_seve0003ba00:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa
0003ba10:·7269·7479·0a20·202d·206d·6564·6975·6d5f··rity.··-·medium_0003ba10:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma
0003ba20:·6469·7372·7570·7469·6f6e·0a20·202d·206e··disruption.··-·n0003ba20:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta
0003ba30:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003ba30:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.1
0003ba40:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str0003ba40:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-8
0003ba50:·6174·6567·790a·2020·2d20·7270·6d5f·7665··ategy.··-·rpm_ve0003ba50:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-
0003ba60:·7269·6679·5f68·6173·6865·730a·0a2d·206e··rify_hashes..-·n0003ba60:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
0003ba70:·616d·653a·2027·5365·7420·6661·6374·3a20··ame:·'Set·fact:·0003ba70:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-800
0003ba80:·5061·636b·6167·6520·6d61·6e61·6765·7220··Package·manager·0003ba80:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·
0003ba90:·7265·696e·7374·616c·6c20·636f·6d6d·616e··reinstall·comman0003ba90:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
0003baa0:·6420·287a·7970·7065·7229·270a·2020·7365··d·(zypper)'.··se0003baa0:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-800
0003bab0:·745f·6661·6374·3a0a·2020·2020·7061·636b··t_fact:.····pack0003bab0:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·
0003bac0:·6167·655f·6d61·6e61·6765·725f·7265·696e··age_manager_rein0003bac0:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-7
0003bad0:·7374·616c·6c5f·636d·643a·207a·7970·7065··stall_cmd:·zyppe0003bad0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bae0:·7220·696e·202d·6620·2d79·0a20·2077·6865··r·in·-f·-y.··whe0003bae0:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS
0003baf0:·6e3a·0a20·202d·206e·6f74·2028·2022·6b65··n:.··-·not·(·"ke0003baf0:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)
0003bb00:·726e·656c·2220·696e·2061·6e73·6962·6c65··rnel"·in·ansible0003bb00:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req
0003bb10:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003bb10:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS
0003bb20:·616e·6420·2272·706d·2d6f·7374·7265·6522··and·"rpm-ostree"0003bb20:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h
0003bb30:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003bb30:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·
0003bb40:·732e·7061·636b·6167·6573·0a20·2020·2061··s.packages.····a0003bb40:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity
0003bb50:·6e64·2022·626f·6f74·6322·2069·6e20·616e··nd·"bootc"·in·an0003bb50:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr
0003bb60:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003bb60:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re
0003bb70:·6167·6573·2061·6e64·206e·6f74·2022·6f70··ages·and·not·"op0003bb70:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·
0003bb80:·656e·7368·6966·742d·6b75·6265·6c65·7422··enshift-kubelet"0003bb80:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg
0003bb90:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003bb90:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify
0003bba0:·732e·7061·636b·6167·6573·0a20·2020·2029··s.packages.····)0003bba0:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:
0003bbb0:·0a20·202d·2061·6e73·6962·6c65·5f64·6973··.··-·ansible_dis0003bbb0:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack
Max diff block lines reached; 18761622/18816574 bytes (99.71%) of diff not shown.
1.44 MB
html2text {}
    
Offset 110, 14 lines modifiedOffset 110, 33 lines modified
110 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6110 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
111 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4111 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
112 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)112 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
113 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1113 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
114 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5114 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
115 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227115 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
116 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2116 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 117 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 118 #·Remediation·is·applicable·only·in·certain·platforms
 119 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 120 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 121 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 122 if·[·-n·"$files_with_incorrect_hash"·];·then
 123 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 124 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 125 ····dnf·reinstall·-y·$packages_to_reinstall
  
 126 fi
  
 127 else
 128 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 129 fi
117 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
118 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high131 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
119 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium132 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
120 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false133 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
121 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict134 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
122 -·name:·Gather·the·package·facts135 -·name:·Gather·the·package·facts
123 ··package_facts:136 ··package_facts:
Offset 284, 33 lines modifiedOffset 303, 14 lines modified
284 ··-·PCI-DSSv4-11.5.2303 ··-·PCI-DSSv4-11.5.2
285 ··-·high_complexity304 ··-·high_complexity
286 ··-·high_severity305 ··-·high_severity
287 ··-·medium_disruption306 ··-·medium_disruption
288 ··-·no_reboot_needed307 ··-·no_reboot_needed
289 ··-·restrict_strategy308 ··-·restrict_strategy
290 ··-·rpm_verify_hashes309 ··-·rpm_verify_hashes
291 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
292 #·Remediation·is·applicable·only·in·certain·platforms 
293 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
294 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
295 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
296 if·[·-n·"$files_with_incorrect_hash"·];·then 
297 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
298 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
299 ····dnf·reinstall·-y·$packages_to_reinstall 
  
300 fi 
  
301 else 
302 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
303 fi 
304 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*310 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
305 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:311 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
306 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'312 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
307 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:313 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
308 $·rpm·-qf·FILENAME314 $·rpm·-qf·FILENAME
  
309 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:315 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 331, 14 lines modifiedOffset 331, 50 lines modified
331 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5331 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
332 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2332 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
333 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)333 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
334 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1334 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
335 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5335 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
336 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108336 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
337 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2337 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 338 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 339 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 340 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 341 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 342 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 343 #·Remediation·is·applicable·only·in·certain·platforms
 344 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 345 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 346 declare·-A·SETPERMS_RPM_DICT
  
 347 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 348 #·is·expected·by·the·RPM·database
 349 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 350 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 351 do
 352 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 353 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 354 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 355 ········do
 356 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 357 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 358 ········done
 359 done
  
 360 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 361 #·correct·values
 362 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 363 do
 364 »       rpm·--restore·"${RPM_PACKAGE}"
 365 done
  
 366 else
 367 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 368 fi
338 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8369 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
339 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high370 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
340 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium371 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
341 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false372 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
342 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict373 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
343 -·name:·Gather·the·package·facts374 -·name:·Gather·the·package·facts
344 ··package_facts:375 ··package_facts:
Offset 450, 50 lines modifiedOffset 486, 14 lines modified
450 ··-·PCI-DSSv4-11.5.2486 ··-·PCI-DSSv4-11.5.2
451 ··-·high_complexity487 ··-·high_complexity
452 ··-·high_severity488 ··-·high_severity
453 ··-·medium_disruption489 ··-·medium_disruption
454 ··-·no_reboot_needed490 ··-·no_reboot_needed
455 ··-·restrict_strategy491 ··-·restrict_strategy
456 ··-·rpm_verify_permissions492 ··-·rpm_verify_permissions
457 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 1497115/1505199 bytes (99.46%) of diff not shown.
10.9 MB
./usr/share/doc/ssg-nondebian/ssg-ol10-guide-ism_o.html
    
Offset 15179, 408 lines modifiedOffset 15179, 408 lines modified
0003b4a0:·7461·2d74·6172·6765·743d·2223·6964·6d34··ta-target="#idm40003b4a0:·7461·2d74·6172·6765·743d·2223·6964·6d34··ta-target="#idm4
0003b4b0:·3736·3222·2074·6162·696e·6465·783d·2230··762"·tabindex="00003b4b0:·3736·3222·2074·6162·696e·6465·783d·2230··762"·tabindex="0
0003b4c0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·0003b4c0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003b4d0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f0003b4d0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003b4e0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act0003b4e0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003b4f0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"0003b4f0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b500:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed0003b500:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
0003b510:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s0003b510:·6961·7469·6f6e·2053·6865·6c6c·2073·6372··iation·Shell·scr
0003b520:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b0003b520:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br><
0003b530:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa0003b530:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003b540:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col0003b540:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003b550:·6c61·7073·6522·2069·643d·2269·646d·3437··lapse"·id="idm470003b550:·7365·2220·6964·3d22·6964·6d34·3736·3222··se"·id="idm4762"
0003b560:·3632·223e·3c74·6162·6c65·2063·6c61·7373··62"><table·class0003b560:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
0003b570:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st0003b570:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
0003b580:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord0003b580:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
0003b590:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde0003b590:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
0003b5a0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co0003b5a0:·730a·6966·2021·2028·207b·2072·706d·202d··s.if·!·(·{·rpm·-
0003b5b0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t0003b5b0:·2d71·7569·6574·202d·7120·6b65·726e·656c··-quiet·-q·kernel
0003b5c0:·643e·6869·6768·3c2f·7464·3e3c·2f74·723e··d>high</td></tr>0003b5c0:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003b5d0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti0003b5d0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b5e0:·6f6e·3a3c·2f74·683e·3c74·643e·6d65·6469··on:</th><td>medi0003b5e0:·7270·6d2d·6f73·7472·6565·203b·7d20·2661··rpm-ostree·;}·&a
0003b5f0:·756d·3c2f·7464·3e3c·2f74·723e·3c74·723e··um</td></tr><tr>0003b5f0:·6d70·3b26·616d·703b·207b·2072·706d·202d··mp;&amp;·{·rpm·-
0003b600:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>0003b600:·2d71·7569·6574·202d·7120·626f·6f74·6320··-quiet·-q·bootc·
0003b610:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></0003b610:·3b7d·2026·616d·703b·2661·6d70·3b20·7b20··;}·&amp;&amp;·{·
0003b620:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat0003b620:·2120·7270·6d20·2d2d·7175·6965·7420·2d71··!·rpm·--quiet·-q
0003b630:·6567·793a·3c2f·7468·3e3c·7464·3e72·6573··egy:</th><td>res0003b630:·206f·7065·6e73·6869·6674·2d6b·7562·656c···openshift-kubel
0003b640:·7472·6963·743c·2f74·643e·3c2f·7472·3e3c··trict</td></tr><0003b640:·6574·203b·7d20·293b·2074·6865·6e0a·0a23··et·;}·);·then..#
0003b650:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod0003b650:·2046·696e·6420·7768·6963·6820·6669·6c65···Find·which·file
0003b660:·653e·2d20·6e61·6d65·3a20·4761·7468·6572··e>-·name:·Gather0003b660:·7320·6861·7665·2069·6e63·6f72·7265·6374··s·have·incorrect
0003b670:·2074·6865·2070·6163·6b61·6765·2066·6163···the·package·fac0003b670:·2068·6173·6820·286e·6f74·2069·6e20·2f65···hash·(not·in·/e
0003b680:·7473·0a20·2070·6163·6b61·6765·5f66·6163··ts.··package_fac0003b680:·7463·2c20·6265·6361·7573·6520·6f66·2074··tc,·because·of·t
0003b690:·7473·3a0a·2020·2020·6d61·6e61·6765·723a··ts:.····manager:0003b690:·6865·2073·7973·7465·6d20·7265·6c61·7465··he·system·relate
0003b6a0:·2061·7574·6f0a·2020·7461·6773·3a0a·2020···auto.··tags:.··0003b6a0:·6420·636f·6e66·6967·2066·696c·6573·2920··d·config·files)·
0003b6b0:·2d20·434a·4953·2d35·2e31·302e·342e·310a··-·CJIS-5.10.4.1.0003b6b0:·616e·6420·7468·656e·2067·6574·2066·696c··and·then·get·fil
0003b6c0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003b6c0:·6573·206e·616d·6573·0a66·696c·6573·5f77··es·names.files_w
0003b6d0:·2d33·2e33·2e38·0a20·202d·204e·4953·542d··-3.3.8.··-·NIST-0003b6d0:·6974·685f·696e·636f·7272·6563·745f·6861··ith_incorrect_ha
0003b6e0:·3830·302d·3137·312d·332e·342e·310a·2020··800-171-3.4.1.··0003b6e0:·7368·3d22·2428·7270·6d20·2d56·6120·2d2d··sh="$(rpm·-Va·--
0003b6f0:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU0003b6f0:·6e6f·636f·6e66·6967·207c·2067·7265·7020··noconfig·|·grep·
0003b700:·2d39·2833·290a·2020·2d20·4e49·5354·2d38··-9(3).··-·NIST-80003b700:·2d45·2027·5e2e·2e35·2720·7c20·6177·6b20··-E·'^..5'·|·awk·
0003b710:·3030·2d35·332d·434d·2d36·2863·290a·2020··00-53-CM-6(c).··0003b710:·277b·7072·696e·7420·244e·467d·2720·2922··'{print·$NF}'·)"
0003b720:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003b720:·0a0a·6966·205b·202d·6e20·2224·6669·6c65··..if·[·-n·"$file
0003b730:·2d36·2864·290a·2020·2d20·4e49·5354·2d38··-6(d).··-·NIST-80003b730:·735f·7769·7468·5f69·6e63·6f72·7265·6374··s_with_incorrect
0003b740:·3030·2d35·332d·5349·2d37·0a20·202d·204e··00-53-SI-7.··-·N0003b740:·5f68·6173·6822·205d·3b20·7468·656e·0a20··_hash"·];·then.·
0003b750:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003b750:·2020·2023·2046·726f·6d20·6669·6c65·7320·····#·From·files·
0003b760:·3129·0a20·202d·204e·4953·542d·3830·302d··1).··-·NIST-800-0003b760:·6e61·6d65·7320·6765·7420·7061·636b·6167··names·get·packag
0003b770:·3533·2d53·492d·3728·3629·0a20·202d·2050··53-SI-7(6).··-·P0003b770:·6520·6e61·6d65·7320·616e·6420·6368·616e··e·names·and·chan
0003b780:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.0003b780:·6765·206e·6577·6c69·6e65·2074·6f20·7370··ge·newline·to·sp
0003b790:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-110003b790:·6163·652c·2062·6563·6175·7365·2072·706d··ace,·because·rpm
0003b7a0:·2e35·2e32·0a20·202d·2068·6967·685f·636f··.5.2.··-·high_co0003b7a0:·2077·7269·7465·7320·6561·6368·2070·6163···writes·each·pac
0003b7b0:·6d70·6c65·7869·7479·0a20·202d·2068·6967··mplexity.··-·hig0003b7b0:·6b61·6765·2074·6f20·6e65·7720·6c69·6e65··kage·to·new·line
0003b7c0:·685f·7365·7665·7269·7479·0a20·202d·206d··h_severity.··-·m0003b7c0:·0a20·2020·2070·6163·6b61·6765·735f·746f··.····packages_to
0003b7d0:·6564·6975·6d5f·6469·7372·7570·7469·6f6e··edium_disruption0003b7d0:·5f72·6569·6e73·7461·6c6c·3d22·2428·7270··_reinstall="$(rp
0003b7e0:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n0003b7e0:·6d20·2d71·6620·2466·696c·6573·5f77·6974··m·-qf·$files_wit
0003b7f0:·6565·6465·640a·2020·2d20·7265·7374·7269··eeded.··-·restri0003b7f0:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003b800:·6374·5f73·7472·6174·6567·790a·2020·2d20··ct_strategy.··-·0003b800:·207c·2074·7220·275c·6e27·2027·2027·2922···|·tr·'\n'·'·')"
0003b810:·7270·6d5f·7665·7269·6679·5f68·6173·6865··rpm_verify_hashe0003b810:·0a0a·2020·2020·0a20·2020·2064·6e66·2072··..····.····dnf·r
0003b820:·730a·0a2d·206e·616d·653a·2027·5365·7420··s..-·name:·'Set·0003b820:·6569·6e73·7461·6c6c·202d·7920·2470·6163··einstall·-y·$pac
0003b830:·6661·6374·3a20·5061·636b·6167·6520·6d61··fact:·Package·ma0003b830:·6b61·6765·735f·746f·5f72·6569·6e73·7461··kages_to_reinsta
0003b840:·6e61·6765·7220·7265·696e·7374·616c·6c20··nager·reinstall·0003b840:·6c6c·0a20·2020·200a·6669·0a0a·656c·7365··ll.····.fi..else
0003b850:·636f·6d6d·616e·6427·0a20·2073·6574·5f66··command'.··set_f0003b850:·0a20·2020·2026·6774·3b26·616d·703b·3220··.····&gt;&amp;2·
0003b860:·6163·743a·0a20·2020·2070·6163·6b61·6765··act:.····package0003b860:·6563·686f·2027·5265·6d65·6469·6174·696f··echo·'Remediatio
0003b870:·5f6d·616e·6167·6572·5f72·6569·6e73·7461··_manager_reinsta0003b870:·6e20·6973·206e·6f74·2061·7070·6c69·6361··n·is·not·applica
0003b880:·6c6c·5f63·6d64·3a20·646e·6620·7265·696e··ll_cmd:·dnf·rein0003b880:·626c·652c·206e·6f74·6869·6e67·2077·6173··ble,·nothing·was
0003b890:·7374·616c·6c20·2d79·0a20·2077·6865·6e3a··stall·-y.··when:0003b890:·2064·6f6e·6527·0a66·690a·3c2f·636f·6465···done'.fi.</code
0003b8a0:·0a20·202d·206e·6f74·2028·2022·6b65·726e··.··-·not·(·"kern0003b8a0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
0003b8b0:·656c·2220·696e·2061·6e73·6962·6c65·5f66··el"·in·ansible_f0003b8b0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
0003b8c0:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003b8c0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
0003b8d0:·6420·2272·706d·2d6f·7374·7265·6522·2069··d·"rpm-ostree"·i0003b8d0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
0003b8e0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b8e0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b8f0:·7061·636b·6167·6573·0a20·2020·2061·6e64··packages.····and0003b8f0:·3437·3633·2220·7461·6269·6e64·6578·3d22··4763"·tabindex="
0003b900:·2022·626f·6f74·6322·2069·6e20·616e·7369···"bootc"·in·ansi0003b900:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b910:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003b910:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b920:·6573·2061·6e64·206e·6f74·2022·6f70·656e··es·and·not·"open0003b920:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b930:·7368·6966·742d·6b75·6265·6c65·7422·2069··shift-kubelet"·i0003b930:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003b940:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b940:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003b950:·7061·636b·6167·6573·0a20·2020·2029·0a20··packages.····).·0003b950:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·
0003b960:·202d·2061·6e73·6962·6c65·5f64·6973·7472···-·ansible_distr0003b960:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
0003b970:·6962·7574·696f·6e20·696e·205b·2022·4665··ibution·in·[·"Fe0003b970:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003b980:·646f·7261·222c·2022·5265·6448·6174·222c··dora",·"RedHat",0003b980:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003b990:·2022·4365·6e74·4f53·222c·2022·4f72·6163···"CentOS",·"Orac0003b990:·6c6c·6170·7365·2220·6964·3d22·6964·6d34··llapse"·id="idm4
0003b9a0:·6c65·4c69·6e75·7822·205d·0a20·2074·6167··leLinux"·].··tag0003b9a0:·3736·3322·3e3c·7461·626c·6520·636c·6173··763"><table·clas
0003b9b0:·733a·0a20·202d·2043·4a49·532d·352e·3130··s:.··-·CJIS-5.100003b9b0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003b9c0:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-800003b9c0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003b9d0:·302d·3137·312d·332e·332e·380a·2020·2d20··0-171-3.3.8.··-·0003b9d0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003b9e0:·4e49·5354·2d38·3030·2d31·3731·2d33·2e34··NIST-800-171-3.40003b9e0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003b9f0:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-0003b9f0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003ba00:·3533·2d41·552d·3928·3329·0a20·202d·204e··53-AU-9(3).··-·N0003ba00:·7464·3e68·6967·683c·2f74·643e·3c2f·7472··td>high</td></tr
0003ba10:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003ba10:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
0003ba20:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-0003ba20:·696f·6e3a·3c2f·7468·3e3c·7464·3e6d·6564··ion:</th><td>med
0003ba30:·3533·2d43·4d2d·3628·6429·0a20·202d·204e··53-CM-6(d).··-·N0003ba30:·6975·6d3c·2f74·643e·3c2f·7472·3e3c·7472··ium</td></tr><tr
0003ba40:·4953·542d·3830·302d·3533·2d53·492d·370a··IST-800-53-SI-7.0003ba40:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
0003ba50:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003ba50:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
0003ba60:·5349·2d37·2831·290a·2020·2d20·4e49·5354··SI-7(1).··-·NIST0003ba60:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
0003ba70:·2d38·3030·2d35·332d·5349·2d37·2836·290a··-800-53-SI-7(6).0003ba70:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re
0003ba80:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-0003ba80:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>
0003ba90:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS0003ba90:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
0003baa0:·7634·2d31·312e·352e·320a·2020·2d20·6869··v4-11.5.2.··-·hi0003baa0:·6465·3e2d·206e·616d·653a·2047·6174·6865··de>-·name:·Gathe
0003bab0:·6768·5f63·6f6d·706c·6578·6974·790a·2020··gh_complexity.··0003bab0:·7220·7468·6520·7061·636b·6167·6520·6661··r·the·package·fa
0003bac0:·2d20·6869·6768·5f73·6576·6572·6974·790a··-·high_severity.0003bac0:·6374·730a·2020·7061·636b·6167·655f·6661··cts.··package_fa
0003bad0:·2020·2d20·6d65·6469·756d·5f64·6973·7275····-·medium_disru0003bad0:·6374·733a·0a20·2020·206d·616e·6167·6572··cts:.····manager
0003bae0:·7074·696f·6e0a·2020·2d20·6e6f·5f72·6562··ption.··-·no_reb0003bae0:·3a20·6175·746f·0a20·2074·6167·733a·0a20··:·auto.··tags:.·
0003baf0:·6f6f·745f·6e65·6564·6564·0a20·202d·2072··oot_needed.··-·r0003baf0:·202d·2043·4a49·532d·352e·3130·2e34·2e31···-·CJIS-5.10.4.1
0003bb00:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy0003bb00:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0003bb10:·0a20·202d·2072·706d·5f76·6572·6966·795f··.··-·rpm_verify_0003bb10:·312d·332e·332e·380a·2020·2d20·4e49·5354··1-3.3.8.··-·NIST
0003bb20:·6861·7368·6573·0a0a·2d20·6e61·6d65·3a20··hashes..-·name:·0003bb20:·2d38·3030·2d31·3731·2d33·2e34·2e31·0a20··-800-171-3.4.1.·
0003bb30:·2753·6574·2066·6163·743a·2050·6163·6b61··'Set·fact:·Packa0003bb30:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
0003bb40:·6765·206d·616e·6167·6572·2072·6569·6e73··ge·manager·reins0003bb40:·552d·3928·3329·0a20·202d·204e·4953·542d··U-9(3).··-·NIST-
0003bb50:·7461·6c6c·2063·6f6d·6d61·6e64·2028·7a79··tall·command·(zy0003bb50:·3830·302d·3533·2d43·4d2d·3628·6329·0a20··800-53-CM-6(c).·
0003bb60:·7070·6572·2927·0a20·2073·6574·5f66·6163··pper)'.··set_fac0003bb60:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C
0003bb70:·743a·0a20·2020·2070·6163·6b61·6765·5f6d··t:.····package_m0003bb70:·4d2d·3628·6429·0a20·202d·204e·4953·542d··M-6(d).··-·NIST-
0003bb80:·616e·6167·6572·5f72·6569·6e73·7461·6c6c··anager_reinstall0003bb80:·3830·302d·3533·2d53·492d·370a·2020·2d20··800-53-SI-7.··-·
0003bb90:·5f63·6d64·3a20·7a79·7070·6572·2069·6e20··_cmd:·zypper·in·0003bb90:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-7
0003bba0:·2d66·202d·790a·2020·7768·656e·3a0a·2020··-f·-y.··when:.··0003bba0:·2831·290a·2020·2d20·4e49·5354·2d38·3030··(1).··-·NIST-800
0003bbb0:·2d20·6e6f·7420·2820·226b·6572·6e65·6c22··-·not·(·"kernel"0003bbb0:·2d35·332d·5349·2d37·2836·290a·2020·2d20··-53-SI-7(6).··-·
0003bbc0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003bbc0:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.5
0003bbd0:·732e·7061·636b·6167·6573·2061·6e64·2022··s.packages·and·"0003bbd0:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1
0003bbe0:·7270·6d2d·6f73·7472·6565·2220·696e·2061··rpm-ostree"·in·a0003bbe0:·312e·352e·320a·2020·2d20·6869·6768·5f63··1.5.2.··-·high_c
0003bbf0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003bbf0:·6f6d·706c·6578·6974·790a·2020·2d20·6869··omplexity.··-·hi
0003bc00:·6b61·6765·730a·2020·2020·616e·6420·2262··kages.····and·"b0003bc00:·6768·5f73·6576·6572·6974·790a·2020·2d20··gh_severity.··-·
0003bc10:·6f6f·7463·2220·696e·2061·6e73·6962·6c65··ootc"·in·ansible0003bc10:·6d65·6469·756d·5f64·6973·7275·7074·696f··medium_disruptio
0003bc20:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003bc20:·6e0a·2020·2d20·6e6f·5f72·6562·6f6f·745f··n.··-·no_reboot_
0003bc30:·616e·6420·6e6f·7420·226f·7065·6e73·6869··and·not·"openshi0003bc30:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr
0003bc40:·6674·2d6b·7562·656c·6574·2220·696e·2061··ft-kubelet"·in·a0003bc40:·6963·745f·7374·7261·7465·6779·0a20·202d··ict_strategy.··-
0003bc50:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003bc50:·2072·706d·5f76·6572·6966·795f·6861·7368···rpm_verify_hash
0003bc60:·6b61·6765·730a·2020·2020·290a·2020·2d20··kages.····).··-·0003bc60:·6573·0a0a·2d20·6e61·6d65·3a20·2753·6574··es..-·name:·'Set
0003bc70:·616e·7369·626c·655f·6469·7374·7269·6275··ansible_distribu0003bc70:·2066·6163·743a·2050·6163·6b61·6765·206d···fact:·Package·m
Max diff block lines reached; 10354428/10409380 bytes (99.47%) of diff not shown.
978 KB
html2text {}
    
Offset 111, 14 lines modifiedOffset 111, 33 lines modified
111 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6111 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
112 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4112 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
113 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)113 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
114 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1114 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
116 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227116 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
117 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2117 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 119 #·Remediation·is·applicable·only·in·certain·platforms
 120 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 121 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 122 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 123 if·[·-n·"$files_with_incorrect_hash"·];·then
 124 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 125 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 126 ····dnf·reinstall·-y·$packages_to_reinstall
  
 127 fi
  
 128 else
 129 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 130 fi
118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
123 -·name:·Gather·the·package·facts136 -·name:·Gather·the·package·facts
124 ··package_facts:137 ··package_facts:
Offset 285, 33 lines modifiedOffset 304, 14 lines modified
285 ··-·PCI-DSSv4-11.5.2304 ··-·PCI-DSSv4-11.5.2
286 ··-·high_complexity305 ··-·high_complexity
287 ··-·high_severity306 ··-·high_severity
288 ··-·medium_disruption307 ··-·medium_disruption
289 ··-·no_reboot_needed308 ··-·no_reboot_needed
290 ··-·restrict_strategy309 ··-·restrict_strategy
291 ··-·rpm_verify_hashes310 ··-·rpm_verify_hashes
292 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
293 #·Remediation·is·applicable·only·in·certain·platforms 
294 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
295 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
296 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
297 if·[·-n·"$files_with_incorrect_hash"·];·then 
298 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
299 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
300 ····dnf·reinstall·-y·$packages_to_reinstall 
  
301 fi 
  
302 else 
303 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
304 fi 
305 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*311 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
306 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:312 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
307 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'313 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
308 run·the·following·command·to·determine·which·package·owns·it:314 run·the·following·command·to·determine·which·package·owns·it:
309 $·rpm·-qf·FILENAME315 $·rpm·-qf·FILENAME
310 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:316 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
311 $·sudo·rpm·--restore·PACKAGENAME317 $·sudo·rpm·--restore·PACKAGENAME
Offset 330, 14 lines modifiedOffset 330, 46 lines modified
330 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5330 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
331 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2331 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
332 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)332 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
333 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1333 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
334 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5334 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
335 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108335 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
336 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2336 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 337 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 338 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 339 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 340 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 341 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 342 #·Remediation·is·applicable·only·in·certain·platforms
 343 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 344 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 345 declare·-A·SETPERMS_RPM_DICT
  
 346 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 347 #·is·expected·by·the·RPM·database
 348 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 349 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 350 do
 351 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 352 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 353 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 354 done
  
 355 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 356 #·correct·values
 357 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 358 do
 359 ········rpm·--restore·"${RPM_PACKAGE}"
 360 done
  
 361 else
 362 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 363 fi
337 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8364 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
338 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high365 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
339 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium366 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
340 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false367 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
341 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict368 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
342 -·name:·Gather·the·package·facts369 -·name:·Gather·the·package·facts
343 ··package_facts:370 ··package_facts:
Offset 445, 46 lines modifiedOffset 477, 14 lines modified
445 ··-·PCI-DSSv4-11.5.2477 ··-·PCI-DSSv4-11.5.2
446 ··-·high_complexity478 ··-·high_complexity
447 ··-·high_severity479 ··-·high_severity
448 ··-·medium_disruption480 ··-·medium_disruption
449 ··-·no_reboot_needed481 ··-·no_reboot_needed
450 ··-·restrict_strategy482 ··-·restrict_strategy
451 ··-·rpm_verify_ownership483 ··-·rpm_verify_ownership
452 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
453 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
454 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
455 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
456 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 993400/1001111 bytes (99.23%) of diff not shown.
10.9 MB
./usr/share/doc/ssg-nondebian/ssg-ol10-guide-ism_o_secret.html
    
Offset 15180, 408 lines modifiedOffset 15180, 408 lines modified
0003b4b0:·7267·6574·3d22·2369·646d·3437·3632·2220··rget="#idm4762"·0003b4b0:·7267·6574·3d22·2369·646d·3437·3632·2220··rget="#idm4762"·
0003b4c0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003b4c0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003b4d0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003b4d0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003b4e0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003b4e0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003b4f0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003b4f0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003b500:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003b500:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b510:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003b510:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003b520:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe0003b520:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
0003b530:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di0003b530:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
0003b540:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c0003b540:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0003b550:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse0003b550:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0003b560:·2220·6964·3d22·6964·6d34·3736·3222·3e3c··"·id="idm4762"><0003b560:·643d·2269·646d·3437·3632·223e·3c70·7265··d="idm4762"><pre
0003b570:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab0003b570:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
0003b580:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped0003b580:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
0003b590:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·0003b590:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
0003b5a0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"0003b5a0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
0003b5b0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex0003b5b0:·2120·2820·7b20·7270·6d20·2d2d·7175·6965··!·(·{·rpm·--quie
0003b5c0:·6974·793a·3c2f·7468·3e3c·7464·3e68·6967··ity:</th><td>hig0003b5c0:·7420·2d71·206b·6572·6e65·6c20·3b7d·2026··t·-q·kernel·;}·&
0003b5d0:·683c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··h</td></tr><tr><0003b5d0:·616d·703b·2661·6d70·3b20·7b20·7270·6d20··amp;&amp;·{·rpm·
0003b5e0:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</0003b5e0:·2d2d·7175·6965·7420·2d71·2072·706d·2d6f··--quiet·-q·rpm-o
0003b5f0:·7468·3e3c·7464·3e6d·6564·6975·6d3c·2f74··th><td>medium</t0003b5f0:·7374·7265·6520·3b7d·2026·616d·703b·2661··stree·;}·&amp;&a
0003b600:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R0003b600:·6d70·3b20·7b20·7270·6d20·2d2d·7175·6965··mp;·{·rpm·--quie
0003b610:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f0003b610:·7420·2d71·2062·6f6f·7463·203b·7d20·2661··t·-q·bootc·;}·&a
0003b620:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t0003b620:·6d70·3b26·616d·703b·207b·2021·2072·706d··mp;&amp;·{·!·rpm
0003b630:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0003b630:·202d·2d71·7569·6574·202d·7120·6f70·656e···--quiet·-q·open
0003b640:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict0003b640:·7368·6966·742d·6b75·6265·6c65·7420·3b7d··shift-kubelet·;}
0003b650:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl0003b650:·2029·3b20·7468·656e·0a0a·2320·4669·6e64···);·then..#·Find
0003b660:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n0003b660:·2077·6869·6368·2066·696c·6573·2068·6176···which·files·hav
0003b670:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the·0003b670:·6520·696e·636f·7272·6563·7420·6861·7368··e·incorrect·hash
0003b680:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.··0003b680:·2028·6e6f·7420·696e·202f·6574·632c·2062···(not·in·/etc,·b
0003b690:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.·0003b690:·6563·6175·7365·206f·6620·7468·6520·7379··ecause·of·the·sy
0003b6a0:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto0003b6a0:·7374·656d·2072·656c·6174·6564·2063·6f6e··stem·related·con
0003b6b0:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003b6b0:·6669·6720·6669·6c65·7329·2061·6e64·2074··fig·files)·and·t
0003b6c0:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N0003b6c0:·6865·6e20·6765·7420·6669·6c65·7320·6e61··hen·get·files·na
0003b6d0:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.0003b6d0:·6d65·730a·6669·6c65·735f·7769·7468·5f69··mes.files_with_i
0003b6e0:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-10003b6e0:·6e63·6f72·7265·6374·5f68·6173·683d·2224··ncorrect_hash="$
0003b6f0:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS0003b6f0:·2872·706d·202d·5661·202d·2d6e·6f63·6f6e··(rpm·-Va·--nocon
0003b700:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)0003b700:·6669·6720·7c20·6772·6570·202d·4520·275e··fig·|·grep·-E·'^
0003b710:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b710:·2e2e·3527·207c·2061·776b·2027·7b70·7269··..5'·|·awk·'{pri
0003b720:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS0003b720:·6e74·2024·4e46·7d27·2029·220a·0a69·6620··nt·$NF}'·)"..if·
0003b730:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)0003b730:·5b20·2d6e·2022·2466·696c·6573·5f77·6974··[·-n·"$files_wit
0003b740:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b740:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003b750:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-80003b750:·2220·5d3b·2074·6865·6e0a·2020·2020·2320··"·];·then.····#·
0003b760:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··0003b760:·4672·6f6d·2066·696c·6573·206e·616d·6573··From·files·names
0003b770:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003b770:·2067·6574·2070·6163·6b61·6765·206e·616d···get·package·nam
0003b780:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS0003b780:·6573·2061·6e64·2063·6861·6e67·6520·6e65··es·and·change·ne
0003b790:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003b790:·776c·696e·6520·746f·2073·7061·6365·2c20··wline·to·space,·
0003b7a0:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003b7a0:·6265·6361·7573·6520·7270·6d20·7772·6974··because·rpm·writ
0003b7b0:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex0003b7b0:·6573·2065·6163·6820·7061·636b·6167·6520··es·each·package·
0003b7c0:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev0003b7c0:·746f·206e·6577·206c·696e·650a·2020·2020··to·new·line.····
0003b7d0:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium0003b7d0:·7061·636b·6167·6573·5f74·6f5f·7265·696e··packages_to_rein
0003b7e0:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·0003b7e0:·7374·616c·6c3d·2224·2872·706d·202d·7166··stall="$(rpm·-qf
0003b7f0:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed0003b7f0:·2024·6669·6c65·735f·7769·7468·5f69·6e63···$files_with_inc
0003b800:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st0003b800:·6f72·7265·6374·5f68·6173·6820·7c20·7472··orrect_hash·|·tr
0003b810:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v0003b810:·2027·5c6e·2720·2720·2729·220a·0a20·2020···'\n'·'·')"..···
0003b820:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·0003b820:·200a·2020·2020·646e·6620·7265·696e·7374···.····dnf·reinst
0003b830:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:0003b830:·616c·6c20·2d79·2024·7061·636b·6167·6573··all·-y·$packages
0003b840:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager0003b840:·5f74·6f5f·7265·696e·7374·616c·6c0a·2020··_to_reinstall.··
0003b850:·2072·6569·6e73·7461·6c6c·2063·6f6d·6d61···reinstall·comma0003b850:·2020·0a66·690a·0a65·6c73·650a·2020·2020····.fi..else.····
0003b860:·6e64·270a·2020·7365·745f·6661·6374·3a0a··nd'.··set_fact:.0003b860:·2667·743b·2661·6d70·3b32·2065·6368·6f20··&gt;&amp;2·echo·
0003b870:·2020·2020·7061·636b·6167·655f·6d61·6e61······package_mana0003b870:·2752·656d·6564·6961·7469·6f6e·2069·7320··'Remediation·is·
0003b880:·6765·725f·7265·696e·7374·616c·6c5f·636d··ger_reinstall_cm0003b880:·6e6f·7420·6170·706c·6963·6162·6c65·2c20··not·applicable,·
0003b890:·643a·2064·6e66·2072·6569·6e73·7461·6c6c··d:·dnf·reinstall0003b890:·6e6f·7468·696e·6720·7761·7320·646f·6e65··nothing·was·done
0003b8a0:·202d·790a·2020·7768·656e·3a0a·2020·2d20···-y.··when:.··-·0003b8a0:·270a·6669·0a3c·2f63·6f64·653e·3c2f·7072··'.fi.</code></pr
0003b8b0:·6e6f·7420·2820·226b·6572·6e65·6c22·2069··not·(·"kernel"·i0003b8b0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class
0003b8c0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b8c0:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes
0003b8d0:·7061·636b·6167·6573·2061·6e64·2022·7270··packages·and·"rp0003b8d0:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="
0003b8e0:·6d2d·6f73·7472·6565·2220·696e·2061·6e73··m-ostree"·in·ans0003b8e0:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t
0003b8f0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003b8f0:·6172·6765·743d·2223·6964·6d34·3736·3322··arget="#idm4763"
0003b900:·6765·730a·2020·2020·616e·6420·2262·6f6f··ges.····and·"boo0003b900:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003b910:·7463·2220·696e·2061·6e73·6962·6c65·5f66··tc"·in·ansible_f0003b910:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003b920:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003b920:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003b930:·6420·6e6f·7420·226f·7065·6e73·6869·6674··d·not·"openshift0003b930:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003b940:·2d6b·7562·656c·6574·2220·696e·2061·6e73··-kubelet"·in·ans0003b940:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003b950:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003b950:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003b960:·6765·730a·2020·2020·290a·2020·2d20·616e··ges.····).··-·an0003b960:·6f6e·2041·6e73·6962·6c65·2073·6e69·7070··on·Ansible·snipp
0003b970:·7369·626c·655f·6469·7374·7269·6275·7469··sible_distributi0003b970:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d
0003b980:·6f6e·2069·6e20·5b20·2246·6564·6f72·6122··on·in·[·"Fedora"0003b980:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0003b990:·2c20·2252·6564·4861·7422·2c20·2243·656e··,·"RedHat",·"Cen0003b990:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
0003b9a0:·744f·5322·2c20·224f·7261·636c·654c·696e··tOS",·"OracleLin0003b9a0:·6522·2069·643d·2269·646d·3437·3633·223e··e"·id="idm4763">
0003b9b0:·7578·2220·5d0a·2020·7461·6773·3a0a·2020··ux"·].··tags:.··0003b9b0:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
0003b9c0:·2d20·434a·4953·2d35·2e31·302e·342e·310a··-·CJIS-5.10.4.1.0003b9c0:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
0003b9d0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003b9d0:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
0003b9e0:·2d33·2e33·2e38·0a20·202d·204e·4953·542d··-3.3.8.··-·NIST-0003b9e0:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
0003b9f0:·3830·302d·3137·312d·332e·342e·310a·2020··800-171-3.4.1.··0003b9f0:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
0003ba00:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU0003ba00:·7869·7479·3a3c·2f74·683e·3c74·643e·6869··xity:</th><td>hi
0003ba10:·2d39·2833·290a·2020·2d20·4e49·5354·2d38··-9(3).··-·NIST-80003ba10:·6768·3c2f·7464·3e3c·2f74·723e·3c74·723e··gh</td></tr><tr>
0003ba20:·3030·2d35·332d·434d·2d36·2863·290a·2020··00-53-CM-6(c).··0003ba20:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
0003ba30:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003ba30:·2f74·683e·3c74·643e·6d65·6469·756d·3c2f··/th><td>medium</
0003ba40:·2d36·2864·290a·2020·2d20·4e49·5354·2d38··-6(d).··-·NIST-80003ba40:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003ba50:·3030·2d35·332d·5349·2d37·0a20·202d·204e··00-53-SI-7.··-·N0003ba50:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>
0003ba60:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003ba60:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><
0003ba70:·3129·0a20·202d·204e·4953·542d·3830·302d··1).··-·NIST-800-0003ba70:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
0003ba80:·3533·2d53·492d·3728·3629·0a20·202d·2050··53-SI-7(6).··-·P0003ba80:·3c2f·7468·3e3c·7464·3e72·6573·7472·6963··</th><td>restric
0003ba90:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.0003ba90:·743c·2f74·643e·3c2f·7472·3e3c·2f74·6162··t</td></tr></tab
0003baa0:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-110003baa0:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-·
0003bab0:·2e35·2e32·0a20·202d·2068·6967·685f·636f··.5.2.··-·high_co0003bab0:·6e61·6d65·3a20·4761·7468·6572·2074·6865··name:·Gather·the
0003bac0:·6d70·6c65·7869·7479·0a20·202d·2068·6967··mplexity.··-·hig0003bac0:·2070·6163·6b61·6765·2066·6163·7473·0a20···package·facts.·
0003bad0:·685f·7365·7665·7269·7479·0a20·202d·206d··h_severity.··-·m0003bad0:·2070·6163·6b61·6765·5f66·6163·7473·3a0a···package_facts:.
0003bae0:·6564·6975·6d5f·6469·7372·7570·7469·6f6e··edium_disruption0003bae0:·2020·2020·6d61·6e61·6765·723a·2061·7574······manager:·aut
0003baf0:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n0003baf0:·6f0a·2020·7461·6773·3a0a·2020·2d20·434a··o.··tags:.··-·CJ
0003bb00:·6565·6465·640a·2020·2d20·7265·7374·7269··eeded.··-·restri0003bb00:·4953·2d35·2e31·302e·342e·310a·2020·2d20··IS-5.10.4.1.··-·
0003bb10:·6374·5f73·7472·6174·6567·790a·2020·2d20··ct_strategy.··-·0003bb10:·4e49·5354·2d38·3030·2d31·3731·2d33·2e33··NIST-800-171-3.3
0003bb20:·7270·6d5f·7665·7269·6679·5f68·6173·6865··rpm_verify_hashe0003bb20:·2e38·0a20·202d·204e·4953·542d·3830·302d··.8.··-·NIST-800-
0003bb30:·730a·0a2d·206e·616d·653a·2027·5365·7420··s..-·name:·'Set·0003bb30:·3137·312d·332e·342e·310a·2020·2d20·4e49··171-3.4.1.··-·NI
0003bb40:·6661·6374·3a20·5061·636b·6167·6520·6d61··fact:·Package·ma0003bb40:·5354·2d38·3030·2d35·332d·4155·2d39·2833··ST-800-53-AU-9(3
0003bb50:·6e61·6765·7220·7265·696e·7374·616c·6c20··nager·reinstall·0003bb50:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003bb60:·636f·6d6d·616e·6420·287a·7970·7065·7229··command·(zypper)0003bb60:·332d·434d·2d36·2863·290a·2020·2d20·4e49··3-CM-6(c).··-·NI
0003bb70:·270a·2020·7365·745f·6661·6374·3a0a·2020··'.··set_fact:.··0003bb70:·5354·2d38·3030·2d35·332d·434d·2d36·2864··ST-800-53-CM-6(d
0003bb80:·2020·7061·636b·6167·655f·6d61·6e61·6765····package_manage0003bb80:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003bb90:·725f·7265·696e·7374·616c·6c5f·636d·643a··r_reinstall_cmd:0003bb90:·332d·5349·2d37·0a20·202d·204e·4953·542d··3-SI-7.··-·NIST-
0003bba0:·207a·7970·7065·7220·696e·202d·6620·2d79···zypper·in·-f·-y0003bba0:·3830·302d·3533·2d53·492d·3728·3129·0a20··800-53-SI-7(1).·
0003bbb0:·0a20·2077·6865·6e3a·0a20·202d·206e·6f74··.··when:.··-·not0003bbb0:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S
0003bbc0:·2028·2022·6b65·726e·656c·2220·696e·2061···(·"kernel"·in·a0003bbc0:·492d·3728·3629·0a20·202d·2050·4349·2d44··I-7(6).··-·PCI-D
0003bbd0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003bbd0:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·
0003bbe0:·6b61·6765·7320·616e·6420·2272·706d·2d6f··kages·and·"rpm-o0003bbe0:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.2
0003bbf0:·7374·7265·6522·2069·6e20·616e·7369·626c··stree"·in·ansibl0003bbf0:·0a20·202d·2068·6967·685f·636f·6d70·6c65··.··-·high_comple
0003bc00:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003bc00:·7869·7479·0a20·202d·2068·6967·685f·7365··xity.··-·high_se
0003bc10:·0a20·2020·2061·6e64·2022·626f·6f74·6322··.····and·"bootc"0003bc10:·7665·7269·7479·0a20·202d·206d·6564·6975··verity.··-·mediu
0003bc20:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003bc20:·6d5f·6469·7372·7570·7469·6f6e·0a20·202d··m_disruption.··-
0003bc30:·732e·7061·636b·6167·6573·2061·6e64·206e··s.packages·and·n0003bc30:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede
0003bc40:·6f74·2022·6f70·656e·7368·6966·742d·6b75··ot·"openshift-ku0003bc40:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
0003bc50:·6265·6c65·7422·2069·6e20·616e·7369·626c··belet"·in·ansibl0003bc50:·7472·6174·6567·790a·2020·2d20·7270·6d5f··trategy.··-·rpm_
0003bc60:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003bc60:·7665·7269·6679·5f68·6173·6865·730a·0a2d··verify_hashes..-
0003bc70:·0a20·2020·2029·0a20·202d·2061·6e73·6962··.····).··-·ansib0003bc70:·206e·616d·653a·2027·5365·7420·6661·6374···name:·'Set·fact
0003bc80:·6c65·5f64·6973·7472·6962·7574·696f·6e20··le_distribution·0003bc80:·3a20·5061·636b·6167·6520·6d61·6e61·6765··:·Package·manage
Max diff block lines reached; 10353391/10408343 bytes (99.47%) of diff not shown.
978 KB
html2text {}
    
Offset 111, 14 lines modifiedOffset 111, 33 lines modified
111 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6111 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
112 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4112 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
113 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)113 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
114 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1114 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
116 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227116 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
117 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2117 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 119 #·Remediation·is·applicable·only·in·certain·platforms
 120 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 121 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 122 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 123 if·[·-n·"$files_with_incorrect_hash"·];·then
 124 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 125 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 126 ····dnf·reinstall·-y·$packages_to_reinstall
  
 127 fi
  
 128 else
 129 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 130 fi
118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
123 -·name:·Gather·the·package·facts136 -·name:·Gather·the·package·facts
124 ··package_facts:137 ··package_facts:
Offset 285, 33 lines modifiedOffset 304, 14 lines modified
285 ··-·PCI-DSSv4-11.5.2304 ··-·PCI-DSSv4-11.5.2
286 ··-·high_complexity305 ··-·high_complexity
287 ··-·high_severity306 ··-·high_severity
288 ··-·medium_disruption307 ··-·medium_disruption
289 ··-·no_reboot_needed308 ··-·no_reboot_needed
290 ··-·restrict_strategy309 ··-·restrict_strategy
291 ··-·rpm_verify_hashes310 ··-·rpm_verify_hashes
292 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
293 #·Remediation·is·applicable·only·in·certain·platforms 
294 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
295 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
296 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
297 if·[·-n·"$files_with_incorrect_hash"·];·then 
298 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
299 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
300 ····dnf·reinstall·-y·$packages_to_reinstall 
  
301 fi 
  
302 else 
303 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
304 fi 
305 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*311 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
306 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:312 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
307 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'313 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
308 run·the·following·command·to·determine·which·package·owns·it:314 run·the·following·command·to·determine·which·package·owns·it:
309 $·rpm·-qf·FILENAME315 $·rpm·-qf·FILENAME
310 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:316 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
311 $·sudo·rpm·--restore·PACKAGENAME317 $·sudo·rpm·--restore·PACKAGENAME
Offset 330, 14 lines modifiedOffset 330, 46 lines modified
330 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5330 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
331 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2331 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
332 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)332 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
333 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1333 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
334 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5334 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
335 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108335 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
336 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2336 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 337 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 338 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 339 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 340 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 341 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 342 #·Remediation·is·applicable·only·in·certain·platforms
 343 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 344 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 345 declare·-A·SETPERMS_RPM_DICT
  
 346 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 347 #·is·expected·by·the·RPM·database
 348 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 349 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 350 do
 351 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 352 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 353 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 354 done
  
 355 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 356 #·correct·values
 357 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 358 do
 359 ········rpm·--restore·"${RPM_PACKAGE}"
 360 done
  
 361 else
 362 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 363 fi
337 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8364 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
338 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high365 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
339 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium366 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
340 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false367 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
341 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict368 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
342 -·name:·Gather·the·package·facts369 -·name:·Gather·the·package·facts
343 ··package_facts:370 ··package_facts:
Offset 445, 46 lines modifiedOffset 477, 14 lines modified
445 ··-·PCI-DSSv4-11.5.2477 ··-·PCI-DSSv4-11.5.2
446 ··-·high_complexity478 ··-·high_complexity
447 ··-·high_severity479 ··-·high_severity
448 ··-·medium_disruption480 ··-·medium_disruption
449 ··-·no_reboot_needed481 ··-·no_reboot_needed
450 ··-·restrict_strategy482 ··-·restrict_strategy
451 ··-·rpm_verify_ownership483 ··-·rpm_verify_ownership
452 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
453 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
454 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
455 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
456 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 993400/1001111 bytes (99.23%) of diff not shown.
10.9 MB
./usr/share/doc/ssg-nondebian/ssg-ol10-guide-ism_o_top_secret.html
    
Offset 15180, 408 lines modifiedOffset 15180, 408 lines modified
0003b4b0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b4b0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b4c0:·3d22·2369·646d·3437·3632·2220·7461·6269··="#idm4762"·tabi0003b4c0:·3d22·2369·646d·3437·3632·2220·7461·6269··="#idm4762"·tabi
0003b4d0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b4d0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b4e0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b4e0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b4f0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b4f0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b500:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b500:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b510:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b510:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b520:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003b520:·223e·5265·6d65·6469·6174·696f·6e20·5368··">Remediation·Sh
0003b530:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..0003b530:·656c·6c20·7363·7269·7074·20e2·87b2·3c2f··ell·script·...</
0003b540:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl0003b540:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0003b550:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla0003b550:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0003b560:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id0003b560:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0003b570:·3d22·6964·6d34·3736·3222·3e3c·7461·626c··="idm4762"><tabl0003b570:·646d·3437·3632·223e·3c70·7265·3e3c·636f··dm4762"><pre><co
0003b580:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t0003b580:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
0003b590:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab0003b590:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
0003b5a0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl0003b5a0:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
0003b5b0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr0003b5b0:·6c61·7466·6f72·6d73·0a69·6620·2120·2820··latforms.if·!·(·
0003b5c0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:0003b5c0:·7b20·7270·6d20·2d2d·7175·6965·7420·2d71··{·rpm·--quiet·-q
0003b5d0:·3c2f·7468·3e3c·7464·3e68·6967·683c·2f74··</th><td>high</t0003b5d0:·206b·6572·6e65·6c20·3b7d·2026·616d·703b···kernel·;}·&amp;
0003b5e0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D0003b5e0:·2661·6d70·3b20·7b20·7270·6d20·2d2d·7175··&amp;·{·rpm·--qu
0003b5f0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><0003b5f0:·6965·7420·2d71·2072·706d·2d6f·7374·7265··iet·-q·rpm-ostre
0003b600:·7464·3e6d·6564·6975·6d3c·2f74·643e·3c2f··td>medium</td></0003b600:·6520·3b7d·2026·616d·703b·2661·6d70·3b20··e·;}·&amp;&amp;·
0003b610:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo0003b610:·7b20·7270·6d20·2d2d·7175·6965·7420·2d71··{·rpm·--quiet·-q
0003b620:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false0003b620:·2062·6f6f·7463·203b·7d20·2661·6d70·3b26···bootc·;}·&amp;&
0003b630:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003b630:·616d·703b·207b·2021·2072·706d·202d·2d71··amp;·{·!·rpm·--q
0003b640:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>0003b640:·7569·6574·202d·7120·6f70·656e·7368·6966··uiet·-q·openshif
0003b650:·3c74·643e·7265·7374·7269·6374·3c2f·7464··<td>restrict</td0003b650:·742d·6b75·6265·6c65·7420·3b7d·2029·3b20··t-kubelet·;}·);·
0003b660:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p0003b660:·7468·656e·0a0a·2320·4669·6e64·2077·6869··then..#·Find·whi
0003b670:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:0003b670:·6368·2066·696c·6573·2068·6176·6520·696e··ch·files·have·in
0003b680:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack0003b680:·636f·7272·6563·7420·6861·7368·2028·6e6f··correct·hash·(no
0003b690:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack0003b690:·7420·696e·202f·6574·632c·2062·6563·6175··t·in·/etc,·becau
0003b6a0:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m0003b6a0:·7365·206f·6620·7468·6520·7379·7374·656d··se·of·the·system
0003b6b0:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t0003b6b0:·2072·656c·6174·6564·2063·6f6e·6669·6720···related·config·
0003b6c0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.0003b6c0:·6669·6c65·7329·2061·6e64·2074·6865·6e20··files)·and·then·
0003b6d0:·3130·2e34·2e31·0a20·202d·204e·4953·542d··10.4.1.··-·NIST-0003b6d0:·6765·7420·6669·6c65·7320·6e61·6d65·730a··get·files·names.
0003b6e0:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··0003b6e0:·6669·6c65·735f·7769·7468·5f69·6e63·6f72··files_with_incor
0003b6f0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003b6f0:·7265·6374·5f68·6173·683d·2224·2872·706d··rect_hash="$(rpm
0003b700:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-800003b700:·202d·5661·202d·2d6e·6f63·6f6e·6669·6720···-Va·--noconfig·
0003b710:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-0003b710:·7c20·6772·6570·202d·4520·275e·2e2e·3527··|·grep·-E·'^..5'
0003b720:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-0003b720:·207c·2061·776b·2027·7b70·7269·6e74·2024···|·awk·'{print·$
0003b730:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-800003b730:·4e46·7d27·2029·220a·0a69·6620·5b20·2d6e··NF}'·)"..if·[·-n
0003b740:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-0003b740:·2022·2466·696c·6573·5f77·6974·685f·696e···"$files_with_in
0003b750:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003b750:·636f·7272·6563·745f·6861·7368·2220·5d3b··correct_hash"·];
0003b760:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-50003b760:·2074·6865·6e0a·2020·2020·2320·4672·6f6d···then.····#·From
0003b770:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI0003b770:·2066·696c·6573·206e·616d·6573·2067·6574···files·names·get
0003b780:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(60003b780:·2070·6163·6b61·6765·206e·616d·6573·2061···package·names·a
0003b790:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re0003b790:·6e64·2063·6861·6e67·6520·6e65·776c·696e··nd·change·newlin
0003b7a0:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D0003b7a0:·6520·746f·2073·7061·6365·2c20·6265·6361··e·to·space,·beca
0003b7b0:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·0003b7b0:·7573·6520·7270·6d20·7772·6974·6573·2065··use·rpm·writes·e
0003b7c0:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.0003b7c0:·6163·6820·7061·636b·6167·6520·746f·206e··ach·package·to·n
0003b7d0:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit0003b7d0:·6577·206c·696e·650a·2020·2020·7061·636b··ew·line.····pack
0003b7e0:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis0003b7e0:·6167·6573·5f74·6f5f·7265·696e·7374·616c··ages_to_reinstal
0003b7f0:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r0003b7f0:·6c3d·2224·2872·706d·202d·7166·2024·6669··l="$(rpm·-qf·$fi
0003b800:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-0003b800:·6c65·735f·7769·7468·5f69·6e63·6f72·7265··les_with_incorre
0003b810:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate0003b810:·6374·5f68·6173·6820·7c20·7472·2027·5c6e··ct_hash·|·tr·'\n
0003b820:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif0003b820:·2720·2720·2729·220a·0a20·2020·200a·2020··'·'·')"..····.··
0003b830:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name0003b830:·2020·646e·6620·7265·696e·7374·616c·6c20····dnf·reinstall·
0003b840:·3a20·2753·6574·2066·6163·743a·2050·6163··:·'Set·fact:·Pac0003b840:·2d79·2024·7061·636b·6167·6573·5f74·6f5f··-y·$packages_to_
0003b850:·6b61·6765·206d·616e·6167·6572·2072·6569··kage·manager·rei0003b850:·7265·696e·7374·616c·6c0a·2020·2020·0a66··reinstall.····.f
0003b860:·6e73·7461·6c6c·2063·6f6d·6d61·6e64·270a··nstall·command'.0003b860:·690a·0a65·6c73·650a·2020·2020·2667·743b··i..else.····&gt;
0003b870:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····0003b870:·2661·6d70·3b32·2065·6368·6f20·2752·656d··&amp;2·echo·'Rem
0003b880:·7061·636b·6167·655f·6d61·6e61·6765·725f··package_manager_0003b880:·6564·6961·7469·6f6e·2069·7320·6e6f·7420··ediation·is·not·
0003b890:·7265·696e·7374·616c·6c5f·636d·643a·2064··reinstall_cmd:·d0003b890:·6170·706c·6963·6162·6c65·2c20·6e6f·7468··applicable,·noth
0003b8a0:·6e66·2072·6569·6e73·7461·6c6c·202d·790a··nf·reinstall·-y.0003b8a0:·696e·6720·7761·7320·646f·6e65·270a·6669··ing·was·done'.fi
0003b8b0:·2020·7768·656e·3a0a·2020·2d20·6e6f·7420····when:.··-·not·0003b8b0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
0003b8c0:·2820·226b·6572·6e65·6c22·2069·6e20·616e··(·"kernel"·in·an0003b8c0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
0003b8d0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003b8d0:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
0003b8e0:·6167·6573·2061·6e64·2022·7270·6d2d·6f73··ages·and·"rpm-os0003b8e0:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
0003b8f0:·7472·6565·2220·696e·2061·6e73·6962·6c65··tree"·in·ansible0003b8f0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003b900:·5f66·6163·7473·2e70·6163·6b61·6765·730a··_facts.packages.0003b900:·743d·2223·6964·6d34·3736·3322·2074·6162··t="#idm4763"·tab
0003b910:·2020·2020·616e·6420·2262·6f6f·7463·2220······and·"bootc"·0003b910:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003b920:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003b920:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003b930:·2e70·6163·6b61·6765·7320·616e·6420·6e6f··.packages·and·no0003b930:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003b940:·7420·226f·7065·6e73·6869·6674·2d6b·7562··t·"openshift-kub0003b940:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003b950:·656c·6574·2220·696e·2061·6e73·6962·6c65··elet"·in·ansible0003b950:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003b960:·5f66·6163·7473·2e70·6163·6b61·6765·730a··_facts.packages.0003b960:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A
0003b970:·2020·2020·290a·2020·2d20·616e·7369·626c······).··-·ansibl0003b970:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·.
0003b980:·655f·6469·7374·7269·6275·7469·6f6e·2069··e_distribution·i0003b980:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
0003b990:·6e20·5b20·2246·6564·6f72·6122·2c20·2252··n·[·"Fedora",·"R0003b990:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0003b9a0:·6564·4861·7422·2c20·2243·656e·744f·5322··edHat",·"CentOS"0003b9a0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0003b9b0:·2c20·224f·7261·636c·654c·696e·7578·2220··,·"OracleLinux"·0003b9b0:·643d·2269·646d·3437·3633·223e·3c74·6162··d="idm4763"><tab
0003b9c0:·5d0a·2020·7461·6773·3a0a·2020·2d20·434a··].··tags:.··-·CJ0003b9c0:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
0003b9d0:·4953·2d35·2e31·302e·342e·310a·2020·2d20··IS-5.10.4.1.··-·0003b9d0:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
0003b9e0:·4e49·5354·2d38·3030·2d31·3731·2d33·2e33··NIST-800-171-3.30003b9e0:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
0003b9f0:·2e38·0a20·202d·204e·4953·542d·3830·302d··.8.··-·NIST-800-0003b9f0:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
0003ba00:·3137·312d·332e·342e·310a·2020·2d20·4e49··171-3.4.1.··-·NI0003ba00:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
0003ba10:·5354·2d38·3030·2d35·332d·4155·2d39·2833··ST-800-53-AU-9(30003ba10:·3a3c·2f74·683e·3c74·643e·6869·6768·3c2f··:</th><td>high</
0003ba20:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003ba20:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003ba30:·332d·434d·2d36·2863·290a·2020·2d20·4e49··3-CM-6(c).··-·NI0003ba30:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th>
0003ba40:·5354·2d38·3030·2d35·332d·434d·2d36·2864··ST-800-53-CM-6(d0003ba40:·3c74·643e·6d65·6469·756d·3c2f·7464·3e3c··<td>medium</td><
0003ba50:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003ba50:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo
0003ba60:·332d·5349·2d37·0a20·202d·204e·4953·542d··3-SI-7.··-·NIST-0003ba60:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals
0003ba70:·3830·302d·3533·2d53·492d·3728·3129·0a20··800-53-SI-7(1).·0003ba70:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><
0003ba80:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003ba80:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
0003ba90:·492d·3728·3629·0a20·202d·2050·4349·2d44··I-7(6).··-·PCI-D0003ba90:·3e3c·7464·3e72·6573·7472·6963·743c·2f74··><td>restrict</t
0003baa0:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·0003baa0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
0003bab0:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.20003bab0:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name
0003bac0:·0a20·202d·2068·6967·685f·636f·6d70·6c65··.··-·high_comple0003bac0:·3a20·4761·7468·6572·2074·6865·2070·6163··:·Gather·the·pac
0003bad0:·7869·7479·0a20·202d·2068·6967·685f·7365··xity.··-·high_se0003bad0:·6b61·6765·2066·6163·7473·0a20·2070·6163··kage·facts.··pac
0003bae0:·7665·7269·7479·0a20·202d·206d·6564·6975··verity.··-·mediu0003bae0:·6b61·6765·5f66·6163·7473·3a0a·2020·2020··kage_facts:.····
0003baf0:·6d5f·6469·7372·7570·7469·6f6e·0a20·202d··m_disruption.··-0003baf0:·6d61·6e61·6765·723a·2061·7574·6f0a·2020··manager:·auto.··
0003bb00:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede0003bb00:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5
0003bb10:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s0003bb10:·2e31·302e·342e·310a·2020·2d20·4e49·5354··.10.4.1.··-·NIST
0003bb20:·7472·6174·6567·790a·2020·2d20·7270·6d5f··trategy.··-·rpm_0003bb20:·2d38·3030·2d31·3731·2d33·2e33·2e38·0a20··-800-171-3.3.8.·
0003bb30:·7665·7269·6679·5f68·6173·6865·730a·0a2d··verify_hashes..-0003bb30:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
0003bb40:·206e·616d·653a·2027·5365·7420·6661·6374···name:·'Set·fact0003bb40:·332e·342e·310a·2020·2d20·4e49·5354·2d38··3.4.1.··-·NIST-8
0003bb50:·3a20·5061·636b·6167·6520·6d61·6e61·6765··:·Package·manage0003bb50:·3030·2d35·332d·4155·2d39·2833·290a·2020··00-53-AU-9(3).··
0003bb60:·7220·7265·696e·7374·616c·6c20·636f·6d6d··r·reinstall·comm0003bb60:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM
0003bb70:·616e·6420·287a·7970·7065·7229·270a·2020··and·(zypper)'.··0003bb70:·2d36·2863·290a·2020·2d20·4e49·5354·2d38··-6(c).··-·NIST-8
0003bb80:·7365·745f·6661·6374·3a0a·2020·2020·7061··set_fact:.····pa0003bb80:·3030·2d35·332d·434d·2d36·2864·290a·2020··00-53-CM-6(d).··
0003bb90:·636b·6167·655f·6d61·6e61·6765·725f·7265··ckage_manager_re0003bb90:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI
0003bba0:·696e·7374·616c·6c5f·636d·643a·207a·7970··install_cmd:·zyp0003bba0:·2d37·0a20·202d·204e·4953·542d·3830·302d··-7.··-·NIST-800-
0003bbb0:·7065·7220·696e·202d·6620·2d79·0a20·2077··per·in·-f·-y.··w0003bbb0:·3533·2d53·492d·3728·3129·0a20·202d·204e··53-SI-7(1).··-·N
0003bbc0:·6865·6e3a·0a20·202d·206e·6f74·2028·2022··hen:.··-·not·(·"0003bbc0:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(
0003bbd0:·6b65·726e·656c·2220·696e·2061·6e73·6962··kernel"·in·ansib0003bbd0:·3629·0a20·202d·2050·4349·2d44·5353·2d52··6).··-·PCI-DSS-R
0003bbe0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003bbe0:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI-
0003bbf0:·7320·616e·6420·2272·706d·2d6f·7374·7265··s·and·"rpm-ostre0003bbf0:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··-
0003bc00:·6522·2069·6e20·616e·7369·626c·655f·6661··e"·in·ansible_fa0003bc00:·2068·6967·685f·636f·6d70·6c65·7869·7479···high_complexity
0003bc10:·6374·732e·7061·636b·6167·6573·0a20·2020··cts.packages.···0003bc10:·0a20·202d·2068·6967·685f·7365·7665·7269··.··-·high_severi
0003bc20:·2061·6e64·2022·626f·6f74·6322·2069·6e20···and·"bootc"·in·0003bc20:·7479·0a20·202d·206d·6564·6975·6d5f·6469··ty.··-·medium_di
0003bc30:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003bc30:·7372·7570·7469·6f6e·0a20·202d·206e·6f5f··sruption.··-·no_
0003bc40:·636b·6167·6573·2061·6e64·206e·6f74·2022··ckages·and·not·"0003bc40:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.··
0003bc50:·6f70·656e·7368·6966·742d·6b75·6265·6c65··openshift-kubele0003bc50:·2d20·7265·7374·7269·6374·5f73·7472·6174··-·restrict_strat
0003bc60:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa0003bc60:·6567·790a·2020·2d20·7270·6d5f·7665·7269··egy.··-·rpm_veri
0003bc70:·6374·732e·7061·636b·6167·6573·0a20·2020··cts.packages.···0003bc70:·6679·5f68·6173·6865·730a·0a2d·206e·616d··fy_hashes..-·nam
0003bc80:·2029·0a20·202d·2061·6e73·6962·6c65·5f64···).··-·ansible_d0003bc80:·653a·2027·5365·7420·6661·6374·3a20·5061··e:·'Set·fact:·Pa
Max diff block lines reached; 10354771/10409723 bytes (99.47%) of diff not shown.
978 KB
html2text {}
    
Offset 111, 14 lines modifiedOffset 111, 33 lines modified
111 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6111 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
112 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4112 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
113 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)113 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
114 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1114 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
116 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227116 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
117 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2117 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 119 #·Remediation·is·applicable·only·in·certain·platforms
 120 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 121 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 122 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 123 if·[·-n·"$files_with_incorrect_hash"·];·then
 124 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 125 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 126 ····dnf·reinstall·-y·$packages_to_reinstall
  
 127 fi
  
 128 else
 129 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 130 fi
118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
123 -·name:·Gather·the·package·facts136 -·name:·Gather·the·package·facts
124 ··package_facts:137 ··package_facts:
Offset 285, 33 lines modifiedOffset 304, 14 lines modified
285 ··-·PCI-DSSv4-11.5.2304 ··-·PCI-DSSv4-11.5.2
286 ··-·high_complexity305 ··-·high_complexity
287 ··-·high_severity306 ··-·high_severity
288 ··-·medium_disruption307 ··-·medium_disruption
289 ··-·no_reboot_needed308 ··-·no_reboot_needed
290 ··-·restrict_strategy309 ··-·restrict_strategy
291 ··-·rpm_verify_hashes310 ··-·rpm_verify_hashes
292 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
293 #·Remediation·is·applicable·only·in·certain·platforms 
294 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
295 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
296 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
297 if·[·-n·"$files_with_incorrect_hash"·];·then 
298 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
299 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
300 ····dnf·reinstall·-y·$packages_to_reinstall 
  
301 fi 
  
302 else 
303 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
304 fi 
305 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*311 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
306 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:312 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
307 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'313 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
308 run·the·following·command·to·determine·which·package·owns·it:314 run·the·following·command·to·determine·which·package·owns·it:
309 $·rpm·-qf·FILENAME315 $·rpm·-qf·FILENAME
310 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:316 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
311 $·sudo·rpm·--restore·PACKAGENAME317 $·sudo·rpm·--restore·PACKAGENAME
Offset 330, 14 lines modifiedOffset 330, 46 lines modified
330 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5330 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
331 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2331 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
332 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)332 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
333 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1333 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
334 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5334 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
335 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108335 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
336 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2336 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 337 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 338 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 339 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 340 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 341 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 342 #·Remediation·is·applicable·only·in·certain·platforms
 343 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 344 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 345 declare·-A·SETPERMS_RPM_DICT
  
 346 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 347 #·is·expected·by·the·RPM·database
 348 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 349 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 350 do
 351 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 352 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 353 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 354 done
  
 355 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 356 #·correct·values
 357 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 358 do
 359 ········rpm·--restore·"${RPM_PACKAGE}"
 360 done
  
 361 else
 362 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 363 fi
337 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8364 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
338 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high365 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
339 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium366 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
340 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false367 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
341 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict368 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
342 -·name:·Gather·the·package·facts369 -·name:·Gather·the·package·facts
343 ··package_facts:370 ··package_facts:
Offset 445, 46 lines modifiedOffset 477, 14 lines modified
445 ··-·PCI-DSSv4-11.5.2477 ··-·PCI-DSSv4-11.5.2
446 ··-·high_complexity478 ··-·high_complexity
447 ··-·high_severity479 ··-·high_severity
448 ··-·medium_disruption480 ··-·medium_disruption
449 ··-·no_reboot_needed481 ··-·no_reboot_needed
450 ··-·restrict_strategy482 ··-·restrict_strategy
451 ··-·rpm_verify_ownership483 ··-·rpm_verify_ownership
452 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
453 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
454 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
455 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
456 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 993400/1001111 bytes (99.23%) of diff not shown.
16.9 MB
./usr/share/doc/ssg-nondebian/ssg-ol10-guide-pci-dss.html
    
Offset 15168, 408 lines modifiedOffset 15168, 408 lines modified
0003b3f0:·2d74·6172·6765·743d·2223·6964·6d34·3736··-target="#idm4760003b3f0:·2d74·6172·6765·743d·2223·6964·6d34·3736··-target="#idm476
0003b400:·3222·2074·6162·696e·6465·783d·2230·2220··2"·tabindex="0"·0003b400:·3222·2074·6162·696e·6465·783d·2230·2220··2"·tabindex="0"·
0003b410:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003b410:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003b420:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003b420:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003b430:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003b430:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003b440:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003b440:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b450:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003b450:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003b460:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni0003b460:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
0003b470:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003b470:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003b480:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003b480:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003b490:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003b490:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003b4a0:·7073·6522·2069·643d·2269·646d·3437·3632··pse"·id="idm47620003b4a0:·2220·6964·3d22·6964·6d34·3736·3222·3e3c··"·id="idm4762"><
0003b4b0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="0003b4b0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
0003b4c0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri0003b4c0:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
0003b4d0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border0003b4d0:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
0003b4e0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens0003b4e0:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
0003b4f0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp0003b4f0:·6966·2021·2028·207b·2072·706d·202d·2d71··if·!·(·{·rpm·--q
0003b500:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>0003b500:·7569·6574·202d·7120·6b65·726e·656c·203b··uiet·-q·kernel·;
0003b510:·6869·6768·3c2f·7464·3e3c·2f74·723e·3c74··high</td></tr><t0003b510:·7d20·2661·6d70·3b26·616d·703b·207b·2072··}·&amp;&amp;·{·r
0003b520:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption0003b520:·706d·202d·2d71·7569·6574·202d·7120·7270··pm·--quiet·-q·rp
0003b530:·3a3c·2f74·683e·3c74·643e·6d65·6469·756d··:</th><td>medium0003b530:·6d2d·6f73·7472·6565·203b·7d20·2661·6d70··m-ostree·;}·&amp
0003b540:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003b540:·3b26·616d·703b·207b·2072·706d·202d·2d71··;&amp;·{·rpm·--q
0003b550:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t0003b550:·7569·6574·202d·7120·626f·6f74·6320·3b7d··uiet·-q·bootc·;}
0003b560:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr0003b560:·2026·616d·703b·2661·6d70·3b20·7b20·2120···&amp;&amp;·{·!·
0003b570:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg0003b570:·7270·6d20·2d2d·7175·6965·7420·2d71·206f··rpm·--quiet·-q·o
0003b580:·793a·3c2f·7468·3e3c·7464·3e72·6573·7472··y:</th><td>restr0003b580:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet
0003b590:·6963·743c·2f74·643e·3c2f·7472·3e3c·2f74··ict</td></tr></t0003b590:·203b·7d20·293b·2074·6865·6e0a·0a23·2046···;}·);·then..#·F
0003b5a0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>0003b5a0:·696e·6420·7768·6963·6820·6669·6c65·7320··ind·which·files·
0003b5b0:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t0003b5b0:·6861·7665·2069·6e63·6f72·7265·6374·2068··have·incorrect·h
0003b5c0:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts0003b5c0:·6173·6820·286e·6f74·2069·6e20·2f65·7463··ash·(not·in·/etc
0003b5d0:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts0003b5d0:·2c20·6265·6361·7573·6520·6f66·2074·6865··,·because·of·the
0003b5e0:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a0003b5e0:·2073·7973·7465·6d20·7265·6c61·7465·6420···system·related·
0003b5f0:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-·0003b5f0:·636f·6e66·6967·2066·696c·6573·2920·616e··config·files)·an
0003b600:·434a·4953·2d35·2e31·302e·342e·310a·2020··CJIS-5.10.4.1.··0003b600:·6420·7468·656e·2067·6574·2066·696c·6573··d·then·get·files
0003b610:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003b610:·206e·616d·6573·0a66·696c·6573·5f77·6974···names.files_wit
0003b620:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-800003b620:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003b630:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·0003b630:·3d22·2428·7270·6d20·2d56·6120·2d2d·6e6f··="$(rpm·-Va·--no
0003b640:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-90003b640:·636f·6e66·6967·207c·2067·7265·7020·2d45··config·|·grep·-E
0003b650:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-8000003b650:·2027·5e2e·2e35·2720·7c20·6177·6b20·277b···'^..5'·|·awk·'{
0003b660:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·0003b660:·7072·696e·7420·244e·467d·2720·2922·0a0a··print·$NF}'·)"..
0003b670:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003b670:·6966·205b·202d·6e20·2224·6669·6c65·735f··if·[·-n·"$files_
0003b680:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-8000003b680:·7769·7468·5f69·6e63·6f72·7265·6374·5f68··with_incorrect_h
0003b690:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS0003b690:·6173·6822·205d·3b20·7468·656e·0a20·2020··ash"·];·then.···
0003b6a0:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)0003b6a0:·2023·2046·726f·6d20·6669·6c65·7320·6e61···#·From·files·na
0003b6b0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b6b0:·6d65·7320·6765·7420·7061·636b·6167·6520··mes·get·package·
0003b6c0:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI0003b6c0:·6e61·6d65·7320·616e·6420·6368·616e·6765··names·and·change
0003b6d0:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··0003b6d0:·206e·6577·6c69·6e65·2074·6f20·7370·6163···newline·to·spac
0003b6e0:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.50003b6e0:·652c·2062·6563·6175·7365·2072·706d·2077··e,·because·rpm·w
0003b6f0:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp0003b6f0:·7269·7465·7320·6561·6368·2070·6163·6b61··rites·each·packa
0003b700:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_0003b700:·6765·2074·6f20·6e65·7720·6c69·6e65·0a20··ge·to·new·line.·
0003b710:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med0003b710:·2020·2070·6163·6b61·6765·735f·746f·5f72·····packages_to_r
0003b720:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·0003b720:·6569·6e73·7461·6c6c·3d22·2428·7270·6d20··einstall="$(rpm·
0003b730:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee0003b730:·2d71·6620·2466·696c·6573·5f77·6974·685f··-qf·$files_with_
0003b740:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict0003b740:·696e·636f·7272·6563·745f·6861·7368·207c··incorrect_hash·|
0003b750:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp0003b750:·2074·7220·275c·6e27·2027·2027·2922·0a0a···tr·'\n'·'·')"..
0003b760:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.0003b760:·2020·2020·0a20·2020·2064·6e66·2072·6569······.····dnf·rei
0003b770:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa0003b770:·6e73·7461·6c6c·202d·7920·2470·6163·6b61··nstall·-y·$packa
0003b780:·6374·3a20·5061·636b·6167·6520·6d61·6e61··ct:·Package·mana0003b780:·6765·735f·746f·5f72·6569·6e73·7461·6c6c··ges_to_reinstall
0003b790:·6765·7220·7265·696e·7374·616c·6c20·636f··ger·reinstall·co0003b790:·0a20·2020·200a·6669·0a0a·656c·7365·0a20··.····.fi..else.·
0003b7a0:·6d6d·616e·6427·0a20·2073·6574·5f66·6163··mmand'.··set_fac0003b7a0:·2020·2026·6774·3b26·616d·703b·3220·6563·····&gt;&amp;2·ec
0003b7b0:·743a·0a20·2020·2070·6163·6b61·6765·5f6d··t:.····package_m0003b7b0:·686f·2027·5265·6d65·6469·6174·696f·6e20··ho·'Remediation·
0003b7c0:·616e·6167·6572·5f72·6569·6e73·7461·6c6c··anager_reinstall0003b7c0:·6973·206e·6f74·2061·7070·6c69·6361·626c··is·not·applicabl
0003b7d0:·5f63·6d64·3a20·646e·6620·7265·696e·7374··_cmd:·dnf·reinst0003b7d0:·652c·206e·6f74·6869·6e67·2077·6173·2064··e,·nothing·was·d
0003b7e0:·616c·6c20·2d79·0a20·2077·6865·6e3a·0a20··all·-y.··when:.·0003b7e0:·6f6e·6527·0a66·690a·3c2f·636f·6465·3e3c··one'.fi.</code><
0003b7f0:·202d·206e·6f74·2028·2022·6b65·726e·656c···-·not·(·"kernel0003b7f0:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl
0003b800:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b800:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc
0003b810:·7473·2e70·6163·6b61·6765·7320·616e·6420··ts.packages·and·0003b810:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl
0003b820:·2272·706d·2d6f·7374·7265·6522·2069·6e20··"rpm-ostree"·in·0003b820:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat
0003b830:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003b830:·612d·7461·7267·6574·3d22·2369·646d·3437··a-target="#idm47
0003b840:·636b·6167·6573·0a20·2020·2061·6e64·2022··ckages.····and·"0003b840:·3633·2220·7461·6269·6e64·6578·3d22·3022··63"·tabindex="0"
0003b850:·626f·6f74·6322·2069·6e20·616e·7369·626c··bootc"·in·ansibl0003b850:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003b860:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003b860:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003b870:·2061·6e64·206e·6f74·2022·6f70·656e·7368···and·not·"opensh0003b870:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003b880:·6966·742d·6b75·6265·6c65·7422·2069·6e20··ift-kubelet"·in·0003b880:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003b890:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003b890:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
0003b8a0:·636b·6167·6573·0a20·2020·2029·0a20·202d··ckages.····).··-0003b8a0:·6174·696f·6e20·416e·7369·626c·6520·736e··ation·Ansible·sn
0003b8b0:·2061·6e73·6962·6c65·5f64·6973·7472·6962···ansible_distrib0003b8b0:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br
0003b8c0:·7574·696f·6e20·696e·205b·2022·4665·646f··ution·in·[·"Fedo0003b8c0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003b8d0:·7261·222c·2022·5265·6448·6174·222c·2022··ra",·"RedHat",·"0003b8d0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003b8e0:·4365·6e74·4f53·222c·2022·4f72·6163·6c65··CentOS",·"Oracle0003b8e0:·6170·7365·2220·6964·3d22·6964·6d34·3736··apse"·id="idm476
0003b8f0:·4c69·6e75·7822·205d·0a20·2074·6167·733a··Linux"·].··tags:0003b8f0:·3322·3e3c·7461·626c·6520·636c·6173·733d··3"><table·class=
0003b900:·0a20·202d·2043·4a49·532d·352e·3130·2e34··.··-·CJIS-5.10.40003b900:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
0003b910:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-0003b910:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
0003b920:·3137·312d·332e·332e·380a·2020·2d20·4e49··171-3.3.8.··-·NI0003b920:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
0003b930:·5354·2d38·3030·2d31·3731·2d33·2e34·2e31··ST-800-171-3.4.10003b930:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
0003b940:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b940:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
0003b950:·2d41·552d·3928·3329·0a20·202d·204e·4953··-AU-9(3).··-·NIS0003b950:·3e68·6967·683c·2f74·643e·3c2f·7472·3e3c··>high</td></tr><
0003b960:·542d·3830·302d·3533·2d43·4d2d·3628·6329··T-800-53-CM-6(c)0003b960:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio
0003b970:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b970:·6e3a·3c2f·7468·3e3c·7464·3e6d·6564·6975··n:</th><td>mediu
0003b980:·2d43·4d2d·3628·6429·0a20·202d·204e·4953··-CM-6(d).··-·NIS0003b980:·6d3c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··m</td></tr><tr><
0003b990:·542d·3830·302d·3533·2d53·492d·370a·2020··T-800-53-SI-7.··0003b990:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
0003b9a0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003b9a0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
0003b9b0:·2d37·2831·290a·2020·2d20·4e49·5354·2d38··-7(1).··-·NIST-80003b9b0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
0003b9c0:·3030·2d35·332d·5349·2d37·2836·290a·2020··00-53-SI-7(6).··0003b9c0:·6779·3a3c·2f74·683e·3c74·643e·7265·7374··gy:</th><td>rest
0003b9d0:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-110003b9d0:·7269·6374·3c2f·7464·3e3c·2f74·723e·3c2f··rict</td></tr></
0003b9e0:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv40003b9e0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
0003b9f0:·2d31·312e·352e·320a·2020·2d20·6869·6768··-11.5.2.··-·high0003b9f0:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather·
0003ba00:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·0003ba00:·7468·6520·7061·636b·6167·6520·6661·6374··the·package·fact
0003ba10:·6869·6768·5f73·6576·6572·6974·790a·2020··high_severity.··0003ba10:·730a·2020·7061·636b·6167·655f·6661·6374··s.··package_fact
0003ba20:·2d20·6d65·6469·756d·5f64·6973·7275·7074··-·medium_disrupt0003ba20:·733a·0a20·2020·206d·616e·6167·6572·3a20··s:.····manager:·
0003ba30:·696f·6e0a·2020·2d20·6e6f·5f72·6562·6f6f··ion.··-·no_reboo0003ba30:·6175·746f·0a20·2074·6167·733a·0a20·202d··auto.··tags:.··-
0003ba40:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res0003ba40:·2043·4a49·532d·352e·3130·2e34·2e31·0a20···CJIS-5.10.4.1.·
0003ba50:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.·0003ba50:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
0003ba60:·202d·2072·706d·5f76·6572·6966·795f·6861···-·rpm_verify_ha0003ba60:·332e·332e·380a·2020·2d20·4e49·5354·2d38··3.3.8.··-·NIST-8
0003ba70:·7368·6573·0a0a·2d20·6e61·6d65·3a20·2753··shes..-·name:·'S0003ba70:·3030·2d31·3731·2d33·2e34·2e31·0a20·202d··00-171-3.4.1.··-
0003ba80:·6574·2066·6163·743a·2050·6163·6b61·6765··et·fact:·Package0003ba80:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-
0003ba90:·206d·616e·6167·6572·2072·6569·6e73·7461···manager·reinsta0003ba90:·3928·3329·0a20·202d·204e·4953·542d·3830··9(3).··-·NIST-80
0003baa0:·6c6c·2063·6f6d·6d61·6e64·2028·7a79·7070··ll·command·(zypp0003baa0:·302d·3533·2d43·4d2d·3628·6329·0a20·202d··0-53-CM-6(c).··-
0003bab0:·6572·2927·0a20·2073·6574·5f66·6163·743a··er)'.··set_fact:0003bab0:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
0003bac0:·0a20·2020·2070·6163·6b61·6765·5f6d·616e··.····package_man0003bac0:·3628·6429·0a20·202d·204e·4953·542d·3830··6(d).··-·NIST-80
0003bad0:·6167·6572·5f72·6569·6e73·7461·6c6c·5f63··ager_reinstall_c0003bad0:·302d·3533·2d53·492d·370a·2020·2d20·4e49··0-53-SI-7.··-·NI
0003bae0:·6d64·3a20·7a79·7070·6572·2069·6e20·2d66··md:·zypper·in·-f0003bae0:·5354·2d38·3030·2d35·332d·5349·2d37·2831··ST-800-53-SI-7(1
0003baf0:·202d·790a·2020·7768·656e·3a0a·2020·2d20···-y.··when:.··-·0003baf0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003bb00:·6e6f·7420·2820·226b·6572·6e65·6c22·2069··not·(·"kernel"·i0003bb00:·332d·5349·2d37·2836·290a·2020·2d20·5043··3-SI-7(6).··-·PC
0003bb10:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003bb10:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.·
0003bb20:·7061·636b·6167·6573·2061·6e64·2022·7270··packages·and·"rp0003bb20:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11.
0003bb30:·6d2d·6f73·7472·6565·2220·696e·2061·6e73··m-ostree"·in·ans0003bb30:·352e·320a·2020·2d20·6869·6768·5f63·6f6d··5.2.··-·high_com
0003bb40:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003bb40:·706c·6578·6974·790a·2020·2d20·6869·6768··plexity.··-·high
0003bb50:·6765·730a·2020·2020·616e·6420·2262·6f6f··ges.····and·"boo0003bb50:·5f73·6576·6572·6974·790a·2020·2d20·6d65··_severity.··-·me
0003bb60:·7463·2220·696e·2061·6e73·6962·6c65·5f66··tc"·in·ansible_f0003bb60:·6469·756d·5f64·6973·7275·7074·696f·6e0a··dium_disruption.
0003bb70:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003bb70:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne
0003bb80:·6420·6e6f·7420·226f·7065·6e73·6869·6674··d·not·"openshift0003bb80:·6564·6564·0a20·202d·2072·6573·7472·6963··eded.··-·restric
0003bb90:·2d6b·7562·656c·6574·2220·696e·2061·6e73··-kubelet"·in·ans0003bb90:·745f·7374·7261·7465·6779·0a20·202d·2072··t_strategy.··-·r
0003bba0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003bba0:·706d·5f76·6572·6966·795f·6861·7368·6573··pm_verify_hashes
0003bbb0:·6765·730a·2020·2020·290a·2020·2d20·616e··ges.····).··-·an0003bbb0:·0a0a·2d20·6e61·6d65·3a20·2753·6574·2066··..-·name:·'Set·f
0003bbc0:·7369·626c·655f·6469·7374·7269·6275·7469··sible_distributi0003bbc0:·6163·743a·2050·6163·6b61·6765·206d·616e··act:·Package·man
Max diff block lines reached; 16114554/16169506 bytes (99.66%) of diff not shown.
1.48 MB
html2text {}
    
Offset 108, 14 lines modifiedOffset 108, 33 lines modified
108 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6108 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
109 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4109 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
110 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)110 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
111 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1111 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
112 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5112 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
113 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227113 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
114 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2114 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 115 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 116 #·Remediation·is·applicable·only·in·certain·platforms
 117 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 118 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 119 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 120 if·[·-n·"$files_with_incorrect_hash"·];·then
 121 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 122 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 123 ····dnf·reinstall·-y·$packages_to_reinstall
  
 124 fi
  
 125 else
 126 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 127 fi
115 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8128 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
116 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high129 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
117 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium130 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
118 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false131 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
119 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict132 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
120 -·name:·Gather·the·package·facts133 -·name:·Gather·the·package·facts
121 ··package_facts:134 ··package_facts:
Offset 282, 33 lines modifiedOffset 301, 14 lines modified
282 ··-·PCI-DSSv4-11.5.2301 ··-·PCI-DSSv4-11.5.2
283 ··-·high_complexity302 ··-·high_complexity
284 ··-·high_severity303 ··-·high_severity
285 ··-·medium_disruption304 ··-·medium_disruption
286 ··-·no_reboot_needed305 ··-·no_reboot_needed
287 ··-·restrict_strategy306 ··-·restrict_strategy
288 ··-·rpm_verify_hashes307 ··-·rpm_verify_hashes
289 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
290 #·Remediation·is·applicable·only·in·certain·platforms 
291 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
292 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
293 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
294 if·[·-n·"$files_with_incorrect_hash"·];·then 
295 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
296 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
297 ····dnf·reinstall·-y·$packages_to_reinstall 
  
298 fi 
  
299 else 
300 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
301 fi 
302 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*308 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
303 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:309 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
304 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'310 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
305 run·the·following·command·to·determine·which·package·owns·it:311 run·the·following·command·to·determine·which·package·owns·it:
306 $·rpm·-qf·FILENAME312 $·rpm·-qf·FILENAME
307 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:313 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
308 $·sudo·rpm·--restore·PACKAGENAME314 $·sudo·rpm·--restore·PACKAGENAME
Offset 327, 14 lines modifiedOffset 327, 46 lines modified
327 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5327 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
328 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2328 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
329 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)329 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
330 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1330 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
331 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5331 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
332 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108332 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
333 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2333 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 334 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 335 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 336 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 337 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 338 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 339 #·Remediation·is·applicable·only·in·certain·platforms
 340 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 341 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 342 declare·-A·SETPERMS_RPM_DICT
  
 343 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 344 #·is·expected·by·the·RPM·database
 345 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 346 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 347 do
 348 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 349 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 350 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 351 done
  
 352 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 353 #·correct·values
 354 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 355 do
 356 ········rpm·--restore·"${RPM_PACKAGE}"
 357 done
  
 358 else
 359 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 360 fi
334 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8361 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
335 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high362 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
336 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium363 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
337 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false364 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
338 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict365 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
339 -·name:·Gather·the·package·facts366 -·name:·Gather·the·package·facts
340 ··package_facts:367 ··package_facts:
Offset 442, 46 lines modifiedOffset 474, 14 lines modified
442 ··-·PCI-DSSv4-11.5.2474 ··-·PCI-DSSv4-11.5.2
443 ··-·high_complexity475 ··-·high_complexity
444 ··-·high_severity476 ··-·high_severity
445 ··-·medium_disruption477 ··-·medium_disruption
446 ··-·no_reboot_needed478 ··-·no_reboot_needed
447 ··-·restrict_strategy479 ··-·restrict_strategy
448 ··-·rpm_verify_ownership480 ··-·rpm_verify_ownership
449 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
450 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
451 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
452 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
453 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 1548861/1556572 bytes (99.50%) of diff not shown.
34.0 MB
./usr/share/doc/ssg-nondebian/ssg-ol10-guide-stig.html
    
Offset 15070, 218 lines modifiedOffset 15070, 218 lines modified
0003add0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003add0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003ade0:·2223·6964·6d35·3039·3722·2074·6162·696e··"#idm5097"·tabin0003ade0:·2223·6964·6d35·3039·3722·2074·6162·696e··"#idm5097"·tabin
0003adf0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003adf0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003ae00:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003ae00:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003ae10:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003ae10:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003ae20:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003ae20:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003ae30:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003ae30:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003ae40:·3e52·656d·6564·6961·7469·6f6e·2041·6e61··>Remediation·Ana0003ae40:·3e52·656d·6564·6961·7469·6f6e·2050·7570··>Remediation·Pup
0003ae50:·636f·6e64·6120·736e·6970·7065·7420·e287··conda·snippet·..0003ae50:·7065·7420·736e·6970·7065·7420·e287·b23c··pet·snippet·...<
0003ae60:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl0003ae60:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
0003ae70:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla0003ae70:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
0003ae80:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id0003ae80:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
0003ae90:·3d22·6964·6d35·3039·3722·3e3c·7461·626c··="idm5097"><tabl0003ae90:·6964·6d35·3039·3722·3e3c·7461·626c·6520··idm5097"><table·
0003aea0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t0003aea0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
0003aeb0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab0003aeb0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
0003aec0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl0003aec0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
0003aed0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr0003aed0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
0003aee0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:0003aee0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
0003aef0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td0003aef0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
0003af00:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di0003af00:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
0003af10:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003af10:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
0003af20:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><0003af20:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
0003af30:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</0003af30:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
0003af40:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td0003af40:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
0003af50:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St0003af50:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
0003af60:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>0003af60:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
0003af70:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr>0003af70:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
0003af80:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co0003af80:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
0003af90:·6465·3e0a·7061·636b·6167·6520·2d2d·6164··de>.package·--ad 
0003afa0:·643d·6169·6465·0a3c·2f63·6f64·653e·3c2f··d=aide.</code></ 
0003afb0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003afc0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003afd0:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003afe0:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003aff0:·2d74·6172·6765·743d·2223·6964·6d35·3039··-target="#idm509 
0003b000:·3822·2074·6162·696e·6465·783d·2230·2220··8"·tabindex="0"· 
0003b010:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003b020:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003b030:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003b040:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003b050:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003b060:·7469·6f6e·2050·7570·7065·7420·736e·6970··tion·Puppet·snip 
0003b070:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003b080:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003b090:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003b0a0:·7365·2220·6964·3d22·6964·6d35·3039·3822··se"·id="idm5098" 
0003b0b0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t 
0003b0c0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip 
0003b0d0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere 
0003b0e0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003b0f0:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl 
0003b100:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l 
0003b110:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b120:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<0003af90:·3e69·6e63·6c75·6465·2069·6e73·7461·6c6c··>include·install
 0003afa0:·5f61·6964·650a·0a63·6c61·7373·2069·6e73··_aide..class·ins
 0003afb0:·7461·6c6c·5f61·6964·6520·7b0a·2020·7061··tall_aide·{.··pa
 0003afc0:·636b·6167·6520·7b20·2761·6964·6527·3a0a··ckage·{·'aide':.
 0003afd0:·2020·2020·656e·7375·7265·203d·2667·743b······ensure·=&gt;
 0003afe0:·2027·696e·7374·616c·6c65·6427·2c0a·2020···'installed',.··
 0003aff0:·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70·7265··}.}.</code></pre
 0003b000:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class=
 0003b010:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success
 0003b020:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c
 0003b030:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta
 0003b040:·7267·6574·3d22·2369·646d·3530·3938·2220··rget="#idm5098"·
 0003b050:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
 0003b060:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
 0003b070:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
 0003b080:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
 0003b090:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
 0003b0a0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
 0003b0b0:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
 0003b0c0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
 0003b0d0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
 0003b0e0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
 0003b0f0:·643d·2269·646d·3530·3938·223e·3c74·6162··d="idm5098"><tab
 0003b100:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 0003b110:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 0003b120:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 0003b130:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 0003b140:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
0003b130:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>0003b150:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003b160:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003b170:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
 0003b180:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003b190:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003b1a0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
0003b140:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb0003b1b0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
0003b150:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal 
0003b160:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr> 
0003b170:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t 
0003b180:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td 
0003b190:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p 
0003b1a0:·7265·3e3c·636f·6465·3e69·6e63·6c75·6465··re><code>include 
0003b1b0:·2069·6e73·7461·6c6c·5f61·6964·650a·0a63···install_aide..c 
0003b1c0:·6c61·7373·2069·6e73·7461·6c6c·5f61·6964··lass·install_aid 
0003b1d0:·6520·7b0a·2020·7061·636b·6167·6520·7b20··e·{.··package·{· 
0003b1e0:·2761·6964·6527·3a0a·2020·2020·656e·7375··'aide':.····ensu 
0003b1f0:·7265·203d·2667·743b·2027·696e·7374·616c··re·=&gt;·'instal 
0003b200:·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f·636f··led',.··}.}.</co 
0003b210:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003b220:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003b230:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003b240:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"0003b1c0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003b1d0:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr
 0003b1e0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
 0003b1f0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
 0003b200:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
 0003b210:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
 0003b220:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm
 0003b230:·202d·2d71·7569·6574·202d·7120·6b65·726e···--quiet·-q·kern
 0003b240:·656c·207c·7c20·7270·6d20·2d2d·7175·6965··el·||·rpm·--quie
 0003b250:·7420·2d71·206b·6572·6e65·6c2d·7565·6b3b··t·-q·kernel-uek;
 0003b260:·2074·6865·6e0a·0a69·6620·2120·7270·6d20···then..if·!·rpm·
 0003b270:·2d71·202d·2d71·7569·6574·2022·6169·6465··-q·--quiet·"aide
 0003b280:·2220·3b20·7468·656e·0a20·2020·2064·6e66··"·;·then.····dnf
 0003b290:·2069·6e73·7461·6c6c·202d·7920·2261·6964···install·-y·"aid
 0003b2a0:·6522·0a66·690a·0a65·6c73·650a·2020·2020··e".fi..else.····
 0003b2b0:·2667·743b·2661·6d70·3b32·2065·6368·6f20··&gt;&amp;2·echo·
 0003b2c0:·2752·656d·6564·6961·7469·6f6e·2069·7320··'Remediation·is·
 0003b2d0:·6e6f·7420·6170·706c·6963·6162·6c65·2c20··not·applicable,·
 0003b2e0:·6e6f·7468·696e·6720·7761·7320·646f·6e65··nothing·was·done
 0003b2f0:·270a·6669·0a3c·2f63·6f64·653e·3c2f·7072··'.fi.</code></pr
 0003b300:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class
 0003b310:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes
0003b250:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003b320:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="
0003b260:·646d·3530·3939·2220·7461·6269·6e64·6578··dm5099"·tabindex 
Max diff block lines reached; 32950965/32979697 bytes (99.91%) of diff not shown.
2.6 MB
html2text {}
Max HTML report size reached
34.0 MB
./usr/share/doc/ssg-nondebian/ssg-ol10-guide-stig_gui.html
    
Offset 15065, 218 lines modifiedOffset 15065, 218 lines modified
0003ad80:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003ad80:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003ad90:·3d22·2369·646d·3530·3937·2220·7461·6269··="#idm5097"·tabi0003ad90:·3d22·2369·646d·3530·3937·2220·7461·6269··="#idm5097"·tabi
0003ada0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003ada0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003adb0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003adb0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003adc0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003adc0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003add0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003add0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003ade0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003ade0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003adf0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003adf0:·223e·5265·6d65·6469·6174·696f·6e20·5075··">Remediation·Pu
0003ae00:·6163·6f6e·6461·2073·6e69·7070·6574·20e2··aconda·snippet·.0003ae00:·7070·6574·2073·6e69·7070·6574·20e2·87b2··ppet·snippet·...
0003ae10:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c0003ae10:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003ae20:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll0003ae20:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003ae30:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i0003ae30:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003ae40:·643d·2269·646d·3530·3937·223e·3c74·6162··d="idm5097"><tab0003ae40:·2269·646d·3530·3937·223e·3c74·6162·6c65··"idm5097"><table
0003ae50:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·0003ae50:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
0003ae60:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta0003ae60:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
0003ae70:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab0003ae70:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
0003ae80:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t0003ae80:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
0003ae90:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity0003ae90:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
0003aea0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t0003aea0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
0003aeb0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D0003aeb0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
0003aec0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><0003aec0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
0003aed0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>0003aed0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
0003aee0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<0003aee0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
0003aef0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t0003aef0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
0003af00:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S0003af00:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
0003af10:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td0003af10:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e
0003af20:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr0003af20:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><
0003af30:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c0003af30:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
0003af40:·6f64·653e·0a70·6163·6b61·6765·202d·2d61··ode>.package·--a 
0003af50:·6464·3d61·6964·650a·3c2f·636f·6465·3e3c··dd=aide.</code>< 
0003af60:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003af70:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003af80:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003af90:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003afa0:·612d·7461·7267·6574·3d22·2369·646d·3530··a-target="#idm50 
0003afb0:·3938·2220·7461·6269·6e64·6578·3d22·3022··98"·tabindex="0" 
0003afc0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003afd0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003afe0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003aff0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003b000:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi 
0003b010:·6174·696f·6e20·5075·7070·6574·2073·6e69··ation·Puppet·sni 
0003b020:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b030:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b040:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b050:·7073·6522·2069·643d·2269·646d·3530·3938··pse"·id="idm5098 
0003b060:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003b070:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003b080:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003b090:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003b0a0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003b0b0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003b0c0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b0d0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:0003af40:·653e·696e·636c·7564·6520·696e·7374·616c··e>include·instal
 0003af50:·6c5f·6169·6465·0a0a·636c·6173·7320·696e··l_aide..class·in
 0003af60:·7374·616c·6c5f·6169·6465·207b·0a20·2070··stall_aide·{.··p
 0003af70:·6163·6b61·6765·207b·2027·6169·6465·273a··ackage·{·'aide':
 0003af80:·0a20·2020·2065·6e73·7572·6520·3d26·6774··.····ensure·=&gt
 0003af90:·3b20·2769·6e73·7461·6c6c·6564·272c·0a20··;·'installed',.·
 0003afa0:·207d·0a7d·0a3c·2f63·6f64·653e·3c2f·7072···}.}.</code></pr
 0003afb0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class
 0003afc0:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes
 0003afd0:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="
 0003afe0:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t
 0003aff0:·6172·6765·743d·2223·6964·6d35·3039·3822··arget="#idm5098"
 0003b000:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
 0003b010:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
 0003b020:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
 0003b030:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
 0003b040:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
 0003b050:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
 0003b060:·6f6e·2053·6865·6c6c·2073·6372·6970·7420··on·Shell·script·
 0003b070:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
 0003b080:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
 0003b090:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
 0003b0a0:·6964·3d22·6964·6d35·3039·3822·3e3c·7461··id="idm5098"><ta
 0003b0b0:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
 0003b0c0:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
 0003b0d0:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
 0003b0e0:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
 0003b0f0:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
0003b0e0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td0003b100:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</
0003b0f0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re0003b110:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003b100:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003b110:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003b120:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</0003b120:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th>
 0003b130:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
 0003b140:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:
0003b130:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t0003b150:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</
0003b140:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003b150:·7072·653e·3c63·6f64·653e·696e·636c·7564··pre><code>includ 
0003b160:·6520·696e·7374·616c·6c5f·6169·6465·0a0a··e·install_aide.. 
0003b170:·636c·6173·7320·696e·7374·616c·6c5f·6169··class·install_ai 
0003b180:·6465·207b·0a20·2070·6163·6b61·6765·207b··de·{.··package·{ 
0003b190:·2027·6169·6465·273a·0a20·2020·2065·6e73···'aide':.····ens 
0003b1a0:·7572·6520·3d26·6774·3b20·2769·6e73·7461··ure·=&gt;·'insta 
0003b1b0:·6c6c·6564·272c·0a20·207d·0a7d·0a3c·2f63··lled',.··}.}.</c 
0003b1c0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b1d0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b1e0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b1f0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse0003b160:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003b170:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
 0003b180:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t
 0003b190:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 0003b1a0:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
 0003b1b0:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
 0003b1c0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
 0003b1d0:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
 0003b1e0:·6d20·2d2d·7175·6965·7420·2d71·206b·6572··m·--quiet·-q·ker
 0003b1f0:·6e65·6c20·7c7c·2072·706d·202d·2d71·7569··nel·||·rpm·--qui
 0003b200:·6574·202d·7120·6b65·726e·656c·2d75·656b··et·-q·kernel-uek
 0003b210:·3b20·7468·656e·0a0a·6966·2021·2072·706d··;·then..if·!·rpm
 0003b220:·202d·7120·2d2d·7175·6965·7420·2261·6964···-q·--quiet·"aid
 0003b230:·6522·203b·2074·6865·6e0a·2020·2020·646e··e"·;·then.····dn
 0003b240:·6620·696e·7374·616c·6c20·2d79·2022·6169··f·install·-y·"ai
 0003b250:·6465·220a·6669·0a0a·656c·7365·0a20·2020··de".fi..else.···
 0003b260:·2026·6774·3b26·616d·703b·3220·6563·686f···&gt;&amp;2·echo
 0003b270:·2027·5265·6d65·6469·6174·696f·6e20·6973···'Remediation·is
 0003b280:·206e·6f74·2061·7070·6c69·6361·626c·652c···not·applicable,
 0003b290:·206e·6f74·6869·6e67·2077·6173·2064·6f6e···nothing·was·don
 0003b2a0:·6527·0a66·690a·3c2f·636f·6465·3e3c·2f70··e'.fi.</code></p
 0003b2b0:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas
 0003b2c0:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe
0003b200:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003b2d0:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle=
0003b210:·6964·6d35·3039·3922·2074·6162·696e·6465··idm5099"·tabinde 
0003b220:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b230:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
Max diff block lines reached; 32866072/32894804 bytes (99.91%) of diff not shown.
2.59 MB
html2text {}
Max HTML report size reached
22.3 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-anssi_nt28_enhanced.html
    
Offset 15059, 221 lines modifiedOffset 15059, 221 lines modified
0003ad20:·6765·743d·2223·6964·6d35·3635·3122·2074··get="#idm5651"·t0003ad20:·6765·743d·2223·6964·6d35·3635·3122·2074··get="#idm5651"·t
0003ad30:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003ad30:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003ad40:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003ad40:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003ad50:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003ad50:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003ad60:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003ad60:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003ad70:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003ad70:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003ad80:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003ad80:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
 0003ad90:·2050·7570·7065·7420·736e·6970·7065·7420···Puppet·snippet·
0003ad90:·2041·6e61·636f·6e64·6120·736e·6970·7065···Anaconda·snippe 
0003ada0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003adb0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003adc0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003add0:·2220·6964·3d22·6964·6d35·3635·3122·3e3c··"·id="idm5651">< 
0003ade0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003adf0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003ae00:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003ae10:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003ae20:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003ae30:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003ae40:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003ae50:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003ae60:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003ae70:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003ae80:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003ae90:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003aea0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003aeb0:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003aec0:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003aed0:·3e3c·636f·6465·3e0a·7061·636b·6167·6520··><code>.package· 
0003aee0:·2d2d·6164·643d·6169·6465·0a3c·2f63·6f64··--add=aide.</cod 
0003aef0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003af00:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003af10:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003af20:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003af30:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003af40:·6d35·3635·3222·2074·6162·696e·6465·783d··m5652"·tabindex= 
0003af50:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003af60:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003af70:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003af80:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003af90:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003afa0:·6564·6961·7469·6f6e·2050·7570·7065·7420··ediation·Puppet· 
0003afb0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003afc0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003afd0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003afe0:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5 
0003aff0:·3635·3222·3e3c·7461·626c·6520·636c·6173··652"><table·clas 
0003b000:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003b010:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003b020:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003b030:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003b040:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003b050:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b060:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b070:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b080:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b090:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b0a0:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b0b0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b0c0:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b0d0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b0e0:·653e·3c70·7265·3e3c·636f·6465·3e69·6e63··e><pre><code>inc 
0003b0f0:·6c75·6465·2069·6e73·7461·6c6c·5f61·6964··lude·install_aid 
0003b100:·650a·0a63·6c61·7373·2069·6e73·7461·6c6c··e..class·install 
0003b110:·5f61·6964·6520·7b0a·2020·7061·636b·6167··_aide·{.··packag 
0003b120:·6520·7b20·2761·6964·6527·3a0a·2020·2020··e·{·'aide':.···· 
0003b130:·656e·7375·7265·203d·2667·743b·2027·696e··ensure·=&gt;·'in 
0003b140:·7374·616c·6c65·6427·2c0a·2020·7d0a·7d0a··stalled',.··}.}. 
0003b150:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003b160:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003b170:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003b180:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003b190:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003b1a0:·3d22·2369·646d·3536·3533·2220·7461·6269··="#idm5653"·tabi 
0003b1b0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003b1c0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003b1d0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003b1e0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003b1f0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003b200:·223e·5265·6d65·6469·6174·696f·6e20·4f53··">Remediation·OS 
0003b210:·4275·696c·6420·426c·7565·7072·696e·7420··Build·Blueprint· 
0003b220:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003b230:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b240:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b250:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5 
0003b260:·3635·3322·3e3c·7072·653e·3c63·6f64·653e··653"><pre><code> 
0003b270:·0a5b·5b70·6163·6b61·6765·735d·5d0a·6e61··.[[packages]].na 
0003b280:·6d65·203d·2022·6169·6465·220a·7665·7273··me·=·"aide".vers 
0003b290:·696f·6e20·3d20·222a·220a·3c2f·636f·6465··ion·=·"*".</code 
0003b2a0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b2b0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b2c0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b2d0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b2e0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b2f0:·3536·3534·2220·7461·6269·6e64·6578·3d22··5654"·tabindex=" 
0003b300:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b310:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b320:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b330:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b340:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b350:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible· 
0003b360:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003b370:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b380:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b390:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5 
0003b3a0:·3635·3422·3e3c·7461·626c·6520·636c·6173··654"><table·clas 
0003b3b0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003b3c0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003b3d0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003b3e0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003b3f0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003b400:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b410:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b420:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b430:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b440:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b450:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b460:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b470:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b480:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b490:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n 
0003b4a0:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the· 
0003b4b0:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.·· 
0003b4c0:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.· 
0003b4d0:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto 
0003b4e0:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI 
0003b4f0:·532d·352e·3130·2e31·2e33·0a20·202d·2044··S-5.10.1.3.··-·D 
Max diff block lines reached; 21423017/21452163 bytes (99.86%) of diff not shown.
1.82 MB
html2text {}
Max HTML report size reached
22.6 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-anssi_nt28_high.html
    
Offset 15065, 221 lines modifiedOffset 15065, 221 lines modified
0003ad80:·7461·7267·6574·3d22·2369·646d·3536·3531··target="#idm56510003ad80:·7461·7267·6574·3d22·2369·646d·3536·3531··target="#idm5651
0003ad90:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003ad90:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003ada0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003ada0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003adb0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003adb0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003adc0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003adc0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003add0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003add0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003ade0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003ade0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
 0003adf0:·696f·6e20·5075·7070·6574·2073·6e69·7070··ion·Puppet·snipp
0003adf0:·696f·6e20·416e·6163·6f6e·6461·2073·6e69··ion·Anaconda·sni 
0003ae00:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003ae10:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003ae20:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003ae30:·7073·6522·2069·643d·2269·646d·3536·3531··pse"·id="idm5651 
0003ae40:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003ae50:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003ae60:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003ae70:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003ae80:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003ae90:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003aea0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003aeb0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003aec0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003aed0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003aee0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003aef0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003af00:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003af10:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003af20:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003af30:·7072·653e·3c63·6f64·653e·0a70·6163·6b61··pre><code>.packa 
0003af40:·6765·202d·2d61·6464·3d61·6964·650a·3c2f··ge·--add=aide.</ 
0003af50:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003af60:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003af70:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003af80:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003af90:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003afa0:·2369·646d·3536·3532·2220·7461·6269·6e64··#idm5652"·tabind 
0003afb0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003afc0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003afd0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003afe0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003aff0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003b000:·5265·6d65·6469·6174·696f·6e20·5075·7070··Remediation·Pupp 
0003b010:·6574·2073·6e69·7070·6574·20e2·87b2·3c2f··et·snippet·...</ 
0003b020:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b030:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b040:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b050:·646d·3536·3532·223e·3c74·6162·6c65·2063··dm5652"><table·c 
0003b060:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003b070:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003b080:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003b090:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003b0a0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003b0b0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b0c0:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003b0d0:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003b0e0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b0f0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003b100:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003b110:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b120:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003b130:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003b140:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003b150:·696e·636c·7564·6520·696e·7374·616c·6c5f··include·install_ 
0003b160:·6169·6465·0a0a·636c·6173·7320·696e·7374··aide..class·inst 
0003b170:·616c·6c5f·6169·6465·207b·0a20·2070·6163··all_aide·{.··pac 
0003b180:·6b61·6765·207b·2027·6169·6465·273a·0a20··kage·{·'aide':.· 
0003b190:·2020·2065·6e73·7572·6520·3d26·6774·3b20·····ensure·=&gt;· 
0003b1a0:·2769·6e73·7461·6c6c·6564·272c·0a20·207d··'installed',.··} 
0003b1b0:·0a7d·0a3c·2f63·6f64·653e·3c2f·7072·653e··.}.</code></pre> 
0003b1c0:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003b1d0:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003b1e0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003b1f0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003b200:·6765·743d·2223·6964·6d35·3635·3322·2074··get="#idm5653"·t 
0003b210:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003b220:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003b230:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003b240:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003b250:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003b260:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003b270:·204f·5342·7569·6c64·2042·6c75·6570·7269···OSBuild·Bluepri 
0003b280:·6e74·2073·6e69·7070·6574·20e2·87b2·3c2f··nt·snippet·...</ 
0003b290:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b2a0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b2b0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b2c0:·646d·3536·3533·223e·3c70·7265·3e3c·636f··dm5653"><pre><co 
0003b2d0:·6465·3e0a·5b5b·7061·636b·6167·6573·5d5d··de>.[[packages]] 
0003b2e0:·0a6e·616d·6520·3d20·2261·6964·6522·0a76··.name·=·"aide".v 
0003b2f0:·6572·7369·6f6e·203d·2022·2a22·0a3c·2f63··ersion·=·"*".</c 
0003b300:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b310:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b320:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b330:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b340:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b350:·6964·6d35·3635·3422·2074·6162·696e·6465··idm5654"·tabinde 
0003b360:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b370:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b380:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b390:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b3a0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b3b0:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib 
0003b3c0:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</ 
0003b3d0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b3e0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b3f0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b400:·646d·3536·3534·223e·3c74·6162·6c65·2063··dm5654"><table·c 
0003b410:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003b420:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003b430:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003b440:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003b450:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003b460:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b470:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003b480:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003b490:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b4a0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003b4b0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003b4c0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b4d0:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003b4e0:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003b4f0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003b500:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t 
0003b510:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts 
0003b520:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts 
0003b530:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a 
0003b540:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-· 
0003b550:·434a·4953·2d35·2e31·302e·312e·330a·2020··CJIS-5.10.1.3.·· 
Max diff block lines reached; 21760876/21790022 bytes (99.87%) of diff not shown.
1.85 MB
html2text {}
Max HTML report size reached
10.3 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-anssi_nt28_intermediary.html
    
Offset 15050, 221 lines modifiedOffset 15050, 221 lines modified
0003ac90:·7267·6574·3d22·2369·646d·3536·3531·2220··rget="#idm5651"·0003ac90:·7267·6574·3d22·2369·646d·3536·3531·2220··rget="#idm5651"·
0003aca0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003aca0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003acb0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003acb0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003acc0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003acc0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003acd0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003acd0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003ace0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003ace0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003acf0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003acf0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
 0003ad00:·6e20·5075·7070·6574·2073·6e69·7070·6574··n·Puppet·snippet
0003ad00:·6e20·416e·6163·6f6e·6461·2073·6e69·7070··n·Anaconda·snipp 
0003ad10:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d 
0003ad20:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003ad30:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003ad40:·6522·2069·643d·2269·646d·3536·3531·223e··e"·id="idm5651"> 
0003ad50:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta 
0003ad60:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe 
0003ad70:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered 
0003ad80:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed 
0003ad90:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple 
0003ada0:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo 
0003adb0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003adc0:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</ 
0003add0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003ade0:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo 
0003adf0:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals 
0003ae00:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr>< 
0003ae10:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th 
0003ae20:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td> 
0003ae30:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
0003ae40:·653e·3c63·6f64·653e·0a70·6163·6b61·6765··e><code>.package 
0003ae50:·202d·2d61·6464·3d61·6964·650a·3c2f·636f···--add=aide.</co 
0003ae60:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003ae70:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003ae80:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003ae90:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003aea0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003aeb0:·646d·3536·3532·2220·7461·6269·6e64·6578··dm5652"·tabindex 
0003aec0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003aed0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003aee0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003aef0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003af00:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003af10:·6d65·6469·6174·696f·6e20·5075·7070·6574··mediation·Puppet 
0003af20:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003af30:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003af40:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003af50:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003af60:·3536·3532·223e·3c74·6162·6c65·2063·6c61··5652"><table·cla 
0003af70:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003af80:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003af90:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003afa0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003afb0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003afc0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003afd0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003afe0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003aff0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b000:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b010:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b020:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b030:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b040:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003b050:·6c65·3e3c·7072·653e·3c63·6f64·653e·696e··le><pre><code>in 
0003b060:·636c·7564·6520·696e·7374·616c·6c5f·6169··clude·install_ai 
0003b070:·6465·0a0a·636c·6173·7320·696e·7374·616c··de..class·instal 
0003b080:·6c5f·6169·6465·207b·0a20·2070·6163·6b61··l_aide·{.··packa 
0003b090:·6765·207b·2027·6169·6465·273a·0a20·2020··ge·{·'aide':.··· 
0003b0a0:·2065·6e73·7572·6520·3d26·6774·3b20·2769···ensure·=&gt;·'i 
0003b0b0:·6e73·7461·6c6c·6564·272c·0a20·207d·0a7d··nstalled',.··}.} 
0003b0c0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003b0d0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003b0e0:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003b0f0:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003b100:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
0003b110:·743d·2223·6964·6d35·3635·3322·2074·6162··t="#idm5653"·tab 
0003b120:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003b130:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003b140:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003b150:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003b160:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003b170:·2122·3e52·656d·6564·6961·7469·6f6e·204f··!">Remediation·O 
0003b180:·5342·7569·6c64·2042·6c75·6570·7269·6e74··SBuild·Blueprint 
0003b190:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b1a0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b1b0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b1c0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b1d0:·3536·3533·223e·3c70·7265·3e3c·636f·6465··5653"><pre><code 
0003b1e0:·3e0a·5b5b·7061·636b·6167·6573·5d5d·0a6e··>.[[packages]].n 
0003b1f0:·616d·6520·3d20·2261·6964·6522·0a76·6572··ame·=·"aide".ver 
0003b200:·7369·6f6e·203d·2022·2a22·0a3c·2f63·6f64··sion·=·"*".</cod 
0003b210:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003b220:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003b230:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003b240:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003b250:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003b260:·6d35·3635·3422·2074·6162·696e·6465·783d··m5654"·tabindex= 
0003b270:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003b280:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003b290:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003b2a0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003b2b0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003b2c0:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible 
0003b2d0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b2e0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b2f0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b300:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b310:·3536·3534·223e·3c74·6162·6c65·2063·6c61··5654"><table·cla 
0003b320:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003b330:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003b340:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003b350:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003b360:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003b370:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b380:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003b390:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003b3a0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b3b0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b3c0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b3d0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b3e0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b3f0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003b400:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-· 
0003b410:·6e61·6d65·3a20·4761·7468·6572·2074·6865··name:·Gather·the 
0003b420:·2070·6163·6b61·6765·2066·6163·7473·0a20···package·facts.· 
0003b430:·2070·6163·6b61·6765·5f66·6163·7473·3a0a···package_facts:. 
0003b440:·2020·2020·6d61·6e61·6765·723a·2061·7574······manager:·aut 
0003b450:·6f0a·2020·7461·6773·3a0a·2020·2d20·434a··o.··tags:.··-·CJ 
0003b460:·4953·2d35·2e31·302e·312e·330a·2020·2d20··IS-5.10.1.3.··-· 
Max diff block lines reached; 9685078/9714224 bytes (99.70%) of diff not shown.
1010 KB
html2text {}
    
Offset 114, 38 lines modifiedOffset 114, 41 lines modified
114 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3114 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
116 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199116 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
117 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-020029117 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-020029
118 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79118 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
119 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2119 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
120 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251701r958944_rule120 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251701r958944_rule
121 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
122 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
123 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
124 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
125 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
126 package·--add=aide 
127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8121 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
128 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low122 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
129 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low123 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
130 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false124 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
131 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable125 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
132 include·install_aide126 include·install_aide
  
133 class·install_aide·{127 class·install_aide·{
134 ··package·{·'aide':128 ··package·{·'aide':
135 ····ensure·=>·'installed',129 ····ensure·=>·'installed',
136 ··}130 ··}
137 }131 }
138 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8132 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 133 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 134 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 135 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 136 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 137 #·Remediation·is·applicable·only·in·certain·platforms
 138 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then
  
139 [[packages]] 
140 name·=·"aide" 
141 version·=·"*"139 if·!·rpm·-q·--quiet·"aide"·;·then
 140 ····yum·install·-y·"aide"
 141 fi
  
 142 else
 143 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 144 fi
142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
147 -·name:·Gather·the·package·facts150 -·name:·Gather·the·package·facts
148 ··package_facts:151 ··package_facts:
Offset 176, 29 lines modifiedOffset 179, 26 lines modified
176 ··-·PCI-DSSv4-11.5.2179 ··-·PCI-DSSv4-11.5.2
177 ··-·enable_strategy180 ··-·enable_strategy
178 ··-·low_complexity181 ··-·low_complexity
179 ··-·low_disruption182 ··-·low_disruption
180 ··-·medium_severity183 ··-·medium_severity
181 ··-·no_reboot_needed184 ··-·no_reboot_needed
182 ··-·package_aide_installed185 ··-·package_aide_installed
 186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 187 [[packages]]
 188 name·=·"aide"
 189 version·=·"*"
183 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8190 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
184 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low191 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
185 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low192 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
186 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false193 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
187 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable194 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
188 #·Remediation·is·applicable·only·in·certain·platforms 
189 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then 
  
190 if·!·rpm·-q·--quiet·"aide"·;·then 
191 ····yum·install·-y·"aide" 
192 fi 
  
 195 package·--add=aide
193 else 
194 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
195 fi 
196 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*196 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
197 Run·the·following·command·to·generate·a·new·database:197 Run·the·following·command·to·generate·a·new·database:
198 $·sudo·/usr/sbin/aide·--init198 $·sudo·/usr/sbin/aide·--init
199 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the199 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the
200 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these200 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these
201 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their201 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
202 integrity.·The·newly-generated·database·can·be·installed·as·follows:202 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 224, 14 lines modifiedOffset 224, 28 lines modified
224 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3224 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
225 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5225 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
226 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199226 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
227 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-020029227 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-020029
228 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79228 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
229 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2229 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
230 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251701r958944_rule230 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251701r958944_rule
 231 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 232 #·Remediation·is·applicable·only·in·certain·platforms
 233 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then
  
 234 if·!·rpm·-q·--quiet·"aide"·;·then
 235 ····yum·install·-y·"aide"
 236 fi
  
 237 /usr/sbin/aide·--init
 238 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 239 else
 240 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 241 fi
231 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8242 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
232 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low243 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
233 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low244 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
234 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false245 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
235 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict246 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
236 -·name:·Gather·the·package·facts247 -·name:·Gather·the·package·facts
237 ··package_facts:248 ··package_facts:
Offset 321, 28 lines modifiedOffset 335, 14 lines modified
321 ··-·PCI-DSSv4-11.5.2335 ··-·PCI-DSSv4-11.5.2
322 ··-·aide_build_database336 ··-·aide_build_database
323 ··-·low_complexity337 ··-·low_complexity
324 ··-·low_disruption338 ··-·low_disruption
325 ··-·medium_severity339 ··-·medium_severity
326 ··-·no_reboot_needed340 ··-·no_reboot_needed
327 ··-·restrict_strategy341 ··-·restrict_strategy
328 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
329 #·Remediation·is·applicable·only·in·certain·platforms 
330 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then 
  
Max diff block lines reached; 1032648/1038029 bytes (99.48%) of diff not shown.
3.57 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-anssi_nt28_minimal.html
    
Offset 14918, 205 lines modifiedOffset 14918, 205 lines modified
0003a450:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003a450:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003a460:·3d22·2369·646d·3130·3332·3622·2074·6162··="#idm10326"·tab0003a460:·3d22·2369·646d·3130·3332·3622·2074·6162··="#idm10326"·tab
0003a470:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="0003a470:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003a480:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp0003a480:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003a490:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti0003a490:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003a4a0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to0003a4a0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003a4b0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#0003a4b0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003a4c0:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A0003a4c0:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
0003a4d0:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·. 
0003a4e0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003a4f0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003a500:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003a510:·643d·2269·646d·3130·3332·3622·3e3c·7461··d="idm10326"><ta 
0003a520:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003a530:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003a540:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
0003a550:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
0003a560:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
0003a570:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</0003a4d0:·6865·6c6c·2073·6372·6970·7420·e287·b23c··hell·script·...<
 0003a4e0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003a4f0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003a500:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003a510:·6964·6d31·3033·3236·223e·3c70·7265·3e3c··idm10326"><pre><
 0003a520:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
 0003a530:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
 0003a540:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
 0003a550:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
 0003a560:·6d20·2d2d·7175·6965·7420·2d71·2079·756d··m·--quiet·-q·yum
 0003a570:·3b20·7468·656e·0a0a·2320·5374·7269·7020··;·then..#·Strip·
 0003a580:·616e·7920·7365·6172·6368·2063·6861·7261··any·search·chara
 0003a590:·6374·6572·7320·696e·2074·6865·206b·6579··cters·in·the·key
 0003a5a0:·2061·7267·2073·6f20·7468·6174·2074·6865···arg·so·that·the
 0003a5b0:·206b·6579·2063·616e·2062·6520·7265·706c···key·can·be·repl
 0003a5c0:·6163·6564·2077·6974·686f·7574·0a23·2061··aced·without.#·a
 0003a5d0:·6464·696e·6720·616e·7920·7365·6172·6368··dding·any·search
 0003a5e0:·2063·6861·7261·6374·6572·7320·746f·2074···characters·to·t
 0003a5f0:·6865·2063·6f6e·6669·6720·6669·6c65·2e0a··he·config·file..
 0003a600:·7374·7269·7070·6564·5f6b·6579·3d24·2873··stripped_key=$(s
 0003a610:·6564·2027·732f·5b5c·5e3d·5c24·2c3b·2b5d··ed·'s/[\^=\$,;+]
 0003a620:·2a2f·2f67·2720·266c·743b·266c·743b·266c··*//g'·&lt;&lt;&l
 0003a630:·743b·2022·5e67·7067·6368·6563·6b22·290a··t;·"^gpgcheck").
 0003a640:·0a23·2073·6865·6c6c·6368·6563·6b20·6469··.#·shellcheck·di
 0003a650:·7361·626c·653d·5343·3230·3539·0a70·7269··sable=SC2059.pri
 0003a660:·6e74·6620·2d76·2066·6f72·6d61·7474·6564··ntf·-v·formatted
 0003a670:·5f6f·7574·7075·7420·2225·7320·3d20·2573··_output·"%s·=·%s
 0003a680:·2220·2224·7374·7269·7070·6564·5f6b·6579··"·"$stripped_key
 0003a690:·2220·2231·220a·0a23·2049·6620·7468·6520··"·"1"..#·If·the·
 0003a6a0:·6b65·7920·6578·6973·7473·2c20·6368·616e··key·exists,·chan
 0003a6b0:·6765·2069·742e·204f·7468·6572·7769·7365··ge·it.·Otherwise
 0003a6c0:·2c20·6164·6420·6974·2074·6f20·7468·6520··,·add·it·to·the·
 0003a6d0:·636f·6e66·6967·5f66·696c·652e·0a23·2057··config_file..#·W
 0003a6e0:·6520·7365·6172·6368·2066·6f72·2074·6865··e·search·for·the
 0003a6f0:·206b·6579·2073·7472·696e·6720·666f·6c6c···key·string·foll
 0003a700:·6f77·6564·2062·7920·6120·776f·7264·2062··owed·by·a·word·b
 0003a710:·6f75·6e64·6172·7920·286d·6174·6368·6564··oundary·(matched
 0003a720:·2062·7920·5c26·6774·3b29·2c0a·2320·736f···by·\&gt;),.#·so
 0003a730:·2069·6620·7765·2073·6561·7263·6820·666f···if·we·search·fo
 0003a740:·7220·2773·6574·7469·6e67·272c·2027·7365··r·'setting',·'se
 0003a750:·7474·696e·6732·2720·776f·6e27·7420·6d61··tting2'·won't·ma
 0003a760:·7463·682e·0a69·6620·4c43·5f41·4c4c·3d43··tch..if·LC_ALL=C
 0003a770:·2067·7265·7020·2d71·202d·6d20·3120·2d69···grep·-q·-m·1·-i
 0003a780:·202d·6520·225e·6770·6763·6865·636b·5c5c···-e·"^gpgcheck\\
 0003a790:·2667·743b·2220·222f·6574·632f·7975·6d2e··&gt;"·"/etc/yum.
 0003a7a0:·636f·6e66·223b·2074·6865·6e0a·2020·2020··conf";·then.····
 0003a7b0:·6573·6361·7065·645f·666f·726d·6174·7465··escaped_formatte
 0003a7c0:·645f·6f75·7470·7574·3d24·2873·6564·202d··d_output=$(sed·-
 0003a7d0:·6520·2773·7c2f·7c5c·5c2f·7c67·2720·266c··e·'s|/|\\/|g'·&l
 0003a7e0:·743b·266c·743b·266c·743b·2022·2466·6f72··t;&lt;&lt;·"$for
 0003a7f0:·6d61·7474·6564·5f6f·7574·7075·7422·290a··matted_output").
 0003a800:·2020·2020·4c43·5f41·4c4c·3d43·2073·6564······LC_ALL=C·sed
 0003a810:·202d·6920·2d2d·666f·6c6c·6f77·2d73·796d···-i·--follow-sym
 0003a820:·6c69·6e6b·7320·2273·2f5e·6770·6763·6865··links·"s/^gpgche
 0003a830:·636b·5c5c·2667·743b·2e2a·2f24·6573·6361··ck\\&gt;.*/$esca
 0003a840:·7065·645f·666f·726d·6174·7465·645f·6f75··ped_formatted_ou
 0003a850:·7470·7574·2f67·6922·2022·2f65·7463·2f79··tput/gi"·"/etc/y
 0003a860:·756d·2e63·6f6e·6622·0a65·6c73·650a·2020··um.conf".else.··
 0003a870:·2020·6966·205b·5b20·2d73·2022·2f65·7463····if·[[·-s·"/etc
 0003a880:·2f79·756d·2e63·6f6e·6622·205d·5d20·2661··/yum.conf"·]]·&a
 0003a890:·6d70·3b26·616d·703b·205b·5b20·2d6e·2022··mp;&amp;·[[·-n·"
 0003a8a0:·2428·7461·696c·202d·6320·3120·2d2d·2022··$(tail·-c·1·--·"
 0003a8b0:·2f65·7463·2f79·756d·2e63·6f6e·6622·207c··/etc/yum.conf"·|
 0003a8c0:·7c20·7472·7565·2922·205d·5d3b·2074·6865··|·true)"·]];·the
 0003a8d0:·6e0a·2020·2020·2020·2020·4c43·5f41·4c4c··n.········LC_ALL
 0003a8e0:·3d43·2073·6564·202d·6920·2d2d·666f·6c6c··=C·sed·-i·--foll
 0003a8f0:·6f77·2d73·796d·6c69·6e6b·7320·2724·6127··ow-symlinks·'$a'
 0003a900:·5c5c·2022·2f65·7463·2f79·756d·2e63·6f6e··\\·"/etc/yum.con
 0003a910:·6622·0a20·2020·2066·690a·2020·2020·7072··f".····fi.····pr
 0003a920:·696e·7466·2027·2573·5c6e·2720·2224·666f··intf·'%s\n'·"$fo
 0003a930:·726d·6174·7465·645f·6f75·7470·7574·2220··rmatted_output"·
 0003a940:·2667·743b·2667·743b·2022·2f65·7463·2f79··&gt;&gt;·"/etc/y
 0003a950:·756d·2e63·6f6e·6622·0a66·690a·0a65·6c73··um.conf".fi..els
 0003a960:·650a·2020·2020·2667·743b·2661·6d70·3b32··e.····&gt;&amp;2
 0003a970:·2065·6368·6f20·2752·656d·6564·6961·7469···echo·'Remediati
 0003a980:·6f6e·2069·7320·6e6f·7420·6170·706c·6963··on·is·not·applic
 0003a990:·6162·6c65·2c20·6e6f·7468·696e·6720·7761··able,·nothing·wa
 0003a9a0:·7320·646f·6e65·270a·6669·0a3c·2f63·6f64··s·done'.fi.</cod
 0003a9b0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a
 0003a9c0:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-
 0003a9d0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to
 0003a9e0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·
 0003a9f0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
 0003aa00:·6d31·3033·3237·2220·7461·6269·6e64·6578··m10327"·tabindex
 0003aa10:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
 0003aa20:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
 0003aa30:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
 0003aa40:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
 0003aa50:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
 0003aa60:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl
 0003aa70:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a
 0003aa80:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003aa90:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003aaa0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003aab0:·6d31·3033·3237·223e·3c74·6162·6c65·2063··m10327"><table·c
 0003aac0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
 0003aad0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
 0003aae0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
 0003aaf0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
 0003ab00:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
 0003ab10:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003ab20:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
 0003ab30:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6d··ption:</th><td>m
 0003ab40:·6564·6975·6d3c·2f74·643e·3c2f·7472·3e3c··edium</td></tr><
 0003ab50:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</
 0003ab60:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td
0003a580:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>0003ab70:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
 0003ab80:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
 0003ab90:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></
Max diff block lines reached; 3488116/3515054 bytes (99.23%) of diff not shown.
227 KB
html2text {}
    
Offset 111, 14 lines modifiedOffset 111, 42 lines modified
111 ············_\x8o_\x8s_\x8p_\x8p···········FPT_TUD_EXT.1,·FPT_TUD_EXT.2111 ············_\x8o_\x8s_\x8p_\x8p···········FPT_TUD_EXT.1,·FPT_TUD_EXT.2
112 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-6.2112 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-6.2
113 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000366-GPOS-00153113 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000366-GPOS-00153
114 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-020050114 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-020050
115 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R59115 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R59
116 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········6.3.3,·6.3116 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········6.3.3,·6.3
117 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221710r1015187_rule117 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221710r1015187_rule
 118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 119 #·Remediation·is·applicable·only·in·certain·platforms
 120 if·rpm·--quiet·-q·yum;·then
  
 121 #·Strip·any·search·characters·in·the·key·arg·so·that·the·key·can·be·replaced·without
 122 #·adding·any·search·characters·to·the·config·file.
 123 stripped_key=$(sed·'s/[\^=\$,;+]*//g'·<<<·"^gpgcheck")
  
 124 #·shellcheck·disable=SC2059
 125 printf·-v·formatted_output·"%s·=·%s"·"$stripped_key"·"1"
  
 126 #·If·the·key·exists,·change·it.·Otherwise,·add·it·to·the·config_file.
 127 #·We·search·for·the·key·string·followed·by·a·word·boundary·(matched·by·\>),
 128 #·so·if·we·search·for·'setting',·'setting2'·won't·match.
 129 if·LC_ALL=C·grep·-q·-m·1·-i·-e·"^gpgcheck\\>"·"/etc/yum.conf";·then
 130 ····escaped_formatted_output=$(sed·-e·'s|/|\\/|g'·<<<·"$formatted_output")
 131 ····LC_ALL=C·sed·-i·--follow-symlinks·"s/^gpgcheck\\>.*/$escaped_formatted_output/gi"·"/etc/
 132 yum.conf"
 133 else
 134 ····if·[[·-s·"/etc/yum.conf"·]]·&&·[[·-n·"$(tail·-c·1·--·"/etc/yum.conf"·||·true)"·]];·then
 135 ········LC_ALL=C·sed·-i·--follow-symlinks·'$a'\\·"/etc/yum.conf"
 136 ····fi
 137 ····printf·'%s\n'·"$formatted_output"·>>·"/etc/yum.conf"
 138 fi
  
 139 else
 140 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 141 fi
118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
123 -·name:·Gather·the·package·facts147 -·name:·Gather·the·package·facts
124 ··package_facts:148 ··package_facts:
Offset 173, 42 lines modifiedOffset 201, 14 lines modified
173 ··-·PCI-DSSv4-6.3.3201 ··-·PCI-DSSv4-6.3.3
174 ··-·configure_strategy202 ··-·configure_strategy
175 ··-·ensure_gpgcheck_globally_activated203 ··-·ensure_gpgcheck_globally_activated
176 ··-·high_severity204 ··-·high_severity
177 ··-·low_complexity205 ··-·low_complexity
178 ··-·medium_disruption206 ··-·medium_disruption
179 ··-·no_reboot_needed207 ··-·no_reboot_needed
180 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
181 #·Remediation·is·applicable·only·in·certain·platforms 
182 if·rpm·--quiet·-q·yum;·then 
  
183 #·Strip·any·search·characters·in·the·key·arg·so·that·the·key·can·be·replaced·without 
184 #·adding·any·search·characters·to·the·config·file. 
185 stripped_key=$(sed·'s/[\^=\$,;+]*//g'·<<<·"^gpgcheck") 
  
186 #·shellcheck·disable=SC2059 
187 printf·-v·formatted_output·"%s·=·%s"·"$stripped_key"·"1" 
  
188 #·If·the·key·exists,·change·it.·Otherwise,·add·it·to·the·config_file. 
189 #·We·search·for·the·key·string·followed·by·a·word·boundary·(matched·by·\>), 
190 #·so·if·we·search·for·'setting',·'setting2'·won't·match. 
191 if·LC_ALL=C·grep·-q·-m·1·-i·-e·"^gpgcheck\\>"·"/etc/yum.conf";·then 
192 ····escaped_formatted_output=$(sed·-e·'s|/|\\/|g'·<<<·"$formatted_output") 
193 ····LC_ALL=C·sed·-i·--follow-symlinks·"s/^gpgcheck\\>.*/$escaped_formatted_output/gi"·"/etc/ 
194 yum.conf" 
195 else 
196 ····if·[[·-s·"/etc/yum.conf"·]]·&&·[[·-n·"$(tail·-c·1·--·"/etc/yum.conf"·||·true)"·]];·then 
197 ········LC_ALL=C·sed·-i·--follow-symlinks·'$a'\\·"/etc/yum.conf" 
198 ····fi 
199 ····printf·'%s\n'·"$formatted_output"·>>·"/etc/yum.conf" 
200 fi 
  
201 else 
202 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
203 fi 
204 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·g\x8gp\x8pg\x8gc\x8ch\x8he\x8ec\x8ck\x8k·E\x8En\x8na\x8ab\x8bl\x8le\x8ed\x8d·f\x8fo\x8or\x8r·L\x8Lo\x8oc\x8ca\x8al\x8l·P\x8Pa\x8ac\x8ck\x8ka\x8ag\x8ge\x8es\x8s·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*208 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8ns\x8su\x8ur\x8re\x8e·g\x8gp\x8pg\x8gc\x8ch\x8he\x8ec\x8ck\x8k·E\x8En\x8na\x8ab\x8bl\x8le\x8ed\x8d·f\x8fo\x8or\x8r·L\x8Lo\x8oc\x8ca\x8al\x8l·P\x8Pa\x8ac\x8ck\x8ka\x8ag\x8ge\x8es\x8s·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
205 yum·should·be·configured·to·verify·the·signature(s)·of·local·packages·prior·to·installation.209 yum·should·be·configured·to·verify·the·signature(s)·of·local·packages·prior·to·installation.
206 To·configure·yum·to·verify·signatures·of·local·packages,·set·the·localpkg_gpgcheck·to·1·in·/210 To·configure·yum·to·verify·signatures·of·local·packages,·set·the·localpkg_gpgcheck·to·1·in·/
207 etc/yum.conf.211 etc/yum.conf.
208 ············Changes·to·any·software·components·can·have·significant·effects·to·the·overall212 ············Changes·to·any·software·components·can·have·significant·effects·to·the·overall
209 ············security·of·the·operating·system.·This·requirement·ensures·the·software·has·not213 ············security·of·the·operating·system.·This·requirement·ensures·the·software·has·not
210 ············been·tampered·and·has·been·provided·by·a·trusted·vendor.214 ············been·tampered·and·has·been·provided·by·a·trusted·vendor.
Offset 230, 14 lines modifiedOffset 230, 42 lines modified
230 ············_\x8n_\x8i_\x8s_\x8t···········CM-11(a),·CM-11(b),·CM-6(a),·CM-5(3),·SA-12,·SA-12(10)230 ············_\x8n_\x8i_\x8s_\x8t···········CM-11(a),·CM-11(b),·CM-6(a),·CM-5(3),·SA-12,·SA-12(10)
231 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.IP-1231 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.IP-1
232 ············_\x8o_\x8s_\x8p_\x8p···········FPT_TUD_EXT.1,·FPT_TUD_EXT.2232 ············_\x8o_\x8s_\x8p_\x8p···········FPT_TUD_EXT.1,·FPT_TUD_EXT.2
233 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000366-GPOS-00153233 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000366-GPOS-00153
234 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-020060234 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-020060
235 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R59235 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R59
236 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221711r1015188_rule236 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221711r1015188_rule
 237 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 238 #·Remediation·is·applicable·only·in·certain·platforms
 239 if·rpm·--quiet·-q·yum;·then
  
 240 #·Strip·any·search·characters·in·the·key·arg·so·that·the·key·can·be·replaced·without
 241 #·adding·any·search·characters·to·the·config·file.
 242 stripped_key=$(sed·'s/[\^=\$,;+]*//g'·<<<·"^localpkg_gpgcheck")
  
 243 #·shellcheck·disable=SC2059
 244 printf·-v·formatted_output·"%s·=·%s"·"$stripped_key"·"1"
  
 245 #·If·the·key·exists,·change·it.·Otherwise,·add·it·to·the·config_file.
 246 #·We·search·for·the·key·string·followed·by·a·word·boundary·(matched·by·\>),
 247 #·so·if·we·search·for·'setting',·'setting2'·won't·match.
 248 if·LC_ALL=C·grep·-q·-m·1·-i·-e·"^localpkg_gpgcheck\\>"·"/etc/yum.conf";·then
 249 ····escaped_formatted_output=$(sed·-e·'s|/|\\/|g'·<<<·"$formatted_output")
 250 ····LC_ALL=C·sed·-i·--follow-symlinks·"s/^localpkg_gpgcheck\\>.*/$escaped_formatted_output/
 251 gi"·"/etc/yum.conf"
 252 else
 253 ····if·[[·-s·"/etc/yum.conf"·]]·&&·[[·-n·"$(tail·-c·1·--·"/etc/yum.conf"·||·true)"·]];·then
 254 ········LC_ALL=C·sed·-i·--follow-symlinks·'$a'\\·"/etc/yum.conf"
 255 ····fi
 256 ····printf·'%s\n'·"$formatted_output"·>>·"/etc/yum.conf"
 257 fi
  
 258 else
 259 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 260 fi
237 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8261 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
238 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low262 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
239 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium263 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
240 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false264 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
241 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···unknown265 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···unknown
242 -·name:·Gather·the·package·facts266 -·name:·Gather·the·package·facts
Max diff block lines reached; 226004/231985 bytes (97.42%) of diff not shown.
9.31 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-cjis.html
    
Offset 15122, 419 lines modifiedOffset 15122, 419 lines modified
0003b110:·612d·7461·7267·6574·3d22·2369·646d·3533··a-target="#idm530003b110:·612d·7461·7267·6574·3d22·2369·646d·3533··a-target="#idm53
0003b120:·3130·2220·7461·6269·6e64·6578·3d22·3022··10"·tabindex="0"0003b120:·3130·2220·7461·6269·6e64·6578·3d22·3022··10"·tabindex="0"
0003b130:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a0003b130:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003b140:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa0003b140:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003b150:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti0003b150:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003b160:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·0003b160:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
Diff chunk too large, falling back to line-by-line diff (405 lines added, 405 lines removed)
0003b170:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi0003b170:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
0003b180:·6174·696f·6e20·416e·7369·626c·6520·736e··ation·Ansible·sn0003b180:·6174·696f·6e20·5368·656c·6c20·7363·7269··ation·Shell·scri
0003b190:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br0003b190:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
0003b1a0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan0003b1a0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0003b1b0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll0003b1b0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
0003b1c0:·6170·7365·2220·6964·3d22·6964·6d35·3331··apse"·id="idm5310003b1c0:·6522·2069·643d·2269·646d·3533·3130·223e··e"·id="idm5310">
0003b1d0:·3022·3e3c·7461·626c·6520·636c·6173·733d··0"><table·class=0003b1d0:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
0003b1e0:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str0003b1e0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
0003b1f0:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde0003b1f0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
0003b200:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden0003b200:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
0003b210:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com0003b210:·0a69·6620·2120·2820·7b20·7270·6d20·2d2d··.if·!·(·{·rpm·--
0003b220:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td0003b220:·7175·6965·7420·2d71·206b·6572·6e65·6c20··quiet·-q·kernel·
0003b230:·3e68·6967·683c·2f74·643e·3c2f·7472·3e3c··>high</td></tr><0003b230:·3b7d·2026·616d·703b·2661·6d70·3b20·7b20··;}·&amp;&amp;·{·
0003b240:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio0003b240:·7270·6d20·2d2d·7175·6965·7420·2d71·2072··rpm·--quiet·-q·r
0003b250:·6e3a·3c2f·7468·3e3c·7464·3e6d·6564·6975··n:</th><td>mediu0003b250:·706d·2d6f·7374·7265·6520·3b7d·2026·616d··pm-ostree·;}·&am
0003b260:·6d3c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··m</td></tr><tr><0003b260:·703b·2661·6d70·3b20·7b20·7270·6d20·2d2d··p;&amp;·{·rpm·--
0003b270:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><0003b270:·7175·6965·7420·2d71·2062·6f6f·7463·203b··quiet·-q·bootc·;
0003b280:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t0003b280:·7d20·2661·6d70·3b26·616d·703b·207b·2021··}·&amp;&amp;·{·!
0003b290:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate0003b290:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b2a0:·6779·3a3c·2f74·683e·3c74·643e·7265·7374··gy:</th><td>rest0003b2a0:·6f70·656e·7368·6966·742d·6b75·6265·6c65··openshift-kubele
0003b2b0:·7269·6374·3c2f·7464·3e3c·2f74·723e·3c2f··rict</td></tr></0003b2b0:·7420·3b7d·2029·3b20·7468·656e·0a0a·2320··t·;}·);·then..#·
0003b2c0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code0003b2c0:·4669·6e64·2077·6869·6368·2066·696c·6573··Find·which·files
0003b2d0:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather·0003b2d0:·2068·6176·6520·696e·636f·7272·6563·7420···have·incorrect·
0003b2e0:·7468·6520·7061·636b·6167·6520·6661·6374··the·package·fact0003b2e0:·6861·7368·2028·6e6f·7420·696e·202f·6574··hash·(not·in·/et
0003b2f0:·730a·2020·7061·636b·6167·655f·6661·6374··s.··package_fact0003b2f0:·632c·2062·6563·6175·7365·206f·6620·7468··c,·because·of·th
0003b300:·733a·0a20·2020·206d·616e·6167·6572·3a20··s:.····manager:·0003b300:·6520·7379·7374·656d·2072·656c·6174·6564··e·system·related
0003b310:·6175·746f·0a20·2074·6167·733a·0a20·202d··auto.··tags:.··-0003b310:·2063·6f6e·6669·6720·6669·6c65·7329·2061···config·files)·a
0003b320:·2043·4a49·532d·352e·3130·2e34·2e31·0a20···CJIS-5.10.4.1.·0003b320:·6e64·2074·6865·6e20·6765·7420·6669·6c65··nd·then·get·file
0003b330:·202d·2044·4953·412d·5354·4947·2d4f·4c30···-·DISA-STIG-OL00003b330:·7320·6e61·6d65·730a·6669·6c65·735f·7769··s·names.files_wi
0003b340:·372d·3030·2d30·3130·3032·300a·2020·2d20··7-00-010020.··-·0003b340:·7468·5f69·6e63·6f72·7265·6374·5f68·6173··th_incorrect_has
0003b350:·4e49·5354·2d38·3030·2d31·3731·2d33·2e33··NIST-800-171-3.30003b350:·683d·2224·2872·706d·202d·5661·202d·2d6e··h="$(rpm·-Va·--n
0003b360:·2e38·0a20·202d·204e·4953·542d·3830·302d··.8.··-·NIST-800-0003b360:·6f63·6f6e·6669·6720·7c20·6772·6570·202d··oconfig·|·grep·-
0003b370:·3137·312d·332e·342e·310a·2020·2d20·4e49··171-3.4.1.··-·NI0003b370:·4520·275e·2e2e·3527·207c·2061·776b·2027··E·'^..5'·|·awk·'
0003b380:·5354·2d38·3030·2d35·332d·4155·2d39·2833··ST-800-53-AU-9(30003b380:·7b70·7269·6e74·2024·4e46·7d27·2029·220a··{print·$NF}'·)".
0003b390:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003b390:·0a69·6620·5b20·2d6e·2022·2466·696c·6573··.if·[·-n·"$files
0003b3a0:·332d·434d·2d36·2863·290a·2020·2d20·4e49··3-CM-6(c).··-·NI0003b3a0:·5f77·6974·685f·696e·636f·7272·6563·745f··_with_incorrect_
0003b3b0:·5354·2d38·3030·2d35·332d·434d·2d36·2864··ST-800-53-CM-6(d0003b3b0:·6861·7368·2220·5d3b·2074·6865·6e0a·2020··hash"·];·then.··
0003b3c0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003b3c0:·2020·2320·4672·6f6d·2066·696c·6573·206e····#·From·files·n
0003b3d0:·332d·5349·2d37·0a20·202d·204e·4953·542d··3-SI-7.··-·NIST-0003b3d0:·616d·6573·2067·6574·2070·6163·6b61·6765··ames·get·package
0003b3e0:·3830·302d·3533·2d53·492d·3728·3129·0a20··800-53-SI-7(1).·0003b3e0:·206e·616d·6573·2061·6e64·2063·6861·6e67···names·and·chang
0003b3f0:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003b3f0:·6520·6e65·776c·696e·6520·746f·2073·7061··e·newline·to·spa
0003b400:·492d·3728·3629·0a20·202d·2050·4349·2d44··I-7(6).··-·PCI-D0003b400:·6365·2c20·6265·6361·7573·6520·7270·6d20··ce,·because·rpm·
0003b410:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·0003b410:·7772·6974·6573·2065·6163·6820·7061·636b··writes·each·pack
0003b420:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.20003b420:·6167·6520·746f·206e·6577·206c·696e·650a··age·to·new·line.
0003b430:·0a20·202d·2068·6967·685f·636f·6d70·6c65··.··-·high_comple0003b430:·2020·2020·7061·636b·6167·6573·5f74·6f5f······packages_to_
0003b440:·7869·7479·0a20·202d·2068·6967·685f·7365··xity.··-·high_se0003b440:·7265·696e·7374·616c·6c3d·2224·2872·706d··reinstall="$(rpm
0003b450:·7665·7269·7479·0a20·202d·206d·6564·6975··verity.··-·mediu0003b450:·202d·7166·2024·6669·6c65·735f·7769·7468···-qf·$files_with
0003b460:·6d5f·6469·7372·7570·7469·6f6e·0a20·202d··m_disruption.··-0003b460:·5f69·6e63·6f72·7265·6374·5f68·6173·6820··_incorrect_hash·
0003b470:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede0003b470:·7c20·7472·2027·5c6e·2720·2720·2729·220a··|·tr·'\n'·'·')".
0003b480:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s0003b480:·0a20·2020·200a·2020·2020·7975·6d20·7265··.····.····yum·re
0003b490:·7472·6174·6567·790a·2020·2d20·7270·6d5f··trategy.··-·rpm_0003b490:·696e·7374·616c·6c20·2d79·2024·7061·636b··install·-y·$pack
0003b4a0:·7665·7269·6679·5f68·6173·6865·730a·0a2d··verify_hashes..-0003b4a0:·6167·6573·5f74·6f5f·7265·696e·7374·616c··ages_to_reinstal
0003b4b0:·206e·616d·653a·2027·5365·7420·6661·6374···name:·'Set·fact0003b4b0:·6c0a·2020·2020·0a66·690a·0a65·6c73·650a··l.····.fi..else.
0003b4c0:·3a20·5061·636b·6167·6520·6d61·6e61·6765··:·Package·manage0003b4c0:·2020·2020·2667·743b·2661·6d70·3b32·2065······&gt;&amp;2·e
0003b4d0:·7220·7265·696e·7374·616c·6c20·636f·6d6d··r·reinstall·comm0003b4d0:·6368·6f20·2752·656d·6564·6961·7469·6f6e··cho·'Remediation
0003b4e0:·616e·6427·0a20·2073·6574·5f66·6163·743a··and'.··set_fact:0003b4e0:·2069·7320·6e6f·7420·6170·706c·6963·6162···is·not·applicab
0003b4f0:·0a20·2020·2070·6163·6b61·6765·5f6d·616e··.····package_man0003b4f0:·6c65·2c20·6e6f·7468·696e·6720·7761·7320··le,·nothing·was·
0003b500:·6167·6572·5f72·6569·6e73·7461·6c6c·5f63··ager_reinstall_c0003b500:·646f·6e65·270a·6669·0a3c·2f63·6f64·653e··done'.fi.</code>
0003b510:·6d64·3a20·7975·6d20·7265·696e·7374·616c··md:·yum·reinstal0003b510:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
0003b520:·6c20·2d79·0a20·2077·6865·6e3a·0a20·202d··l·-y.··when:.··-0003b520:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
0003b530:·206e·6f74·2028·2022·6b65·726e·656c·2220···not·(·"kernel"·0003b530:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
0003b540:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003b540:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
0003b550:·2e70·6163·6b61·6765·7320·616e·6420·2272··.packages·and·"r0003b550:·7461·2d74·6172·6765·743d·2223·6964·6d35··ta-target="#idm5
0003b560:·706d·2d6f·7374·7265·6522·2069·6e20·616e··pm-ostree"·in·an0003b560:·3331·3122·2074·6162·696e·6465·783d·2230··311"·tabindex="0
0003b570:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003b570:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003b580:·6167·6573·0a20·2020·2061·6e64·2022·626f··ages.····and·"bo0003b580:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003b590:·6f74·6322·2069·6e20·616e·7369·626c·655f··otc"·in·ansible_0003b590:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003b5a0:·6661·6374·732e·7061·636b·6167·6573·2061··facts.packages·a0003b5a0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
0003b5b0:·6e64·206e·6f74·2022·6f70·656e·7368·6966··nd·not·"openshif0003b5b0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
0003b5c0:·742d·6b75·6265·6c65·7422·2069·6e20·616e··t-kubelet"·in·an0003b5c0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s
0003b5d0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003b5d0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b
0003b5e0:·6167·6573·0a20·2020·2029·0a20·202d·2061··ages.····).··-·a0003b5e0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
0003b5f0:·6e73·6962·6c65·5f64·6973·7472·6962·7574··nsible_distribut0003b5f0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
0003b600:·696f·6e20·696e·205b·2022·4665·646f·7261··ion·in·[·"Fedora0003b600:·6c61·7073·6522·2069·643d·2269·646d·3533··lapse"·id="idm53
0003b610:·222c·2022·5265·6448·6174·222c·2022·4365··",·"RedHat",·"Ce0003b610:·3131·223e·3c74·6162·6c65·2063·6c61·7373··11"><table·class
0003b620:·6e74·4f53·222c·2022·4f72·6163·6c65·4c69··ntOS",·"OracleLi0003b620:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
0003b630:·6e75·7822·205d·0a20·2074·6167·733a·0a20··nux"·].··tags:.·0003b630:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
0003b640:·202d·2043·4a49·532d·352e·3130·2e34·2e31···-·CJIS-5.10.4.10003b640:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
0003b650:·0a20·202d·2044·4953·412d·5354·4947·2d4f··.··-·DISA-STIG-O0003b650:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
0003b660:·4c30·372d·3030·2d30·3130·3032·300a·2020··L07-00-010020.··0003b660:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
0003b670:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003b670:·643e·6869·6768·3c2f·7464·3e3c·2f74·723e··d>high</td></tr>
0003b680:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-800003b680:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
0003b690:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·0003b690:·6f6e·3a3c·2f74·683e·3c74·643e·6d65·6469··on:</th><td>medi
0003b6a0:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-90003b6a0:·756d·3c2f·7464·3e3c·2f74·723e·3c74·723e··um</td></tr><tr>
0003b6b0:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-8000003b6b0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>
0003b6c0:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·0003b6c0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></
0003b6d0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003b6d0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
0003b6e0:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-8000003b6e0:·6567·793a·3c2f·7468·3e3c·7464·3e72·6573··egy:</th><td>res
0003b6f0:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS0003b6f0:·7472·6963·743c·2f74·643e·3c2f·7472·3e3c··trict</td></tr><
0003b700:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)0003b700:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
0003b710:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b710:·653e·2d20·6e61·6d65·3a20·4761·7468·6572··e>-·name:·Gather
0003b720:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI0003b720:·2074·6865·2070·6163·6b61·6765·2066·6163···the·package·fac
0003b730:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··0003b730:·7473·0a20·2070·6163·6b61·6765·5f66·6163··ts.··package_fac
0003b740:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.50003b740:·7473·3a0a·2020·2020·6d61·6e61·6765·723a··ts:.····manager:
0003b750:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp0003b750:·2061·7574·6f0a·2020·7461·6773·3a0a·2020···auto.··tags:.··
0003b760:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_0003b760:·2d20·434a·4953·2d35·2e31·302e·342e·310a··-·CJIS-5.10.4.1.
0003b770:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med0003b770:·2020·2d20·4449·5341·2d53·5449·472d·4f4c····-·DISA-STIG-OL
0003b780:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·0003b780:·3037·2d30·302d·3031·3030·3230·0a20·202d··07-00-010020.··-
0003b790:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee0003b790:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
0003b7a0:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict0003b7a0:·332e·380a·2020·2d20·4e49·5354·2d38·3030··3.8.··-·NIST-800
0003b7b0:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp0003b7b0:·2d31·3731·2d33·2e34·2e31·0a20·202d·204e··-171-3.4.1.··-·N
0003b7c0:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.0003b7c0:·4953·542d·3830·302d·3533·2d41·552d·3928··IST-800-53-AU-9(
0003b7d0:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa0003b7d0:·3329·0a20·202d·204e·4953·542d·3830·302d··3).··-·NIST-800-
0003b7e0:·6374·3a20·5061·636b·6167·6520·6d61·6e61··ct:·Package·mana0003b7e0:·3533·2d43·4d2d·3628·6329·0a20·202d·204e··53-CM-6(c).··-·N
0003b7f0:·6765·7220·7265·696e·7374·616c·6c20·636f··ger·reinstall·co0003b7f0:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(
0003b800:·6d6d·616e·6420·287a·7970·7065·7229·270a··mmand·(zypper)'.0003b800:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-
0003b810:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····0003b810:·3533·2d53·492d·370a·2020·2d20·4e49·5354··53-SI-7.··-·NIST
0003b820:·7061·636b·6167·655f·6d61·6e61·6765·725f··package_manager_0003b820:·2d38·3030·2d35·332d·5349·2d37·2831·290a··-800-53-SI-7(1).
0003b830:·7265·696e·7374·616c·6c5f·636d·643a·207a··reinstall_cmd:·z0003b830:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003b840:·7970·7065·7220·696e·202d·6620·2d79·0a20··ypper·in·-f·-y.·0003b840:·5349·2d37·2836·290a·2020·2d20·5043·492d··SI-7(6).··-·PCI-
0003b850:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003b850:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··-
0003b860:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003b860:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5.
0003b870:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003b870:·320a·2020·2d20·6869·6768·5f63·6f6d·706c··2.··-·high_compl
0003b880:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003b880:·6578·6974·790a·2020·2d20·6869·6768·5f73··exity.··-·high_s
0003b890:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003b890:·6576·6572·6974·790a·2020·2d20·6d65·6469··everity.··-·medi
0003b8a0:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003b8a0:·756d·5f64·6973·7275·7074·696f·6e0a·2020··um_disruption.··
0003b8b0:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003b8b0:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need
0003b8c0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b8c0:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_
0003b8d0:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003b8d0:·7374·7261·7465·6779·0a20·202d·2072·706d··strategy.··-·rpm
0003b8e0:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003b8e0:·5f76·6572·6966·795f·6861·7368·6573·0a0a··_verify_hashes..
Max diff block lines reached; 8833899/8890369 bytes (99.36%) of diff not shown.
848 KB
html2text {}
    
Offset 98, 14 lines modifiedOffset 98, 33 lines modified
98 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)98 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
99 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-199 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
100 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5100 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
101 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227101 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
102 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010020102 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010020
103 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2103 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
104 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221653r1015161_rule104 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221653r1015161_rule
 105 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 106 #·Remediation·is·applicable·only·in·certain·platforms
 107 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 108 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 109 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 110 if·[·-n·"$files_with_incorrect_hash"·];·then
 111 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 112 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 113 ····yum·reinstall·-y·$packages_to_reinstall
  
 114 fi
  
 115 else
 116 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 117 fi
105 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
106 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
107 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
108 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
109 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
110 -·name:·Gather·the·package·facts123 -·name:·Gather·the·package·facts
111 ··package_facts:124 ··package_facts:
Offset 278, 33 lines modifiedOffset 297, 14 lines modified
278 ··-·PCI-DSSv4-11.5.2297 ··-·PCI-DSSv4-11.5.2
279 ··-·high_complexity298 ··-·high_complexity
280 ··-·high_severity299 ··-·high_severity
281 ··-·medium_disruption300 ··-·medium_disruption
282 ··-·no_reboot_needed301 ··-·no_reboot_needed
283 ··-·restrict_strategy302 ··-·restrict_strategy
284 ··-·rpm_verify_hashes303 ··-·rpm_verify_hashes
285 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
286 #·Remediation·is·applicable·only·in·certain·platforms 
287 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
288 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
289 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
290 if·[·-n·"$files_with_incorrect_hash"·];·then 
291 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
292 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
293 ····yum·reinstall·-y·$packages_to_reinstall 
  
294 fi 
  
295 else 
296 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
297 fi 
298 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*304 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
299 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:305 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
300 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'306 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
301 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:307 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
302 $·rpm·-qf·FILENAME308 $·rpm·-qf·FILENAME
  
303 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:309 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 327, 14 lines modifiedOffset 327, 50 lines modified
327 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)327 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
328 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1328 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
329 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5329 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
330 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108330 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
331 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010010331 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010010
332 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2332 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
333 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221652r991557_rule333 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221652r991557_rule
 334 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 335 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 336 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 337 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 338 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 339 #·Remediation·is·applicable·only·in·certain·platforms
 340 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 341 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 342 declare·-A·SETPERMS_RPM_DICT
  
 343 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 344 #·is·expected·by·the·RPM·database
 345 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 346 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 347 do
 348 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 349 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 350 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 351 ········do
 352 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 353 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 354 ········done
 355 done
  
 356 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 357 #·correct·values
 358 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 359 do
 360 »       rpm·--restore·"${RPM_PACKAGE}"
 361 done
  
 362 else
 363 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 364 fi
334 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8365 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
335 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high366 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
336 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium367 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
337 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false368 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
338 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict369 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
339 -·name:·Gather·the·package·facts370 -·name:·Gather·the·package·facts
340 ··package_facts:371 ··package_facts:
Offset 450, 50 lines modifiedOffset 486, 14 lines modified
450 ··-·PCI-DSSv4-11.5.2486 ··-·PCI-DSSv4-11.5.2
451 ··-·high_complexity487 ··-·high_complexity
452 ··-·high_severity488 ··-·high_severity
453 ··-·medium_disruption489 ··-·medium_disruption
454 ··-·no_reboot_needed490 ··-·no_reboot_needed
455 ··-·restrict_strategy491 ··-·restrict_strategy
456 ··-·rpm_verify_permissions492 ··-·rpm_verify_permissions
457 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 860394/867964 bytes (99.13%) of diff not shown.
6.85 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-cui.html
    
Offset 15071, 246 lines modifiedOffset 15071, 246 lines modified
0003ade0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003ade0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003adf0:·6964·6d36·3138·3322·2074·6162·696e·6465··idm6183"·tabinde0003adf0:·6964·6d36·3138·3322·2074·6162·696e·6465··idm6183"·tabinde
0003ae00:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003ae00:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003ae10:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003ae10:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003ae20:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003ae20:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003ae30:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003ae30:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003ae40:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003ae40:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003ae50:·656d·6564·6961·7469·6f6e·2041·6e61·636f··emediation·Anaco0003ae50:·656d·6564·6961·7469·6f6e·2050·7570·7065··emediation·Puppe
0003ae60:·6e64·6120·736e·6970·7065·7420·e287·b23c··nda·snippet·...<0003ae60:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a
0003ae70:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003ae70:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003ae80:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003ae80:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003ae90:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003ae90:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003aea0:·6964·6d36·3138·3322·3e3c·7461·626c·6520··idm6183"><table·0003aea0:·6d36·3138·3322·3e3c·7461·626c·6520·636c··m6183"><table·cl
0003aeb0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003aeb0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
0003aec0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003aec0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003aed0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003aed0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
0003aee0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003aee0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
0003aef0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003aef0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003af00:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><0003af00:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
0003af10:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr0003af10:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
0003af20:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>0003af20:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
0003af30:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr0003af30:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
0003af40:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th0003af40:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
0003af50:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><0003af50:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
0003af60:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra0003af60:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
0003af70:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en0003af70:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab
0003af80:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></0003af80:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta
0003af90:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code0003af90:·626c·653e·3c70·7265·3e3c·636f·6465·3e69··ble><pre><code>i
 0003afa0:·6e63·6c75·6465·2069·6e73·7461·6c6c·5f64··nclude·install_d
0003afa0:·3e0a·7061·636b·6167·6520·2d2d·6164·643d··>.package·--add= 
0003afb0:·6472·6163·7574·2d66·6970·730a·3c2f·636f··dracut-fips.</co 
0003afc0:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003afd0:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003afe0:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003aff0:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003b000:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003b010:·646d·3631·3834·2220·7461·6269·6e64·6578··dm6184"·tabindex 
0003b020:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003b030:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003b040:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003b050:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003b060:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003b070:·6d65·6469·6174·696f·6e20·5075·7070·6574··mediation·Puppet 
0003b080:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b090:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b0a0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b0b0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b0c0:·3631·3834·223e·3c74·6162·6c65·2063·6c61··6184"><table·cla 
0003b0d0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003b0e0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003b0f0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003b100:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003b110:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003b120:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b130:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003b140:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003b150:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b160:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b170:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b180:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b190:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b1a0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003b1b0:·6c65·3e3c·7072·653e·3c63·6f64·653e·696e··le><pre><code>in 
0003b1c0:·636c·7564·6520·696e·7374·616c·6c5f·6472··clude·install_dr 
0003b1d0:·6163·7574·2d66·6970·730a·0a63·6c61·7373··acut-fips..class0003afb0:·7261·6375·742d·6669·7073·0a0a·636c·6173··racut-fips..clas
 0003afc0:·7320·696e·7374·616c·6c5f·6472·6163·7574··s·install_dracut
 0003afd0:·2d66·6970·7320·7b0a·2020·7061·636b·6167··-fips·{.··packag
 0003afe0:·6520·7b20·2764·7261·6375·742d·6669·7073··e·{·'dracut-fips
 0003aff0:·273a·0a20·2020·2065·6e73·7572·6520·3d26··':.····ensure·=&
 0003b000:·6774·3b20·2769·6e73·7461·6c6c·6564·272c··gt;·'installed',
0003b1e0:·2069·6e73·7461·6c6c·5f64·7261·6375·742d···install_dracut- 
0003b1f0:·6669·7073·207b·0a20·2070·6163·6b61·6765··fips·{.··package 
0003b200:·207b·2027·6472·6163·7574·2d66·6970·7327···{·'dracut-fips' 
0003b210:·3a0a·2020·2020·656e·7375·7265·203d·2667··:.····ensure·=&g 
0003b220:·743b·2027·696e·7374·616c·6c65·6427·2c0a··t;·'installed',. 
0003b230:·2020·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70····}.}.</code></p 
0003b240:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003b250:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
0003b260:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
0003b270:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
0003b280:·7461·7267·6574·3d22·2369·646d·3631·3835··target="#idm6185 
0003b290:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
0003b2a0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
0003b2b0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
0003b2c0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
0003b2d0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
0003b2e0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat 
0003b2f0:·696f·6e20·4f53·4275·696c·6420·426c·7565··ion·OSBuild·Blue 
0003b300:·7072·696e·7420·736e·6970·7065·7420·e287··print·snippet·.. 
0003b310:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003b320:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003b330:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003b340:·3d22·6964·6d36·3138·3522·3e3c·7072·653e··="idm6185"><pre> 
0003b350:·3c63·6f64·653e·0a5b·5b70·6163·6b61·6765··<code>.[[package 
0003b360:·735d·5d0a·6e61·6d65·203d·2022·6472·6163··s]].name·=·"drac 
0003b370:·7574·2d66·6970·7322·0a76·6572·7369·6f6e··ut-fips".version 
0003b380:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></0003b010:·0a20·207d·0a7d·0a3c·2f63·6f64·653e·3c2f··.··}.}.</code></
0003b390:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla0003b020:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
0003b3a0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ0003b030:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
0003b3b0:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle0003b040:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
0003b3c0:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data0003b050:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
0003b3d0:·2d74·6172·6765·743d·2223·6964·6d36·3138··-target="#idm6180003b060:·2d74·6172·6765·743d·2223·6964·6d36·3138··-target="#idm618
0003b3e0:·3622·2074·6162·696e·6465·783d·2230·2220··6"·tabindex="0"·0003b070:·3422·2074·6162·696e·6465·783d·2230·2220··4"·tabindex="0"·
0003b3f0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003b080:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003b400:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003b090:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003b410:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003b0a0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003b420:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003b0b0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003b430:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003b0c0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
 0003b0d0:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
 0003b0e0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
 0003b0f0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
 0003b100:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
 0003b110:·2220·6964·3d22·6964·6d36·3138·3422·3e3c··"·id="idm6184"><
 0003b120:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
 0003b130:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
 0003b140:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
 0003b150:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
 0003b160:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
 0003b170:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
 0003b180:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003b190:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
 0003b1a0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003b1b0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
 0003b1c0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
 0003b1d0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003b1e0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
 0003b1f0:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><
Max diff block lines reached; 6429593/6462189 bytes (99.50%) of diff not shown.
705 KB
html2text {}
    
Offset 99, 38 lines modifiedOffset 99, 41 lines modified
99 References:·_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x80_\x89·4.3.3.6.699 References:·_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x80_\x89·4.3.3.6.6
100 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·1.13,·SR·2.6,·SR·3.1,·SR·3.5,·SR·3.8,·SR·4.1,·SR·4.3,·SR·5.1,·SR·5.2,·SR·5.3,·SR·7.1,·SR·7.6100 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·1.13,·SR·2.6,·SR·3.1,·SR·3.5,·SR·3.8,·SR·4.1,·SR·4.3,·SR·5.1,·SR·5.2,·SR·5.3,·SR·7.1,·SR·7.6
101 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.6,·A.13.1.1,·A.13.2.1,·A.14.1.3,·A.6.2.1,·A.6.2.2101 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.6,·A.13.1.1,·A.13.2.1,·A.14.1.3,·A.6.2.1,·A.6.2.2
102 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-007-3·R5.1102 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-007-3·R5.1
103 ············_\x8n_\x8i_\x8s_\x8t···········SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12103 ············_\x8n_\x8i_\x8s_\x8t···········SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
104 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-3,·PR.PT-4104 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-3,·PR.PT-4
105 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000033-GPOS-00014,·SRG-OS-000396-GPOS-00176,·SRG-OS-000478-GPOS-00223105 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000033-GPOS-00014,·SRG-OS-000396-GPOS-00176,·SRG-OS-000478-GPOS-00223
106 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
107 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
108 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
109 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
110 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
111 package·--add=dracut-fips 
112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8106 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
113 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low107 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
114 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low108 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
115 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false109 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
116 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable110 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
117 include·install_dracut-fips111 include·install_dracut-fips
  
118 class·install_dracut-fips·{112 class·install_dracut-fips·{
119 ··package·{·'dracut-fips':113 ··package·{·'dracut-fips':
120 ····ensure·=>·'installed',114 ····ensure·=>·'installed',
121 ··}115 ··}
122 }116 }
123 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8117 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 118 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 119 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 120 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 121 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 122 #·Remediation·is·applicable·only·in·certain·platforms
 123 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·);·then
  
124 [[packages]] 
125 name·=·"dracut-fips" 
126 version·=·"*"124 if·!·rpm·-q·--quiet·"dracut-fips"·;·then
 125 ····yum·install·-y·"dracut-fips"
 126 fi
  
 127 else
 128 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 129 fi
127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
128 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low131 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
129 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low132 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
130 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false133 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
131 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable134 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
132 -·name:·Gather·the·package·facts135 -·name:·Gather·the·package·facts
133 ··package_facts:136 ··package_facts:
Offset 170, 29 lines modifiedOffset 173, 26 lines modified
170 ··-·NIST-800-53-SC-13173 ··-·NIST-800-53-SC-13
171 ··-·enable_strategy174 ··-·enable_strategy
172 ··-·low_complexity175 ··-·low_complexity
173 ··-·low_disruption176 ··-·low_disruption
174 ··-·medium_severity177 ··-·medium_severity
175 ··-·no_reboot_needed178 ··-·no_reboot_needed
176 ··-·package_dracut-fips_installed179 ··-·package_dracut-fips_installed
 180 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 181 [[packages]]
 182 name·=·"dracut-fips"
 183 version·=·"*"
177 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
178 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low185 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
179 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low186 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
180 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false187 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
181 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable188 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
182 #·Remediation·is·applicable·only·in·certain·platforms 
183 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·);·then 
  
184 if·!·rpm·-q·--quiet·"dracut-fips"·;·then 
185 ····yum·install·-y·"dracut-fips" 
186 fi 
  
 189 package·--add=dracut-fips
187 else 
188 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
189 fi 
190 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·i\x8in\x8n·G\x8GR\x8RU\x8UB\x8B2\x82·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*190 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·i\x8in\x8n·G\x8GR\x8RU\x8UB\x8B2\x82·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
191 To·ensure·FIPS·mode·is·enabled,·install·package·dracut-fips,·and·rebuild·initramfs·by·running·the·following·commands:191 To·ensure·FIPS·mode·is·enabled,·install·package·dracut-fips,·and·rebuild·initramfs·by·running·the·following·commands:
192 $·sudo·yum·install·dracut-fips192 $·sudo·yum·install·dracut-fips
193 dracut·-f193 dracut·-f
194 After·the·dracut·command·has·been·run,·add·the·argument·fips=1·to·the·default·GRUB·2·command·line·for·the·Linux·operating·system·in·/etc/default/grub,·in·the·manner·below:194 After·the·dracut·command·has·been·run,·add·the·argument·fips=1·to·the·default·GRUB·2·command·line·for·the·Linux·operating·system·in·/etc/default/grub,·in·the·manner·below:
195 GRUB_CMDLINE_LINUX="crashkernel=auto·rd.lvm.lv=VolGroup/LogVol06·rd.lvm.lv=VolGroup/lv_swap·rhgb·quiet·rd.shell=0·fips=1"195 GRUB_CMDLINE_LINUX="crashkernel=auto·rd.lvm.lv=VolGroup/LogVol06·rd.lvm.lv=VolGroup/lv_swap·rhgb·quiet·rd.shell=0·fips=1"
196 Finally,·rebuild·the·grub.cfg·file·by·using·the196 Finally,·rebuild·the·grub.cfg·file·by·using·the
Offset 223, 17 lines modifiedOffset 223, 80 lines modified
223 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.6,·A.13.1.1,·A.13.2.1,·A.14.1.3,·A.6.2.1,·A.6.2.2223 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.6,·A.13.1.1,·A.13.2.1,·A.14.1.3,·A.6.2.1,·A.6.2.2
224 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-007-3·R5.1224 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-007-3·R5.1
225 ············_\x8n_\x8i_\x8s_\x8t···········SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12225 ············_\x8n_\x8i_\x8s_\x8t···········SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
226 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-3,·PR.PT-4226 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-3,·PR.PT-4
227 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000033-GPOS-00014,·SRG-OS-000185-GPOS-00079,·SRG-OS-000396-GPOS-00176,·SRG-OS-000405-GPOS-00184,·SRG-OS-000478-GPOS-00223227 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000033-GPOS-00014,·SRG-OS-000185-GPOS-00079,·SRG-OS-000396-GPOS-00176,·SRG-OS-000405-GPOS-00184,·SRG-OS-000478-GPOS-00223
228 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-021350228 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-021350
229 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221758r958408_rule229 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221758r958408_rule
230 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8230 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 231 #·Remediation·is·applicable·only·in·certain·platforms
 232 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·)·&&·{·rpm·--quiet·-q·grub2-common;·};·then
  
231 package·--add=dracut-fips·--add=dracut-fips-aesni233 #·prelink·not·installed
 234 if·test·-e·/etc/sysconfig/prelink·-o·-e·/usr/sbin/prelink;·then
 235 ····if·grep·-q·^PRELINKING·/etc/sysconfig/prelink
 236 ····then
 237 ········sed·-i·'s/^PRELINKING[:blank:]*=[:blank:]*[:alpha:]*/PRELINKING=no/'·/etc/sysconfig/prelink
 238 ····else
 239 ········printf·'\n'·>>·/etc/sysconfig/prelink
 240 ········printf·'%s\n'·'#·Set·PRELINKING=no·per·security·requirements'·'PRELINKING=no'·>>·/etc/sysconfig/prelink
 241 ····fi
  
 242 ····#·Undo·previous·prelink·changes·to·binaries·if·prelink·is·available.
 243 ····if·test·-x·/usr/sbin/prelink;·then
 244 ········/usr/sbin/prelink·-ua
 245 ····fi
 246 fi
  
 247 if·grep·-q·-m1·-o·aes·/proc/cpuinfo;·then
 248 »       if·!·rpm·-q·--quiet·"dracut-fips-aesni"·;·then
 249 ····yum·install·-y·"dracut-fips-aesni"
 250 fi
 251 fi
 252 if·!·rpm·-q·--quiet·"dracut-fips"·;·then
 253 ····yum·install·-y·"dracut-fips"
 254 fi
  
 255 dracut·-f
  
 256 #·Correct·the·form·of·default·kernel·command·line·in··grub
 257 if·grep·-q·'^GRUB_CMDLINE_LINUX=.*fips=.*"'··/etc/default/grub;·then
Max diff block lines reached; 714470/722178 bytes (98.93%) of diff not shown.
6.58 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-e8.html
    
Offset 15153, 419 lines modifiedOffset 15153, 419 lines modified
0003b300:·7267·6574·3d22·2369·646d·3533·3130·2220··rget="#idm5310"·0003b300:·7267·6574·3d22·2369·646d·3533·3130·2220··rget="#idm5310"·
0003b310:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003b310:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003b320:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003b320:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003b330:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003b330:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003b340:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003b340:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003b350:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003b350:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
Diff chunk too large, falling back to line-by-line diff (405 lines added, 405 lines removed)
0003b360:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003b360:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003b370:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe0003b370:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
0003b380:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di0003b380:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
0003b390:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c0003b390:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0003b3a0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse0003b3a0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0003b3b0:·2220·6964·3d22·6964·6d35·3331·3022·3e3c··"·id="idm5310"><0003b3b0:·643d·2269·646d·3533·3130·223e·3c70·7265··d="idm5310"><pre
0003b3c0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab0003b3c0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
0003b3d0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped0003b3d0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
0003b3e0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·0003b3e0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
0003b3f0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"0003b3f0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
0003b400:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex0003b400:·2120·2820·7b20·7270·6d20·2d2d·7175·6965··!·(·{·rpm·--quie
0003b410:·6974·793a·3c2f·7468·3e3c·7464·3e68·6967··ity:</th><td>hig0003b410:·7420·2d71·206b·6572·6e65·6c20·3b7d·2026··t·-q·kernel·;}·&
0003b420:·683c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··h</td></tr><tr><0003b420:·616d·703b·2661·6d70·3b20·7b20·7270·6d20··amp;&amp;·{·rpm·
0003b430:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</0003b430:·2d2d·7175·6965·7420·2d71·2072·706d·2d6f··--quiet·-q·rpm-o
0003b440:·7468·3e3c·7464·3e6d·6564·6975·6d3c·2f74··th><td>medium</t0003b440:·7374·7265·6520·3b7d·2026·616d·703b·2661··stree·;}·&amp;&a
0003b450:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R0003b450:·6d70·3b20·7b20·7270·6d20·2d2d·7175·6965··mp;·{·rpm·--quie
0003b460:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f0003b460:·7420·2d71·2062·6f6f·7463·203b·7d20·2661··t·-q·bootc·;}·&a
0003b470:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t0003b470:·6d70·3b26·616d·703b·207b·2021·2072·706d··mp;&amp;·{·!·rpm
0003b480:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0003b480:·202d·2d71·7569·6574·202d·7120·6f70·656e···--quiet·-q·open
0003b490:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict0003b490:·7368·6966·742d·6b75·6265·6c65·7420·3b7d··shift-kubelet·;}
0003b4a0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl0003b4a0:·2029·3b20·7468·656e·0a0a·2320·4669·6e64···);·then..#·Find
0003b4b0:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n0003b4b0:·2077·6869·6368·2066·696c·6573·2068·6176···which·files·hav
0003b4c0:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the·0003b4c0:·6520·696e·636f·7272·6563·7420·6861·7368··e·incorrect·hash
0003b4d0:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.··0003b4d0:·2028·6e6f·7420·696e·202f·6574·632c·2062···(not·in·/etc,·b
0003b4e0:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.·0003b4e0:·6563·6175·7365·206f·6620·7468·6520·7379··ecause·of·the·sy
0003b4f0:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto0003b4f0:·7374·656d·2072·656c·6174·6564·2063·6f6e··stem·related·con
0003b500:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003b500:·6669·6720·6669·6c65·7329·2061·6e64·2074··fig·files)·and·t
0003b510:·532d·352e·3130·2e34·2e31·0a20·202d·2044··S-5.10.4.1.··-·D0003b510:·6865·6e20·6765·7420·6669·6c65·7320·6e61··hen·get·files·na
0003b520:·4953·412d·5354·4947·2d4f·4c30·372d·3030··ISA-STIG-OL07-000003b520:·6d65·730a·6669·6c65·735f·7769·7468·5f69··mes.files_with_i
0003b530:·2d30·3130·3032·300a·2020·2d20·4e49·5354··-010020.··-·NIST0003b530:·6e63·6f72·7265·6374·5f68·6173·683d·2224··ncorrect_hash="$
0003b540:·2d38·3030·2d31·3731·2d33·2e33·2e38·0a20··-800-171-3.3.8.·0003b540:·2872·706d·202d·5661·202d·2d6e·6f63·6f6e··(rpm·-Va·--nocon
0003b550:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-0003b550:·6669·6720·7c20·6772·6570·202d·4520·275e··fig·|·grep·-E·'^
0003b560:·332e·342e·310a·2020·2d20·4e49·5354·2d38··3.4.1.··-·NIST-80003b560:·2e2e·3527·207c·2061·776b·2027·7b70·7269··..5'·|·awk·'{pri
0003b570:·3030·2d35·332d·4155·2d39·2833·290a·2020··00-53-AU-9(3).··0003b570:·6e74·2024·4e46·7d27·2029·220a·0a69·6620··nt·$NF}'·)"..if·
0003b580:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003b580:·5b20·2d6e·2022·2466·696c·6573·5f77·6974··[·-n·"$files_wit
0003b590:·2d36·2863·290a·2020·2d20·4e49·5354·2d38··-6(c).··-·NIST-80003b590:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003b5a0:·3030·2d35·332d·434d·2d36·2864·290a·2020··00-53-CM-6(d).··0003b5a0:·2220·5d3b·2074·6865·6e0a·2020·2020·2320··"·];·then.····#·
0003b5b0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003b5b0:·4672·6f6d·2066·696c·6573·206e·616d·6573··From·files·names
0003b5c0:·2d37·0a20·202d·204e·4953·542d·3830·302d··-7.··-·NIST-800-0003b5c0:·2067·6574·2070·6163·6b61·6765·206e·616d···get·package·nam
0003b5d0:·3533·2d53·492d·3728·3129·0a20·202d·204e··53-SI-7(1).··-·N0003b5d0:·6573·2061·6e64·2063·6861·6e67·6520·6e65··es·and·change·ne
0003b5e0:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003b5e0:·776c·696e·6520·746f·2073·7061·6365·2c20··wline·to·space,·
0003b5f0:·3629·0a20·202d·2050·4349·2d44·5353·2d52··6).··-·PCI-DSS-R0003b5f0:·6265·6361·7573·6520·7270·6d20·7772·6974··because·rpm·writ
0003b600:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI-0003b600:·6573·2065·6163·6820·7061·636b·6167·6520··es·each·package·
0003b610:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··-0003b610:·746f·206e·6577·206c·696e·650a·2020·2020··to·new·line.····
0003b620:·2068·6967·685f·636f·6d70·6c65·7869·7479···high_complexity0003b620:·7061·636b·6167·6573·5f74·6f5f·7265·696e··packages_to_rein
0003b630:·0a20·202d·2068·6967·685f·7365·7665·7269··.··-·high_severi0003b630:·7374·616c·6c3d·2224·2872·706d·202d·7166··stall="$(rpm·-qf
0003b640:·7479·0a20·202d·206d·6564·6975·6d5f·6469··ty.··-·medium_di0003b640:·2024·6669·6c65·735f·7769·7468·5f69·6e63···$files_with_inc
0003b650:·7372·7570·7469·6f6e·0a20·202d·206e·6f5f··sruption.··-·no_0003b650:·6f72·7265·6374·5f68·6173·6820·7c20·7472··orrect_hash·|·tr
0003b660:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.··0003b660:·2027·5c6e·2720·2720·2729·220a·0a20·2020···'\n'·'·')"..···
0003b670:·2d20·7265·7374·7269·6374·5f73·7472·6174··-·restrict_strat0003b670:·200a·2020·2020·7975·6d20·7265·696e·7374···.····yum·reinst
0003b680:·6567·790a·2020·2d20·7270·6d5f·7665·7269··egy.··-·rpm_veri0003b680:·616c·6c20·2d79·2024·7061·636b·6167·6573··all·-y·$packages
0003b690:·6679·5f68·6173·6865·730a·0a2d·206e·616d··fy_hashes..-·nam0003b690:·5f74·6f5f·7265·696e·7374·616c·6c0a·2020··_to_reinstall.··
0003b6a0:·653a·2027·5365·7420·6661·6374·3a20·5061··e:·'Set·fact:·Pa0003b6a0:·2020·0a66·690a·0a65·6c73·650a·2020·2020····.fi..else.····
0003b6b0:·636b·6167·6520·6d61·6e61·6765·7220·7265··ckage·manager·re0003b6b0:·2667·743b·2661·6d70·3b32·2065·6368·6f20··&gt;&amp;2·echo·
0003b6c0:·696e·7374·616c·6c20·636f·6d6d·616e·6427··install·command'0003b6c0:·2752·656d·6564·6961·7469·6f6e·2069·7320··'Remediation·is·
0003b6d0:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···0003b6d0:·6e6f·7420·6170·706c·6963·6162·6c65·2c20··not·applicable,·
0003b6e0:·2070·6163·6b61·6765·5f6d·616e·6167·6572···package_manager0003b6e0:·6e6f·7468·696e·6720·7761·7320·646f·6e65··nothing·was·done
0003b6f0:·5f72·6569·6e73·7461·6c6c·5f63·6d64·3a20··_reinstall_cmd:·0003b6f0:·270a·6669·0a3c·2f63·6f64·653e·3c2f·7072··'.fi.</code></pr
0003b700:·7975·6d20·7265·696e·7374·616c·6c20·2d79··yum·reinstall·-y0003b700:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class
0003b710:·0a20·2077·6865·6e3a·0a20·202d·206e·6f74··.··when:.··-·not0003b710:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes
0003b720:·2028·2022·6b65·726e·656c·2220·696e·2061···(·"kernel"·in·a0003b720:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="
0003b730:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003b730:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t
0003b740:·6b61·6765·7320·616e·6420·2272·706d·2d6f··kages·and·"rpm-o0003b740:·6172·6765·743d·2223·6964·6d35·3331·3122··arget="#idm5311"
0003b750:·7374·7265·6522·2069·6e20·616e·7369·626c··stree"·in·ansibl0003b750:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003b760:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003b760:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003b770:·0a20·2020·2061·6e64·2022·626f·6f74·6322··.····and·"bootc"0003b770:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003b780:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003b780:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003b790:·732e·7061·636b·6167·6573·2061·6e64·206e··s.packages·and·n0003b790:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003b7a0:·6f74·2022·6f70·656e·7368·6966·742d·6b75··ot·"openshift-ku0003b7a0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003b7b0:·6265·6c65·7422·2069·6e20·616e·7369·626c··belet"·in·ansibl0003b7b0:·6f6e·2041·6e73·6962·6c65·2073·6e69·7070··on·Ansible·snipp
0003b7c0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003b7c0:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d
0003b7d0:·0a20·2020·2029·0a20·202d·2061·6e73·6962··.····).··-·ansib0003b7d0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0003b7e0:·6c65·5f64·6973·7472·6962·7574·696f·6e20··le_distribution·0003b7e0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
0003b7f0:·696e·205b·2022·4665·646f·7261·222c·2022··in·[·"Fedora",·"0003b7f0:·6522·2069·643d·2269·646d·3533·3131·223e··e"·id="idm5311">
0003b800:·5265·6448·6174·222c·2022·4365·6e74·4f53··RedHat",·"CentOS0003b800:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
0003b810:·222c·2022·4f72·6163·6c65·4c69·6e75·7822··",·"OracleLinux"0003b810:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
0003b820:·205d·0a20·2074·6167·733a·0a20·202d·2043···].··tags:.··-·C0003b820:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
0003b830:·4a49·532d·352e·3130·2e34·2e31·0a20·202d··JIS-5.10.4.1.··-0003b830:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
0003b840:·2044·4953·412d·5354·4947·2d4f·4c30·372d···DISA-STIG-OL07-0003b840:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
0003b850:·3030·2d30·3130·3032·300a·2020·2d20·4e49··00-010020.··-·NI0003b850:·7869·7479·3a3c·2f74·683e·3c74·643e·6869··xity:</th><td>hi
0003b860:·5354·2d38·3030·2d31·3731·2d33·2e33·2e38··ST-800-171-3.3.80003b860:·6768·3c2f·7464·3e3c·2f74·723e·3c74·723e··gh</td></tr><tr>
0003b870:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170003b870:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
0003b880:·312d·332e·342e·310a·2020·2d20·4e49·5354··1-3.4.1.··-·NIST0003b880:·2f74·683e·3c74·643e·6d65·6469·756d·3c2f··/th><td>medium</
0003b890:·2d38·3030·2d35·332d·4155·2d39·2833·290a··-800-53-AU-9(3).0003b890:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003b8a0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b8a0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>
0003b8b0:·434d·2d36·2863·290a·2020·2d20·4e49·5354··CM-6(c).··-·NIST0003b8b0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><
0003b8c0:·2d38·3030·2d35·332d·434d·2d36·2864·290a··-800-53-CM-6(d).0003b8c0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
0003b8d0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b8d0:·3c2f·7468·3e3c·7464·3e72·6573·7472·6963··</th><td>restric
0003b8e0:·5349·2d37·0a20·202d·204e·4953·542d·3830··SI-7.··-·NIST-800003b8e0:·743c·2f74·643e·3c2f·7472·3e3c·2f74·6162··t</td></tr></tab
0003b8f0:·302d·3533·2d53·492d·3728·3129·0a20·202d··0-53-SI-7(1).··-0003b8f0:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-·
0003b900:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003b900:·6e61·6d65·3a20·4761·7468·6572·2074·6865··name:·Gather·the
0003b910:·3728·3629·0a20·202d·2050·4349·2d44·5353··7(6).··-·PCI-DSS0003b910:·2070·6163·6b61·6765·2066·6163·7473·0a20···package·facts.·
0003b920:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC0003b920:·2070·6163·6b61·6765·5f66·6163·7473·3a0a···package_facts:.
0003b930:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·0003b930:·2020·2020·6d61·6e61·6765·723a·2061·7574······manager:·aut
0003b940:·202d·2068·6967·685f·636f·6d70·6c65·7869···-·high_complexi0003b940:·6f0a·2020·7461·6773·3a0a·2020·2d20·434a··o.··tags:.··-·CJ
0003b950:·7479·0a20·202d·2068·6967·685f·7365·7665··ty.··-·high_seve0003b950:·4953·2d35·2e31·302e·342e·310a·2020·2d20··IS-5.10.4.1.··-·
0003b960:·7269·7479·0a20·202d·206d·6564·6975·6d5f··rity.··-·medium_0003b960:·4449·5341·2d53·5449·472d·4f4c·3037·2d30··DISA-STIG-OL07-0
0003b970:·6469·7372·7570·7469·6f6e·0a20·202d·206e··disruption.··-·n0003b970:·302d·3031·3030·3230·0a20·202d·204e·4953··0-010020.··-·NIS
0003b980:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003b980:·542d·3830·302d·3137·312d·332e·332e·380a··T-800-171-3.3.8.
0003b990:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str0003b990:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
0003b9a0:·6174·6567·790a·2020·2d20·7270·6d5f·7665··ategy.··-·rpm_ve0003b9a0:·2d33·2e34·2e31·0a20·202d·204e·4953·542d··-3.4.1.··-·NIST-
0003b9b0:·7269·6679·5f68·6173·6865·730a·0a2d·206e··rify_hashes..-·n0003b9b0:·3830·302d·3533·2d41·552d·3928·3329·0a20··800-53-AU-9(3).·
0003b9c0:·616d·653a·2027·5365·7420·6661·6374·3a20··ame:·'Set·fact:·0003b9c0:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C
0003b9d0:·5061·636b·6167·6520·6d61·6e61·6765·7220··Package·manager·0003b9d0:·4d2d·3628·6329·0a20·202d·204e·4953·542d··M-6(c).··-·NIST-
0003b9e0:·7265·696e·7374·616c·6c20·636f·6d6d·616e··reinstall·comman0003b9e0:·3830·302d·3533·2d43·4d2d·3628·6429·0a20··800-53-CM-6(d).·
0003b9f0:·6420·287a·7970·7065·7229·270a·2020·7365··d·(zypper)'.··se0003b9f0:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S
0003ba00:·745f·6661·6374·3a0a·2020·2020·7061·636b··t_fact:.····pack0003ba00:·492d·370a·2020·2d20·4e49·5354·2d38·3030··I-7.··-·NIST-800
0003ba10:·6167·655f·6d61·6e61·6765·725f·7265·696e··age_manager_rein0003ba10:·2d35·332d·5349·2d37·2831·290a·2020·2d20··-53-SI-7(1).··-·
0003ba20:·7374·616c·6c5f·636d·643a·207a·7970·7065··stall_cmd:·zyppe0003ba20:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-7
0003ba30:·7220·696e·202d·6620·2d79·0a20·2077·6865··r·in·-f·-y.··whe0003ba30:·2836·290a·2020·2d20·5043·492d·4453·532d··(6).··-·PCI-DSS-
0003ba40:·6e3a·0a20·202d·206e·6f74·2028·2022·6b65··n:.··-·not·(·"ke0003ba40:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI
0003ba50:·726e·656c·2220·696e·2061·6e73·6962·6c65··rnel"·in·ansible0003ba50:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.··
0003ba60:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003ba60:·2d20·6869·6768·5f63·6f6d·706c·6578·6974··-·high_complexit
0003ba70:·616e·6420·2272·706d·2d6f·7374·7265·6522··and·"rpm-ostree"0003ba70:·790a·2020·2d20·6869·6768·5f73·6576·6572··y.··-·high_sever
0003ba80:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003ba80:·6974·790a·2020·2d20·6d65·6469·756d·5f64··ity.··-·medium_d
0003ba90:·732e·7061·636b·6167·6573·0a20·2020·2061··s.packages.····a0003ba90:·6973·7275·7074·696f·6e0a·2020·2d20·6e6f··isruption.··-·no
0003baa0:·6e64·2022·626f·6f74·6322·2069·6e20·616e··nd·"bootc"·in·an0003baa0:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·
0003bab0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003bab0:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra
0003bac0:·6167·6573·2061·6e64·206e·6f74·2022·6f70··ages·and·not·"op0003bac0:·7465·6779·0a20·202d·2072·706d·5f76·6572··tegy.··-·rpm_ver
0003bad0:·656e·7368·6966·742d·6b75·6265·6c65·7422··enshift-kubelet"0003bad0:·6966·795f·6861·7368·6573·0a0a·2d20·6e61··ify_hashes..-·na
Max diff block lines reached; 6184698/6241168 bytes (99.10%) of diff not shown.
641 KB
html2text {}
    
Offset 104, 14 lines modifiedOffset 104, 33 lines modified
104 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)104 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
105 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1105 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
106 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5106 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
107 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227107 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
108 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010020108 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010020
109 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2109 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
110 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221653r1015161_rule110 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221653r1015161_rule
 111 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 112 #·Remediation·is·applicable·only·in·certain·platforms
 113 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 114 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 115 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 116 if·[·-n·"$files_with_incorrect_hash"·];·then
 117 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 118 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 119 ····yum·reinstall·-y·$packages_to_reinstall
  
 120 fi
  
 121 else
 122 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 123 fi
111 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8124 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
112 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high125 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
113 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium126 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
114 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false127 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
115 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict128 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
116 -·name:·Gather·the·package·facts129 -·name:·Gather·the·package·facts
117 ··package_facts:130 ··package_facts:
Offset 284, 33 lines modifiedOffset 303, 14 lines modified
284 ··-·PCI-DSSv4-11.5.2303 ··-·PCI-DSSv4-11.5.2
285 ··-·high_complexity304 ··-·high_complexity
286 ··-·high_severity305 ··-·high_severity
287 ··-·medium_disruption306 ··-·medium_disruption
288 ··-·no_reboot_needed307 ··-·no_reboot_needed
289 ··-·restrict_strategy308 ··-·restrict_strategy
290 ··-·rpm_verify_hashes309 ··-·rpm_verify_hashes
291 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
292 #·Remediation·is·applicable·only·in·certain·platforms 
293 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
294 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
295 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
296 if·[·-n·"$files_with_incorrect_hash"·];·then 
297 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
298 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
299 ····yum·reinstall·-y·$packages_to_reinstall 
  
300 fi 
  
301 else 
302 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
303 fi 
304 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*310 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
305 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:311 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
306 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'312 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
307 run·the·following·command·to·determine·which·package·owns·it:313 run·the·following·command·to·determine·which·package·owns·it:
308 $·rpm·-qf·FILENAME314 $·rpm·-qf·FILENAME
309 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:315 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
310 $·sudo·rpm·--restore·PACKAGENAME316 $·sudo·rpm·--restore·PACKAGENAME
Offset 331, 14 lines modifiedOffset 331, 46 lines modified
331 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)331 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
332 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1332 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
333 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5333 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
334 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108334 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
335 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010010335 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010010
336 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2336 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
337 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221652r991557_rule337 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221652r991557_rule
 338 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 339 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 340 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 341 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 342 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 343 #·Remediation·is·applicable·only·in·certain·platforms
 344 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 345 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 346 declare·-A·SETPERMS_RPM_DICT
  
 347 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 348 #·is·expected·by·the·RPM·database
 349 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 350 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 351 do
 352 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 353 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 354 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 355 done
  
 356 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 357 #·correct·values
 358 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 359 do
 360 ········rpm·--restore·"${RPM_PACKAGE}"
 361 done
  
 362 else
 363 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 364 fi
338 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8365 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
339 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high366 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
340 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium367 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
341 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false368 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
342 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict369 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
343 -·name:·Gather·the·package·facts370 -·name:·Gather·the·package·facts
344 ··package_facts:371 ··package_facts:
Offset 450, 46 lines modifiedOffset 482, 14 lines modified
450 ··-·PCI-DSSv4-11.5.2482 ··-·PCI-DSSv4-11.5.2
451 ··-·high_complexity483 ··-·high_complexity
452 ··-·high_severity484 ··-·high_severity
453 ··-·medium_disruption485 ··-·medium_disruption
454 ··-·no_reboot_needed486 ··-·no_reboot_needed
455 ··-·restrict_strategy487 ··-·restrict_strategy
456 ··-·rpm_verify_ownership488 ··-·rpm_verify_ownership
457 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
458 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
459 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
460 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
461 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 649005/656207 bytes (98.90%) of diff not shown.
16.7 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-hipaa.html
    
Offset 15184, 419 lines modifiedOffset 15184, 419 lines modified
0003b4f0:·2d74·6172·6765·743d·2223·6964·6d35·3331··-target="#idm5310003b4f0:·2d74·6172·6765·743d·2223·6964·6d35·3331··-target="#idm531
0003b500:·3022·2074·6162·696e·6465·783d·2230·2220··0"·tabindex="0"·0003b500:·3022·2074·6162·696e·6465·783d·2230·2220··0"·tabindex="0"·
0003b510:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003b510:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003b520:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003b520:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003b530:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003b530:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003b540:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003b540:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
Diff chunk too large, falling back to line-by-line diff (405 lines added, 405 lines removed)
0003b550:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003b550:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003b560:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni0003b560:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
0003b570:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003b570:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003b580:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003b580:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003b590:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003b590:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003b5a0:·7073·6522·2069·643d·2269·646d·3533·3130··pse"·id="idm53100003b5a0:·2220·6964·3d22·6964·6d35·3331·3022·3e3c··"·id="idm5310"><
0003b5b0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="0003b5b0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
0003b5c0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri0003b5c0:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
0003b5d0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border0003b5d0:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
0003b5e0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens0003b5e0:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
0003b5f0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp0003b5f0:·6966·2021·2028·207b·2072·706d·202d·2d71··if·!·(·{·rpm·--q
0003b600:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>0003b600:·7569·6574·202d·7120·6b65·726e·656c·203b··uiet·-q·kernel·;
0003b610:·6869·6768·3c2f·7464·3e3c·2f74·723e·3c74··high</td></tr><t0003b610:·7d20·2661·6d70·3b26·616d·703b·207b·2072··}·&amp;&amp;·{·r
0003b620:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption0003b620:·706d·202d·2d71·7569·6574·202d·7120·7270··pm·--quiet·-q·rp
0003b630:·3a3c·2f74·683e·3c74·643e·6d65·6469·756d··:</th><td>medium0003b630:·6d2d·6f73·7472·6565·203b·7d20·2661·6d70··m-ostree·;}·&amp
0003b640:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003b640:·3b26·616d·703b·207b·2072·706d·202d·2d71··;&amp;·{·rpm·--q
0003b650:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t0003b650:·7569·6574·202d·7120·626f·6f74·6320·3b7d··uiet·-q·bootc·;}
0003b660:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr0003b660:·2026·616d·703b·2661·6d70·3b20·7b20·2120···&amp;&amp;·{·!·
0003b670:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg0003b670:·7270·6d20·2d2d·7175·6965·7420·2d71·206f··rpm·--quiet·-q·o
0003b680:·793a·3c2f·7468·3e3c·7464·3e72·6573·7472··y:</th><td>restr0003b680:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet
0003b690:·6963·743c·2f74·643e·3c2f·7472·3e3c·2f74··ict</td></tr></t0003b690:·203b·7d20·293b·2074·6865·6e0a·0a23·2046···;}·);·then..#·F
0003b6a0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>0003b6a0:·696e·6420·7768·6963·6820·6669·6c65·7320··ind·which·files·
0003b6b0:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t0003b6b0:·6861·7665·2069·6e63·6f72·7265·6374·2068··have·incorrect·h
0003b6c0:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts0003b6c0:·6173·6820·286e·6f74·2069·6e20·2f65·7463··ash·(not·in·/etc
0003b6d0:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts0003b6d0:·2c20·6265·6361·7573·6520·6f66·2074·6865··,·because·of·the
0003b6e0:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a0003b6e0:·2073·7973·7465·6d20·7265·6c61·7465·6420···system·related·
0003b6f0:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-·0003b6f0:·636f·6e66·6967·2066·696c·6573·2920·616e··config·files)·an
0003b700:·434a·4953·2d35·2e31·302e·342e·310a·2020··CJIS-5.10.4.1.··0003b700:·6420·7468·656e·2067·6574·2066·696c·6573··d·then·get·files
0003b710:·2d20·4449·5341·2d53·5449·472d·4f4c·3037··-·DISA-STIG-OL070003b710:·206e·616d·6573·0a66·696c·6573·5f77·6974···names.files_wit
0003b720:·2d30·302d·3031·3030·3230·0a20·202d·204e··-00-010020.··-·N0003b720:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003b730:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.0003b730:·3d22·2428·7270·6d20·2d56·6120·2d2d·6e6f··="$(rpm·-Va·--no
0003b740:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-10003b740:·636f·6e66·6967·207c·2067·7265·7020·2d45··config·|·grep·-E
0003b750:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS0003b750:·2027·5e2e·2e35·2720·7c20·6177·6b20·277b···'^..5'·|·awk·'{
0003b760:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)0003b760:·7072·696e·7420·244e·467d·2720·2922·0a0a··print·$NF}'·)"..
0003b770:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b770:·6966·205b·202d·6e20·2224·6669·6c65·735f··if·[·-n·"$files_
0003b780:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS0003b780:·7769·7468·5f69·6e63·6f72·7265·6374·5f68··with_incorrect_h
0003b790:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)0003b790:·6173·6822·205d·3b20·7468·656e·0a20·2020··ash"·];·then.···
0003b7a0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b7a0:·2023·2046·726f·6d20·6669·6c65·7320·6e61···#·From·files·na
0003b7b0:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-80003b7b0:·6d65·7320·6765·7420·7061·636b·6167·6520··mes·get·package·
0003b7c0:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··0003b7c0:·6e61·6d65·7320·616e·6420·6368·616e·6765··names·and·change
0003b7d0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003b7d0:·206e·6577·6c69·6e65·2074·6f20·7370·6163···newline·to·spac
0003b7e0:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS0003b7e0:·652c·2062·6563·6175·7365·2072·706d·2077··e,·because·rpm·w
0003b7f0:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003b7f0:·7269·7465·7320·6561·6368·2070·6163·6b61··rites·each·packa
0003b800:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003b800:·6765·2074·6f20·6e65·7720·6c69·6e65·0a20··ge·to·new·line.·
0003b810:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex0003b810:·2020·2070·6163·6b61·6765·735f·746f·5f72·····packages_to_r
0003b820:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev0003b820:·6569·6e73·7461·6c6c·3d22·2428·7270·6d20··einstall="$(rpm·
0003b830:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium0003b830:·2d71·6620·2466·696c·6573·5f77·6974·685f··-qf·$files_with_
0003b840:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·0003b840:·696e·636f·7272·6563·745f·6861·7368·207c··incorrect_hash·|
0003b850:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed0003b850:·2074·7220·275c·6e27·2027·2027·2922·0a0a···tr·'\n'·'·')"..
0003b860:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st0003b860:·2020·2020·0a20·2020·2079·756d·2072·6569······.····yum·rei
0003b870:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v0003b870:·6e73·7461·6c6c·202d·7920·2470·6163·6b61··nstall·-y·$packa
0003b880:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·0003b880:·6765·735f·746f·5f72·6569·6e73·7461·6c6c··ges_to_reinstall
0003b890:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:0003b890:·0a20·2020·200a·6669·0a0a·656c·7365·0a20··.····.fi..else.·
0003b8a0:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager0003b8a0:·2020·2026·6774·3b26·616d·703b·3220·6563·····&gt;&amp;2·ec
0003b8b0:·2072·6569·6e73·7461·6c6c·2063·6f6d·6d61···reinstall·comma0003b8b0:·686f·2027·5265·6d65·6469·6174·696f·6e20··ho·'Remediation·
0003b8c0:·6e64·270a·2020·7365·745f·6661·6374·3a0a··nd'.··set_fact:.0003b8c0:·6973·206e·6f74·2061·7070·6c69·6361·626c··is·not·applicabl
0003b8d0:·2020·2020·7061·636b·6167·655f·6d61·6e61······package_mana0003b8d0:·652c·206e·6f74·6869·6e67·2077·6173·2064··e,·nothing·was·d
0003b8e0:·6765·725f·7265·696e·7374·616c·6c5f·636d··ger_reinstall_cm0003b8e0:·6f6e·6527·0a66·690a·3c2f·636f·6465·3e3c··one'.fi.</code><
0003b8f0:·643a·2079·756d·2072·6569·6e73·7461·6c6c··d:·yum·reinstall0003b8f0:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl
0003b900:·202d·790a·2020·7768·656e·3a0a·2020·2d20···-y.··when:.··-·0003b900:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc
0003b910:·6e6f·7420·2820·226b·6572·6e65·6c22·2069··not·(·"kernel"·i0003b910:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl
0003b920:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b920:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat
0003b930:·7061·636b·6167·6573·2061·6e64·2022·7270··packages·and·"rp0003b930:·612d·7461·7267·6574·3d22·2369·646d·3533··a-target="#idm53
0003b940:·6d2d·6f73·7472·6565·2220·696e·2061·6e73··m-ostree"·in·ans0003b940:·3131·2220·7461·6269·6e64·6578·3d22·3022··11"·tabindex="0"
0003b950:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003b950:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003b960:·6765·730a·2020·2020·616e·6420·2262·6f6f··ges.····and·"boo0003b960:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003b970:·7463·2220·696e·2061·6e73·6962·6c65·5f66··tc"·in·ansible_f0003b970:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003b980:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003b980:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003b990:·6420·6e6f·7420·226f·7065·6e73·6869·6674··d·not·"openshift0003b990:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
0003b9a0:·2d6b·7562·656c·6574·2220·696e·2061·6e73··-kubelet"·in·ans0003b9a0:·6174·696f·6e20·416e·7369·626c·6520·736e··ation·Ansible·sn
0003b9b0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003b9b0:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br
0003b9c0:·6765·730a·2020·2020·290a·2020·2d20·616e··ges.····).··-·an0003b9c0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003b9d0:·7369·626c·655f·6469·7374·7269·6275·7469··sible_distributi0003b9d0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003b9e0:·6f6e·2069·6e20·5b20·2246·6564·6f72·6122··on·in·[·"Fedora"0003b9e0:·6170·7365·2220·6964·3d22·6964·6d35·3331··apse"·id="idm531
0003b9f0:·2c20·2252·6564·4861·7422·2c20·2243·656e··,·"RedHat",·"Cen0003b9f0:·3122·3e3c·7461·626c·6520·636c·6173·733d··1"><table·class=
0003ba00:·744f·5322·2c20·224f·7261·636c·654c·696e··tOS",·"OracleLin0003ba00:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
0003ba10:·7578·2220·5d0a·2020·7461·6773·3a0a·2020··ux"·].··tags:.··0003ba10:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
0003ba20:·2d20·434a·4953·2d35·2e31·302e·342e·310a··-·CJIS-5.10.4.1.0003ba20:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
0003ba30:·2020·2d20·4449·5341·2d53·5449·472d·4f4c····-·DISA-STIG-OL0003ba30:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
0003ba40:·3037·2d30·302d·3031·3030·3230·0a20·202d··07-00-010020.··-0003ba40:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
0003ba50:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003ba50:·3e68·6967·683c·2f74·643e·3c2f·7472·3e3c··>high</td></tr><
0003ba60:·332e·380a·2020·2d20·4e49·5354·2d38·3030··3.8.··-·NIST-8000003ba60:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio
0003ba70:·2d31·3731·2d33·2e34·2e31·0a20·202d·204e··-171-3.4.1.··-·N0003ba70:·6e3a·3c2f·7468·3e3c·7464·3e6d·6564·6975··n:</th><td>mediu
0003ba80:·4953·542d·3830·302d·3533·2d41·552d·3928··IST-800-53-AU-9(0003ba80:·6d3c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··m</td></tr><tr><
0003ba90:·3329·0a20·202d·204e·4953·542d·3830·302d··3).··-·NIST-800-0003ba90:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
0003baa0:·3533·2d43·4d2d·3628·6329·0a20·202d·204e··53-CM-6(c).··-·N0003baa0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
0003bab0:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003bab0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
0003bac0:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-0003bac0:·6779·3a3c·2f74·683e·3c74·643e·7265·7374··gy:</th><td>rest
0003bad0:·3533·2d53·492d·370a·2020·2d20·4e49·5354··53-SI-7.··-·NIST0003bad0:·7269·6374·3c2f·7464·3e3c·2f74·723e·3c2f··rict</td></tr></
0003bae0:·2d38·3030·2d35·332d·5349·2d37·2831·290a··-800-53-SI-7(1).0003bae0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
0003baf0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003baf0:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather·
0003bb00:·5349·2d37·2836·290a·2020·2d20·5043·492d··SI-7(6).··-·PCI-0003bb00:·7468·6520·7061·636b·6167·6520·6661·6374··the·package·fact
0003bb10:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··-0003bb10:·730a·2020·7061·636b·6167·655f·6661·6374··s.··package_fact
0003bb20:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5.0003bb20:·733a·0a20·2020·206d·616e·6167·6572·3a20··s:.····manager:·
0003bb30:·320a·2020·2d20·6869·6768·5f63·6f6d·706c··2.··-·high_compl0003bb30:·6175·746f·0a20·2074·6167·733a·0a20·202d··auto.··tags:.··-
0003bb40:·6578·6974·790a·2020·2d20·6869·6768·5f73··exity.··-·high_s0003bb40:·2043·4a49·532d·352e·3130·2e34·2e31·0a20···CJIS-5.10.4.1.·
0003bb50:·6576·6572·6974·790a·2020·2d20·6d65·6469··everity.··-·medi0003bb50:·202d·2044·4953·412d·5354·4947·2d4f·4c30···-·DISA-STIG-OL0
0003bb60:·756d·5f64·6973·7275·7074·696f·6e0a·2020··um_disruption.··0003bb60:·372d·3030·2d30·3130·3032·300a·2020·2d20··7-00-010020.··-·
0003bb70:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need0003bb70:·4e49·5354·2d38·3030·2d31·3731·2d33·2e33··NIST-800-171-3.3
0003bb80:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_0003bb80:·2e38·0a20·202d·204e·4953·542d·3830·302d··.8.··-·NIST-800-
0003bb90:·7374·7261·7465·6779·0a20·202d·2072·706d··strategy.··-·rpm0003bb90:·3137·312d·332e·342e·310a·2020·2d20·4e49··171-3.4.1.··-·NI
0003bba0:·5f76·6572·6966·795f·6861·7368·6573·0a0a··_verify_hashes..0003bba0:·5354·2d38·3030·2d35·332d·4155·2d39·2833··ST-800-53-AU-9(3
0003bbb0:·2d20·6e61·6d65·3a20·2753·6574·2066·6163··-·name:·'Set·fac0003bbb0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003bbc0:·743a·2050·6163·6b61·6765·206d·616e·6167··t:·Package·manag0003bbc0:·332d·434d·2d36·2863·290a·2020·2d20·4e49··3-CM-6(c).··-·NI
0003bbd0:·6572·2072·6569·6e73·7461·6c6c·2063·6f6d··er·reinstall·com0003bbd0:·5354·2d38·3030·2d35·332d·434d·2d36·2864··ST-800-53-CM-6(d
0003bbe0:·6d61·6e64·2028·7a79·7070·6572·2927·0a20··mand·(zypper)'.·0003bbe0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003bbf0:·2073·6574·5f66·6163·743a·0a20·2020·2070···set_fact:.····p0003bbf0:·332d·5349·2d37·0a20·202d·204e·4953·542d··3-SI-7.··-·NIST-
0003bc00:·6163·6b61·6765·5f6d·616e·6167·6572·5f72··ackage_manager_r0003bc00:·3830·302d·3533·2d53·492d·3728·3129·0a20··800-53-SI-7(1).·
0003bc10:·6569·6e73·7461·6c6c·5f63·6d64·3a20·7a79··einstall_cmd:·zy0003bc10:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S
0003bc20:·7070·6572·2069·6e20·2d66·202d·790a·2020··pper·in·-f·-y.··0003bc20:·492d·3728·3629·0a20·202d·2050·4349·2d44··I-7(6).··-·PCI-D
0003bc30:·7768·656e·3a0a·2020·2d20·6e6f·7420·2820··when:.··-·not·(·0003bc30:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·
0003bc40:·226b·6572·6e65·6c22·2069·6e20·616e·7369··"kernel"·in·ansi0003bc40:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.2
0003bc50:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003bc50:·0a20·202d·2068·6967·685f·636f·6d70·6c65··.··-·high_comple
0003bc60:·6573·2061·6e64·2022·7270·6d2d·6f73·7472··es·and·"rpm-ostr0003bc60:·7869·7479·0a20·202d·2068·6967·685f·7365··xity.··-·high_se
0003bc70:·6565·2220·696e·2061·6e73·6962·6c65·5f66··ee"·in·ansible_f0003bc70:·7665·7269·7479·0a20·202d·206d·6564·6975··verity.··-·mediu
0003bc80:·6163·7473·2e70·6163·6b61·6765·730a·2020··acts.packages.··0003bc80:·6d5f·6469·7372·7570·7469·6f6e·0a20·202d··m_disruption.··-
0003bc90:·2020·616e·6420·2262·6f6f·7463·2220·696e····and·"bootc"·in0003bc90:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede
0003bca0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003bca0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
0003bcb0:·6163·6b61·6765·7320·616e·6420·6e6f·7420··ackages·and·not·0003bcb0:·7472·6174·6567·790a·2020·2d20·7270·6d5f··trategy.··-·rpm_
0003bcc0:·226f·7065·6e73·6869·6674·2d6b·7562·656c··"openshift-kubel0003bcc0:·7665·7269·6679·5f68·6173·6865·730a·0a2d··verify_hashes..-
Max diff block lines reached; 16191227/16247697 bytes (99.65%) of diff not shown.
1.18 MB
html2text {}
    
Offset 111, 14 lines modifiedOffset 111, 33 lines modified
111 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)111 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
112 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1112 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
113 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5113 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
114 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227114 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
115 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010020115 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010020
116 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2116 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
117 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221653r1015161_rule117 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221653r1015161_rule
 118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 119 #·Remediation·is·applicable·only·in·certain·platforms
 120 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 121 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 122 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 123 if·[·-n·"$files_with_incorrect_hash"·];·then
 124 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 125 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 126 ····yum·reinstall·-y·$packages_to_reinstall
  
 127 fi
  
 128 else
 129 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 130 fi
118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
123 -·name:·Gather·the·package·facts136 -·name:·Gather·the·package·facts
124 ··package_facts:137 ··package_facts:
Offset 291, 33 lines modifiedOffset 310, 14 lines modified
291 ··-·PCI-DSSv4-11.5.2310 ··-·PCI-DSSv4-11.5.2
292 ··-·high_complexity311 ··-·high_complexity
293 ··-·high_severity312 ··-·high_severity
294 ··-·medium_disruption313 ··-·medium_disruption
295 ··-·no_reboot_needed314 ··-·no_reboot_needed
296 ··-·restrict_strategy315 ··-·restrict_strategy
297 ··-·rpm_verify_hashes316 ··-·rpm_verify_hashes
298 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
299 #·Remediation·is·applicable·only·in·certain·platforms 
300 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
301 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
302 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
303 if·[·-n·"$files_with_incorrect_hash"·];·then 
304 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
305 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
306 ····yum·reinstall·-y·$packages_to_reinstall 
  
307 fi 
  
308 else 
309 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
310 fi 
311 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*317 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
312 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:318 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
313 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'319 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
314 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:320 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
315 $·rpm·-qf·FILENAME321 $·rpm·-qf·FILENAME
  
316 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:322 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 340, 14 lines modifiedOffset 340, 50 lines modified
340 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)340 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
341 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1341 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
342 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5342 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
343 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108343 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
344 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010010344 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010010
345 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2345 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
346 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221652r991557_rule346 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221652r991557_rule
 347 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 348 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 349 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 350 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 351 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 352 #·Remediation·is·applicable·only·in·certain·platforms
 353 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 354 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 355 declare·-A·SETPERMS_RPM_DICT
  
 356 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 357 #·is·expected·by·the·RPM·database
 358 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 359 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 360 do
 361 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 362 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 363 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 364 ········do
 365 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 366 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 367 ········done
 368 done
  
 369 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 370 #·correct·values
 371 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 372 do
 373 »       rpm·--restore·"${RPM_PACKAGE}"
 374 done
  
 375 else
 376 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 377 fi
347 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8378 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
348 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high379 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
349 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium380 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
350 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false381 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
351 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict382 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
352 -·name:·Gather·the·package·facts383 -·name:·Gather·the·package·facts
353 ··package_facts:384 ··package_facts:
Offset 463, 50 lines modifiedOffset 499, 14 lines modified
463 ··-·PCI-DSSv4-11.5.2499 ··-·PCI-DSSv4-11.5.2
464 ··-·high_complexity500 ··-·high_complexity
465 ··-·high_severity501 ··-·high_severity
466 ··-·medium_disruption502 ··-·medium_disruption
467 ··-·no_reboot_needed503 ··-·no_reboot_needed
468 ··-·restrict_strategy504 ··-·restrict_strategy
469 ··-·rpm_verify_permissions505 ··-·rpm_verify_permissions
470 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 1231716/1239278 bytes (99.39%) of diff not shown.
28.6 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-ncp.html
    
Offset 15258, 419 lines modifiedOffset 15258, 419 lines modified
0003b990:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003b990:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b9a0:·3533·3130·2220·7461·6269·6e64·6578·3d22··5310"·tabindex="0003b9a0:·3533·3130·2220·7461·6269·6e64·6578·3d22··5310"·tabindex="
0003b9b0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003b9b0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b9c0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003b9c0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b9d0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003b9d0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b9e0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003b9e0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
Diff chunk too large, falling back to line-by-line diff (405 lines added, 405 lines removed)
0003b9f0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003b9f0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003ba00:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·0003ba00:·6469·6174·696f·6e20·5368·656c·6c20·7363··diation·Shell·sc
0003ba10:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003ba10:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
0003ba20:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003ba20:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003ba30:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003ba30:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003ba40:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm50003ba40:·7073·6522·2069·643d·2269·646d·3533·3130··pse"·id="idm5310
0003ba50:·3331·3022·3e3c·7461·626c·6520·636c·6173··310"><table·clas0003ba50:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
0003ba60:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s0003ba60:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
0003ba70:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor0003ba70:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
0003ba80:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond0003ba80:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
0003ba90:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C0003ba90:·6d73·0a69·6620·2120·2820·7b20·7270·6d20··ms.if·!·(·{·rpm·
0003baa0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><0003baa0:·2d2d·7175·6965·7420·2d71·206b·6572·6e65··--quiet·-q·kerne
0003bab0:·7464·3e68·6967·683c·2f74·643e·3c2f·7472··td>high</td></tr0003bab0:·6c20·3b7d·2026·616d·703b·2661·6d70·3b20··l·;}·&amp;&amp;·
0003bac0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt0003bac0:·7b20·7270·6d20·2d2d·7175·6965·7420·2d71··{·rpm·--quiet·-q
0003bad0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6d·6564··ion:</th><td>med0003bad0:·2072·706d·2d6f·7374·7265·6520·3b7d·2026···rpm-ostree·;}·&
0003bae0:·6975·6d3c·2f74·643e·3c2f·7472·3e3c·7472··ium</td></tr><tr0003bae0:·616d·703b·2661·6d70·3b20·7b20·7270·6d20··amp;&amp;·{·rpm·
0003baf0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th0003baf0:·2d2d·7175·6965·7420·2d71·2062·6f6f·7463··--quiet·-q·bootc
0003bb00:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><0003bb00:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003bb10:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra0003bb10:·2021·2072·706d·202d·2d71·7569·6574·202d···!·rpm·--quiet·-
0003bb20:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re0003bb20:·7120·6f70·656e·7368·6966·742d·6b75·6265··q·openshift-kube
0003bb30:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>0003bb30:·6c65·7420·3b7d·2029·3b20·7468·656e·0a0a··let·;}·);·then..
0003bb40:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co0003bb40:·2320·4669·6e64·2077·6869·6368·2066·696c··#·Find·which·fil
0003bb50:·6465·3e2d·206e·616d·653a·2047·6174·6865··de>-·name:·Gathe0003bb50:·6573·2068·6176·6520·696e·636f·7272·6563··es·have·incorrec
0003bb60:·7220·7468·6520·7061·636b·6167·6520·6661··r·the·package·fa0003bb60:·7420·6861·7368·2028·6e6f·7420·696e·202f··t·hash·(not·in·/
0003bb70:·6374·730a·2020·7061·636b·6167·655f·6661··cts.··package_fa0003bb70:·6574·632c·2062·6563·6175·7365·206f·6620··etc,·because·of·
0003bb80:·6374·733a·0a20·2020·206d·616e·6167·6572··cts:.····manager0003bb80:·7468·6520·7379·7374·656d·2072·656c·6174··the·system·relat
0003bb90:·3a20·6175·746f·0a20·2074·6167·733a·0a20··:·auto.··tags:.·0003bb90:·6564·2063·6f6e·6669·6720·6669·6c65·7329··ed·config·files)
0003bba0:·202d·2043·4a49·532d·352e·3130·2e34·2e31···-·CJIS-5.10.4.10003bba0:·2061·6e64·2074·6865·6e20·6765·7420·6669···and·then·get·fi
0003bbb0:·0a20·202d·2044·4953·412d·5354·4947·2d4f··.··-·DISA-STIG-O0003bbb0:·6c65·7320·6e61·6d65·730a·6669·6c65·735f··les·names.files_
0003bbc0:·4c30·372d·3030·2d30·3130·3032·300a·2020··L07-00-010020.··0003bbc0:·7769·7468·5f69·6e63·6f72·7265·6374·5f68··with_incorrect_h
0003bbd0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003bbd0:·6173·683d·2224·2872·706d·202d·5661·202d··ash="$(rpm·-Va·-
0003bbe0:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-800003bbe0:·2d6e·6f63·6f6e·6669·6720·7c20·6772·6570··-noconfig·|·grep
0003bbf0:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·0003bbf0:·202d·4520·275e·2e2e·3527·207c·2061·776b···-E·'^..5'·|·awk
0003bc00:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-90003bc00:·2027·7b70·7269·6e74·2024·4e46·7d27·2029···'{print·$NF}'·)
0003bc10:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-8000003bc10:·220a·0a69·6620·5b20·2d6e·2022·2466·696c··"..if·[·-n·"$fil
0003bc20:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·0003bc20:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003bc30:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003bc30:·745f·6861·7368·2220·5d3b·2074·6865·6e0a··t_hash"·];·then.
0003bc40:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-8000003bc40:·2020·2020·2320·4672·6f6d·2066·696c·6573······#·From·files
0003bc50:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS0003bc50:·206e·616d·6573·2067·6574·2070·6163·6b61···names·get·packa
0003bc60:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)0003bc60:·6765·206e·616d·6573·2061·6e64·2063·6861··ge·names·and·cha
0003bc70:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bc70:·6e67·6520·6e65·776c·696e·6520·746f·2073··nge·newline·to·s
0003bc80:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI0003bc80:·7061·6365·2c20·6265·6361·7573·6520·7270··pace,·because·rp
0003bc90:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··0003bc90:·6d20·7772·6974·6573·2065·6163·6820·7061··m·writes·each·pa
0003bca0:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.50003bca0:·636b·6167·6520·746f·206e·6577·206c·696e··ckage·to·new·lin
0003bcb0:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp0003bcb0:·650a·2020·2020·7061·636b·6167·6573·5f74··e.····packages_t
0003bcc0:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_0003bcc0:·6f5f·7265·696e·7374·616c·6c3d·2224·2872··o_reinstall="$(r
0003bcd0:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med0003bcd0:·706d·202d·7166·2024·6669·6c65·735f·7769··pm·-qf·$files_wi
0003bce0:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·0003bce0:·7468·5f69·6e63·6f72·7265·6374·5f68·6173··th_incorrect_has
0003bcf0:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee0003bcf0:·6820·7c20·7472·2027·5c6e·2720·2720·2729··h·|·tr·'\n'·'·')
0003bd00:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict0003bd00:·220a·0a20·2020·200a·2020·2020·7975·6d20··"..····.····yum·
0003bd10:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp0003bd10:·7265·696e·7374·616c·6c20·2d79·2024·7061··reinstall·-y·$pa
0003bd20:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.0003bd20:·636b·6167·6573·5f74·6f5f·7265·696e·7374··ckages_to_reinst
0003bd30:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa0003bd30:·616c·6c0a·2020·2020·0a66·690a·0a65·6c73··all.····.fi..els
0003bd40:·6374·3a20·5061·636b·6167·6520·6d61·6e61··ct:·Package·mana0003bd40:·650a·2020·2020·2667·743b·2661·6d70·3b32··e.····&gt;&amp;2
0003bd50:·6765·7220·7265·696e·7374·616c·6c20·636f··ger·reinstall·co0003bd50:·2065·6368·6f20·2752·656d·6564·6961·7469···echo·'Remediati
0003bd60:·6d6d·616e·6427·0a20·2073·6574·5f66·6163··mmand'.··set_fac0003bd60:·6f6e·2069·7320·6e6f·7420·6170·706c·6963··on·is·not·applic
0003bd70:·743a·0a20·2020·2070·6163·6b61·6765·5f6d··t:.····package_m0003bd70:·6162·6c65·2c20·6e6f·7468·696e·6720·7761··able,·nothing·wa
0003bd80:·616e·6167·6572·5f72·6569·6e73·7461·6c6c··anager_reinstall0003bd80:·7320·646f·6e65·270a·6669·0a3c·2f63·6f64··s·done'.fi.</cod
0003bd90:·5f63·6d64·3a20·7975·6d20·7265·696e·7374··_cmd:·yum·reinst0003bd90:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a
0003bda0:·616c·6c20·2d79·0a20·2077·6865·6e3a·0a20··all·-y.··when:.·0003bda0:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-
0003bdb0:·202d·206e·6f74·2028·2022·6b65·726e·656c···-·not·(·"kernel0003bdb0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to
0003bdc0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003bdc0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·
0003bdd0:·7473·2e70·6163·6b61·6765·7320·616e·6420··ts.packages·and·0003bdd0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003bde0:·2272·706d·2d6f·7374·7265·6522·2069·6e20··"rpm-ostree"·in·0003bde0:·6d35·3331·3122·2074·6162·696e·6465·783d··m5311"·tabindex=
0003bdf0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003bdf0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003be00:·636b·6167·6573·0a20·2020·2061·6e64·2022··ckages.····and·"0003be00:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003be10:·626f·6f74·6322·2069·6e20·616e·7369·626c··bootc"·in·ansibl0003be10:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003be20:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003be20:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
0003be30:·2061·6e64·206e·6f74·2022·6f70·656e·7368···and·not·"opensh0003be30:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
0003be40:·6966·742d·6b75·6265·6c65·7422·2069·6e20··ift-kubelet"·in·0003be40:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible
0003be50:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003be50:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>
0003be60:·636b·6167·6573·0a20·2020·2029·0a20·202d··ckages.····).··-0003be60:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003be70:·2061·6e73·6962·6c65·5f64·6973·7472·6962···ansible_distrib0003be70:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003be80:·7574·696f·6e20·696e·205b·2022·4665·646f··ution·in·[·"Fedo0003be80:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003be90:·7261·222c·2022·5265·6448·6174·222c·2022··ra",·"RedHat",·"0003be90:·3533·3131·223e·3c74·6162·6c65·2063·6c61··5311"><table·cla
0003bea0:·4365·6e74·4f53·222c·2022·4f72·6163·6c65··CentOS",·"Oracle0003bea0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
0003beb0:·4c69·6e75·7822·205d·0a20·2074·6167·733a··Linux"·].··tags:0003beb0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
0003bec0:·0a20·202d·2043·4a49·532d·352e·3130·2e34··.··-·CJIS-5.10.40003bec0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
0003bed0:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG0003bed0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
0003bee0:·2d4f·4c30·372d·3030·2d30·3130·3032·300a··-OL07-00-010020.0003bee0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003bef0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003bef0:·3c74·643e·6869·6768·3c2f·7464·3e3c·2f74··<td>high</td></t
0003bf00:·2d33·2e33·2e38·0a20·202d·204e·4953·542d··-3.3.8.··-·NIST-0003bf00:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
0003bf10:·3830·302d·3137·312d·332e·342e·310a·2020··800-171-3.4.1.··0003bf10:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6d65··tion:</th><td>me
0003bf20:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU0003bf20:·6469·756d·3c2f·7464·3e3c·2f74·723e·3c74··dium</td></tr><t
0003bf30:·2d39·2833·290a·2020·2d20·4e49·5354·2d38··-9(3).··-·NIST-80003bf30:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
0003bf40:·3030·2d35·332d·434d·2d36·2863·290a·2020··00-53-CM-6(c).··0003bf40:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
0003bf50:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003bf50:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
0003bf60:·2d36·2864·290a·2020·2d20·4e49·5354·2d38··-6(d).··-·NIST-80003bf60:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r
0003bf70:·3030·2d35·332d·5349·2d37·0a20·202d·204e··00-53-SI-7.··-·N0003bf70:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr
0003bf80:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003bf80:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
0003bf90:·3129·0a20·202d·204e·4953·542d·3830·302d··1).··-·NIST-800-0003bf90:·6f64·653e·2d20·6e61·6d65·3a20·4761·7468··ode>-·name:·Gath
0003bfa0:·3533·2d53·492d·3728·3629·0a20·202d·2050··53-SI-7(6).··-·P0003bfa0:·6572·2074·6865·2070·6163·6b61·6765·2066··er·the·package·f
0003bfb0:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.0003bfb0:·6163·7473·0a20·2070·6163·6b61·6765·5f66··acts.··package_f
0003bfc0:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-110003bfc0:·6163·7473·3a0a·2020·2020·6d61·6e61·6765··acts:.····manage
0003bfd0:·2e35·2e32·0a20·202d·2068·6967·685f·636f··.5.2.··-·high_co0003bfd0:·723a·2061·7574·6f0a·2020·7461·6773·3a0a··r:·auto.··tags:.
0003bfe0:·6d70·6c65·7869·7479·0a20·202d·2068·6967··mplexity.··-·hig0003bfe0:·2020·2d20·434a·4953·2d35·2e31·302e·342e····-·CJIS-5.10.4.
0003bff0:·685f·7365·7665·7269·7479·0a20·202d·206d··h_severity.··-·m0003bff0:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-
0003c000:·6564·6975·6d5f·6469·7372·7570·7469·6f6e··edium_disruption0003c000:·4f4c·3037·2d30·302d·3031·3030·3230·0a20··OL07-00-010020.·
0003c010:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n0003c010:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
0003c020:·6565·6465·640a·2020·2d20·7265·7374·7269··eeded.··-·restri0003c020:·332e·332e·380a·2020·2d20·4e49·5354·2d38··3.3.8.··-·NIST-8
0003c030:·6374·5f73·7472·6174·6567·790a·2020·2d20··ct_strategy.··-·0003c030:·3030·2d31·3731·2d33·2e34·2e31·0a20·202d··00-171-3.4.1.··-
0003c040:·7270·6d5f·7665·7269·6679·5f68·6173·6865··rpm_verify_hashe0003c040:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-
0003c050:·730a·0a2d·206e·616d·653a·2027·5365·7420··s..-·name:·'Set·0003c050:·3928·3329·0a20·202d·204e·4953·542d·3830··9(3).··-·NIST-80
0003c060:·6661·6374·3a20·5061·636b·6167·6520·6d61··fact:·Package·ma0003c060:·302d·3533·2d43·4d2d·3628·6329·0a20·202d··0-53-CM-6(c).··-
0003c070:·6e61·6765·7220·7265·696e·7374·616c·6c20··nager·reinstall·0003c070:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
0003c080:·636f·6d6d·616e·6420·287a·7970·7065·7229··command·(zypper)0003c080:·3628·6429·0a20·202d·204e·4953·542d·3830··6(d).··-·NIST-80
0003c090:·270a·2020·7365·745f·6661·6374·3a0a·2020··'.··set_fact:.··0003c090:·302d·3533·2d53·492d·370a·2020·2d20·4e49··0-53-SI-7.··-·NI
0003c0a0:·2020·7061·636b·6167·655f·6d61·6e61·6765····package_manage0003c0a0:·5354·2d38·3030·2d35·332d·5349·2d37·2831··ST-800-53-SI-7(1
0003c0b0:·725f·7265·696e·7374·616c·6c5f·636d·643a··r_reinstall_cmd:0003c0b0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003c0c0:·207a·7970·7065·7220·696e·202d·6620·2d79···zypper·in·-f·-y0003c0c0:·332d·5349·2d37·2836·290a·2020·2d20·5043··3-SI-7(6).··-·PC
0003c0d0:·0a20·2077·6865·6e3a·0a20·202d·206e·6f74··.··when:.··-·not0003c0d0:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.·
0003c0e0:·2028·2022·6b65·726e·656c·2220·696e·2061···(·"kernel"·in·a0003c0e0:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11.
0003c0f0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003c0f0:·352e·320a·2020·2d20·6869·6768·5f63·6f6d··5.2.··-·high_com
0003c100:·6b61·6765·7320·616e·6420·2272·706d·2d6f··kages·and·"rpm-o0003c100:·706c·6578·6974·790a·2020·2d20·6869·6768··plexity.··-·high
0003c110:·7374·7265·6522·2069·6e20·616e·7369·626c··stree"·in·ansibl0003c110:·5f73·6576·6572·6974·790a·2020·2d20·6d65··_severity.··-·me
0003c120:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003c120:·6469·756d·5f64·6973·7275·7074·696f·6e0a··dium_disruption.
0003c130:·0a20·2020·2061·6e64·2022·626f·6f74·6322··.····and·"bootc"0003c130:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne
0003c140:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003c140:·6564·6564·0a20·202d·2072·6573·7472·6963··eded.··-·restric
0003c150:·732e·7061·636b·6167·6573·2061·6e64·206e··s.packages·and·n0003c150:·745f·7374·7261·7465·6779·0a20·202d·2072··t_strategy.··-·r
0003c160:·6f74·2022·6f70·656e·7368·6966·742d·6b75··ot·"openshift-ku0003c160:·706d·5f76·6572·6966·795f·6861·7368·6573··pm_verify_hashes
Max diff block lines reached; 27333369/27389839 bytes (99.79%) of diff not shown.
2.43 MB
html2text {}
Max HTML report size reached
6.85 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-ospp.html
    
Offset 15046, 246 lines modifiedOffset 15046, 246 lines modified
0003ac50:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003ac50:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003ac60:·6964·6d36·3138·3322·2074·6162·696e·6465··idm6183"·tabinde0003ac60:·6964·6d36·3138·3322·2074·6162·696e·6465··idm6183"·tabinde
0003ac70:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003ac70:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003ac80:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003ac80:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003ac90:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003ac90:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003aca0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003aca0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003acb0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003acb0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003acc0:·656d·6564·6961·7469·6f6e·2041·6e61·636f··emediation·Anaco0003acc0:·656d·6564·6961·7469·6f6e·2050·7570·7065··emediation·Puppe
0003acd0:·6e64·6120·736e·6970·7065·7420·e287·b23c··nda·snippet·...<0003acd0:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a
0003ace0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003ace0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003acf0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003acf0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003ad00:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003ad00:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003ad10:·6964·6d36·3138·3322·3e3c·7461·626c·6520··idm6183"><table·0003ad10:·6d36·3138·3322·3e3c·7461·626c·6520·636c··m6183"><table·cl
0003ad20:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003ad20:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
0003ad30:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003ad30:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003ad40:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003ad40:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
0003ad50:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003ad50:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
0003ad60:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003ad60:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003ad70:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><0003ad70:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
0003ad80:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr0003ad80:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
0003ad90:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>0003ad90:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
0003ada0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr0003ada0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
0003adb0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th0003adb0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
0003adc0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><0003adc0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
0003add0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra0003add0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
0003ade0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en0003ade0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab
0003adf0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></0003adf0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta
0003ae00:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code0003ae00:·626c·653e·3c70·7265·3e3c·636f·6465·3e69··ble><pre><code>i
0003ae10:·3e0a·7061·636b·6167·6520·2d2d·6164·643d··>.package·--add= 
0003ae20:·6472·6163·7574·2d66·6970·730a·3c2f·636f··dracut-fips.</co 
0003ae30:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003ae40:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003ae50:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003ae60:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003ae70:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003ae80:·646d·3631·3834·2220·7461·6269·6e64·6578··dm6184"·tabindex 
0003ae90:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003aea0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003aeb0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003aec0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003aed0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003aee0:·6d65·6469·6174·696f·6e20·5075·7070·6574··mediation·Puppet 
0003aef0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003af00:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003af10:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003af20:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003af30:·3631·3834·223e·3c74·6162·6c65·2063·6c61··6184"><table·cla 
0003af40:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003af50:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003af60:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003af70:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003af80:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003af90:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003afa0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt0003ae10:·6e63·6c75·6465·2069·6e73·7461·6c6c·5f64··nclude·install_d
 0003ae20:·7261·6375·742d·6669·7073·0a0a·636c·6173··racut-fips..clas
 0003ae30:·7320·696e·7374·616c·6c5f·6472·6163·7574··s·install_dracut
 0003ae40:·2d66·6970·7320·7b0a·2020·7061·636b·6167··-fips·{.··packag
 0003ae50:·6520·7b20·2764·7261·6375·742d·6669·7073··e·{·'dracut-fips
 0003ae60:·273a·0a20·2020·2065·6e73·7572·6520·3d26··':.····ensure·=&
 0003ae70:·6774·3b20·2769·6e73·7461·6c6c·6564·272c··gt;·'installed',
 0003ae80:·0a20·207d·0a7d·0a3c·2f63·6f64·653e·3c2f··.··}.}.</code></
 0003ae90:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
 0003aea0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
 0003aeb0:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
 0003aec0:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
 0003aed0:·2d74·6172·6765·743d·2223·6964·6d36·3138··-target="#idm618
 0003aee0:·3422·2074·6162·696e·6465·783d·2230·2220··4"·tabindex="0"·
 0003aef0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
 0003af00:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
 0003af10:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
 0003af20:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
 0003af30:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
 0003af40:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
 0003af50:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
 0003af60:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
 0003af70:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
 0003af80:·2220·6964·3d22·6964·6d36·3138·3422·3e3c··"·id="idm6184"><
 0003af90:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
 0003afa0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
 0003afb0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
 0003afc0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
 0003afd0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
0003afb0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low0003afe0:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
0003afc0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003aff0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003afd0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003afe0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003aff0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg0003b000:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
 0003b010:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003b020:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003b000:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl0003b030:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
0003b010:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003b020:·6c65·3e3c·7072·653e·3c63·6f64·653e·696e··le><pre><code>in 
0003b030:·636c·7564·6520·696e·7374·616c·6c5f·6472··clude·install_dr 
0003b040:·6163·7574·2d66·6970·730a·0a63·6c61·7373··acut-fips..class 
0003b050:·2069·6e73·7461·6c6c·5f64·7261·6375·742d···install_dracut- 
0003b060:·6669·7073·207b·0a20·2070·6163·6b61·6765··fips·{.··package0003b040:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003b050:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
 0003b060:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><
 0003b070:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
 0003b080:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
 0003b090:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
 0003b0a0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
 0003b0b0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
 0003b0c0:·2820·2120·2820·5b20·2224·7b63·6f6e·7461··(·!·(·[·"${conta
 0003b0d0:·696e·6572·3a2d·7d22·203d·3d20·2262·7772··iner:-}"·==·"bwr
 0003b0e0:·6170·2d6f·7362·7569·6c64·2220·5d20·2920··ap-osbuild"·]·)·
 0003b0f0:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·-
 0003b100:·2d71·7569·6574·202d·7120·6b65·726e·656c··-quiet·-q·kernel
 0003b110:·207c·7c20·7270·6d20·2d2d·7175·6965·7420···||·rpm·--quiet·
 0003b120:·2d71·206b·6572·6e65·6c2d·7565·6b20·293b··-q·kernel-uek·);
 0003b130:·2074·6865·6e0a·0a69·6620·2120·7270·6d20···then..if·!·rpm·
 0003b140:·2d71·202d·2d71·7569·6574·2022·6472·6163··-q·--quiet·"drac
 0003b150:·7574·2d66·6970·7322·203b·2074·6865·6e0a··ut-fips"·;·then.
 0003b160:·2020·2020·7975·6d20·696e·7374·616c·6c20······yum·install·
0003b070:·207b·2027·6472·6163·7574·2d66·6970·7327···{·'dracut-fips'0003b170:·2d79·2022·6472·6163·7574·2d66·6970·7322··-y·"dracut-fips"
 0003b180:·0a66·690a·0a65·6c73·650a·2020·2020·2667··.fi..else.····&g
 0003b190:·743b·2661·6d70·3b32·2065·6368·6f20·2752··t;&amp;2·echo·'R
 0003b1a0:·656d·6564·6961·7469·6f6e·2069·7320·6e6f··emediation·is·no
 0003b1b0:·7420·6170·706c·6963·6162·6c65·2c20·6e6f··t·applicable,·no
 0003b1c0:·7468·696e·6720·7761·7320·646f·6e65·270a··thing·was·done'.
 0003b1d0:·6669·0a3c·2f63·6f64·653e·3c2f·7072·653e··fi.</code></pre>
0003b080:·3a0a·2020·2020·656e·7375·7265·203d·2667··:.····ensure·=&g 
0003b090:·743b·2027·696e·7374·616c·6c65·6427·2c0a··t;·'installed',. 
0003b0a0:·2020·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70····}.}.</code></p 
0003b0b0:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003b0c0:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
0003b0d0:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
Max diff block lines reached; 6429593/6462189 bytes (99.50%) of diff not shown.
705 KB
html2text {}
    
Offset 92, 38 lines modifiedOffset 92, 41 lines modified
92 References:·_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x80_\x89·4.3.3.6.692 References:·_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x80_\x89·4.3.3.6.6
93 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·1.13,·SR·2.6,·SR·3.1,·SR·3.5,·SR·3.8,·SR·4.1,·SR·4.3,·SR·5.1,·SR·5.2,·SR·5.3,·SR·7.1,·SR·7.693 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·1.13,·SR·2.6,·SR·3.1,·SR·3.5,·SR·3.8,·SR·4.1,·SR·4.3,·SR·5.1,·SR·5.2,·SR·5.3,·SR·7.1,·SR·7.6
94 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.6,·A.13.1.1,·A.13.2.1,·A.14.1.3,·A.6.2.1,·A.6.2.294 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.6,·A.13.1.1,·A.13.2.1,·A.14.1.3,·A.6.2.1,·A.6.2.2
95 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-007-3·R5.195 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-007-3·R5.1
96 ············_\x8n_\x8i_\x8s_\x8t···········SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-1296 ············_\x8n_\x8i_\x8s_\x8t···········SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
97 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-3,·PR.PT-497 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-3,·PR.PT-4
98 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000033-GPOS-00014,·SRG-OS-000396-GPOS-00176,·SRG-OS-000478-GPOS-0022398 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000033-GPOS-00014,·SRG-OS-000396-GPOS-00176,·SRG-OS-000478-GPOS-00223
99 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
100 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
101 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
102 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
103 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
104 package·--add=dracut-fips 
105 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x899 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
106 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low100 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
107 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low101 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
108 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false102 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
109 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable103 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
110 include·install_dracut-fips104 include·install_dracut-fips
  
111 class·install_dracut-fips·{105 class·install_dracut-fips·{
112 ··package·{·'dracut-fips':106 ··package·{·'dracut-fips':
113 ····ensure·=>·'installed',107 ····ensure·=>·'installed',
114 ··}108 ··}
115 }109 }
116 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8110 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 111 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 112 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 113 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 114 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 115 #·Remediation·is·applicable·only·in·certain·platforms
 116 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·);·then
  
117 [[packages]] 
118 name·=·"dracut-fips" 
119 version·=·"*"117 if·!·rpm·-q·--quiet·"dracut-fips"·;·then
 118 ····yum·install·-y·"dracut-fips"
 119 fi
  
 120 else
 121 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 122 fi
120 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8123 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
121 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low124 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
122 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low125 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
123 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false126 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
124 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable127 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
125 -·name:·Gather·the·package·facts128 -·name:·Gather·the·package·facts
126 ··package_facts:129 ··package_facts:
Offset 163, 29 lines modifiedOffset 166, 26 lines modified
163 ··-·NIST-800-53-SC-13166 ··-·NIST-800-53-SC-13
164 ··-·enable_strategy167 ··-·enable_strategy
165 ··-·low_complexity168 ··-·low_complexity
166 ··-·low_disruption169 ··-·low_disruption
167 ··-·medium_severity170 ··-·medium_severity
168 ··-·no_reboot_needed171 ··-·no_reboot_needed
169 ··-·package_dracut-fips_installed172 ··-·package_dracut-fips_installed
 173 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 174 [[packages]]
 175 name·=·"dracut-fips"
 176 version·=·"*"
170 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8177 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
171 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low178 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
172 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low179 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
173 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false180 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
174 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable181 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
175 #·Remediation·is·applicable·only·in·certain·platforms 
176 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·);·then 
  
177 if·!·rpm·-q·--quiet·"dracut-fips"·;·then 
178 ····yum·install·-y·"dracut-fips" 
179 fi 
  
 182 package·--add=dracut-fips
180 else 
181 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
182 fi 
183 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·i\x8in\x8n·G\x8GR\x8RU\x8UB\x8B2\x82·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*183 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·i\x8in\x8n·G\x8GR\x8RU\x8UB\x8B2\x82·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
184 To·ensure·FIPS·mode·is·enabled,·install·package·dracut-fips,·and·rebuild·initramfs·by·running·the·following·commands:184 To·ensure·FIPS·mode·is·enabled,·install·package·dracut-fips,·and·rebuild·initramfs·by·running·the·following·commands:
185 $·sudo·yum·install·dracut-fips185 $·sudo·yum·install·dracut-fips
186 dracut·-f186 dracut·-f
187 After·the·dracut·command·has·been·run,·add·the·argument·fips=1·to·the·default·GRUB·2·command·line·for·the·Linux·operating·system·in·/etc/default/grub,·in·the·manner·below:187 After·the·dracut·command·has·been·run,·add·the·argument·fips=1·to·the·default·GRUB·2·command·line·for·the·Linux·operating·system·in·/etc/default/grub,·in·the·manner·below:
188 GRUB_CMDLINE_LINUX="crashkernel=auto·rd.lvm.lv=VolGroup/LogVol06·rd.lvm.lv=VolGroup/lv_swap·rhgb·quiet·rd.shell=0·fips=1"188 GRUB_CMDLINE_LINUX="crashkernel=auto·rd.lvm.lv=VolGroup/LogVol06·rd.lvm.lv=VolGroup/lv_swap·rhgb·quiet·rd.shell=0·fips=1"
189 Finally,·rebuild·the·grub.cfg·file·by·using·the189 Finally,·rebuild·the·grub.cfg·file·by·using·the
Offset 216, 17 lines modifiedOffset 216, 80 lines modified
216 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.6,·A.13.1.1,·A.13.2.1,·A.14.1.3,·A.6.2.1,·A.6.2.2216 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.6,·A.13.1.1,·A.13.2.1,·A.14.1.3,·A.6.2.1,·A.6.2.2
217 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-007-3·R5.1217 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-007-3·R5.1
218 ············_\x8n_\x8i_\x8s_\x8t···········SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12218 ············_\x8n_\x8i_\x8s_\x8t···········SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
219 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-3,·PR.PT-4219 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-3,·PR.PT-4
220 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000033-GPOS-00014,·SRG-OS-000185-GPOS-00079,·SRG-OS-000396-GPOS-00176,·SRG-OS-000405-GPOS-00184,·SRG-OS-000478-GPOS-00223220 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000033-GPOS-00014,·SRG-OS-000185-GPOS-00079,·SRG-OS-000396-GPOS-00176,·SRG-OS-000405-GPOS-00184,·SRG-OS-000478-GPOS-00223
221 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-021350221 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-021350
222 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221758r958408_rule222 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221758r958408_rule
223 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8223 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 224 #·Remediation·is·applicable·only·in·certain·platforms
 225 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·)·&&·{·rpm·--quiet·-q·grub2-common;·};·then
  
224 package·--add=dracut-fips·--add=dracut-fips-aesni226 #·prelink·not·installed
 227 if·test·-e·/etc/sysconfig/prelink·-o·-e·/usr/sbin/prelink;·then
 228 ····if·grep·-q·^PRELINKING·/etc/sysconfig/prelink
 229 ····then
 230 ········sed·-i·'s/^PRELINKING[:blank:]*=[:blank:]*[:alpha:]*/PRELINKING=no/'·/etc/sysconfig/prelink
 231 ····else
 232 ········printf·'\n'·>>·/etc/sysconfig/prelink
 233 ········printf·'%s\n'·'#·Set·PRELINKING=no·per·security·requirements'·'PRELINKING=no'·>>·/etc/sysconfig/prelink
 234 ····fi
  
 235 ····#·Undo·previous·prelink·changes·to·binaries·if·prelink·is·available.
 236 ····if·test·-x·/usr/sbin/prelink;·then
 237 ········/usr/sbin/prelink·-ua
 238 ····fi
 239 fi
  
 240 if·grep·-q·-m1·-o·aes·/proc/cpuinfo;·then
 241 »       if·!·rpm·-q·--quiet·"dracut-fips-aesni"·;·then
 242 ····yum·install·-y·"dracut-fips-aesni"
 243 fi
 244 fi
 245 if·!·rpm·-q·--quiet·"dracut-fips"·;·then
 246 ····yum·install·-y·"dracut-fips"
 247 fi
  
 248 dracut·-f
  
 249 #·Correct·the·form·of·default·kernel·command·line·in··grub
 250 if·grep·-q·'^GRUB_CMDLINE_LINUX=.*fips=.*"'··/etc/default/grub;·then
Max diff block lines reached; 714470/722178 bytes (98.93%) of diff not shown.
10.2 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-pci-dss.html
    
Offset 15123, 419 lines modifiedOffset 15123, 419 lines modified
0003b120:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003b120:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b130:·2223·6964·6d35·3331·3022·2074·6162·696e··"#idm5310"·tabin0003b130:·2223·6964·6d35·3331·3022·2074·6162·696e··"#idm5310"·tabin
0003b140:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003b140:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b150:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b150:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b160:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b160:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b170:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b170:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
Diff chunk too large, falling back to line-by-line diff (405 lines added, 405 lines removed)
0003b180:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b180:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b190:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003b190:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
0003b1a0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...0003b1a0:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
0003b1b0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003b1b0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003b1c0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003b1c0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003b1d0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003b1d0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003b1e0:·2269·646d·3533·3130·223e·3c74·6162·6c65··"idm5310"><table0003b1e0:·6d35·3331·3022·3e3c·7072·653e·3c63·6f64··m5310"><pre><cod
0003b1f0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003b1f0:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
0003b200:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003b200:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
0003b210:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003b210:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
0003b220:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003b220:·6174·666f·726d·730a·6966·2021·2028·207b··atforms.if·!·(·{
0003b230:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003b230:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b240:·2f74·683e·3c74·643e·6869·6768·3c2f·7464··/th><td>high</td0003b240:·6b65·726e·656c·203b·7d20·2661·6d70·3b26··kernel·;}·&amp;&
0003b250:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di0003b250:·616d·703b·207b·2072·706d·202d·2d71·7569··amp;·{·rpm·--qui
0003b260:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003b260:·6574·202d·7120·7270·6d2d·6f73·7472·6565··et·-q·rpm-ostree
0003b270:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t0003b270:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003b280:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot0003b280:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b290:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<0003b290:·626f·6f74·6320·3b7d·2026·616d·703b·2661··bootc·;}·&amp;&a
0003b2a0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b2a0:·6d70·3b20·7b20·2120·7270·6d20·2d2d·7175··mp;·{·!·rpm·--qu
0003b2b0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><0003b2b0:·6965·7420·2d71·206f·7065·6e73·6869·6674··iet·-q·openshift
0003b2c0:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>0003b2c0:·2d6b·7562·656c·6574·203b·7d20·293b·2074··-kubelet·;}·);·t
0003b2d0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr0003b2d0:·6865·6e0a·0a23·2046·696e·6420·7768·6963··hen..#·Find·whic
0003b2e0:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·0003b2e0:·6820·6669·6c65·7320·6861·7665·2069·6e63··h·files·have·inc
0003b2f0:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa0003b2f0:·6f72·7265·6374·2068·6173·6820·286e·6f74··orrect·hash·(not
0003b300:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa0003b300:·2069·6e20·2f65·7463·2c20·6265·6361·7573···in·/etc,·becaus
0003b310:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma0003b310:·6520·6f66·2074·6865·2073·7973·7465·6d20··e·of·the·system·
0003b320:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta0003b320:·7265·6c61·7465·6420·636f·6e66·6967·2066··related·config·f
0003b330:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.10003b330:·696c·6573·2920·616e·6420·7468·656e·2067··iles)·and·then·g
0003b340:·302e·342e·310a·2020·2d20·4449·5341·2d53··0.4.1.··-·DISA-S0003b340:·6574·2066·696c·6573·206e·616d·6573·0a66··et·files·names.f
0003b350:·5449·472d·4f4c·3037·2d30·302d·3031·3030··TIG-OL07-00-01000003b350:·696c·6573·5f77·6974·685f·696e·636f·7272··iles_with_incorr
0003b360:·3230·0a20·202d·204e·4953·542d·3830·302d··20.··-·NIST-800-0003b360:·6563·745f·6861·7368·3d22·2428·7270·6d20··ect_hash="$(rpm·
0003b370:·3137·312d·332e·332e·380a·2020·2d20·4e49··171-3.3.8.··-·NI0003b370:·2d56·6120·2d2d·6e6f·636f·6e66·6967·207c··-Va·--noconfig·|
0003b380:·5354·2d38·3030·2d31·3731·2d33·2e34·2e31··ST-800-171-3.4.10003b380:·2067·7265·7020·2d45·2027·5e2e·2e35·2720···grep·-E·'^..5'·
0003b390:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b390:·7c20·6177·6b20·277b·7072·696e·7420·244e··|·awk·'{print·$N
0003b3a0:·2d41·552d·3928·3329·0a20·202d·204e·4953··-AU-9(3).··-·NIS0003b3a0:·467d·2720·2922·0a0a·6966·205b·202d·6e20··F}'·)"..if·[·-n·
0003b3b0:·542d·3830·302d·3533·2d43·4d2d·3628·6329··T-800-53-CM-6(c)0003b3b0:·2224·6669·6c65·735f·7769·7468·5f69·6e63··"$files_with_inc
0003b3c0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b3c0:·6f72·7265·6374·5f68·6173·6822·205d·3b20··orrect_hash"·];·
0003b3d0:·2d43·4d2d·3628·6429·0a20·202d·204e·4953··-CM-6(d).··-·NIS0003b3d0:·7468·656e·0a20·2020·2023·2046·726f·6d20··then.····#·From·
0003b3e0:·542d·3830·302d·3533·2d53·492d·370a·2020··T-800-53-SI-7.··0003b3e0:·6669·6c65·7320·6e61·6d65·7320·6765·7420··files·names·get·
0003b3f0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003b3f0:·7061·636b·6167·6520·6e61·6d65·7320·616e··package·names·an
0003b400:·2d37·2831·290a·2020·2d20·4e49·5354·2d38··-7(1).··-·NIST-80003b400:·6420·6368·616e·6765·206e·6577·6c69·6e65··d·change·newline
0003b410:·3030·2d35·332d·5349·2d37·2836·290a·2020··00-53-SI-7(6).··0003b410:·2074·6f20·7370·6163·652c·2062·6563·6175···to·space,·becau
0003b420:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-110003b420:·7365·2072·706d·2077·7269·7465·7320·6561··se·rpm·writes·ea
0003b430:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv40003b430:·6368·2070·6163·6b61·6765·2074·6f20·6e65··ch·package·to·ne
0003b440:·2d31·312e·352e·320a·2020·2d20·6869·6768··-11.5.2.··-·high0003b440:·7720·6c69·6e65·0a20·2020·2070·6163·6b61··w·line.····packa
0003b450:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·0003b450:·6765·735f·746f·5f72·6569·6e73·7461·6c6c··ges_to_reinstall
0003b460:·6869·6768·5f73·6576·6572·6974·790a·2020··high_severity.··0003b460:·3d22·2428·7270·6d20·2d71·6620·2466·696c··="$(rpm·-qf·$fil
0003b470:·2d20·6d65·6469·756d·5f64·6973·7275·7074··-·medium_disrupt0003b470:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003b480:·696f·6e0a·2020·2d20·6e6f·5f72·6562·6f6f··ion.··-·no_reboo0003b480:·745f·6861·7368·207c·2074·7220·275c·6e27··t_hash·|·tr·'\n'
0003b490:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res0003b490:·2027·2027·2922·0a0a·2020·2020·0a20·2020···'·')"..····.···
0003b4a0:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.·0003b4a0:·2079·756d·2072·6569·6e73·7461·6c6c·202d···yum·reinstall·-
0003b4b0:·202d·2072·706d·5f76·6572·6966·795f·6861···-·rpm_verify_ha0003b4b0:·7920·2470·6163·6b61·6765·735f·746f·5f72··y·$packages_to_r
0003b4c0:·7368·6573·0a0a·2d20·6e61·6d65·3a20·2753··shes..-·name:·'S0003b4c0:·6569·6e73·7461·6c6c·0a20·2020·200a·6669··einstall.····.fi
0003b4d0:·6574·2066·6163·743a·2050·6163·6b61·6765··et·fact:·Package0003b4d0:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
0003b4e0:·206d·616e·6167·6572·2072·6569·6e73·7461···manager·reinsta0003b4e0:·616d·703b·3220·6563·686f·2027·5265·6d65··amp;2·echo·'Reme
0003b4f0:·6c6c·2063·6f6d·6d61·6e64·270a·2020·7365··ll·command'.··se0003b4f0:·6469·6174·696f·6e20·6973·206e·6f74·2061··diation·is·not·a
0003b500:·745f·6661·6374·3a0a·2020·2020·7061·636b··t_fact:.····pack0003b500:·7070·6c69·6361·626c·652c·206e·6f74·6869··pplicable,·nothi
0003b510:·6167·655f·6d61·6e61·6765·725f·7265·696e··age_manager_rein0003b510:·6e67·2077·6173·2064·6f6e·6527·0a66·690a··ng·was·done'.fi.
0003b520:·7374·616c·6c5f·636d·643a·2079·756d·2072··stall_cmd:·yum·r0003b520:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
0003b530:·6569·6e73·7461·6c6c·202d·790a·2020·7768··einstall·-y.··wh0003b530:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
0003b540:·656e·3a0a·2020·2d20·6e6f·7420·2820·226b··en:.··-·not·(·"k0003b540:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
0003b550:·6572·6e65·6c22·2069·6e20·616e·7369·626c··ernel"·in·ansibl0003b550:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
0003b560:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003b560:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b570:·2061·6e64·2022·7270·6d2d·6f73·7472·6565···and·"rpm-ostree0003b570:·3d22·2369·646d·3533·3131·2220·7461·6269··="#idm5311"·tabi
0003b580:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b580:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b590:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003b590:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b5a0:·616e·6420·2262·6f6f·7463·2220·696e·2061··and·"bootc"·in·a0003b5a0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b5b0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003b5b0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b5c0:·6b61·6765·7320·616e·6420·6e6f·7420·226f··kages·and·not·"o0003b5c0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b5d0:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet0003b5d0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An
0003b5e0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b5e0:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..
0003b5f0:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003b5f0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003b600:·290a·2020·2d20·616e·7369·626c·655f·6469··).··-·ansible_di0003b600:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003b610:·7374·7269·6275·7469·6f6e·2069·6e20·5b20··stribution·in·[·0003b610:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003b620:·2246·6564·6f72·6122·2c20·2252·6564·4861··"Fedora",·"RedHa0003b620:·3d22·6964·6d35·3331·3122·3e3c·7461·626c··="idm5311"><tabl
0003b630:·7422·2c20·2243·656e·744f·5322·2c20·224f··t",·"CentOS",·"O0003b630:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
0003b640:·7261·636c·654c·696e·7578·2220·5d0a·2020··racleLinux"·].··0003b640:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
0003b650:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-50003b650:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
0003b660:·2e31·302e·342e·310a·2020·2d20·4449·5341··.10.4.1.··-·DISA0003b660:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
0003b670:·2d53·5449·472d·4f4c·3037·2d30·302d·3031··-STIG-OL07-00-010003b670:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
0003b680:·3030·3230·0a20·202d·204e·4953·542d·3830··0020.··-·NIST-800003b680:·3c2f·7468·3e3c·7464·3e68·6967·683c·2f74··</th><td>high</t
0003b690:·302d·3137·312d·332e·332e·380a·2020·2d20··0-171-3.3.8.··-·0003b690:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
0003b6a0:·4e49·5354·2d38·3030·2d31·3731·2d33·2e34··NIST-800-171-3.40003b6a0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
0003b6b0:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-0003b6b0:·7464·3e6d·6564·6975·6d3c·2f74·643e·3c2f··td>medium</td></
0003b6c0:·3533·2d41·552d·3928·3329·0a20·202d·204e··53-AU-9(3).··-·N0003b6c0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003b6d0:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003b6d0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
0003b6e0:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-0003b6e0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003b6f0:·3533·2d43·4d2d·3628·6429·0a20·202d·204e··53-CM-6(d).··-·N0003b6f0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
0003b700:·4953·542d·3830·302d·3533·2d53·492d·370a··IST-800-53-SI-7.0003b700:·3c74·643e·7265·7374·7269·6374·3c2f·7464··<td>restrict</td
0003b710:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b710:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0003b720:·5349·2d37·2831·290a·2020·2d20·4e49·5354··SI-7(1).··-·NIST0003b720:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
0003b730:·2d38·3030·2d35·332d·5349·2d37·2836·290a··-800-53-SI-7(6).0003b730:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
0003b740:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-0003b740:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
0003b750:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS0003b750:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
0003b760:·7634·2d31·312e·352e·320a·2020·2d20·6869··v4-11.5.2.··-·hi0003b760:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
0003b770:·6768·5f63·6f6d·706c·6578·6974·790a·2020··gh_complexity.··0003b770:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
0003b780:·2d20·6869·6768·5f73·6576·6572·6974·790a··-·high_severity.0003b780:·3130·2e34·2e31·0a20·202d·2044·4953·412d··10.4.1.··-·DISA-
0003b790:·2020·2d20·6d65·6469·756d·5f64·6973·7275····-·medium_disru0003b790:·5354·4947·2d4f·4c30·372d·3030·2d30·3130··STIG-OL07-00-010
0003b7a0:·7074·696f·6e0a·2020·2d20·6e6f·5f72·6562··ption.··-·no_reb0003b7a0:·3032·300a·2020·2d20·4e49·5354·2d38·3030··020.··-·NIST-800
0003b7b0:·6f6f·745f·6e65·6564·6564·0a20·202d·2072··oot_needed.··-·r0003b7b0:·2d31·3731·2d33·2e33·2e38·0a20·202d·204e··-171-3.3.8.··-·N
0003b7c0:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy0003b7c0:·4953·542d·3830·302d·3137·312d·332e·342e··IST-800-171-3.4.
0003b7d0:·0a20·202d·2072·706d·5f76·6572·6966·795f··.··-·rpm_verify_0003b7d0:·310a·2020·2d20·4e49·5354·2d38·3030·2d35··1.··-·NIST-800-5
0003b7e0:·6861·7368·6573·0a0a·2d20·6e61·6d65·3a20··hashes..-·name:·0003b7e0:·332d·4155·2d39·2833·290a·2020·2d20·4e49··3-AU-9(3).··-·NI
0003b7f0:·2753·6574·2066·6163·743a·2050·6163·6b61··'Set·fact:·Packa0003b7f0:·5354·2d38·3030·2d35·332d·434d·2d36·2863··ST-800-53-CM-6(c
0003b800:·6765·206d·616e·6167·6572·2072·6569·6e73··ge·manager·reins0003b800:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003b810:·7461·6c6c·2063·6f6d·6d61·6e64·2028·7a79··tall·command·(zy0003b810:·332d·434d·2d36·2864·290a·2020·2d20·4e49··3-CM-6(d).··-·NI
0003b820:·7070·6572·2927·0a20·2073·6574·5f66·6163··pper)'.··set_fac0003b820:·5354·2d38·3030·2d35·332d·5349·2d37·0a20··ST-800-53-SI-7.·
0003b830:·743a·0a20·2020·2070·6163·6b61·6765·5f6d··t:.····package_m0003b830:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S
0003b840:·616e·6167·6572·5f72·6569·6e73·7461·6c6c··anager_reinstall0003b840:·492d·3728·3129·0a20·202d·204e·4953·542d··I-7(1).··-·NIST-
0003b850:·5f63·6d64·3a20·7a79·7070·6572·2069·6e20··_cmd:·zypper·in·0003b850:·3830·302d·3533·2d53·492d·3728·3629·0a20··800-53-SI-7(6).·
0003b860:·2d66·202d·790a·2020·7768·656e·3a0a·2020··-f·-y.··when:.··0003b860:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1
0003b870:·2d20·6e6f·7420·2820·226b·6572·6e65·6c22··-·not·(·"kernel"0003b870:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv
0003b880:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003b880:·342d·3131·2e35·2e32·0a20·202d·2068·6967··4-11.5.2.··-·hig
0003b890:·732e·7061·636b·6167·6573·2061·6e64·2022··s.packages·and·"0003b890:·685f·636f·6d70·6c65·7869·7479·0a20·202d··h_complexity.··-
0003b8a0:·7270·6d2d·6f73·7472·6565·2220·696e·2061··rpm-ostree"·in·a0003b8a0:·2068·6967·685f·7365·7665·7269·7479·0a20···high_severity.·
0003b8b0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003b8b0:·202d·206d·6564·6975·6d5f·6469·7372·7570···-·medium_disrup
0003b8c0:·6b61·6765·730a·2020·2020·616e·6420·2262··kages.····and·"b0003b8c0:·7469·6f6e·0a20·202d·206e·6f5f·7265·626f··tion.··-·no_rebo
0003b8d0:·6f6f·7463·2220·696e·2061·6e73·6962·6c65··ootc"·in·ansible0003b8d0:·6f74·5f6e·6565·6465·640a·2020·2d20·7265··ot_needed.··-·re
0003b8e0:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003b8e0:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.
0003b8f0:·616e·6420·6e6f·7420·226f·7065·6e73·6869··and·not·"openshi0003b8f0:·2020·2d20·7270·6d5f·7665·7269·6679·5f68····-·rpm_verify_h
Max diff block lines reached; 9798557/9855027 bytes (99.43%) of diff not shown.
845 KB
html2text {}
    
Offset 97, 14 lines modifiedOffset 97, 33 lines modified
97 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)97 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
98 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-198 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
99 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.599 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
100 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227100 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
101 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010020101 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010020
102 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2102 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
103 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221653r1015161_rule103 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221653r1015161_rule
 104 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 105 #·Remediation·is·applicable·only·in·certain·platforms
 106 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 107 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 108 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 109 if·[·-n·"$files_with_incorrect_hash"·];·then
 110 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 111 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 112 ····yum·reinstall·-y·$packages_to_reinstall
  
 113 fi
  
 114 else
 115 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 116 fi
104 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8117 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
105 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high118 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
106 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium119 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
107 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false120 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
108 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict121 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
109 -·name:·Gather·the·package·facts122 -·name:·Gather·the·package·facts
110 ··package_facts:123 ··package_facts:
Offset 277, 33 lines modifiedOffset 296, 14 lines modified
277 ··-·PCI-DSSv4-11.5.2296 ··-·PCI-DSSv4-11.5.2
278 ··-·high_complexity297 ··-·high_complexity
279 ··-·high_severity298 ··-·high_severity
280 ··-·medium_disruption299 ··-·medium_disruption
281 ··-·no_reboot_needed300 ··-·no_reboot_needed
282 ··-·restrict_strategy301 ··-·restrict_strategy
283 ··-·rpm_verify_hashes302 ··-·rpm_verify_hashes
284 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
285 #·Remediation·is·applicable·only·in·certain·platforms 
286 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
287 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
288 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
289 if·[·-n·"$files_with_incorrect_hash"·];·then 
290 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
291 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
292 ····yum·reinstall·-y·$packages_to_reinstall 
  
293 fi 
  
294 else 
295 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
296 fi 
297 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*303 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
298 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:304 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
299 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'305 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
300 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:306 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
301 $·rpm·-qf·FILENAME307 $·rpm·-qf·FILENAME
  
302 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:308 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 326, 14 lines modifiedOffset 326, 50 lines modified
326 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)326 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
327 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1327 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
328 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5328 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
329 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108329 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
330 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010010330 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010010
331 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2331 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
332 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221652r991557_rule332 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221652r991557_rule
 333 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 334 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 335 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 336 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 337 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 338 #·Remediation·is·applicable·only·in·certain·platforms
 339 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 340 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 341 declare·-A·SETPERMS_RPM_DICT
  
 342 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 343 #·is·expected·by·the·RPM·database
 344 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 345 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 346 do
 347 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 348 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 349 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 350 ········do
 351 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 352 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 353 ········done
 354 done
  
 355 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 356 #·correct·values
 357 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 358 do
 359 »       rpm·--restore·"${RPM_PACKAGE}"
 360 done
  
 361 else
 362 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 363 fi
333 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8364 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
334 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high365 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
335 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium366 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
336 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false367 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
337 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict368 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
338 -·name:·Gather·the·package·facts369 -·name:·Gather·the·package·facts
339 ··package_facts:370 ··package_facts:
Offset 449, 50 lines modifiedOffset 485, 14 lines modified
449 ··-·PCI-DSSv4-11.5.2485 ··-·PCI-DSSv4-11.5.2
450 ··-·high_complexity486 ··-·high_complexity
451 ··-·high_severity487 ··-·high_severity
452 ··-·medium_disruption488 ··-·medium_disruption
453 ··-·no_reboot_needed489 ··-·no_reboot_needed
454 ··-·restrict_strategy490 ··-·restrict_strategy
455 ··-·rpm_verify_permissions491 ··-·rpm_verify_permissions
456 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 857487/865057 bytes (99.12%) of diff not shown.
240 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-sap.html
    
Offset 14650, 177 lines modifiedOffset 14650, 177 lines modified
00039390:·7461·7267·6574·3d22·2369·646d·3839·3931··target="#idm899100039390:·7461·7267·6574·3d22·2369·646d·3839·3931··target="#idm8991
000393a0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r000393a0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
000393b0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari000393b0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
000393c0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals000393c0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
000393d0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa000393d0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
000393e0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr000393e0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
000393f0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat000393f0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
00039400:·696f·6e20·416e·6163·6f6e·6461·2073·6e69··ion·Anaconda·sni00039400:·696f·6e20·5075·7070·6574·2073·6e69·7070··ion·Puppet·snipp
00039410:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>00039410:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d
00039420:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane00039420:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
00039430:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla00039430:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
00039440:·7073·6522·2069·643d·2269·646d·3839·3931··pse"·id="idm899100039440:·6522·2069·643d·2269·646d·3839·3931·223e··e"·id="idm8991">
00039450:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="00039450:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
00039460:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri00039460:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
00039470:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border00039470:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
00039480:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens00039480:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
00039490:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp00039490:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
000394a0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>000394a0:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo
000394b0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr000394b0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
000394c0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:000394c0:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
000394d0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
000394e0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
000394f0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
00039500:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
00039510:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
00039520:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
00039530:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
00039540:·7072·653e·3c63·6f64·653e·0a70·6163·6b61··pre><code>.packa 
00039550:·6765·202d·2d61·6464·3d67·6c69·6263·0a3c··ge·--add=glibc.< 
00039560:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
00039570:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
00039580:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
00039590:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
000395a0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
000395b0:·2223·6964·6d38·3939·3222·2074·6162·696e··"#idm8992"·tabin 
000395c0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
000395d0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
000395e0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
000395f0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
00039600:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
00039610:·3e52·656d·6564·6961·7469·6f6e·2050·7570··>Remediation·Pup 
00039620:·7065·7420·736e·6970·7065·7420·e287·b23c··pet·snippet·...< 
00039630:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
00039640:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
00039650:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
00039660:·6964·6d38·3939·3222·3e3c·7461·626c·6520··idm8992"><table· 
00039670:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
00039680:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
00039690:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
000396a0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
000396b0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
000396c0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><000394d0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
000396d0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr000394e0:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo
000396e0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>000394f0:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals
000396f0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr00039500:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><
00039700:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th00039510:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
00039710:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><00039520:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td>
 00039530:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
 00039540:·653e·3c63·6f64·653e·696e·636c·7564·6520··e><code>include·
00039720:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
00039730:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
00039740:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
00039750:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
00039760:·3e69·6e63·6c75·6465·2069·6e73·7461·6c6c··>include·install 
00039770:·5f67·6c69·6263·0a0a·636c·6173·7320·696e··_glibc..class·in 
00039780:·7374·616c·6c5f·676c·6962·6320·7b0a·2020··stall_glibc·{.··00039550:·696e·7374·616c·6c5f·676c·6962·630a·0a63··install_glibc..c
 00039560:·6c61·7373·2069·6e73·7461·6c6c·5f67·6c69··lass·install_gli
 00039570:·6263·207b·0a20·2070·6163·6b61·6765·207b··bc·{.··package·{
 00039580:·2027·676c·6962·6327·3a0a·2020·2020·656e···'glibc':.····en
 00039590:·7375·7265·203d·2667·743b·2027·696e·7374··sure·=&gt;·'inst
 000395a0:·616c·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f··alled',.··}.}.</
00039790:·7061·636b·6167·6520·7b20·2767·6c69·6263··package·{·'glibc 
000397a0:·273a·0a20·2020·2065·6e73·7572·6520·3d26··':.····ensure·=& 
000397b0:·6774·3b20·2769·6e73·7461·6c6c·6564·272c··gt;·'installed', 
000397c0:·0a20·207d·0a7d·0a3c·2f63·6f64·653e·3c2f··.··}.}.</code></ 
000397d0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
000397e0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
000397f0:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
00039800:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
00039810:·2d74·6172·6765·743d·2223·6964·6d38·3939··-target="#idm899 
00039820:·3322·2074·6162·696e·6465·783d·2230·2220··3"·tabindex="0"· 
00039830:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
00039840:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
00039850:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
00039860:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
00039870:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
00039880:·7469·6f6e·204f·5342·7569·6c64·2042·6c75··tion·OSBuild·Blu 
00039890:·6570·7269·6e74·2073·6e69·7070·6574·20e2··eprint·snippet·. 
000398a0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
000398b0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
000398c0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
000398d0:·643d·2269·646d·3839·3933·223e·3c70·7265··d="idm8993"><pre 
000398e0:·3e3c·636f·6465·3e0a·5b5b·7061·636b·6167··><code>.[[packag 
000398f0:·6573·5d5d·0a6e·616d·6520·3d20·2267·6c69··es]].name·=·"gli 
00039900:·6263·220a·7665·7273·696f·6e20·3d20·222a··bc".version·=·"* 
00039910:·220a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··".</code></pre><000395b0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div
00039920:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b000395c0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b
00039930:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"·000395d0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data
00039940:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col000395e0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps
00039950:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ000395f0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
00039960:·6574·3d22·2369·646d·3839·3934·2220·7461··et="#idm8994"·ta00039600:·2369·646d·3839·3932·2220·7461·6269·6e64··#idm8992"·tabind
00039970:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=00039610:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
00039980:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex00039620:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
00039990:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t00039630:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
000399a0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t00039640:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
000399b0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="00039650:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
000399c0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·00039660:·5265·6d65·6469·6174·696f·6e20·5368·656c··Remediation·Shel
 00039670:·6c20·7363·7269·7074·20e2·87b2·3c2f·613e··l·script·...</a>
 00039680:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
 00039690:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
 000396a0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
 000396b0:·3839·3932·223e·3c74·6162·6c65·2063·6c61··8992"><table·cla
 000396c0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
 000396d0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
 000396e0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
 000396f0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
 00039700:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
000399d0:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet· 
000399e0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
000399f0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
00039a00:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
00039a10:·6964·3d22·6964·6d38·3939·3422·3e3c·7461··id="idm8994"><ta 
00039a20:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
00039a30:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
00039a40:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
00039a50:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
00039a60:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
Max diff block lines reached; 196156/219230 bytes (89.47%) of diff not shown.
25.6 KB
html2text {}
    
Offset 64, 38 lines modifiedOffset 64, 35 lines modified
64 The·package·glibc·is·installed·on·Linux·by·default,·but·the·glibc·version·might·not·be·sufficient·for·SAP.·Please·refer·to·SAP·note·of·your·Linux·version·for·the64 The·package·glibc·is·installed·on·Linux·by·default,·but·the·glibc·version·might·not·be·sufficient·for·SAP.·Please·refer·to·SAP·note·of·your·Linux·version·for·the
65 minimum·requirement·on·glibc.·The·glibc·package·can·be·installed·with·the·following·command:65 minimum·requirement·on·glibc.·The·glibc·package·can·be·installed·with·the·following·command:
66 $·sudo·yum·install·glibc66 $·sudo·yum·install·glibc
67 Rationale:·The·glibc·package·contains·standard·C·and·math·libraries·used·by·multiple·programs·on·Linux.·The·glibc·shipped·with·first·release·of·each·major·Linux67 Rationale:·The·glibc·package·contains·standard·C·and·math·libraries·used·by·multiple·programs·on·Linux.·The·glibc·shipped·with·first·release·of·each·major·Linux
68 ···········version·is·often·not·sufficient·for·SAP.·An·update·is·required·after·the·first·OS·installation.68 ···········version·is·often·not·sufficient·for·SAP.·An·update·is·required·after·the·first·OS·installation.
69 Severity: ·medium69 Severity: ·medium
70 Rule·ID:···xccdf_org.ssgproject.content_rule_package_glibc_installed70 Rule·ID:···xccdf_org.ssgproject.content_rule_package_glibc_installed
71 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
72 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
73 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
74 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
75 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
76 package·--add=glibc 
77 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x871 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
78 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low72 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
79 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low73 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
80 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false74 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
81 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable75 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
82 include·install_glibc76 include·install_glibc
  
83 class·install_glibc·{77 class·install_glibc·{
84 ··package·{·'glibc':78 ··package·{·'glibc':
85 ····ensure·=>·'installed',79 ····ensure·=>·'installed',
86 ··}80 ··}
87 }81 }
88 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x882 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 83 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 84 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 85 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 86 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
89 [[packages]] 
90 name·=·"glibc" 
91 version·=·"*"87 if·!·rpm·-q·--quiet·"glibc"·;·then
 88 ····yum·install·-y·"glibc"
 89 fi
92 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x890 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
93 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low91 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
94 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low92 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
95 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false93 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
96 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable94 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
97 -·name:·Ensure·glibc·is·installed95 -·name:·Ensure·glibc·is·installed
98 ··package:96 ··package:
Offset 104, 55 lines modifiedOffset 101, 55 lines modified
104 ··tags:101 ··tags:
105 ··-·enable_strategy102 ··-·enable_strategy
106 ··-·low_complexity103 ··-·low_complexity
107 ··-·low_disruption104 ··-·low_disruption
108 ··-·medium_severity105 ··-·medium_severity
109 ··-·no_reboot_needed106 ··-·no_reboot_needed
110 ··-·package_glibc_installed107 ··-·package_glibc_installed
 108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 109 [[packages]]
 110 name·=·"glibc"
 111 version·=·"*"
111 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
112 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low113 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
113 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low114 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
114 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false115 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
115 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable116 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 117 package·--add=glibc
116 if·!·rpm·-q·--quiet·"glibc"·;·then 
117 ····yum·install·-y·"glibc" 
118 fi 
119 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·P\x8Pa\x8ac\x8ck\x8ka\x8ag\x8ge\x8e·u\x8uu\x8ui\x8id\x8dd\x8d·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8le\x8ed\x8d·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*118 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·P\x8Pa\x8ac\x8ck\x8ka\x8ag\x8ge\x8e·u\x8uu\x8ui\x8id\x8dd\x8d·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8le\x8ed\x8d·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
120 The·package·uuidd·is·not·installed·on·normal·Linux·distribution·by·default.·Applications·require·this·package·to·avoid·database·inconsistences·caused·by·duplicated119 The·package·uuidd·is·not·installed·on·normal·Linux·distribution·by·default.·Applications·require·this·package·to·avoid·database·inconsistences·caused·by·duplicated
121 UUIDs.·Especially·in·banking·services·with·SAP·where·massive·UUIDs·are·created·in·a·short·time·period,·it·is·important·to·install·the·package·uuidd.·More·information120 UUIDs.·Especially·in·banking·services·with·SAP·where·massive·UUIDs·are·created·in·a·short·time·period,·it·is·important·to·install·the·package·uuidd.·More·information
122 can·be·found·in·SAP·note·1391070.·The·uuidd·package·can·be·installed·with·the·following·command:121 can·be·found·in·SAP·note·1391070.·The·uuidd·package·can·be·installed·with·the·following·command:
123 $·sudo·yum·install·uuidd122 $·sudo·yum·install·uuidd
124 Rationale:·The·uuidd·package·contains·a·userspace·daemon·(uuidd)·which·is·used·to·generate·unique·identifiers·even·at·very·high·rates·on·SMP·systems.123 Rationale:·The·uuidd·package·contains·a·userspace·daemon·(uuidd)·which·is·used·to·generate·unique·identifiers·even·at·very·high·rates·on·SMP·systems.
125 Severity: ·medium124 Severity: ·medium
126 Rule·ID:···xccdf_org.ssgproject.content_rule_package_uuidd_installed125 Rule·ID:···xccdf_org.ssgproject.content_rule_package_uuidd_installed
127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
128 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
129 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
130 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
131 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
132 package·--add=uuidd 
133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8126 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low127 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low128 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false129 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable130 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
138 include·install_uuidd131 include·install_uuidd
  
139 class·install_uuidd·{132 class·install_uuidd·{
140 ··package·{·'uuidd':133 ··package·{·'uuidd':
141 ····ensure·=>·'installed',134 ····ensure·=>·'installed',
142 ··}135 ··}
143 }136 }
144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8137 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 138 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 139 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 140 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 141 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
145 [[packages]] 
146 name·=·"uuidd" 
147 version·=·"*"142 if·!·rpm·-q·--quiet·"uuidd"·;·then
 143 ····yum·install·-y·"uuidd"
 144 fi
148 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
149 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
150 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
151 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
152 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
153 -·name:·Ensure·uuidd·is·installed150 -·name:·Ensure·uuidd·is·installed
154 ··package:151 ··package:
Offset 161, 23 lines modifiedOffset 158, 26 lines modified
161 ··tags:158 ··tags:
162 ··-·enable_strategy159 ··-·enable_strategy
163 ··-·low_complexity160 ··-·low_complexity
164 ··-·low_disruption161 ··-·low_disruption
165 ··-·medium_severity162 ··-·medium_severity
166 ··-·no_reboot_needed163 ··-·no_reboot_needed
167 ··-·package_uuidd_installed164 ··-·package_uuidd_installed
 165 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 166 [[packages]]
 167 name·=·"uuidd"
 168 version·=·"*"
168 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8169 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
169 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low170 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
Max diff block lines reached; 20680/26204 bytes (78.92%) of diff not shown.
9.76 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-standard.html
    
Offset 15108, 419 lines modifiedOffset 15108, 419 lines modified
0003b030:·7461·2d74·6172·6765·743d·2223·6964·6d35··ta-target="#idm50003b030:·7461·2d74·6172·6765·743d·2223·6964·6d35··ta-target="#idm5
0003b040:·3331·3022·2074·6162·696e·6465·783d·2230··310"·tabindex="00003b040:·3331·3022·2074·6162·696e·6465·783d·2230··310"·tabindex="0
0003b050:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·0003b050:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003b060:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f0003b060:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003b070:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act0003b070:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003b080:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"0003b080:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
Diff chunk too large, falling back to line-by-line diff (405 lines added, 405 lines removed)
0003b090:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed0003b090:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
0003b0a0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s0003b0a0:·6961·7469·6f6e·2053·6865·6c6c·2073·6372··iation·Shell·scr
0003b0b0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b0003b0b0:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br><
0003b0c0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa0003b0c0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003b0d0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col0003b0d0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003b0e0:·6c61·7073·6522·2069·643d·2269·646d·3533··lapse"·id="idm530003b0e0:·7365·2220·6964·3d22·6964·6d35·3331·3022··se"·id="idm5310"
0003b0f0:·3130·223e·3c74·6162·6c65·2063·6c61·7373··10"><table·class0003b0f0:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
0003b100:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st0003b100:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
0003b110:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord0003b110:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
0003b120:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde0003b120:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
0003b130:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co0003b130:·730a·6966·2021·2028·207b·2072·706d·202d··s.if·!·(·{·rpm·-
0003b140:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t0003b140:·2d71·7569·6574·202d·7120·6b65·726e·656c··-quiet·-q·kernel
0003b150:·643e·6869·6768·3c2f·7464·3e3c·2f74·723e··d>high</td></tr>0003b150:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003b160:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti0003b160:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b170:·6f6e·3a3c·2f74·683e·3c74·643e·6d65·6469··on:</th><td>medi0003b170:·7270·6d2d·6f73·7472·6565·203b·7d20·2661··rpm-ostree·;}·&a
0003b180:·756d·3c2f·7464·3e3c·2f74·723e·3c74·723e··um</td></tr><tr>0003b180:·6d70·3b26·616d·703b·207b·2072·706d·202d··mp;&amp;·{·rpm·-
0003b190:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>0003b190:·2d71·7569·6574·202d·7120·626f·6f74·6320··-quiet·-q·bootc·
0003b1a0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></0003b1a0:·3b7d·2026·616d·703b·2661·6d70·3b20·7b20··;}·&amp;&amp;·{·
0003b1b0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat0003b1b0:·2120·7270·6d20·2d2d·7175·6965·7420·2d71··!·rpm·--quiet·-q
0003b1c0:·6567·793a·3c2f·7468·3e3c·7464·3e72·6573··egy:</th><td>res0003b1c0:·206f·7065·6e73·6869·6674·2d6b·7562·656c···openshift-kubel
0003b1d0:·7472·6963·743c·2f74·643e·3c2f·7472·3e3c··trict</td></tr><0003b1d0:·6574·203b·7d20·293b·2074·6865·6e0a·0a23··et·;}·);·then..#
0003b1e0:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod0003b1e0:·2046·696e·6420·7768·6963·6820·6669·6c65···Find·which·file
0003b1f0:·653e·2d20·6e61·6d65·3a20·4761·7468·6572··e>-·name:·Gather0003b1f0:·7320·6861·7665·2069·6e63·6f72·7265·6374··s·have·incorrect
0003b200:·2074·6865·2070·6163·6b61·6765·2066·6163···the·package·fac0003b200:·2068·6173·6820·286e·6f74·2069·6e20·2f65···hash·(not·in·/e
0003b210:·7473·0a20·2070·6163·6b61·6765·5f66·6163··ts.··package_fac0003b210:·7463·2c20·6265·6361·7573·6520·6f66·2074··tc,·because·of·t
0003b220:·7473·3a0a·2020·2020·6d61·6e61·6765·723a··ts:.····manager:0003b220:·6865·2073·7973·7465·6d20·7265·6c61·7465··he·system·relate
0003b230:·2061·7574·6f0a·2020·7461·6773·3a0a·2020···auto.··tags:.··0003b230:·6420·636f·6e66·6967·2066·696c·6573·2920··d·config·files)·
0003b240:·2d20·434a·4953·2d35·2e31·302e·342e·310a··-·CJIS-5.10.4.1.0003b240:·616e·6420·7468·656e·2067·6574·2066·696c··and·then·get·fil
0003b250:·2020·2d20·4449·5341·2d53·5449·472d·4f4c····-·DISA-STIG-OL0003b250:·6573·206e·616d·6573·0a66·696c·6573·5f77··es·names.files_w
0003b260:·3037·2d30·302d·3031·3030·3230·0a20·202d··07-00-010020.··-0003b260:·6974·685f·696e·636f·7272·6563·745f·6861··ith_incorrect_ha
0003b270:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003b270:·7368·3d22·2428·7270·6d20·2d56·6120·2d2d··sh="$(rpm·-Va·--
0003b280:·332e·380a·2020·2d20·4e49·5354·2d38·3030··3.8.··-·NIST-8000003b280:·6e6f·636f·6e66·6967·207c·2067·7265·7020··noconfig·|·grep·
0003b290:·2d31·3731·2d33·2e34·2e31·0a20·202d·204e··-171-3.4.1.··-·N0003b290:·2d45·2027·5e2e·2e35·2720·7c20·6177·6b20··-E·'^..5'·|·awk·
0003b2a0:·4953·542d·3830·302d·3533·2d41·552d·3928··IST-800-53-AU-9(0003b2a0:·277b·7072·696e·7420·244e·467d·2720·2922··'{print·$NF}'·)"
0003b2b0:·3329·0a20·202d·204e·4953·542d·3830·302d··3).··-·NIST-800-0003b2b0:·0a0a·6966·205b·202d·6e20·2224·6669·6c65··..if·[·-n·"$file
0003b2c0:·3533·2d43·4d2d·3628·6329·0a20·202d·204e··53-CM-6(c).··-·N0003b2c0:·735f·7769·7468·5f69·6e63·6f72·7265·6374··s_with_incorrect
0003b2d0:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003b2d0:·5f68·6173·6822·205d·3b20·7468·656e·0a20··_hash"·];·then.·
0003b2e0:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-0003b2e0:·2020·2023·2046·726f·6d20·6669·6c65·7320·····#·From·files·
0003b2f0:·3533·2d53·492d·370a·2020·2d20·4e49·5354··53-SI-7.··-·NIST0003b2f0:·6e61·6d65·7320·6765·7420·7061·636b·6167··names·get·packag
0003b300:·2d38·3030·2d35·332d·5349·2d37·2831·290a··-800-53-SI-7(1).0003b300:·6520·6e61·6d65·7320·616e·6420·6368·616e··e·names·and·chan
0003b310:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b310:·6765·206e·6577·6c69·6e65·2074·6f20·7370··ge·newline·to·sp
0003b320:·5349·2d37·2836·290a·2020·2d20·5043·492d··SI-7(6).··-·PCI-0003b320:·6163·652c·2062·6563·6175·7365·2072·706d··ace,·because·rpm
0003b330:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··-0003b330:·2077·7269·7465·7320·6561·6368·2070·6163···writes·each·pac
0003b340:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5.0003b340:·6b61·6765·2074·6f20·6e65·7720·6c69·6e65··kage·to·new·line
0003b350:·320a·2020·2d20·6869·6768·5f63·6f6d·706c··2.··-·high_compl0003b350:·0a20·2020·2070·6163·6b61·6765·735f·746f··.····packages_to
0003b360:·6578·6974·790a·2020·2d20·6869·6768·5f73··exity.··-·high_s0003b360:·5f72·6569·6e73·7461·6c6c·3d22·2428·7270··_reinstall="$(rp
0003b370:·6576·6572·6974·790a·2020·2d20·6d65·6469··everity.··-·medi0003b370:·6d20·2d71·6620·2466·696c·6573·5f77·6974··m·-qf·$files_wit
0003b380:·756d·5f64·6973·7275·7074·696f·6e0a·2020··um_disruption.··0003b380:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003b390:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need0003b390:·207c·2074·7220·275c·6e27·2027·2027·2922···|·tr·'\n'·'·')"
0003b3a0:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_0003b3a0:·0a0a·2020·2020·0a20·2020·2079·756d·2072··..····.····yum·r
0003b3b0:·7374·7261·7465·6779·0a20·202d·2072·706d··strategy.··-·rpm0003b3b0:·6569·6e73·7461·6c6c·202d·7920·2470·6163··einstall·-y·$pac
0003b3c0:·5f76·6572·6966·795f·6861·7368·6573·0a0a··_verify_hashes..0003b3c0:·6b61·6765·735f·746f·5f72·6569·6e73·7461··kages_to_reinsta
0003b3d0:·2d20·6e61·6d65·3a20·2753·6574·2066·6163··-·name:·'Set·fac0003b3d0:·6c6c·0a20·2020·200a·6669·0a0a·656c·7365··ll.····.fi..else
0003b3e0:·743a·2050·6163·6b61·6765·206d·616e·6167··t:·Package·manag0003b3e0:·0a20·2020·2026·6774·3b26·616d·703b·3220··.····&gt;&amp;2·
0003b3f0:·6572·2072·6569·6e73·7461·6c6c·2063·6f6d··er·reinstall·com0003b3f0:·6563·686f·2027·5265·6d65·6469·6174·696f··echo·'Remediatio
0003b400:·6d61·6e64·270a·2020·7365·745f·6661·6374··mand'.··set_fact0003b400:·6e20·6973·206e·6f74·2061·7070·6c69·6361··n·is·not·applica
0003b410:·3a0a·2020·2020·7061·636b·6167·655f·6d61··:.····package_ma0003b410:·626c·652c·206e·6f74·6869·6e67·2077·6173··ble,·nothing·was
0003b420:·6e61·6765·725f·7265·696e·7374·616c·6c5f··nager_reinstall_0003b420:·2064·6f6e·6527·0a66·690a·3c2f·636f·6465···done'.fi.</code
0003b430:·636d·643a·2079·756d·2072·6569·6e73·7461··cmd:·yum·reinsta0003b430:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
0003b440:·6c6c·202d·790a·2020·7768·656e·3a0a·2020··ll·-y.··when:.··0003b440:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
0003b450:·2d20·6e6f·7420·2820·226b·6572·6e65·6c22··-·not·(·"kernel"0003b450:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
0003b460:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003b460:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
0003b470:·732e·7061·636b·6167·6573·2061·6e64·2022··s.packages·and·"0003b470:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b480:·7270·6d2d·6f73·7472·6565·2220·696e·2061··rpm-ostree"·in·a0003b480:·3533·3131·2220·7461·6269·6e64·6578·3d22··5311"·tabindex="
0003b490:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003b490:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b4a0:·6b61·6765·730a·2020·2020·616e·6420·2262··kages.····and·"b0003b4a0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b4b0:·6f6f·7463·2220·696e·2061·6e73·6962·6c65··ootc"·in·ansible0003b4b0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b4c0:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003b4c0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003b4d0:·616e·6420·6e6f·7420·226f·7065·6e73·6869··and·not·"openshi0003b4d0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003b4e0:·6674·2d6b·7562·656c·6574·2220·696e·2061··ft-kubelet"·in·a0003b4e0:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·
0003b4f0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003b4f0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
0003b500:·6b61·6765·730a·2020·2020·290a·2020·2d20··kages.····).··-·0003b500:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003b510:·616e·7369·626c·655f·6469·7374·7269·6275··ansible_distribu0003b510:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003b520:·7469·6f6e·2069·6e20·5b20·2246·6564·6f72··tion·in·[·"Fedor0003b520:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5
0003b530:·6122·2c20·2252·6564·4861·7422·2c20·2243··a",·"RedHat",·"C0003b530:·3331·3122·3e3c·7461·626c·6520·636c·6173··311"><table·clas
0003b540:·656e·744f·5322·2c20·224f·7261·636c·654c··entOS",·"OracleL0003b540:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003b550:·696e·7578·2220·5d0a·2020·7461·6773·3a0a··inux"·].··tags:.0003b550:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003b560:·2020·2d20·434a·4953·2d35·2e31·302e·342e····-·CJIS-5.10.4.0003b560:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003b570:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-0003b570:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003b580:·4f4c·3037·2d30·302d·3031·3030·3230·0a20··OL07-00-010020.·0003b580:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003b590:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-0003b590:·7464·3e68·6967·683c·2f74·643e·3c2f·7472··td>high</td></tr
0003b5a0:·332e·332e·380a·2020·2d20·4e49·5354·2d38··3.3.8.··-·NIST-80003b5a0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
0003b5b0:·3030·2d31·3731·2d33·2e34·2e31·0a20·202d··00-171-3.4.1.··-0003b5b0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6d·6564··ion:</th><td>med
0003b5c0:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-0003b5c0:·6975·6d3c·2f74·643e·3c2f·7472·3e3c·7472··ium</td></tr><tr
0003b5d0:·3928·3329·0a20·202d·204e·4953·542d·3830··9(3).··-·NIST-800003b5d0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
0003b5e0:·302d·3533·2d43·4d2d·3628·6329·0a20·202d··0-53-CM-6(c).··-0003b5e0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
0003b5f0:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-0003b5f0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
0003b600:·3628·6429·0a20·202d·204e·4953·542d·3830··6(d).··-·NIST-800003b600:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re
0003b610:·302d·3533·2d53·492d·370a·2020·2d20·4e49··0-53-SI-7.··-·NI0003b610:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>
0003b620:·5354·2d38·3030·2d35·332d·5349·2d37·2831··ST-800-53-SI-7(10003b620:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
0003b630:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003b630:·6465·3e2d·206e·616d·653a·2047·6174·6865··de>-·name:·Gathe
0003b640:·332d·5349·2d37·2836·290a·2020·2d20·5043··3-SI-7(6).··-·PC0003b640:·7220·7468·6520·7061·636b·6167·6520·6661··r·the·package·fa
0003b650:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.·0003b650:·6374·730a·2020·7061·636b·6167·655f·6661··cts.··package_fa
0003b660:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11.0003b660:·6374·733a·0a20·2020·206d·616e·6167·6572··cts:.····manager
0003b670:·352e·320a·2020·2d20·6869·6768·5f63·6f6d··5.2.··-·high_com0003b670:·3a20·6175·746f·0a20·2074·6167·733a·0a20··:·auto.··tags:.·
0003b680:·706c·6578·6974·790a·2020·2d20·6869·6768··plexity.··-·high0003b680:·202d·2043·4a49·532d·352e·3130·2e34·2e31···-·CJIS-5.10.4.1
0003b690:·5f73·6576·6572·6974·790a·2020·2d20·6d65··_severity.··-·me0003b690:·0a20·202d·2044·4953·412d·5354·4947·2d4f··.··-·DISA-STIG-O
0003b6a0:·6469·756d·5f64·6973·7275·7074·696f·6e0a··dium_disruption.0003b6a0:·4c30·372d·3030·2d30·3130·3032·300a·2020··L07-00-010020.··
0003b6b0:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne0003b6b0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003b6c0:·6564·6564·0a20·202d·2072·6573·7472·6963··eded.··-·restric0003b6c0:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-80
0003b6d0:·745f·7374·7261·7465·6779·0a20·202d·2072··t_strategy.··-·r0003b6d0:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·
0003b6e0:·706d·5f76·6572·6966·795f·6861·7368·6573··pm_verify_hashes0003b6e0:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-9
0003b6f0:·0a0a·2d20·6e61·6d65·3a20·2753·6574·2066··..-·name:·'Set·f0003b6f0:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-800
0003b700:·6163·743a·2050·6163·6b61·6765·206d·616e··act:·Package·man0003b700:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·
0003b710:·6167·6572·2072·6569·6e73·7461·6c6c·2063··ager·reinstall·c0003b710:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
0003b720:·6f6d·6d61·6e64·2028·7a79·7070·6572·2927··ommand·(zypper)'0003b720:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-800
0003b730:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···0003b730:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS
0003b740:·2070·6163·6b61·6765·5f6d·616e·6167·6572···package_manager0003b740:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)
0003b750:·5f72·6569·6e73·7461·6c6c·5f63·6d64·3a20··_reinstall_cmd:·0003b750:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003b760:·7a79·7070·6572·2069·6e20·2d66·202d·790a··zypper·in·-f·-y.0003b760:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI
0003b770:·2020·7768·656e·3a0a·2020·2d20·6e6f·7420····when:.··-·not·0003b770:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··
0003b780:·2820·226b·6572·6e65·6c22·2069·6e20·616e··(·"kernel"·in·an0003b780:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.5
0003b790:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003b790:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp
0003b7a0:·6167·6573·2061·6e64·2022·7270·6d2d·6f73··ages·and·"rpm-os0003b7a0:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_
0003b7b0:·7472·6565·2220·696e·2061·6e73·6962·6c65··tree"·in·ansible0003b7b0:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med
0003b7c0:·5f66·6163·7473·2e70·6163·6b61·6765·730a··_facts.packages.0003b7c0:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·
0003b7d0:·2020·2020·616e·6420·2262·6f6f·7463·2220······and·"bootc"·0003b7d0:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee
0003b7e0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003b7e0:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict
0003b7f0:·2e70·6163·6b61·6765·7320·616e·6420·6e6f··.packages·and·no0003b7f0:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp
0003b800:·7420·226f·7065·6e73·6869·6674·2d6b·7562··t·"openshift-kub0003b800:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.
Max diff block lines reached; 9412225/9468695 bytes (99.40%) of diff not shown.
747 KB
html2text {}
    
Offset 95, 14 lines modifiedOffset 95, 33 lines modified
95 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)95 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
96 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-196 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
97 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.597 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
98 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-0022798 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
99 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-01002099 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010020
100 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2100 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
101 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221653r1015161_rule101 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221653r1015161_rule
 102 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 103 #·Remediation·is·applicable·only·in·certain·platforms
 104 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 105 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 106 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 107 if·[·-n·"$files_with_incorrect_hash"·];·then
 108 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 109 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 110 ····yum·reinstall·-y·$packages_to_reinstall
  
 111 fi
  
 112 else
 113 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 114 fi
102 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8115 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
103 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high116 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
104 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium117 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
105 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false118 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
106 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict119 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
107 -·name:·Gather·the·package·facts120 -·name:·Gather·the·package·facts
108 ··package_facts:121 ··package_facts:
Offset 275, 33 lines modifiedOffset 294, 14 lines modified
275 ··-·PCI-DSSv4-11.5.2294 ··-·PCI-DSSv4-11.5.2
276 ··-·high_complexity295 ··-·high_complexity
277 ··-·high_severity296 ··-·high_severity
278 ··-·medium_disruption297 ··-·medium_disruption
279 ··-·no_reboot_needed298 ··-·no_reboot_needed
280 ··-·restrict_strategy299 ··-·restrict_strategy
281 ··-·rpm_verify_hashes300 ··-·rpm_verify_hashes
282 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
283 #·Remediation·is·applicable·only·in·certain·platforms 
284 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
285 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
286 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
287 if·[·-n·"$files_with_incorrect_hash"·];·then 
288 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
289 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
290 ····yum·reinstall·-y·$packages_to_reinstall 
  
291 fi 
  
292 else 
293 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
294 fi 
295 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*301 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
296 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:302 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
297 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'303 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
298 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:304 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
299 $·rpm·-qf·FILENAME305 $·rpm·-qf·FILENAME
  
300 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:306 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 324, 14 lines modifiedOffset 324, 50 lines modified
324 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)324 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
325 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1325 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
326 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5326 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
327 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108327 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
328 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010010328 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL07-00-010010
329 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2329 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
330 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221652r991557_rule330 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-221652r991557_rule
 331 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 332 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 333 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 334 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 335 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 336 #·Remediation·is·applicable·only·in·certain·platforms
 337 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 338 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 339 declare·-A·SETPERMS_RPM_DICT
  
 340 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 341 #·is·expected·by·the·RPM·database
 342 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 343 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 344 do
 345 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 346 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 347 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 348 ········do
 349 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 350 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 351 ········done
 352 done
  
 353 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 354 #·correct·values
 355 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 356 do
 357 »       rpm·--restore·"${RPM_PACKAGE}"
 358 done
  
 359 else
 360 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 361 fi
331 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8362 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
332 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high363 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
333 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium364 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
334 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false365 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
335 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict366 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
336 -·name:·Gather·the·package·facts367 -·name:·Gather·the·package·facts
337 ··package_facts:368 ··package_facts:
Offset 447, 50 lines modifiedOffset 483, 14 lines modified
447 ··-·PCI-DSSv4-11.5.2483 ··-·PCI-DSSv4-11.5.2
448 ··-·high_complexity484 ··-·high_complexity
449 ··-·high_severity485 ··-·high_severity
450 ··-·medium_disruption486 ··-·medium_disruption
451 ··-·no_reboot_needed487 ··-·no_reboot_needed
452 ··-·restrict_strategy488 ··-·restrict_strategy
453 ··-·rpm_verify_permissions489 ··-·rpm_verify_permissions
454 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 757180/764741 bytes (99.01%) of diff not shown.
22.6 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-stig.html
    
Offset 15172, 419 lines modifiedOffset 15172, 419 lines modified
0003b430:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003b430:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003b440:·2369·646d·3533·3130·2220·7461·6269·6e64··#idm5310"·tabind0003b440:·2369·646d·3533·3130·2220·7461·6269·6e64··#idm5310"·tabind
0003b450:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003b450:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003b460:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003b460:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003b470:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003b470:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003b480:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003b480:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
Diff chunk too large, falling back to line-by-line diff (405 lines added, 405 lines removed)
0003b490:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003b490:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003b4a0:·5265·6d65·6469·6174·696f·6e20·416e·7369··Remediation·Ansi0003b4a0:·5265·6d65·6469·6174·696f·6e20·5368·656c··Remediation·Shel
0003b4b0:·626c·6520·736e·6970·7065·7420·e287·b23c··ble·snippet·...<0003b4b0:·6c20·7363·7269·7074·20e2·87b2·3c2f·613e··l·script·...</a>
0003b4c0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003b4c0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003b4d0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003b4d0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003b4e0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003b4e0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003b4f0:·6964·6d35·3331·3022·3e3c·7461·626c·6520··idm5310"><table·0003b4f0:·3533·3130·223e·3c70·7265·3e3c·636f·6465··5310"><pre><code
0003b500:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003b500:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
0003b510:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003b510:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
0003b520:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003b520:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
0003b530:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003b530:·7466·6f72·6d73·0a69·6620·2120·2820·7b20··tforms.if·!·(·{·
0003b540:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003b540:·7270·6d20·2d2d·7175·6965·7420·2d71·206b··rpm·--quiet·-q·k
0003b550:·7468·3e3c·7464·3e68·6967·683c·2f74·643e··th><td>high</td>0003b550:·6572·6e65·6c20·3b7d·2026·616d·703b·2661··ernel·;}·&amp;&a
0003b560:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis0003b560:·6d70·3b20·7b20·7270·6d20·2d2d·7175·6965··mp;·{·rpm·--quie
0003b570:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td0003b570:·7420·2d71·2072·706d·2d6f·7374·7265·6520··t·-q·rpm-ostree·
0003b580:·3e6d·6564·6975·6d3c·2f74·643e·3c2f·7472··>medium</td></tr0003b580:·3b7d·2026·616d·703b·2661·6d70·3b20·7b20··;}·&amp;&amp;·{·
0003b590:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:0003b590:·7270·6d20·2d2d·7175·6965·7420·2d71·2062··rpm·--quiet·-q·b
0003b5a0:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</0003b5a0:·6f6f·7463·203b·7d20·2661·6d70·3b26·616d··ootc·;}·&amp;&am
0003b5b0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>0003b5b0:·703b·207b·2021·2072·706d·202d·2d71·7569··p;·{·!·rpm·--qui
0003b5c0:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t0003b5c0:·6574·202d·7120·6f70·656e·7368·6966·742d··et·-q·openshift-
0003b5d0:·643e·7265·7374·7269·6374·3c2f·7464·3e3c··d>restrict</td><0003b5d0:·6b75·6265·6c65·7420·3b7d·2029·3b20·7468··kubelet·;}·);·th
0003b5e0:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre0003b5e0:·656e·0a0a·2320·4669·6e64·2077·6869·6368··en..#·Find·which
0003b5f0:·3e3c·636f·6465·3e2d·206e·616d·653a·2047··><code>-·name:·G0003b5f0:·2066·696c·6573·2068·6176·6520·696e·636f···files·have·inco
0003b600:·6174·6865·7220·7468·6520·7061·636b·6167··ather·the·packag0003b600:·7272·6563·7420·6861·7368·2028·6e6f·7420··rrect·hash·(not·
0003b610:·6520·6661·6374·730a·2020·7061·636b·6167··e·facts.··packag0003b610:·696e·202f·6574·632c·2062·6563·6175·7365··in·/etc,·because
0003b620:·655f·6661·6374·733a·0a20·2020·206d·616e··e_facts:.····man0003b620:·206f·6620·7468·6520·7379·7374·656d·2072···of·the·system·r
0003b630:·6167·6572·3a20·6175·746f·0a20·2074·6167··ager:·auto.··tag0003b630:·656c·6174·6564·2063·6f6e·6669·6720·6669··elated·config·fi
0003b640:·733a·0a20·202d·2043·4a49·532d·352e·3130··s:.··-·CJIS-5.100003b640:·6c65·7329·2061·6e64·2074·6865·6e20·6765··les)·and·then·ge
0003b650:·2e34·2e31·0a20·202d·2044·4953·412d·5354··.4.1.··-·DISA-ST0003b650:·7420·6669·6c65·7320·6e61·6d65·730a·6669··t·files·names.fi
0003b660:·4947·2d4f·4c30·372d·3030·2d30·3130·3032··IG-OL07-00-010020003b660:·6c65·735f·7769·7468·5f69·6e63·6f72·7265··les_with_incorre
0003b670:·300a·2020·2d20·4e49·5354·2d38·3030·2d31··0.··-·NIST-800-10003b670:·6374·5f68·6173·683d·2224·2872·706d·202d··ct_hash="$(rpm·-
0003b680:·3731·2d33·2e33·2e38·0a20·202d·204e·4953··71-3.3.8.··-·NIS0003b680:·5661·202d·2d6e·6f63·6f6e·6669·6720·7c20··Va·--noconfig·|·
0003b690:·542d·3830·302d·3137·312d·332e·342e·310a··T-800-171-3.4.1.0003b690:·6772·6570·202d·4520·275e·2e2e·3527·207c··grep·-E·'^..5'·|
0003b6a0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b6a0:·2061·776b·2027·7b70·7269·6e74·2024·4e46···awk·'{print·$NF
0003b6b0:·4155·2d39·2833·290a·2020·2d20·4e49·5354··AU-9(3).··-·NIST0003b6b0:·7d27·2029·220a·0a69·6620·5b20·2d6e·2022··}'·)"..if·[·-n·"
0003b6c0:·2d38·3030·2d35·332d·434d·2d36·2863·290a··-800-53-CM-6(c).0003b6c0:·2466·696c·6573·5f77·6974·685f·696e·636f··$files_with_inco
0003b6d0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b6d0:·7272·6563·745f·6861·7368·2220·5d3b·2074··rrect_hash"·];·t
0003b6e0:·434d·2d36·2864·290a·2020·2d20·4e49·5354··CM-6(d).··-·NIST0003b6e0:·6865·6e0a·2020·2020·2320·4672·6f6d·2066··hen.····#·From·f
0003b6f0:·2d38·3030·2d35·332d·5349·2d37·0a20·202d··-800-53-SI-7.··-0003b6f0:·696c·6573·206e·616d·6573·2067·6574·2070··iles·names·get·p
0003b700:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003b700:·6163·6b61·6765·206e·616d·6573·2061·6e64··ackage·names·and
0003b710:·3728·3129·0a20·202d·204e·4953·542d·3830··7(1).··-·NIST-800003b710:·2063·6861·6e67·6520·6e65·776c·696e·6520···change·newline·
0003b720:·302d·3533·2d53·492d·3728·3629·0a20·202d··0-53-SI-7(6).··-0003b720:·746f·2073·7061·6365·2c20·6265·6361·7573··to·space,·becaus
0003b730:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.0003b730:·6520·7270·6d20·7772·6974·6573·2065·6163··e·rpm·writes·eac
0003b740:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-0003b740:·6820·7061·636b·6167·6520·746f·206e·6577··h·package·to·new
0003b750:·3131·2e35·2e32·0a20·202d·2068·6967·685f··11.5.2.··-·high_0003b750:·206c·696e·650a·2020·2020·7061·636b·6167···line.····packag
0003b760:·636f·6d70·6c65·7869·7479·0a20·202d·2068··complexity.··-·h0003b760:·6573·5f74·6f5f·7265·696e·7374·616c·6c3d··es_to_reinstall=
0003b770:·6967·685f·7365·7665·7269·7479·0a20·202d··igh_severity.··-0003b770:·2224·2872·706d·202d·7166·2024·6669·6c65··"$(rpm·-qf·$file
0003b780:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti0003b780:·735f·7769·7468·5f69·6e63·6f72·7265·6374··s_with_incorrect
0003b790:·6f6e·0a20·202d·206e·6f5f·7265·626f·6f74··on.··-·no_reboot0003b790:·5f68·6173·6820·7c20·7472·2027·5c6e·2720··_hash·|·tr·'\n'·
0003b7a0:·5f6e·6565·6465·640a·2020·2d20·7265·7374··_needed.··-·rest0003b7a0:·2720·2729·220a·0a20·2020·200a·2020·2020··'·')"..····.····
0003b7b0:·7269·6374·5f73·7472·6174·6567·790a·2020··rict_strategy.··0003b7b0:·7975·6d20·7265·696e·7374·616c·6c20·2d79··yum·reinstall·-y
0003b7c0:·2d20·7270·6d5f·7665·7269·6679·5f68·6173··-·rpm_verify_has0003b7c0:·2024·7061·636b·6167·6573·5f74·6f5f·7265···$packages_to_re
0003b7d0:·6865·730a·0a2d·206e·616d·653a·2027·5365··hes..-·name:·'Se0003b7d0:·696e·7374·616c·6c0a·2020·2020·0a66·690a··install.····.fi.
0003b7e0:·7420·6661·6374·3a20·5061·636b·6167·6520··t·fact:·Package·0003b7e0:·0a65·6c73·650a·2020·2020·2667·743b·2661··.else.····&gt;&a
0003b7f0:·6d61·6e61·6765·7220·7265·696e·7374·616c··manager·reinstal0003b7f0:·6d70·3b32·2065·6368·6f20·2752·656d·6564··mp;2·echo·'Remed
0003b800:·6c20·636f·6d6d·616e·6427·0a20·2073·6574··l·command'.··set0003b800:·6961·7469·6f6e·2069·7320·6e6f·7420·6170··iation·is·not·ap
0003b810:·5f66·6163·743a·0a20·2020·2070·6163·6b61··_fact:.····packa0003b810:·706c·6963·6162·6c65·2c20·6e6f·7468·696e··plicable,·nothin
0003b820:·6765·5f6d·616e·6167·6572·5f72·6569·6e73··ge_manager_reins0003b820:·6720·7761·7320·646f·6e65·270a·6669·0a3c··g·was·done'.fi.<
0003b830:·7461·6c6c·5f63·6d64·3a20·7975·6d20·7265··tall_cmd:·yum·re0003b830:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
0003b840:·696e·7374·616c·6c20·2d79·0a20·2077·6865··install·-y.··whe0003b840:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
0003b850:·6e3a·0a20·202d·206e·6f74·2028·2022·6b65··n:.··-·not·(·"ke0003b850:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
0003b860:·726e·656c·2220·696e·2061·6e73·6962·6c65··rnel"·in·ansible0003b860:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
0003b870:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003b870:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b880:·616e·6420·2272·706d·2d6f·7374·7265·6522··and·"rpm-ostree"0003b880:·2223·6964·6d35·3331·3122·2074·6162·696e··"#idm5311"·tabin
0003b890:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003b890:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b8a0:·732e·7061·636b·6167·6573·0a20·2020·2061··s.packages.····a0003b8a0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b8b0:·6e64·2022·626f·6f74·6322·2069·6e20·616e··nd·"bootc"·in·an0003b8b0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b8c0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003b8c0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003b8d0:·6167·6573·2061·6e64·206e·6f74·2022·6f70··ages·and·not·"op0003b8d0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b8e0:·656e·7368·6966·742d·6b75·6265·6c65·7422··enshift-kubelet"0003b8e0:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans
0003b8f0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003b8f0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...
0003b900:·732e·7061·636b·6167·6573·0a20·2020·2029··s.packages.····)0003b900:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003b910:·0a20·202d·2061·6e73·6962·6c65·5f64·6973··.··-·ansible_dis0003b910:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003b920:·7472·6962·7574·696f·6e20·696e·205b·2022··tribution·in·[·"0003b920:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003b930:·4665·646f·7261·222c·2022·5265·6448·6174··Fedora",·"RedHat0003b930:·2269·646d·3533·3131·223e·3c74·6162·6c65··"idm5311"><table
0003b940:·222c·2022·4365·6e74·4f53·222c·2022·4f72··",·"CentOS",·"Or0003b940:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
0003b950:·6163·6c65·4c69·6e75·7822·205d·0a20·2074··acleLinux"·].··t0003b950:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
0003b960:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.0003b960:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
0003b970:·3130·2e34·2e31·0a20·202d·2044·4953·412d··10.4.1.··-·DISA-0003b970:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
0003b980:·5354·4947·2d4f·4c30·372d·3030·2d30·3130··STIG-OL07-00-0100003b980:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
0003b990:·3032·300a·2020·2d20·4e49·5354·2d38·3030··020.··-·NIST-8000003b990:·2f74·683e·3c74·643e·6869·6768·3c2f·7464··/th><td>high</td
0003b9a0:·2d31·3731·2d33·2e33·2e38·0a20·202d·204e··-171-3.3.8.··-·N0003b9a0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di
0003b9b0:·4953·542d·3830·302d·3137·312d·332e·342e··IST-800-171-3.4.0003b9b0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t
0003b9c0:·310a·2020·2d20·4e49·5354·2d38·3030·2d35··1.··-·NIST-800-50003b9c0:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t
0003b9d0:·332d·4155·2d39·2833·290a·2020·2d20·4e49··3-AU-9(3).··-·NI0003b9d0:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
0003b9e0:·5354·2d38·3030·2d35·332d·434d·2d36·2863··ST-800-53-CM-6(c0003b9e0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
0003b9f0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003b9f0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003ba00:·332d·434d·2d36·2864·290a·2020·2d20·4e49··3-CM-6(d).··-·NI0003ba00:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
0003ba10:·5354·2d38·3030·2d35·332d·5349·2d37·0a20··ST-800-53-SI-7.·0003ba10:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>
0003ba20:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003ba20:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
0003ba30:·492d·3728·3129·0a20·202d·204e·4953·542d··I-7(1).··-·NIST-0003ba30:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·
0003ba40:·3830·302d·3533·2d53·492d·3728·3629·0a20··800-53-SI-7(6).·0003ba40:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa
0003ba50:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-10003ba50:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa
0003ba60:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv0003ba60:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma
0003ba70:·342d·3131·2e35·2e32·0a20·202d·2068·6967··4-11.5.2.··-·hig0003ba70:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta
0003ba80:·685f·636f·6d70·6c65·7869·7479·0a20·202d··h_complexity.··-0003ba80:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.1
0003ba90:·2068·6967·685f·7365·7665·7269·7479·0a20···high_severity.·0003ba90:·302e·342e·310a·2020·2d20·4449·5341·2d53··0.4.1.··-·DISA-S
0003baa0:·202d·206d·6564·6975·6d5f·6469·7372·7570···-·medium_disrup0003baa0:·5449·472d·4f4c·3037·2d30·302d·3031·3030··TIG-OL07-00-0100
0003bab0:·7469·6f6e·0a20·202d·206e·6f5f·7265·626f··tion.··-·no_rebo0003bab0:·3230·0a20·202d·204e·4953·542d·3830·302d··20.··-·NIST-800-
0003bac0:·6f74·5f6e·6565·6465·640a·2020·2d20·7265··ot_needed.··-·re0003bac0:·3137·312d·332e·332e·380a·2020·2d20·4e49··171-3.3.8.··-·NI
0003bad0:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.0003bad0:·5354·2d38·3030·2d31·3731·2d33·2e34·2e31··ST-800-171-3.4.1
0003bae0:·2020·2d20·7270·6d5f·7665·7269·6679·5f68····-·rpm_verify_h0003bae0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003baf0:·6173·6865·730a·0a2d·206e·616d·653a·2027··ashes..-·name:·'0003baf0:·2d41·552d·3928·3329·0a20·202d·204e·4953··-AU-9(3).··-·NIS
0003bb00:·5365·7420·6661·6374·3a20·5061·636b·6167··Set·fact:·Packag0003bb00:·542d·3830·302d·3533·2d43·4d2d·3628·6329··T-800-53-CM-6(c)
0003bb10:·6520·6d61·6e61·6765·7220·7265·696e·7374··e·manager·reinst0003bb10:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bb20:·616c·6c20·636f·6d6d·616e·6420·287a·7970··all·command·(zyp0003bb20:·2d43·4d2d·3628·6429·0a20·202d·204e·4953··-CM-6(d).··-·NIS
0003bb30:·7065·7229·270a·2020·7365·745f·6661·6374··per)'.··set_fact0003bb30:·542d·3830·302d·3533·2d53·492d·370a·2020··T-800-53-SI-7.··
0003bb40:·3a0a·2020·2020·7061·636b·6167·655f·6d61··:.····package_ma0003bb40:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI
0003bb50:·6e61·6765·725f·7265·696e·7374·616c·6c5f··nager_reinstall_0003bb50:·2d37·2831·290a·2020·2d20·4e49·5354·2d38··-7(1).··-·NIST-8
0003bb60:·636d·643a·207a·7970·7065·7220·696e·202d··cmd:·zypper·in·-0003bb60:·3030·2d35·332d·5349·2d37·2836·290a·2020··00-53-SI-7(6).··
0003bb70:·6620·2d79·0a20·2077·6865·6e3a·0a20·202d··f·-y.··when:.··-0003bb70:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-11
0003bb80:·206e·6f74·2028·2022·6b65·726e·656c·2220···not·(·"kernel"·0003bb80:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv4
0003bb90:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003bb90:·2d31·312e·352e·320a·2020·2d20·6869·6768··-11.5.2.··-·high
0003bba0:·2e70·6163·6b61·6765·7320·616e·6420·2272··.packages·and·"r0003bba0:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·
0003bbb0:·706d·2d6f·7374·7265·6522·2069·6e20·616e··pm-ostree"·in·an0003bbb0:·6869·6768·5f73·6576·6572·6974·790a·2020··high_severity.··
0003bbc0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003bbc0:·2d20·6d65·6469·756d·5f64·6973·7275·7074··-·medium_disrupt
0003bbd0:·6167·6573·0a20·2020·2061·6e64·2022·626f··ages.····and·"bo0003bbd0:·696f·6e0a·2020·2d20·6e6f·5f72·6562·6f6f··ion.··-·no_reboo
0003bbe0:·6f74·6322·2069·6e20·616e·7369·626c·655f··otc"·in·ansible_0003bbe0:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res
0003bbf0:·6661·6374·732e·7061·636b·6167·6573·2061··facts.packages·a0003bbf0:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.·
0003bc00:·6e64·206e·6f74·2022·6f70·656e·7368·6966··nd·not·"openshif0003bc00:·202d·2072·706d·5f76·6572·6966·795f·6861···-·rpm_verify_ha
Max diff block lines reached; 21874957/21931427 bytes (99.74%) of diff not shown.
1.68 MB
html2text {}
Max HTML report size reached
22.6 MB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-stig_gui.html
    
Offset 15191, 418 lines modifiedOffset 15191, 418 lines modified
0003b560:·6574·3d22·2369·646d·3533·3130·2220·7461··et="#idm5310"·ta0003b560:·6574·3d22·2369·646d·3533·3130·2220·7461··et="#idm5310"·ta
0003b570:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003b570:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b580:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003b580:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b590:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003b590:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b5a0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003b5a0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b5b0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003b5b0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
Diff chunk too large, falling back to line-by-line diff (404 lines added, 404 lines removed)
0003b5c0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003b5c0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b5d0:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet·0003b5d0:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
0003b5e0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·0003b5e0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003b5f0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col0003b5f0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003b600:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·0003b600:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003b610:·6964·3d22·6964·6d35·3331·3022·3e3c·7461··id="idm5310"><ta0003b610:·2269·646d·3533·3130·223e·3c70·7265·3e3c··"idm5310"><pre><
0003b620:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table0003b620:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
0003b630:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t0003b630:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
0003b640:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta0003b640:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
0003b650:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><0003b650:·2070·6c61·7466·6f72·6d73·0a69·6620·2120···platforms.if·!·
0003b660:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit0003b660:·2820·7b20·7270·6d20·2d2d·7175·6965·7420··(·{·rpm·--quiet·
0003b670:·793a·3c2f·7468·3e3c·7464·3e68·6967·683c··y:</th><td>high<0003b670:·2d71·206b·6572·6e65·6c20·3b7d·2026·616d··-q·kernel·;}·&am
0003b680:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b680:·703b·2661·6d70·3b20·7b20·7270·6d20·2d2d··p;&amp;·{·rpm·--
0003b690:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th0003b690:·7175·6965·7420·2d71·2072·706d·2d6f·7374··quiet·-q·rpm-ost
0003b6a0:·3e3c·7464·3e6d·6564·6975·6d3c·2f74·643e··><td>medium</td>0003b6a0:·7265·6520·3b7d·2026·616d·703b·2661·6d70··ree·;}·&amp;&amp
0003b6b0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb0003b6b0:·3b20·7b20·7270·6d20·2d2d·7175·6965·7420··;·{·rpm·--quiet·
0003b6c0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal0003b6c0:·2d71·2062·6f6f·7463·203b·7d20·2661·6d70··-q·bootc·;}·&amp
0003b6d0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>0003b6d0:·3b26·616d·703b·207b·2021·2072·706d·202d··;&amp;·{·!·rpm·-
0003b6e0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t0003b6e0:·2d71·7569·6574·202d·7120·6f70·656e·7368··-quiet·-q·opensh
0003b6f0:·683e·3c74·643e·7265·7374·7269·6374·3c2f··h><td>restrict</0003b6f0:·6966·742d·6b75·6265·6c65·7420·3b7d·2029··ift-kubelet·;}·)
0003b700:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>0003b700:·3b20·7468·656e·0a0a·2320·4669·6e64·2077··;·then..#·Find·w
0003b710:·3c70·7265·3e3c·636f·6465·3e2d·206e·616d··<pre><code>-·nam0003b710:·6869·6368·2066·696c·6573·2068·6176·6520··hich·files·have·
0003b720:·653a·2047·6174·6865·7220·7468·6520·7061··e:·Gather·the·pa0003b720:·696e·636f·7272·6563·7420·6861·7368·2028··incorrect·hash·(
0003b730:·636b·6167·6520·6661·6374·730a·2020·7061··ckage·facts.··pa0003b730:·6e6f·7420·696e·202f·6574·632c·2062·6563··not·in·/etc,·bec
0003b740:·636b·6167·655f·6661·6374·733a·0a20·2020··ckage_facts:.···0003b740:·6175·7365·206f·6620·7468·6520·7379·7374··ause·of·the·syst
0003b750:·206d·616e·6167·6572·3a20·6175·746f·0a20···manager:·auto.·0003b750:·656d·2072·656c·6174·6564·2063·6f6e·6669··em·related·confi
0003b760:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-0003b760:·6720·6669·6c65·7329·2061·6e64·2074·6865··g·files)·and·the
0003b770:·352e·3130·2e34·2e31·0a20·202d·2044·4953··5.10.4.1.··-·DIS0003b770:·6e20·6765·7420·6669·6c65·7320·6e61·6d65··n·get·files·name
0003b780:·412d·5354·4947·2d4f·4c30·372d·3030·2d30··A-STIG-OL07-00-00003b780:·730a·6669·6c65·735f·7769·7468·5f69·6e63··s.files_with_inc
0003b790:·3130·3032·300a·2020·2d20·4e49·5354·2d38··10020.··-·NIST-80003b790:·6f72·7265·6374·5f68·6173·683d·2224·2872··orrect_hash="$(r
0003b7a0:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-0003b7a0:·706d·202d·5661·202d·2d6e·6f63·6f6e·6669··pm·-Va·--noconfi
0003b7b0:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003b7b0:·6720·7c20·6772·6570·202d·4520·275e·2e2e··g·|·grep·-E·'^..
0003b7c0:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003b7c0:·3527·207c·2061·776b·2027·7b70·7269·6e74··5'·|·awk·'{print
0003b7d0:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·0003b7d0:·2024·4e46·7d27·2029·220a·0a69·6620·5b20···$NF}'·)"..if·[·
0003b7e0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003b7e0:·2d6e·2022·2466·696c·6573·5f77·6974·685f··-n·"$files_with_
0003b7f0:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-8000003b7f0:·696e·636f·7272·6563·745f·6861·7368·2220··incorrect_hash"·
0003b800:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·0003b800:·5d3b·2074·6865·6e0a·2020·2020·2320·4672··];·then.····#·Fr
0003b810:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003b810:·6f6d·2066·696c·6573·206e·616d·6573·2067··om·files·names·g
0003b820:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b820:·6574·2070·6163·6b61·6765·206e·616d·6573··et·package·names
0003b830:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS0003b830:·2061·6e64·2063·6861·6e67·6520·6e65·776c···and·change·newl
0003b840:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)0003b840:·696e·6520·746f·2073·7061·6365·2c20·6265··ine·to·space,·be
0003b850:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003b850:·6361·7573·6520·7270·6d20·7772·6974·6573··cause·rpm·writes
0003b860:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS0003b860:·2065·6163·6820·7061·636b·6167·6520·746f···each·package·to
0003b870:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h0003b870:·206e·6577·206c·696e·650a·2020·2020·7061···new·line.····pa
0003b880:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·0003b880:·636b·6167·6573·5f74·6f5f·7265·696e·7374··ckages_to_reinst
0003b890:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity0003b890:·616c·6c3d·2224·2872·706d·202d·7166·2024··all="$(rpm·-qf·$
0003b8a0:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003b8a0:·6669·6c65·735f·7769·7468·5f69·6e63·6f72··files_with_incor
0003b8b0:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re0003b8b0:·7265·6374·5f68·6173·6820·7c20·7472·2027··rect_hash·|·tr·'
0003b8c0:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003b8c0:·5c6e·2720·2720·2729·220a·0a20·2020·200a··\n'·'·')"..····.
0003b8d0:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0003b8d0:·2020·2020·7975·6d20·7265·696e·7374·616c······yum·reinstal
0003b8e0:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify0003b8e0:·6c20·2d79·2024·7061·636b·6167·6573·5f74··l·-y·$packages_t
0003b8f0:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:0003b8f0:·6f5f·7265·696e·7374·616c·6c0a·2020·2020··o_reinstall.····
0003b900:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack0003b900:·0a66·690a·0a65·6c73·650a·2020·2020·2667··.fi..else.····&g
0003b910:·6167·6520·6d61·6e61·6765·7220·7265·696e··age·manager·rein0003b910:·743b·2661·6d70·3b32·2065·6368·6f20·2752··t;&amp;2·echo·'R
0003b920:·7374·616c·6c20·636f·6d6d·616e·6427·0a20··stall·command'.·0003b920:·656d·6564·6961·7469·6f6e·2069·7320·6e6f··emediation·is·no
0003b930:·2073·6574·5f66·6163·743a·0a20·2020·2070···set_fact:.····p0003b930:·7420·6170·706c·6963·6162·6c65·2c20·6e6f··t·applicable,·no
0003b940:·6163·6b61·6765·5f6d·616e·6167·6572·5f72··ackage_manager_r0003b940:·7468·696e·6720·7761·7320·646f·6e65·270a··thing·was·done'.
0003b950:·6569·6e73·7461·6c6c·5f63·6d64·3a20·7975··einstall_cmd:·yu0003b950:·6669·0a3c·2f63·6f64·653e·3c2f·7072·653e··fi.</code></pre>
0003b960:·6d20·7265·696e·7374·616c·6c20·2d79·0a20··m·reinstall·-y.·0003b960:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="
0003b970:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003b970:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"
0003b980:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003b980:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co
0003b990:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003b990:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar
0003b9a0:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003b9a0:·6765·743d·2223·6964·6d35·3331·3122·2074··get="#idm5311"·t
0003b9b0:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003b9b0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003b9c0:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003b9c0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003b9d0:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003b9d0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003b9e0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b9e0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003b9f0:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003b9f0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003ba00:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003ba00:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003ba10:·6c65·7422·2069·6e20·616e·7369·626c·655f··let"·in·ansible_0003ba10:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet
0003ba20:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003ba20:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003ba30:·2020·2029·0a20·202d·2061·6e73·6962·6c65·····).··-·ansible0003ba30:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003ba40:·5f64·6973·7472·6962·7574·696f·6e20·696e··_distribution·in0003ba40:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003ba50:·205b·2022·4665·646f·7261·222c·2022·5265···[·"Fedora",·"Re0003ba50:·2069·643d·2269·646d·3533·3131·223e·3c74···id="idm5311"><t
0003ba60:·6448·6174·222c·2022·4365·6e74·4f53·222c··dHat",·"CentOS",0003ba60:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
0003ba70:·2022·4f72·6163·6c65·4c69·6e75·7822·205d···"OracleLinux"·]0003ba70:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
0003ba80:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003ba80:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
0003ba90:·532d·352e·3130·2e34·2e31·0a20·202d·2044··S-5.10.4.1.··-·D0003ba90:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
0003baa0:·4953·412d·5354·4947·2d4f·4c30·372d·3030··ISA-STIG-OL07-000003baa0:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
0003bab0:·2d30·3130·3032·300a·2020·2d20·4e49·5354··-010020.··-·NIST0003bab0:·7479·3a3c·2f74·683e·3c74·643e·6869·6768··ty:</th><td>high
0003bac0:·2d38·3030·2d31·3731·2d33·2e33·2e38·0a20··-800-171-3.3.8.·0003bac0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003bad0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-0003bad0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
0003bae0:·332e·342e·310a·2020·2d20·4e49·5354·2d38··3.4.1.··-·NIST-80003bae0:·683e·3c74·643e·6d65·6469·756d·3c2f·7464··h><td>medium</td
0003baf0:·3030·2d35·332d·4155·2d39·2833·290a·2020··00-53-AU-9(3).··0003baf0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
0003bb00:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003bb00:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
0003bb10:·2d36·2863·290a·2020·2d20·4e49·5354·2d38··-6(c).··-·NIST-80003bb10:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
0003bb20:·3030·2d35·332d·434d·2d36·2864·290a·2020··00-53-CM-6(d).··0003bb20:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
0003bb30:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003bb30:·7468·3e3c·7464·3e72·6573·7472·6963·743c··th><td>restrict<
0003bb40:·2d37·0a20·202d·204e·4953·542d·3830·302d··-7.··-·NIST-800-0003bb40:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
0003bb50:·3533·2d53·492d·3728·3129·0a20·202d·204e··53-SI-7(1).··-·N0003bb50:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na
0003bb60:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003bb60:·6d65·3a20·4761·7468·6572·2074·6865·2070··me:·Gather·the·p
0003bb70:·3629·0a20·202d·2050·4349·2d44·5353·2d52··6).··-·PCI-DSS-R0003bb70:·6163·6b61·6765·2066·6163·7473·0a20·2070··ackage·facts.··p
0003bb80:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI-0003bb80:·6163·6b61·6765·5f66·6163·7473·3a0a·2020··ackage_facts:.··
0003bb90:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··-0003bb90:·2020·6d61·6e61·6765·723a·2061·7574·6f0a····manager:·auto.
0003bba0:·2068·6967·685f·636f·6d70·6c65·7869·7479···high_complexity0003bba0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
0003bbb0:·0a20·202d·2068·6967·685f·7365·7665·7269··.··-·high_severi0003bbb0:·2d35·2e31·302e·342e·310a·2020·2d20·4449··-5.10.4.1.··-·DI
0003bbc0:·7479·0a20·202d·206d·6564·6975·6d5f·6469··ty.··-·medium_di0003bbc0:·5341·2d53·5449·472d·4f4c·3037·2d30·302d··SA-STIG-OL07-00-
0003bbd0:·7372·7570·7469·6f6e·0a20·202d·206e·6f5f··sruption.··-·no_0003bbd0:·3031·3030·3230·0a20·202d·204e·4953·542d··010020.··-·NIST-
0003bbe0:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.··0003bbe0:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··
0003bbf0:·2d20·7265·7374·7269·6374·5f73·7472·6174··-·restrict_strat0003bbf0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003bc00:·6567·790a·2020·2d20·7270·6d5f·7665·7269··egy.··-·rpm_veri0003bc00:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-80
0003bc10:·6679·5f68·6173·6865·730a·0a2d·206e·616d··fy_hashes..-·nam0003bc10:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-
0003bc20:·653a·2027·5365·7420·6661·6374·3a20·5061··e:·'Set·fact:·Pa0003bc20:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
0003bc30:·636b·6167·6520·6d61·6e61·6765·7220·7265··ckage·manager·re0003bc30:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-80
0003bc40:·696e·7374·616c·6c20·636f·6d6d·616e·6420··install·command·0003bc40:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-
0003bc50:·287a·7970·7065·7229·270a·2020·7365·745f··(zypper)'.··set_0003bc50:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003bc60:·6661·6374·3a0a·2020·2020·7061·636b·6167··fact:.····packag0003bc60:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
0003bc70:·655f·6d61·6e61·6765·725f·7265·696e·7374··e_manager_reinst0003bc70:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI
0003bc80:·616c·6c5f·636d·643a·207a·7970·7065·7220··all_cmd:·zypper·0003bc80:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(6
0003bc90:·696e·202d·6620·2d79·0a20·2077·6865·6e3a··in·-f·-y.··when:0003bc90:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re
0003bca0:·0a20·202d·206e·6f74·2028·2022·6b65·726e··.··-·not·(·"kern0003bca0:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D
0003bcb0:·656c·2220·696e·2061·6e73·6962·6c65·5f66··el"·in·ansible_f0003bcb0:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·
0003bcc0:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003bcc0:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.
0003bcd0:·6420·2272·706d·2d6f·7374·7265·6522·2069··d·"rpm-ostree"·i0003bcd0:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit
0003bce0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003bce0:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis
0003bcf0:·7061·636b·6167·6573·0a20·2020·2061·6e64··packages.····and0003bcf0:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r
0003bd00:·2022·626f·6f74·6322·2069·6e20·616e·7369···"bootc"·in·ansi0003bd00:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-
0003bd10:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003bd10:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate
0003bd20:·6573·2061·6e64·206e·6f74·2022·6f70·656e··es·and·not·"open0003bd20:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif
0003bd30:·7368·6966·742d·6b75·6265·6c65·7422·2069··shift-kubelet"·i0003bd30:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name
Max diff block lines reached; 21856021/21912353 bytes (99.74%) of diff not shown.
1.67 MB
html2text {}
Max HTML report size reached
23.9 MB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-anssi_bp28_enhanced.html
    
Offset 15058, 222 lines modifiedOffset 15058, 222 lines modified
0003ad10:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003ad10:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003ad20:·3d22·2369·646d·3536·3936·2220·7461·6269··="#idm5696"·tabi0003ad20:·3d22·2369·646d·3536·3936·2220·7461·6269··="#idm5696"·tabi
0003ad30:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003ad30:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003ad40:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003ad40:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003ad50:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003ad50:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003ad60:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003ad60:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003ad70:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003ad70:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003ad80:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003ad80:·223e·5265·6d65·6469·6174·696f·6e20·5075··">Remediation·Pu
 0003ad90:·7070·6574·2073·6e69·7070·6574·20e2·87b2··ppet·snippet·...
0003ad90:·6163·6f6e·6461·2073·6e69·7070·6574·20e2··aconda·snippet·. 
0003ada0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003adb0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003adc0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003add0:·643d·2269·646d·3536·3936·223e·3c74·6162··d="idm5696"><tab 
0003ade0:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003adf0:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003ae00:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003ae10:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003ae20:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003ae30:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003ae40:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003ae50:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003ae60:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003ae70:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003ae80:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003ae90:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003aea0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003aeb0:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003aec0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003aed0:·6f64·653e·0a70·6163·6b61·6765·202d·2d61··ode>.package·--a 
0003aee0:·6464·3d61·6964·650a·3c2f·636f·6465·3e3c··dd=aide.</code>< 
0003aef0:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003af00:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003af10:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003af20:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003af30:·612d·7461·7267·6574·3d22·2369·646d·3536··a-target="#idm56 
0003af40:·3937·2220·7461·6269·6e64·6578·3d22·3022··97"·tabindex="0" 
0003af50:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003af60:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003af70:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003af80:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003af90:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi 
0003afa0:·6174·696f·6e20·5075·7070·6574·2073·6e69··ation·Puppet·sni 
0003afb0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003afc0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003afd0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003afe0:·7073·6522·2069·643d·2269·646d·3536·3937··pse"·id="idm5697 
0003aff0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003b000:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003b010:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003b020:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003b030:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003b040:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003b050:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b060:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003b070:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b080:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003b090:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003b0a0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003b0b0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003b0c0:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003b0d0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003b0e0:·7072·653e·3c63·6f64·653e·696e·636c·7564··pre><code>includ 
0003b0f0:·6520·696e·7374·616c·6c5f·6169·6465·0a0a··e·install_aide.. 
0003b100:·636c·6173·7320·696e·7374·616c·6c5f·6169··class·install_ai 
0003b110:·6465·207b·0a20·2070·6163·6b61·6765·207b··de·{.··package·{ 
0003b120:·2027·6169·6465·273a·0a20·2020·2065·6e73···'aide':.····ens 
0003b130:·7572·6520·3d26·6774·3b20·2769·6e73·7461··ure·=&gt;·'insta 
0003b140:·6c6c·6564·272c·0a20·207d·0a7d·0a3c·2f63··lled',.··}.}.</c 
0003b150:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b160:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b170:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b180:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b190:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b1a0:·6964·6d35·3639·3822·2074·6162·696e·6465··idm5698"·tabinde 
0003b1b0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b1c0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b1d0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b1e0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b1f0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b200:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui 
0003b210:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
0003b220:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b230:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b240:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b250:·7073·6522·2069·643d·2269·646d·3536·3938··pse"·id="idm5698 
0003b260:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[ 
0003b270:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name· 
0003b280:·3d20·2261·6964·6522·0a76·6572·7369·6f6e··=·"aide".version 
0003b290:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></ 
0003b2a0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003b2b0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003b2c0:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003b2d0:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003b2e0:·2d74·6172·6765·743d·2223·6964·6d35·3639··-target="#idm569 
0003b2f0:·3922·2074·6162·696e·6465·783d·2230·2220··9"·tabindex="0"· 
0003b300:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003b310:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003b320:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003b330:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003b340:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003b350:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni 
0003b360:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b370:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b380:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b390:·7073·6522·2069·643d·2269·646d·3536·3939··pse"·id="idm5699 
0003b3a0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003b3b0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003b3c0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003b3d0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003b3e0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003b3f0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003b400:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b410:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003b420:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b430:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003b440:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003b450:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003b460:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003b470:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003b480:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003b490:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name 
0003b4a0:·3a20·4761·7468·6572·2074·6865·2070·6163··:·Gather·the·pac 
0003b4b0:·6b61·6765·2066·6163·7473·0a20·2070·6163··kage·facts.··pac 
0003b4c0:·6b61·6765·5f66·6163·7473·3a0a·2020·2020··kage_facts:.···· 
0003b4d0:·6d61·6e61·6765·723a·2061·7574·6f0a·2020··manager:·auto.·· 
0003b4e0:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5 
Max diff block lines reached; 22979618/23008902 bytes (99.87%) of diff not shown.
1.92 MB
html2text {}
Max HTML report size reached
24.2 MB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-anssi_bp28_high.html
    
Offset 15064, 221 lines modifiedOffset 15064, 221 lines modified
0003ad70:·6765·743d·2223·6964·6d35·3639·3622·2074··get="#idm5696"·t0003ad70:·6765·743d·2223·6964·6d35·3639·3622·2074··get="#idm5696"·t
0003ad80:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003ad80:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003ad90:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003ad90:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003ada0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003ada0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003adb0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003adb0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003adc0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003adc0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003add0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003add0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
 0003ade0:·2050·7570·7065·7420·736e·6970·7065·7420···Puppet·snippet·
0003ade0:·2041·6e61·636f·6e64·6120·736e·6970·7065···Anaconda·snippe 
0003adf0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003ae00:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003ae10:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003ae20:·2220·6964·3d22·6964·6d35·3639·3622·3e3c··"·id="idm5696">< 
0003ae30:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003ae40:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003ae50:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003ae60:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003ae70:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003ae80:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003ae90:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003aea0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003aeb0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003aec0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003aed0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003aee0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003aef0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003af00:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003af10:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003af20:·3e3c·636f·6465·3e0a·7061·636b·6167·6520··><code>.package· 
0003af30:·2d2d·6164·643d·6169·6465·0a3c·2f63·6f64··--add=aide.</cod 
0003af40:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003af50:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003af60:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003af70:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003af80:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003af90:·6d35·3639·3722·2074·6162·696e·6465·783d··m5697"·tabindex= 
0003afa0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003afb0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003afc0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003afd0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003afe0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003aff0:·6564·6961·7469·6f6e·2050·7570·7065·7420··ediation·Puppet· 
0003b000:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003b010:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b020:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b030:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5 
0003b040:·3639·3722·3e3c·7461·626c·6520·636c·6173··697"><table·clas 
0003b050:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003b060:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003b070:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003b080:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003b090:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003b0a0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b0b0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b0c0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b0d0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b0e0:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b0f0:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b100:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b110:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b120:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b130:·653e·3c70·7265·3e3c·636f·6465·3e69·6e63··e><pre><code>inc 
0003b140:·6c75·6465·2069·6e73·7461·6c6c·5f61·6964··lude·install_aid 
0003b150:·650a·0a63·6c61·7373·2069·6e73·7461·6c6c··e..class·install 
0003b160:·5f61·6964·6520·7b0a·2020·7061·636b·6167··_aide·{.··packag 
0003b170:·6520·7b20·2761·6964·6527·3a0a·2020·2020··e·{·'aide':.···· 
0003b180:·656e·7375·7265·203d·2667·743b·2027·696e··ensure·=&gt;·'in 
0003b190:·7374·616c·6c65·6427·2c0a·2020·7d0a·7d0a··stalled',.··}.}. 
0003b1a0:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003b1b0:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003b1c0:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003b1d0:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003b1e0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003b1f0:·3d22·2369·646d·3536·3938·2220·7461·6269··="#idm5698"·tabi 
0003b200:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003b210:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003b220:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003b230:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003b240:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003b250:·223e·5265·6d65·6469·6174·696f·6e20·4f53··">Remediation·OS 
0003b260:·4275·696c·6420·426c·7565·7072·696e·7420··Build·Blueprint· 
0003b270:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003b280:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b290:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b2a0:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5 
0003b2b0:·3639·3822·3e3c·7072·653e·3c63·6f64·653e··698"><pre><code> 
0003b2c0:·0a5b·5b70·6163·6b61·6765·735d·5d0a·6e61··.[[packages]].na 
0003b2d0:·6d65·203d·2022·6169·6465·220a·7665·7273··me·=·"aide".vers 
0003b2e0:·696f·6e20·3d20·222a·220a·3c2f·636f·6465··ion·=·"*".</code 
0003b2f0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b300:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b310:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b320:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b330:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b340:·3536·3939·2220·7461·6269·6e64·6578·3d22··5699"·tabindex=" 
0003b350:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b360:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b370:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b380:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b390:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b3a0:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible· 
0003b3b0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003b3c0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b3d0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b3e0:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5 
0003b3f0:·3639·3922·3e3c·7461·626c·6520·636c·6173··699"><table·clas 
0003b400:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003b410:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003b420:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003b430:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003b440:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003b450:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b460:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b470:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b480:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b490:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b4a0:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b4b0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b4c0:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b4d0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b4e0:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n 
0003b4f0:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the· 
0003b500:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.·· 
0003b510:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.· 
0003b520:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto 
0003b530:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI 
0003b540:·532d·352e·3130·2e31·2e33·0a20·202d·2044··S-5.10.1.3.··-·D 
Max diff block lines reached; 23285999/23315145 bytes (99.87%) of diff not shown.
1.94 MB
html2text {}
Max HTML report size reached
10.6 MB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-anssi_bp28_intermediary.html
    
Offset 15054, 221 lines modifiedOffset 15054, 221 lines modified
0003acd0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003acd0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003ace0:·6964·6d35·3639·3622·2074·6162·696e·6465··idm5696"·tabinde0003ace0:·6964·6d35·3639·3622·2074·6162·696e·6465··idm5696"·tabinde
0003acf0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003acf0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003ad00:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003ad00:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003ad10:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003ad10:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003ad20:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003ad20:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003ad30:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003ad30:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003ad40:·656d·6564·6961·7469·6f6e·2041·6e61·636f··emediation·Anaco0003ad40:·656d·6564·6961·7469·6f6e·2050·7570·7065··emediation·Puppe
0003ad50:·6e64·6120·736e·6970·7065·7420·e287·b23c··nda·snippet·...<0003ad50:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a
0003ad60:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003ad70:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003ad80:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003ad90:·6964·6d35·3639·3622·3e3c·7461·626c·6520··idm5696"><table· 
0003ada0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003adb0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003adc0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003add0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003ade0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003adf0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003ae00:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003ae10:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003ae20:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003ae30:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003ae40:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003ae50:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003ae60:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003ae70:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003ae80:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003ae90:·3e0a·7061·636b·6167·6520·2d2d·6164·643d··>.package·--add= 
0003aea0:·6169·6465·0a3c·2f63·6f64·653e·3c2f·7072··aide.</code></pr 
0003aeb0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003aec0:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003aed0:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003aee0:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003aef0:·6172·6765·743d·2223·6964·6d35·3639·3722··arget="#idm5697" 
0003af00:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003af10:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003af20:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003af30:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003af40:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003af50:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003af60:·6f6e·2050·7570·7065·7420·736e·6970·7065··on·Puppet·snippe 
0003af70:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003af80:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003af90:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003afa0:·2220·6964·3d22·6964·6d35·3639·3722·3e3c··"·id="idm5697">< 
0003afb0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003afc0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003afd0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003afe0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003aff0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003b000:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003b010:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b020:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b030:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b040:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b050:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b060:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b070:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b080:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b090:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b0a0:·3e3c·636f·6465·3e69·6e63·6c75·6465·2069··><code>include·i 
0003b0b0:·6e73·7461·6c6c·5f61·6964·650a·0a63·6c61··nstall_aide..cla 
0003b0c0:·7373·2069·6e73·7461·6c6c·5f61·6964·6520··ss·install_aide· 
0003b0d0:·7b0a·2020·7061·636b·6167·6520·7b20·2761··{.··package·{·'a 
0003b0e0:·6964·6527·3a0a·2020·2020·656e·7375·7265··ide':.····ensure 
0003b0f0:·203d·2667·743b·2027·696e·7374·616c·6c65···=&gt;·'installe 
0003b100:·6427·2c0a·2020·7d0a·7d0a·3c2f·636f·6465··d',.··}.}.</code 
0003b110:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b120:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b130:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b140:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b150:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b160:·3536·3938·2220·7461·6269·6e64·6578·3d22··5698"·tabindex=" 
0003b170:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b180:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b190:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b1a0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b1b0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b1c0:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild· 
0003b1d0:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003b1e0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b1f0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b200:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b210:·2220·6964·3d22·6964·6d35·3639·3822·3e3c··"·id="idm5698">< 
0003b220:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac 
0003b230:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·" 
0003b240:·6169·6465·220a·7665·7273·696f·6e20·3d20··aide".version·=· 
0003b250:·222a·220a·3c2f·636f·6465·3e3c·2f70·7265··"*".</code></pre 
0003b260:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b270:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b280:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b290:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b2a0:·7267·6574·3d22·2369·646d·3536·3939·2220··rget="#idm5699"· 
0003b2b0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003b2c0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003b2d0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003b2e0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003b2f0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003b300:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003b310:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe 
0003b320:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b330:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b340:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b350:·2220·6964·3d22·6964·6d35·3639·3922·3e3c··"·id="idm5699">< 
0003b360:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003b370:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003b380:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003b390:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003b3a0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003b3b0:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003b3c0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b3d0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b3e0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b3f0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b400:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b410:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b420:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b430:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b440:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b450:·3e3c·636f·6465·3e2d·206e·616d·653a·2047··><code>-·name:·G 
0003b460:·6174·6865·7220·7468·6520·7061·636b·6167··ather·the·packag 
0003b470:·6520·6661·6374·730a·2020·7061·636b·6167··e·facts.··packag 
0003b480:·655f·6661·6374·733a·0a20·2020·206d·616e··e_facts:.····man 
0003b490:·6167·6572·3a20·6175·746f·0a20·2074·6167··ager:·auto.··tag 
0003b4a0:·733a·0a20·202d·2043·4a49·532d·352e·3130··s:.··-·CJIS-5.10 
0003b4b0:·2e31·2e33·0a20·202d·2044·4953·412d·5354··.1.3.··-·DISA-ST 
Max diff block lines reached; 9981847/10010993 bytes (99.71%) of diff not shown.
1.02 MB
html2text {}
    
Offset 115, 38 lines modifiedOffset 115, 41 lines modified
115 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3115 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
116 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5116 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
117 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199117 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
118 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL08-00-010359118 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL08-00-010359
119 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79119 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
120 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2120 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
121 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-252654r958944_rule121 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-252654r958944_rule
122 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
123 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
124 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
125 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
126 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
127 package·--add=aide 
128 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8122 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
129 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low123 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
130 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low124 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
131 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false125 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
132 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable126 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
133 include·install_aide127 include·install_aide
  
134 class·install_aide·{128 class·install_aide·{
135 ··package·{·'aide':129 ··package·{·'aide':
136 ····ensure·=>·'installed',130 ····ensure·=>·'installed',
137 ··}131 ··}
138 }132 }
139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 138 #·Remediation·is·applicable·only·in·certain·platforms
 139 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then
  
140 [[packages]] 
141 name·=·"aide" 
142 version·=·"*"140 if·!·rpm·-q·--quiet·"aide"·;·then
 141 ····yum·install·-y·"aide"
 142 fi
  
 143 else
 144 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 145 fi
143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
148 -·name:·Gather·the·package·facts151 -·name:·Gather·the·package·facts
149 ··package_facts:152 ··package_facts:
Offset 177, 29 lines modifiedOffset 180, 26 lines modified
177 ··-·PCI-DSSv4-11.5.2180 ··-·PCI-DSSv4-11.5.2
178 ··-·enable_strategy181 ··-·enable_strategy
179 ··-·low_complexity182 ··-·low_complexity
180 ··-·low_disruption183 ··-·low_disruption
181 ··-·medium_severity184 ··-·medium_severity
182 ··-·no_reboot_needed185 ··-·no_reboot_needed
183 ··-·package_aide_installed186 ··-·package_aide_installed
 187 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 188 [[packages]]
 189 name·=·"aide"
 190 version·=·"*"
184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8191 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
185 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low192 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
186 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low193 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
187 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false194 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
188 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable195 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
189 #·Remediation·is·applicable·only·in·certain·platforms 
190 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then 
  
191 if·!·rpm·-q·--quiet·"aide"·;·then 
192 ····yum·install·-y·"aide" 
193 fi 
  
 196 package·--add=aide
194 else 
195 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
196 fi 
197 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*197 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
198 Run·the·following·command·to·generate·a·new·database:198 Run·the·following·command·to·generate·a·new·database:
199 $·sudo·/usr/sbin/aide·--init199 $·sudo·/usr/sbin/aide·--init
200 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the200 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the
201 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these201 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these
202 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their202 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
203 integrity.·The·newly-generated·database·can·be·installed·as·follows:203 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 225, 14 lines modifiedOffset 225, 28 lines modified
225 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3225 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
226 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5226 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
227 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199227 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
228 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL08-00-010359228 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL08-00-010359
229 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79229 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
230 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2230 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
231 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-252654r958944_rule231 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-252654r958944_rule
 232 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 233 #·Remediation·is·applicable·only·in·certain·platforms
 234 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then
  
 235 if·!·rpm·-q·--quiet·"aide"·;·then
 236 ····yum·install·-y·"aide"
 237 fi
  
 238 /usr/sbin/aide·--init
 239 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 240 else
 241 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 242 fi
232 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8243 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
233 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low244 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
234 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low245 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
235 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false246 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
236 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict247 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
237 -·name:·Gather·the·package·facts248 -·name:·Gather·the·package·facts
238 ··package_facts:249 ··package_facts:
Offset 322, 28 lines modifiedOffset 336, 14 lines modified
322 ··-·PCI-DSSv4-11.5.2336 ··-·PCI-DSSv4-11.5.2
323 ··-·aide_build_database337 ··-·aide_build_database
324 ··-·low_complexity338 ··-·low_complexity
325 ··-·low_disruption339 ··-·low_disruption
326 ··-·medium_severity340 ··-·medium_severity
327 ··-·no_reboot_needed341 ··-·no_reboot_needed
328 ··-·restrict_strategy342 ··-·restrict_strategy
329 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
330 #·Remediation·is·applicable·only·in·certain·platforms 
331 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then 
  
Max diff block lines reached; 1063391/1068772 bytes (99.50%) of diff not shown.
3.93 MB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-anssi_bp28_minimal.html
    
Offset 14725, 228 lines modifiedOffset 14725, 228 lines modified
00039840:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i00039840:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
00039850:·646d·3130·3539·3722·2074·6162·696e·6465··dm10597"·tabinde00039850:·646d·3130·3539·3722·2074·6162·696e·6465··dm10597"·tabinde
00039860:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt00039860:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
00039870:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande00039870:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
00039880:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=00039880:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
00039890:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev00039890:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
000398a0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R000398a0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
000398b0:·656d·6564·6961·7469·6f6e·2041·6e61·636f··emediation·Anaco000398b0:·656d·6564·6961·7469·6f6e·2050·7570·7065··emediation·Puppe
000398c0:·6e64·6120·736e·6970·7065·7420·e287·b23c··nda·snippet·...< 
000398d0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
000398e0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
000398f0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
00039900:·6964·6d31·3035·3937·223e·3c74·6162·6c65··idm10597"><table 
00039910:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
00039920:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
00039930:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
00039940:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
00039950:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
00039960:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
00039970:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis 
00039980:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td 
00039990:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
000399a0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
000399b0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
000399c0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
000399d0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e 
000399e0:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr>< 
000399f0:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod 
00039a00:·653e·0a70·6163·6b61·6765·202d·2d61·6464··e>.package·--add 
00039a10:·3d64·6e66·2d61·7574·6f6d·6174·6963·0a3c··=dnf-automatic.< 
00039a20:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
00039a30:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
00039a40:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
00039a50:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
00039a60:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
00039a70:·2223·6964·6d31·3035·3938·2220·7461·6269··"#idm10598"·tabi 
00039a80:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
00039a90:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
00039aa0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
00039ab0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
00039ac0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
00039ad0:·223e·5265·6d65·6469·6174·696f·6e20·5075··">Remediation·Pu 
00039ae0:·7070·6574·2073·6e69·7070·6574·20e2·87b2··ppet·snippet·... 
00039af0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
00039b00:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
00039b10:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
00039b20:·2269·646d·3130·3539·3822·3e3c·7461·626c··"idm10598"><tabl 
00039b30:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
00039b40:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
00039b50:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
00039b60:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
00039b70:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
00039b80:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
00039b90:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
00039ba0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
00039bb0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
00039bc0:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
00039bd0:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
00039be0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
00039bf0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
00039c00:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
00039c10:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
00039c20:·6465·3e69·6e63·6c75·6465·2069·6e73·7461··de>include·insta 
00039c30:·6c6c·5f64·6e66·2d61·7574·6f6d·6174·6963··ll_dnf-automatic 
00039c40:·0a0a·636c·6173·7320·696e·7374·616c·6c5f··..class·install_ 
00039c50:·646e·662d·6175·746f·6d61·7469·6320·7b0a··dnf-automatic·{. 
00039c60:·2020·7061·636b·6167·6520·7b20·2764·6e66····package·{·'dnf 
00039c70:·2d61·7574·6f6d·6174·6963·273a·0a20·2020··-automatic':.··· 
00039c80:·2065·6e73·7572·6520·3d26·6774·3b20·2769···ensure·=&gt;·'i 
00039c90:·6e73·7461·6c6c·6564·272c·0a20·207d·0a7d··nstalled',.··}.} 
00039ca0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
00039cb0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
00039cc0:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
00039cd0:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
00039ce0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
00039cf0:·743d·2223·6964·6d31·3035·3939·2220·7461··t="#idm10599"·ta 
00039d00:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
00039d10:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
00039d20:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
00039d30:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
00039d40:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
00039d50:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
00039d60:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
00039d70:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a000398c0:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a
00039d80:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=000398d0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
00039d90:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·000398e0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
00039da0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id000398f0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 00039900:·6d31·3035·3937·223e·3c74·6162·6c65·2063··m10597"><table·c
 00039910:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
 00039920:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
 00039930:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
 00039940:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
 00039950:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
 00039960:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 00039970:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
 00039980:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l
00039db0:·6d31·3035·3939·223e·3c70·7265·3e3c·636f··m10599"><pre><co 
00039dc0:·6465·3e0a·5b5b·7061·636b·6167·6573·5d5d··de>.[[packages]] 
00039dd0:·0a6e·616d·6520·3d20·2264·6e66·2d61·7574··.name·=·"dnf-aut 
00039de0:·6f6d·6174·6963·220a·7665·7273·696f·6e20··omatic".version· 
00039df0:·3d20·222a·220a·3c2f·636f·6465·3e3c·2f70··=·"*".</code></p 
00039e00:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
00039e10:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
00039e20:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
00039e30:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
00039e40:·7461·7267·6574·3d22·2369·646d·3130·3630··target="#idm1060 
00039e50:·3022·2074·6162·696e·6465·783d·2230·2220··0"·tabindex="0"· 
00039e60:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
00039e70:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
00039e80:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
00039e90:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
00039ea0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
00039eb0:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni 
00039ec0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
00039ed0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
00039ee0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
00039ef0:·7073·6522·2069·643d·2269·646d·3130·3630··pse"·id="idm1060 
00039f00:·3022·3e3c·7461·626c·6520·636c·6173·733d··0"><table·class= 
00039f10:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str 
00039f20:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde 
00039f30:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden 
00039f40:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com 
00039f50:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td 
00039f60:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t00039990:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
00039f70:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption 
00039f80:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t000399a0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>
 000399b0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></
Max diff block lines reached; 3832097/3862209 bytes (99.22%) of diff not shown.
250 KB
html2text {}
    
Offset 81, 38 lines modifiedOffset 81, 42 lines modified
81 Rationale:··dnf-automatic·is·an·alternative·command·line·interface·(CLI)·to·dnf·upgrade81 Rationale:··dnf-automatic·is·an·alternative·command·line·interface·(CLI)·to·dnf·upgrade
82 ············suitable·for·automatic,·regular·execution.82 ············suitable·for·automatic,·regular·execution.
83 Severity: ··medium83 Severity: ··medium
84 Rule·ID:····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed84 Rule·ID:····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed
85 ············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.285 ············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.2
86 References:·_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-0008086 References:·_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-00080
87 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R6187 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
88 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
89 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
90 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
91 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
92 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
93 package·--add=dnf-automatic 
94 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x888 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
95 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low89 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
96 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low90 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
97 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false91 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
98 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable92 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
99 include·install_dnf-automatic93 include·install_dnf-automatic
  
100 class·install_dnf-automatic·{94 class·install_dnf-automatic·{
101 ··package·{·'dnf-automatic':95 ··package·{·'dnf-automatic':
102 ····ensure·=>·'installed',96 ····ensure·=>·'installed',
103 ··}97 ··}
104 }98 }
105 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x899 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 100 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 101 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 102 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 103 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 104 #·Remediation·is·applicable·only·in·certain·platforms
 105 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-
 106 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
106 [[packages]] 
107 name·=·"dnf-automatic" 
108 version·=·"*"107 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then
 108 ····yum·install·-y·"dnf-automatic"
 109 fi
  
 110 else
 111 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 112 fi
109 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8113 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
110 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low114 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
111 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low115 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
112 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false116 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
113 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable117 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
114 -·name:·Gather·the·package·facts118 -·name:·Gather·the·package·facts
115 ··package_facts:119 ··package_facts:
Offset 136, 30 lines modifiedOffset 140, 26 lines modified
136 ··tags:140 ··tags:
137 ··-·enable_strategy141 ··-·enable_strategy
138 ··-·low_complexity142 ··-·low_complexity
139 ··-·low_disruption143 ··-·low_disruption
140 ··-·medium_severity144 ··-·medium_severity
141 ··-·no_reboot_needed145 ··-·no_reboot_needed
142 ··-·package_dnf-automatic_installed146 ··-·package_dnf-automatic_installed
 147 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 148 [[packages]]
 149 name·=·"dnf-automatic"
 150 version·=·"*"
143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low152 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low153 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false154 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable155 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
148 #·Remediation·is·applicable·only·in·certain·platforms 
149 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·- 
150 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
 156 package·--add=dnf-automatic
151 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then 
152 ····yum·install·-y·"dnf-automatic" 
153 fi 
  
154 else 
155 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
156 fi 
157 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*157 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
158 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed158 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed
159 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/159 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/
160 automatic.conf.160 automatic.conf.
161 ············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation161 ············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation
162 ············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and162 ············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and
163 Rationale:··updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in163 Rationale:··updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in
Offset 169, 54 lines modifiedOffset 169, 14 lines modified
169 Severity: ··medium169 Severity: ··medium
170 Rule·ID:····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates170 Rule·ID:····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates
171 ············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495171 ············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495
172 ············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)172 ············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)
173 References:·_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1173 References:·_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1
174 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260174 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260
175 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61175 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
176 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
177 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
178 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
179 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
180 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···unknown 
181 -·name:·Gather·the·package·facts 
182 ··package_facts: 
183 ····manager:·auto 
184 ··tags: 
185 ··-·NIST-800-53-CM-6(a) 
186 ··-·NIST-800-53-SI-2(5) 
187 ··-·NIST-800-53-SI-2(c) 
188 ··-·dnf-automatic_apply_updates 
189 ··-·low_complexity 
190 ··-·medium_disruption 
191 ··-·medium_severity 
192 ··-·no_reboot_needed 
193 ··-·unknown_strategy 
  
194 -·name:·Configure·dnf-automatic·to·Install·Available·Updates·Automatically 
195 ··ini_file: 
196 ····dest:·/etc/dnf/automatic.conf 
197 ····section:·commands 
198 ····option:·apply_updates 
199 ····value:·'yes' 
200 ····create:·true 
201 ··when:·not·(·"kernel"·in·ansible_facts.packages·and·"rpm-ostree"·in·ansible_facts.packages 
202 ····and·"bootc"·in·ansible_facts.packages·and·not·"openshift-kubelet"·in 
203 ansible_facts.packages 
204 ····) 
205 ··tags: 
Max diff block lines reached; 250462/255993 bytes (97.84%) of diff not shown.
10.5 MB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-cui.html
    
Offset 15098, 221 lines modifiedOffset 15098, 221 lines modified
0003af90:·6172·6765·743d·2223·6964·6d35·3639·3622··arget="#idm5696"0003af90:·6172·6765·743d·2223·6964·6d35·3639·3622··arget="#idm5696"
0003afa0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003afa0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003afb0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003afb0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003afc0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003afc0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003afd0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003afd0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003afe0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003afe0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003aff0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003aff0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
 0003b000:·6f6e·2050·7570·7065·7420·736e·6970·7065··on·Puppet·snippe
0003b000:·6f6e·2041·6e61·636f·6e64·6120·736e·6970··on·Anaconda·snip 
0003b010:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003b020:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003b030:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003b040:·7365·2220·6964·3d22·6964·6d35·3639·3622··se"·id="idm5696" 
0003b050:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t 
0003b060:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip 
0003b070:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere 
0003b080:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003b090:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl 
0003b0a0:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l 
0003b0b0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b0c0:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:< 
0003b0d0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003b0e0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb 
0003b0f0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal 
0003b100:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr> 
0003b110:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t 
0003b120:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td 
0003b130:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p 
0003b140:·7265·3e3c·636f·6465·3e0a·7061·636b·6167··re><code>.packag 
0003b150:·6520·2d2d·6164·643d·6169·6465·0a3c·2f63··e·--add=aide.</c 
0003b160:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b170:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b180:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b190:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b1a0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b1b0:·6964·6d35·3639·3722·2074·6162·696e·6465··idm5697"·tabinde 
0003b1c0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b1d0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b1e0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b1f0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b200:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b210:·656d·6564·6961·7469·6f6e·2050·7570·7065··emediation·Puppe 
0003b220:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003b230:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b240:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b250:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b260:·6d35·3639·3722·3e3c·7461·626c·6520·636c··m5697"><table·cl 
0003b270:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003b280:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003b290:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003b2a0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003b2b0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003b2c0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b2d0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003b2e0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003b2f0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b300:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003b310:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003b320:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003b330:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003b340:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
0003b350:·626c·653e·3c70·7265·3e3c·636f·6465·3e69··ble><pre><code>i 
0003b360:·6e63·6c75·6465·2069·6e73·7461·6c6c·5f61··nclude·install_a 
0003b370:·6964·650a·0a63·6c61·7373·2069·6e73·7461··ide..class·insta 
0003b380:·6c6c·5f61·6964·6520·7b0a·2020·7061·636b··ll_aide·{.··pack 
0003b390:·6167·6520·7b20·2761·6964·6527·3a0a·2020··age·{·'aide':.·· 
0003b3a0:·2020·656e·7375·7265·203d·2667·743b·2027····ensure·=&gt;·' 
0003b3b0:·696e·7374·616c·6c65·6427·2c0a·2020·7d0a··installed',.··}. 
0003b3c0:·7d0a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··}.</code></pre>< 
0003b3d0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003b3e0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003b3f0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003b400:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003b410:·6574·3d22·2369·646d·3536·3938·2220·7461··et="#idm5698"·ta 
0003b420:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003b430:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003b440:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003b450:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003b460:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003b470:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003b480:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
0003b490:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003b4a0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b4b0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b4c0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b4d0:·6d35·3639·3822·3e3c·7072·653e·3c63·6f64··m5698"><pre><cod 
0003b4e0:·653e·0a5b·5b70·6163·6b61·6765·735d·5d0a··e>.[[packages]]. 
0003b4f0:·6e61·6d65·203d·2022·6169·6465·220a·7665··name·=·"aide".ve 
0003b500:·7273·696f·6e20·3d20·222a·220a·3c2f·636f··rsion·=·"*".</co 
0003b510:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003b520:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003b530:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003b540:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003b550:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003b560:·646d·3536·3939·2220·7461·6269·6e64·6578··dm5699"·tabindex 
0003b570:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003b580:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003b590:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003b5a0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003b5b0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003b5c0:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl 
0003b5d0:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a 
0003b5e0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b5f0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b600:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b610:·6d35·3639·3922·3e3c·7461·626c·6520·636c··m5699"><table·cl 
0003b620:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003b630:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003b640:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003b650:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003b660:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003b670:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b680:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003b690:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003b6a0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b6b0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003b6c0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003b6d0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003b6e0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003b6f0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
0003b700:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>- 
0003b710:·206e·616d·653a·2047·6174·6865·7220·7468···name:·Gather·th 
0003b720:·6520·7061·636b·6167·6520·6661·6374·730a··e·package·facts. 
0003b730:·2020·7061·636b·6167·655f·6661·6374·733a····package_facts: 
0003b740:·0a20·2020·206d·616e·6167·6572·3a20·6175··.····manager:·au 
0003b750:·746f·0a20·2074·6167·733a·0a20·202d·2043··to.··tags:.··-·C 
0003b760:·4a49·532d·352e·3130·2e31·2e33·0a20·202d··JIS-5.10.1.3.··- 
Max diff block lines reached; 9772157/9801303 bytes (99.70%) of diff not shown.
1.12 MB
html2text {}
    
Offset 108, 38 lines modifiedOffset 108, 41 lines modified
108 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3108 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
109 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5109 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
110 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199110 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
111 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL08-00-010359111 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL08-00-010359
112 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79112 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
113 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2113 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
114 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-252654r958944_rule114 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-252654r958944_rule
115 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
116 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
117 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
118 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
119 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
120 package·--add=aide 
121 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8115 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
122 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low116 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
123 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low117 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
124 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false118 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
125 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable119 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
126 include·install_aide120 include·install_aide
  
127 class·install_aide·{121 class·install_aide·{
128 ··package·{·'aide':122 ··package·{·'aide':
129 ····ensure·=>·'installed',123 ····ensure·=>·'installed',
130 ··}124 ··}
131 }125 }
132 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8126 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 127 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 128 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 129 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 130 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 131 #·Remediation·is·applicable·only·in·certain·platforms
 132 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then
  
133 [[packages]] 
134 name·=·"aide" 
135 version·=·"*"133 if·!·rpm·-q·--quiet·"aide"·;·then
 134 ····yum·install·-y·"aide"
 135 fi
  
 136 else
 137 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 138 fi
136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low140 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low141 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false142 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable143 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
141 -·name:·Gather·the·package·facts144 -·name:·Gather·the·package·facts
142 ··package_facts:145 ··package_facts:
Offset 170, 29 lines modifiedOffset 173, 26 lines modified
170 ··-·PCI-DSSv4-11.5.2173 ··-·PCI-DSSv4-11.5.2
171 ··-·enable_strategy174 ··-·enable_strategy
172 ··-·low_complexity175 ··-·low_complexity
173 ··-·low_disruption176 ··-·low_disruption
174 ··-·medium_severity177 ··-·medium_severity
175 ··-·no_reboot_needed178 ··-·no_reboot_needed
176 ··-·package_aide_installed179 ··-·package_aide_installed
 180 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 181 [[packages]]
 182 name·=·"aide"
 183 version·=·"*"
177 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
178 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low185 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
179 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low186 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
180 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false187 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
181 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable188 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
182 #·Remediation·is·applicable·only·in·certain·platforms 
183 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then 
  
184 if·!·rpm·-q·--quiet·"aide"·;·then 
185 ····yum·install·-y·"aide" 
186 fi 
  
 189 package·--add=aide
187 else 
188 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
189 fi 
190 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules190 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules
191 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.191 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.
  
192 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Oracle·Linux·8.192 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Oracle·Linux·8.
  
193 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.193 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.
194 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·D\x8Dr\x8ra\x8ac\x8cu\x8ut\x8t·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8du\x8ul\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*194 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·D\x8Dr\x8ra\x8ac\x8cu\x8ut\x8t·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8du\x8ul\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
Offset 208, 14 lines modifiedOffset 208, 27 lines modified
208 ············_\x8i_\x8s_\x8m······1446208 ············_\x8i_\x8s_\x8m······1446
209 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1209 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
210 References:·_\x8n_\x8i_\x8s_\x8t·····SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12210 References:·_\x8n_\x8i_\x8s_\x8t·····SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
211 ············_\x8o_\x8s_\x8p_\x8p·····FCS_RBG_EXT.1211 ············_\x8o_\x8s_\x8p_\x8p·····FCS_RBG_EXT.1
212 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223212 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223
213 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···OL08-00-010020213 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···OL08-00-010020
214 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-248524r958408_rule214 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-248524r958408_rule
 215 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 216 #·Remediation·is·applicable·only·in·certain·platforms
 217 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·)·&&·{·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·};·then
  
 218 fips-mode-setup·--enable
 219 FIPS_CONF="/etc/dracut.conf.d/40-fips.conf"
 220 if·!·grep·"^add_dracutmodules+=\"·fips·\""·$FIPS_CONF;·then
 221 ····echo·"add_dracutmodules+=\"·fips·\""·>>·$FIPS_CONF
 222 fi
  
 223 else
 224 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 225 fi
215 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8226 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
216 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·medium227 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·medium
217 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium228 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
218 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true229 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
219 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict230 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
220 -·name:·Gather·the·package·facts231 -·name:·Gather·the·package·facts
221 ··package_facts:232 ··package_facts:
Offset 305, 27 lines modifiedOffset 318, 14 lines modified
305 ··-·NIST-800-53-SC-13318 ··-·NIST-800-53-SC-13
306 ··-·enable_dracut_fips_module319 ··-·enable_dracut_fips_module
307 ··-·high_severity320 ··-·high_severity
308 ··-·medium_complexity321 ··-·medium_complexity
309 ··-·medium_disruption322 ··-·medium_disruption
310 ··-·reboot_required323 ··-·reboot_required
311 ··-·restrict_strategy324 ··-·restrict_strategy
312 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
313 #·Remediation·is·applicable·only·in·certain·platforms 
314 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·)·&&·{·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·};·then 
  
315 fips-mode-setup·--enable 
Max diff block lines reached; 1163574/1170025 bytes (99.45%) of diff not shown.
6.81 MB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-e8.html
    
Offset 15137, 408 lines modifiedOffset 15137, 408 lines modified
0003b200:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003b200:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003b210:·6d35·3335·3922·2074·6162·696e·6465·783d··m5359"·tabindex=0003b210:·6d35·3335·3922·2074·6162·696e·6465·783d··m5359"·tabindex=
0003b220:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003b220:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003b230:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003b230:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003b240:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003b240:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003b250:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003b250:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b260:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003b260:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
0003b270:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible0003b270:·6564·6961·7469·6f6e·2053·6865·6c6c·2073··ediation·Shell·s
0003b280:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>0003b280:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br
0003b290:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="0003b290:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003b2a0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c0003b2a0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003b2b0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm0003b2b0:·6170·7365·2220·6964·3d22·6964·6d35·3335··apse"·id="idm535
0003b2c0:·3533·3539·223e·3c74·6162·6c65·2063·6c61··5359"><table·cla0003b2c0:·3922·3e3c·7072·653e·3c63·6f64·653e·2320··9"><pre><code>#·
0003b2d0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-0003b2d0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
0003b2e0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo0003b2e0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
0003b2f0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con0003b2f0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
0003b300:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>0003b300:·726d·730a·6966·2021·2028·207b·2072·706d··rms.if·!·(·{·rpm
0003b310:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>0003b310:·202d·2d71·7569·6574·202d·7120·6b65·726e···--quiet·-q·kern
0003b320:·3c74·643e·6869·6768·3c2f·7464·3e3c·2f74··<td>high</td></t0003b320:·656c·203b·7d20·2661·6d70·3b26·616d·703b··el·;}·&amp;&amp;
0003b330:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup0003b330:·207b·2072·706d·202d·2d71·7569·6574·202d···{·rpm·--quiet·-
0003b340:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6d65··tion:</th><td>me0003b340:·7120·7270·6d2d·6f73·7472·6565·203b·7d20··q·rpm-ostree·;}·
0003b350:·6469·756d·3c2f·7464·3e3c·2f74·723e·3c74··dium</td></tr><t0003b350:·2661·6d70·3b26·616d·703b·207b·2072·706d··&amp;&amp;·{·rpm
0003b360:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t0003b360:·202d·2d71·7569·6574·202d·7120·626f·6f74···--quiet·-q·boot
0003b370:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>0003b370:·6320·3b7d·2026·616d·703b·2661·6d70·3b20··c·;}·&amp;&amp;·
0003b380:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str0003b380:·7b20·2120·7270·6d20·2d2d·7175·6965·7420··{·!·rpm·--quiet·
0003b390:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r0003b390:·2d71·206f·7065·6e73·6869·6674·2d6b·7562··-q·openshift-kub
0003b3a0:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr0003b3a0:·656c·6574·203b·7d20·293b·2074·6865·6e0a··elet·;}·);·then.
0003b3b0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c0003b3b0:·0a23·2046·696e·6420·7768·6963·6820·6669··.#·Find·which·fi
0003b3c0:·6f64·653e·2d20·6e61·6d65·3a20·4761·7468··ode>-·name:·Gath0003b3c0:·6c65·7320·6861·7665·2069·6e63·6f72·7265··les·have·incorre
0003b3d0:·6572·2074·6865·2070·6163·6b61·6765·2066··er·the·package·f0003b3d0:·6374·2068·6173·6820·286e·6f74·2069·6e20··ct·hash·(not·in·
0003b3e0:·6163·7473·0a20·2070·6163·6b61·6765·5f66··acts.··package_f0003b3e0:·2f65·7463·2c20·6265·6361·7573·6520·6f66··/etc,·because·of
0003b3f0:·6163·7473·3a0a·2020·2020·6d61·6e61·6765··acts:.····manage0003b3f0:·2074·6865·2073·7973·7465·6d20·7265·6c61···the·system·rela
0003b400:·723a·2061·7574·6f0a·2020·7461·6773·3a0a··r:·auto.··tags:.0003b400:·7465·6420·636f·6e66·6967·2066·696c·6573··ted·config·files
0003b410:·2020·2d20·434a·4953·2d35·2e31·302e·342e····-·CJIS-5.10.4.0003b410:·2920·616e·6420·7468·656e·2067·6574·2066··)·and·then·get·f
0003b420:·310a·2020·2d20·4e49·5354·2d38·3030·2d31··1.··-·NIST-800-10003b420:·696c·6573·206e·616d·6573·0a66·696c·6573··iles·names.files
0003b430:·3731·2d33·2e33·2e38·0a20·202d·204e·4953··71-3.3.8.··-·NIS0003b430:·5f77·6974·685f·696e·636f·7272·6563·745f··_with_incorrect_
0003b440:·542d·3830·302d·3137·312d·332e·342e·310a··T-800-171-3.4.1.0003b440:·6861·7368·3d22·2428·7270·6d20·2d56·6120··hash="$(rpm·-Va·
0003b450:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b450:·2d2d·6e6f·636f·6e66·6967·207c·2067·7265··--noconfig·|·gre
0003b460:·4155·2d39·2833·290a·2020·2d20·4e49·5354··AU-9(3).··-·NIST0003b460:·7020·2d45·2027·5e2e·2e35·2720·7c20·6177··p·-E·'^..5'·|·aw
0003b470:·2d38·3030·2d35·332d·434d·2d36·2863·290a··-800-53-CM-6(c).0003b470:·6b20·277b·7072·696e·7420·244e·467d·2720··k·'{print·$NF}'·
0003b480:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b480:·2922·0a0a·6966·205b·202d·6e20·2224·6669··)"..if·[·-n·"$fi
0003b490:·434d·2d36·2864·290a·2020·2d20·4e49·5354··CM-6(d).··-·NIST0003b490:·6c65·735f·7769·7468·5f69·6e63·6f72·7265··les_with_incorre
0003b4a0:·2d38·3030·2d35·332d·5349·2d37·0a20·202d··-800-53-SI-7.··-0003b4a0:·6374·5f68·6173·6822·205d·3b20·7468·656e··ct_hash"·];·then
0003b4b0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003b4b0:·0a20·2020·2023·2046·726f·6d20·6669·6c65··.····#·From·file
0003b4c0:·3728·3129·0a20·202d·204e·4953·542d·3830··7(1).··-·NIST-800003b4c0:·7320·6e61·6d65·7320·6765·7420·7061·636b··s·names·get·pack
0003b4d0:·302d·3533·2d53·492d·3728·3629·0a20·202d··0-53-SI-7(6).··-0003b4d0:·6167·6520·6e61·6d65·7320·616e·6420·6368··age·names·and·ch
0003b4e0:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.0003b4e0:·616e·6765·206e·6577·6c69·6e65·2074·6f20··ange·newline·to·
0003b4f0:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-0003b4f0:·7370·6163·652c·2062·6563·6175·7365·2072··space,·because·r
0003b500:·3131·2e35·2e32·0a20·202d·2068·6967·685f··11.5.2.··-·high_0003b500:·706d·2077·7269·7465·7320·6561·6368·2070··pm·writes·each·p
0003b510:·636f·6d70·6c65·7869·7479·0a20·202d·2068··complexity.··-·h0003b510:·6163·6b61·6765·2074·6f20·6e65·7720·6c69··ackage·to·new·li
0003b520:·6967·685f·7365·7665·7269·7479·0a20·202d··igh_severity.··-0003b520:·6e65·0a20·2020·2070·6163·6b61·6765·735f··ne.····packages_
0003b530:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti0003b530:·746f·5f72·6569·6e73·7461·6c6c·3d22·2428··to_reinstall="$(
0003b540:·6f6e·0a20·202d·206e·6f5f·7265·626f·6f74··on.··-·no_reboot0003b540:·7270·6d20·2d71·6620·2466·696c·6573·5f77··rpm·-qf·$files_w
0003b550:·5f6e·6565·6465·640a·2020·2d20·7265·7374··_needed.··-·rest0003b550:·6974·685f·696e·636f·7272·6563·745f·6861··ith_incorrect_ha
0003b560:·7269·6374·5f73·7472·6174·6567·790a·2020··rict_strategy.··0003b560:·7368·207c·2074·7220·275c·6e27·2027·2027··sh·|·tr·'\n'·'·'
0003b570:·2d20·7270·6d5f·7665·7269·6679·5f68·6173··-·rpm_verify_has0003b570:·2922·0a0a·2020·2020·0a20·2020·2079·756d··)"..····.····yum
0003b580:·6865·730a·0a2d·206e·616d·653a·2027·5365··hes..-·name:·'Se0003b580:·2072·6569·6e73·7461·6c6c·202d·7920·2470···reinstall·-y·$p
0003b590:·7420·6661·6374·3a20·5061·636b·6167·6520··t·fact:·Package·0003b590:·6163·6b61·6765·735f·746f·5f72·6569·6e73··ackages_to_reins
0003b5a0:·6d61·6e61·6765·7220·7265·696e·7374·616c··manager·reinstal0003b5a0:·7461·6c6c·0a20·2020·200a·6669·0a0a·656c··tall.····.fi..el
0003b5b0:·6c20·636f·6d6d·616e·6427·0a20·2073·6574··l·command'.··set0003b5b0:·7365·0a20·2020·2026·6774·3b26·616d·703b··se.····&gt;&amp;
0003b5c0:·5f66·6163·743a·0a20·2020·2070·6163·6b61··_fact:.····packa0003b5c0:·3220·6563·686f·2027·5265·6d65·6469·6174··2·echo·'Remediat
0003b5d0:·6765·5f6d·616e·6167·6572·5f72·6569·6e73··ge_manager_reins0003b5d0:·696f·6e20·6973·206e·6f74·2061·7070·6c69··ion·is·not·appli
0003b5e0:·7461·6c6c·5f63·6d64·3a20·7975·6d20·7265··tall_cmd:·yum·re0003b5e0:·6361·626c·652c·206e·6f74·6869·6e67·2077··cable,·nothing·w
0003b5f0:·696e·7374·616c·6c20·2d79·0a20·2077·6865··install·-y.··whe0003b5f0:·6173·2064·6f6e·6527·0a66·690a·3c2f·636f··as·done'.fi.</co
0003b600:·6e3a·0a20·202d·206e·6f74·2028·2022·6b65··n:.··-·not·(·"ke0003b600:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
0003b610:·726e·656c·2220·696e·2061·6e73·6962·6c65··rnel"·in·ansible0003b610:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
0003b620:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003b620:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
0003b630:·616e·6420·2272·706d·2d6f·7374·7265·6522··and·"rpm-ostree"0003b630:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
0003b640:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003b640:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003b650:·732e·7061·636b·6167·6573·0a20·2020·2061··s.packages.····a0003b650:·646d·3533·3630·2220·7461·6269·6e64·6578··dm5360"·tabindex
0003b660:·6e64·2022·626f·6f74·6322·2069·6e20·616e··nd·"bootc"·in·an0003b660:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003b670:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003b670:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003b680:·6167·6573·2061·6e64·206e·6f74·2022·6f70··ages·and·not·"op0003b680:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003b690:·656e·7368·6966·742d·6b75·6265·6c65·7422··enshift-kubelet"0003b690:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003b6a0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003b6a0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003b6b0:·732e·7061·636b·6167·6573·0a20·2020·2029··s.packages.····)0003b6b0:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl
0003b6c0:·0a20·202d·2061·6e73·6962·6c65·5f64·6973··.··-·ansible_dis0003b6c0:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a
0003b6d0:·7472·6962·7574·696f·6e20·696e·205b·2022··tribution·in·[·"0003b6d0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003b6e0:·4665·646f·7261·222c·2022·5265·6448·6174··Fedora",·"RedHat0003b6e0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003b6f0:·222c·2022·4365·6e74·4f53·222c·2022·4f72··",·"CentOS",·"Or0003b6f0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003b700:·6163·6c65·4c69·6e75·7822·205d·0a20·2074··acleLinux"·].··t0003b700:·6d35·3336·3022·3e3c·7461·626c·6520·636c··m5360"><table·cl
0003b710:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.0003b710:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
0003b720:·3130·2e34·2e31·0a20·202d·204e·4953·542d··10.4.1.··-·NIST-0003b720:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003b730:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··0003b730:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
0003b740:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003b740:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
0003b750:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-800003b750:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003b760:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-0003b760:·3e3c·7464·3e68·6967·683c·2f74·643e·3c2f··><td>high</td></
0003b770:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-0003b770:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
0003b780:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-800003b780:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6d··ption:</th><td>m
0003b790:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-0003b790:·6564·6975·6d3c·2f74·643e·3c2f·7472·3e3c··edium</td></tr><
0003b7a0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003b7a0:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</
0003b7b0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-50003b7b0:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td
0003b7c0:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI0003b7c0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
0003b7d0:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(60003b7d0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
0003b7e0:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re0003b7e0:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t
0003b7f0:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D0003b7f0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
0003b800:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·0003b800:·636f·6465·3e2d·206e·616d·653a·2047·6174··code>-·name:·Gat
0003b810:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.0003b810:·6865·7220·7468·6520·7061·636b·6167·6520··her·the·package·
0003b820:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit0003b820:·6661·6374·730a·2020·7061·636b·6167·655f··facts.··package_
0003b830:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis0003b830:·6661·6374·733a·0a20·2020·206d·616e·6167··facts:.····manag
0003b840:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r0003b840:·6572·3a20·6175·746f·0a20·2074·6167·733a··er:·auto.··tags:
0003b850:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-0003b850:·0a20·202d·2043·4a49·532d·352e·3130·2e34··.··-·CJIS-5.10.4
0003b860:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate0003b860:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-
0003b870:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif0003b870:·3137·312d·332e·332e·380a·2020·2d20·4e49··171-3.3.8.··-·NI
0003b880:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name0003b880:·5354·2d38·3030·2d31·3731·2d33·2e34·2e31··ST-800-171-3.4.1
0003b890:·3a20·2753·6574·2066·6163·743a·2050·6163··:·'Set·fact:·Pac0003b890:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003b8a0:·6b61·6765·206d·616e·6167·6572·2072·6569··kage·manager·rei0003b8a0:·2d41·552d·3928·3329·0a20·202d·204e·4953··-AU-9(3).··-·NIS
0003b8b0:·6e73·7461·6c6c·2063·6f6d·6d61·6e64·2028··nstall·command·(0003b8b0:·542d·3830·302d·3533·2d43·4d2d·3628·6329··T-800-53-CM-6(c)
0003b8c0:·7a79·7070·6572·2927·0a20·2073·6574·5f66··zypper)'.··set_f0003b8c0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003b8d0:·6163·743a·0a20·2020·2070·6163·6b61·6765··act:.····package0003b8d0:·2d43·4d2d·3628·6429·0a20·202d·204e·4953··-CM-6(d).··-·NIS
0003b8e0:·5f6d·616e·6167·6572·5f72·6569·6e73·7461··_manager_reinsta0003b8e0:·542d·3830·302d·3533·2d53·492d·370a·2020··T-800-53-SI-7.··
0003b8f0:·6c6c·5f63·6d64·3a20·7a79·7070·6572·2069··ll_cmd:·zypper·i0003b8f0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI
0003b900:·6e20·2d66·202d·790a·2020·7768·656e·3a0a··n·-f·-y.··when:.0003b900:·2d37·2831·290a·2020·2d20·4e49·5354·2d38··-7(1).··-·NIST-8
0003b910:·2020·2d20·6e6f·7420·2820·226b·6572·6e65····-·not·(·"kerne0003b910:·3030·2d35·332d·5349·2d37·2836·290a·2020··00-53-SI-7(6).··
0003b920:·6c22·2069·6e20·616e·7369·626c·655f·6661··l"·in·ansible_fa0003b920:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-11
0003b930:·6374·732e·7061·636b·6167·6573·2061·6e64··cts.packages·and0003b930:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv4
0003b940:·2022·7270·6d2d·6f73·7472·6565·2220·696e···"rpm-ostree"·in0003b940:·2d31·312e·352e·320a·2020·2d20·6869·6768··-11.5.2.··-·high
0003b950:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003b950:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·
0003b960:·6163·6b61·6765·730a·2020·2020·616e·6420··ackages.····and·0003b960:·6869·6768·5f73·6576·6572·6974·790a·2020··high_severity.··
0003b970:·2262·6f6f·7463·2220·696e·2061·6e73·6962··"bootc"·in·ansib0003b970:·2d20·6d65·6469·756d·5f64·6973·7275·7074··-·medium_disrupt
0003b980:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003b980:·696f·6e0a·2020·2d20·6e6f·5f72·6562·6f6f··ion.··-·no_reboo
0003b990:·7320·616e·6420·6e6f·7420·226f·7065·6e73··s·and·not·"opens0003b990:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res
0003b9a0:·6869·6674·2d6b·7562·656c·6574·2220·696e··hift-kubelet"·in0003b9a0:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.·
0003b9b0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003b9b0:·202d·2072·706d·5f76·6572·6966·795f·6861···-·rpm_verify_ha
0003b9c0:·6163·6b61·6765·730a·2020·2020·290a·2020··ackages.····).··0003b9c0:·7368·6573·0a0a·2d20·6e61·6d65·3a20·2753··shes..-·name:·'S
0003b9d0:·2d20·616e·7369·626c·655f·6469·7374·7269··-·ansible_distri0003b9d0:·6574·2066·6163·743a·2050·6163·6b61·6765··et·fact:·Package
Max diff block lines reached; 6407514/6462466 bytes (99.15%) of diff not shown.
665 KB
html2text {}
    
Offset 102, 14 lines modifiedOffset 102, 33 lines modified
102 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6102 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
103 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4103 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
104 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)104 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
105 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1105 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
106 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5106 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
107 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227107 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
108 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2108 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 109 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 110 #·Remediation·is·applicable·only·in·certain·platforms
 111 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 112 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 113 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 114 if·[·-n·"$files_with_incorrect_hash"·];·then
 115 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 116 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 117 ····yum·reinstall·-y·$packages_to_reinstall
  
 118 fi
  
 119 else
 120 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 121 fi
109 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8122 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
110 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high123 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
111 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium124 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
112 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false125 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
113 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict126 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
114 -·name:·Gather·the·package·facts127 -·name:·Gather·the·package·facts
115 ··package_facts:128 ··package_facts:
Offset 276, 33 lines modifiedOffset 295, 14 lines modified
276 ··-·PCI-DSSv4-11.5.2295 ··-·PCI-DSSv4-11.5.2
277 ··-·high_complexity296 ··-·high_complexity
278 ··-·high_severity297 ··-·high_severity
279 ··-·medium_disruption298 ··-·medium_disruption
280 ··-·no_reboot_needed299 ··-·no_reboot_needed
281 ··-·restrict_strategy300 ··-·restrict_strategy
282 ··-·rpm_verify_hashes301 ··-·rpm_verify_hashes
283 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
284 #·Remediation·is·applicable·only·in·certain·platforms 
285 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
286 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
287 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
288 if·[·-n·"$files_with_incorrect_hash"·];·then 
289 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
290 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
291 ····yum·reinstall·-y·$packages_to_reinstall 
  
292 fi 
  
293 else 
294 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
295 fi 
296 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*302 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
297 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:303 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
298 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'304 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
299 run·the·following·command·to·determine·which·package·owns·it:305 run·the·following·command·to·determine·which·package·owns·it:
300 $·rpm·-qf·FILENAME306 $·rpm·-qf·FILENAME
301 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:307 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
302 $·sudo·rpm·--restore·PACKAGENAME308 $·sudo·rpm·--restore·PACKAGENAME
Offset 321, 14 lines modifiedOffset 321, 46 lines modified
321 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5321 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
322 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2322 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
323 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)323 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
324 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1324 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
325 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5325 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
326 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108326 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
327 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2327 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 328 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 329 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 330 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 331 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 332 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 333 #·Remediation·is·applicable·only·in·certain·platforms
 334 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 335 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 336 declare·-A·SETPERMS_RPM_DICT
  
 337 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 338 #·is·expected·by·the·RPM·database
 339 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 340 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 341 do
 342 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 343 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 344 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 345 done
  
 346 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 347 #·correct·values
 348 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 349 do
 350 ········rpm·--restore·"${RPM_PACKAGE}"
 351 done
  
 352 else
 353 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 354 fi
328 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8355 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
329 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high356 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
330 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium357 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
331 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false358 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
332 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict359 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
333 -·name:·Gather·the·package·facts360 -·name:·Gather·the·package·facts
334 ··package_facts:361 ··package_facts:
Offset 436, 46 lines modifiedOffset 468, 14 lines modified
436 ··-·PCI-DSSv4-11.5.2468 ··-·PCI-DSSv4-11.5.2
437 ··-·high_complexity469 ··-·high_complexity
438 ··-·high_severity470 ··-·high_severity
439 ··-·medium_disruption471 ··-·medium_disruption
440 ··-·no_reboot_needed472 ··-·no_reboot_needed
441 ··-·restrict_strategy473 ··-·restrict_strategy
442 ··-·rpm_verify_ownership474 ··-·rpm_verify_ownership
443 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
444 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
445 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
446 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
447 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 673001/680712 bytes (98.87%) of diff not shown.
17.8 MB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-hipaa.html
    
Offset 15162, 408 lines modifiedOffset 15162, 408 lines modified
0003b390:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003b390:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b3a0:·3533·3539·2220·7461·6269·6e64·6578·3d22··5359"·tabindex="0003b3a0:·3533·3539·2220·7461·6269·6e64·6578·3d22··5359"·tabindex="
0003b3b0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003b3b0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b3c0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003b3c0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b3d0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003b3d0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b3e0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003b3e0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b3f0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003b3f0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003b400:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·0003b400:·6469·6174·696f·6e20·5368·656c·6c20·7363··diation·Shell·sc
0003b410:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003b410:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
0003b420:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003b420:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003b430:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003b430:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003b440:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm50003b440:·7073·6522·2069·643d·2269·646d·3533·3539··pse"·id="idm5359
0003b450:·3335·3922·3e3c·7461·626c·6520·636c·6173··359"><table·clas0003b450:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
0003b460:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s0003b460:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
0003b470:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor0003b470:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
0003b480:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond0003b480:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
0003b490:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C0003b490:·6d73·0a69·6620·2120·2820·7b20·7270·6d20··ms.if·!·(·{·rpm·
0003b4a0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><0003b4a0:·2d2d·7175·6965·7420·2d71·206b·6572·6e65··--quiet·-q·kerne
0003b4b0:·7464·3e68·6967·683c·2f74·643e·3c2f·7472··td>high</td></tr0003b4b0:·6c20·3b7d·2026·616d·703b·2661·6d70·3b20··l·;}·&amp;&amp;·
0003b4c0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt0003b4c0:·7b20·7270·6d20·2d2d·7175·6965·7420·2d71··{·rpm·--quiet·-q
0003b4d0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6d·6564··ion:</th><td>med0003b4d0:·2072·706d·2d6f·7374·7265·6520·3b7d·2026···rpm-ostree·;}·&
0003b4e0:·6975·6d3c·2f74·643e·3c2f·7472·3e3c·7472··ium</td></tr><tr0003b4e0:·616d·703b·2661·6d70·3b20·7b20·7270·6d20··amp;&amp;·{·rpm·
0003b4f0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th0003b4f0:·2d2d·7175·6965·7420·2d71·2062·6f6f·7463··--quiet·-q·bootc
0003b500:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><0003b500:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003b510:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra0003b510:·2021·2072·706d·202d·2d71·7569·6574·202d···!·rpm·--quiet·-
0003b520:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re0003b520:·7120·6f70·656e·7368·6966·742d·6b75·6265··q·openshift-kube
0003b530:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>0003b530:·6c65·7420·3b7d·2029·3b20·7468·656e·0a0a··let·;}·);·then..
0003b540:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co0003b540:·2320·4669·6e64·2077·6869·6368·2066·696c··#·Find·which·fil
0003b550:·6465·3e2d·206e·616d·653a·2047·6174·6865··de>-·name:·Gathe0003b550:·6573·2068·6176·6520·696e·636f·7272·6563··es·have·incorrec
0003b560:·7220·7468·6520·7061·636b·6167·6520·6661··r·the·package·fa0003b560:·7420·6861·7368·2028·6e6f·7420·696e·202f··t·hash·(not·in·/
0003b570:·6374·730a·2020·7061·636b·6167·655f·6661··cts.··package_fa0003b570:·6574·632c·2062·6563·6175·7365·206f·6620··etc,·because·of·
0003b580:·6374·733a·0a20·2020·206d·616e·6167·6572··cts:.····manager0003b580:·7468·6520·7379·7374·656d·2072·656c·6174··the·system·relat
0003b590:·3a20·6175·746f·0a20·2074·6167·733a·0a20··:·auto.··tags:.·0003b590:·6564·2063·6f6e·6669·6720·6669·6c65·7329··ed·config·files)
0003b5a0:·202d·2043·4a49·532d·352e·3130·2e34·2e31···-·CJIS-5.10.4.10003b5a0:·2061·6e64·2074·6865·6e20·6765·7420·6669···and·then·get·fi
0003b5b0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170003b5b0:·6c65·7320·6e61·6d65·730a·6669·6c65·735f··les·names.files_
0003b5c0:·312d·332e·332e·380a·2020·2d20·4e49·5354··1-3.3.8.··-·NIST0003b5c0:·7769·7468·5f69·6e63·6f72·7265·6374·5f68··with_incorrect_h
0003b5d0:·2d38·3030·2d31·3731·2d33·2e34·2e31·0a20··-800-171-3.4.1.·0003b5d0:·6173·683d·2224·2872·706d·202d·5661·202d··ash="$(rpm·-Va·-
0003b5e0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A0003b5e0:·2d6e·6f63·6f6e·6669·6720·7c20·6772·6570··-noconfig·|·grep
0003b5f0:·552d·3928·3329·0a20·202d·204e·4953·542d··U-9(3).··-·NIST-0003b5f0:·202d·4520·275e·2e2e·3527·207c·2061·776b···-E·'^..5'·|·awk
0003b600:·3830·302d·3533·2d43·4d2d·3628·6329·0a20··800-53-CM-6(c).·0003b600:·2027·7b70·7269·6e74·2024·4e46·7d27·2029···'{print·$NF}'·)
0003b610:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C0003b610:·220a·0a69·6620·5b20·2d6e·2022·2466·696c··"..if·[·-n·"$fil
0003b620:·4d2d·3628·6429·0a20·202d·204e·4953·542d··M-6(d).··-·NIST-0003b620:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003b630:·3830·302d·3533·2d53·492d·370a·2020·2d20··800-53-SI-7.··-·0003b630:·745f·6861·7368·2220·5d3b·2074·6865·6e0a··t_hash"·];·then.
0003b640:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003b640:·2020·2020·2320·4672·6f6d·2066·696c·6573······#·From·files
0003b650:·2831·290a·2020·2d20·4e49·5354·2d38·3030··(1).··-·NIST-8000003b650:·206e·616d·6573·2067·6574·2070·6163·6b61···names·get·packa
0003b660:·2d35·332d·5349·2d37·2836·290a·2020·2d20··-53-SI-7(6).··-·0003b660:·6765·206e·616d·6573·2061·6e64·2063·6861··ge·names·and·cha
0003b670:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.50003b670:·6e67·6520·6e65·776c·696e·6520·746f·2073··nge·newline·to·s
0003b680:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-10003b680:·7061·6365·2c20·6265·6361·7573·6520·7270··pace,·because·rp
0003b690:·312e·352e·320a·2020·2d20·6869·6768·5f63··1.5.2.··-·high_c0003b690:·6d20·7772·6974·6573·2065·6163·6820·7061··m·writes·each·pa
0003b6a0:·6f6d·706c·6578·6974·790a·2020·2d20·6869··omplexity.··-·hi0003b6a0:·636b·6167·6520·746f·206e·6577·206c·696e··ckage·to·new·lin
0003b6b0:·6768·5f73·6576·6572·6974·790a·2020·2d20··gh_severity.··-·0003b6b0:·650a·2020·2020·7061·636b·6167·6573·5f74··e.····packages_t
0003b6c0:·6d65·6469·756d·5f64·6973·7275·7074·696f··medium_disruptio0003b6c0:·6f5f·7265·696e·7374·616c·6c3d·2224·2872··o_reinstall="$(r
0003b6d0:·6e0a·2020·2d20·6e6f·5f72·6562·6f6f·745f··n.··-·no_reboot_0003b6d0:·706d·202d·7166·2024·6669·6c65·735f·7769··pm·-qf·$files_wi
0003b6e0:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr0003b6e0:·7468·5f69·6e63·6f72·7265·6374·5f68·6173··th_incorrect_has
0003b6f0:·6963·745f·7374·7261·7465·6779·0a20·202d··ict_strategy.··-0003b6f0:·6820·7c20·7472·2027·5c6e·2720·2720·2729··h·|·tr·'\n'·'·')
0003b700:·2072·706d·5f76·6572·6966·795f·6861·7368···rpm_verify_hash0003b700:·220a·0a20·2020·200a·2020·2020·7975·6d20··"..····.····yum·
0003b710:·6573·0a0a·2d20·6e61·6d65·3a20·2753·6574··es..-·name:·'Set0003b710:·7265·696e·7374·616c·6c20·2d79·2024·7061··reinstall·-y·$pa
0003b720:·2066·6163·743a·2050·6163·6b61·6765·206d···fact:·Package·m0003b720:·636b·6167·6573·5f74·6f5f·7265·696e·7374··ckages_to_reinst
0003b730:·616e·6167·6572·2072·6569·6e73·7461·6c6c··anager·reinstall0003b730:·616c·6c0a·2020·2020·0a66·690a·0a65·6c73··all.····.fi..els
0003b740:·2063·6f6d·6d61·6e64·270a·2020·7365·745f···command'.··set_0003b740:·650a·2020·2020·2667·743b·2661·6d70·3b32··e.····&gt;&amp;2
0003b750:·6661·6374·3a0a·2020·2020·7061·636b·6167··fact:.····packag0003b750:·2065·6368·6f20·2752·656d·6564·6961·7469···echo·'Remediati
0003b760:·655f·6d61·6e61·6765·725f·7265·696e·7374··e_manager_reinst0003b760:·6f6e·2069·7320·6e6f·7420·6170·706c·6963··on·is·not·applic
0003b770:·616c·6c5f·636d·643a·2079·756d·2072·6569··all_cmd:·yum·rei0003b770:·6162·6c65·2c20·6e6f·7468·696e·6720·7761··able,·nothing·wa
0003b780:·6e73·7461·6c6c·202d·790a·2020·7768·656e··nstall·-y.··when0003b780:·7320·646f·6e65·270a·6669·0a3c·2f63·6f64··s·done'.fi.</cod
0003b790:·3a0a·2020·2d20·6e6f·7420·2820·226b·6572··:.··-·not·(·"ker0003b790:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a
0003b7a0:·6e65·6c22·2069·6e20·616e·7369·626c·655f··nel"·in·ansible_0003b7a0:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-
0003b7b0:·6661·6374·732e·7061·636b·6167·6573·2061··facts.packages·a0003b7b0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to
0003b7c0:·6e64·2022·7270·6d2d·6f73·7472·6565·2220··nd·"rpm-ostree"·0003b7c0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·
0003b7d0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003b7d0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003b7e0:·2e70·6163·6b61·6765·730a·2020·2020·616e··.packages.····an0003b7e0:·6d35·3336·3022·2074·6162·696e·6465·783d··m5360"·tabindex=
0003b7f0:·6420·2262·6f6f·7463·2220·696e·2061·6e73··d·"bootc"·in·ans0003b7f0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003b800:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003b800:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003b810:·6765·7320·616e·6420·6e6f·7420·226f·7065··ges·and·not·"ope0003b810:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003b820:·6e73·6869·6674·2d6b·7562·656c·6574·2220··nshift-kubelet"·0003b820:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
0003b830:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003b830:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
0003b840:·2e70·6163·6b61·6765·730a·2020·2020·290a··.packages.····).0003b840:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible
0003b850:·2020·2d20·616e·7369·626c·655f·6469·7374····-·ansible_dist0003b850:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>
0003b860:·7269·6275·7469·6f6e·2069·6e20·5b20·2246··ribution·in·[·"F0003b860:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003b870:·6564·6f72·6122·2c20·2252·6564·4861·7422··edora",·"RedHat"0003b870:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003b880:·2c20·2243·656e·744f·5322·2c20·224f·7261··,·"CentOS",·"Ora0003b880:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003b890:·636c·654c·696e·7578·2220·5d0a·2020·7461··cleLinux"·].··ta0003b890:·3533·3630·223e·3c74·6162·6c65·2063·6c61··5360"><table·cla
0003b8a0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.10003b8a0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
0003b8b0:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-80003b8b0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
0003b8c0:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-0003b8c0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
0003b8d0:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003b8d0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
0003b8e0:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003b8e0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003b8f0:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·0003b8f0:·3c74·643e·6869·6768·3c2f·7464·3e3c·2f74··<td>high</td></t
0003b900:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003b900:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
0003b910:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-8000003b910:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6d65··tion:</th><td>me
0003b920:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·0003b920:·6469·756d·3c2f·7464·3e3c·2f74·723e·3c74··dium</td></tr><t
0003b930:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003b930:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
0003b940:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b940:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
0003b950:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS0003b950:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
0003b960:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)0003b960:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r
0003b970:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003b970:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr
0003b980:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS0003b980:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
0003b990:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h0003b990:·6f64·653e·2d20·6e61·6d65·3a20·4761·7468··ode>-·name:·Gath
0003b9a0:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·0003b9a0:·6572·2074·6865·2070·6163·6b61·6765·2066··er·the·package·f
0003b9b0:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity0003b9b0:·6163·7473·0a20·2070·6163·6b61·6765·5f66··acts.··package_f
0003b9c0:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003b9c0:·6163·7473·3a0a·2020·2020·6d61·6e61·6765··acts:.····manage
0003b9d0:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re0003b9d0:·723a·2061·7574·6f0a·2020·7461·6773·3a0a··r:·auto.··tags:.
0003b9e0:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003b9e0:·2020·2d20·434a·4953·2d35·2e31·302e·342e····-·CJIS-5.10.4.
0003b9f0:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0003b9f0:·310a·2020·2d20·4e49·5354·2d38·3030·2d31··1.··-·NIST-800-1
0003ba00:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify0003ba00:·3731·2d33·2e33·2e38·0a20·202d·204e·4953··71-3.3.8.··-·NIS
0003ba10:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:0003ba10:·542d·3830·302d·3137·312d·332e·342e·310a··T-800-171-3.4.1.
0003ba20:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack0003ba20:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003ba30:·6167·6520·6d61·6e61·6765·7220·7265·696e··age·manager·rein0003ba30:·4155·2d39·2833·290a·2020·2d20·4e49·5354··AU-9(3).··-·NIST
0003ba40:·7374·616c·6c20·636f·6d6d·616e·6420·287a··stall·command·(z0003ba40:·2d38·3030·2d35·332d·434d·2d36·2863·290a··-800-53-CM-6(c).
0003ba50:·7970·7065·7229·270a·2020·7365·745f·6661··ypper)'.··set_fa0003ba50:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003ba60:·6374·3a0a·2020·2020·7061·636b·6167·655f··ct:.····package_0003ba60:·434d·2d36·2864·290a·2020·2d20·4e49·5354··CM-6(d).··-·NIST
0003ba70:·6d61·6e61·6765·725f·7265·696e·7374·616c··manager_reinstal0003ba70:·2d38·3030·2d35·332d·5349·2d37·0a20·202d··-800-53-SI-7.··-
0003ba80:·6c5f·636d·643a·207a·7970·7065·7220·696e··l_cmd:·zypper·in0003ba80:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003ba90:·202d·6620·2d79·0a20·2077·6865·6e3a·0a20···-f·-y.··when:.·0003ba90:·3728·3129·0a20·202d·204e·4953·542d·3830··7(1).··-·NIST-80
0003baa0:·202d·206e·6f74·2028·2022·6b65·726e·656c···-·not·(·"kernel0003baa0:·302d·3533·2d53·492d·3728·3629·0a20·202d··0-53-SI-7(6).··-
0003bab0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003bab0:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.
0003bac0:·7473·2e70·6163·6b61·6765·7320·616e·6420··ts.packages·and·0003bac0:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-
0003bad0:·2272·706d·2d6f·7374·7265·6522·2069·6e20··"rpm-ostree"·in·0003bad0:·3131·2e35·2e32·0a20·202d·2068·6967·685f··11.5.2.··-·high_
0003bae0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003bae0:·636f·6d70·6c65·7869·7479·0a20·202d·2068··complexity.··-·h
0003baf0:·636b·6167·6573·0a20·2020·2061·6e64·2022··ckages.····and·"0003baf0:·6967·685f·7365·7665·7269·7479·0a20·202d··igh_severity.··-
0003bb00:·626f·6f74·6322·2069·6e20·616e·7369·626c··bootc"·in·ansibl0003bb00:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti
0003bb10:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003bb10:·6f6e·0a20·202d·206e·6f5f·7265·626f·6f74··on.··-·no_reboot
0003bb20:·2061·6e64·206e·6f74·2022·6f70·656e·7368···and·not·"opensh0003bb20:·5f6e·6565·6465·640a·2020·2d20·7265·7374··_needed.··-·rest
0003bb30:·6966·742d·6b75·6265·6c65·7422·2069·6e20··ift-kubelet"·in·0003bb30:·7269·6374·5f73·7472·6174·6567·790a·2020··rict_strategy.··
0003bb40:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003bb40:·2d20·7270·6d5f·7665·7269·6679·5f68·6173··-·rpm_verify_has
0003bb50:·636b·6167·6573·0a20·2020·2029·0a20·202d··ckages.····).··-0003bb50:·6865·730a·0a2d·206e·616d·653a·2027·5365··hes..-·name:·'Se
0003bb60:·2061·6e73·6962·6c65·5f64·6973·7472·6962···ansible_distrib0003bb60:·7420·6661·6374·3a20·5061·636b·6167·6520··t·fact:·Package·
Max diff block lines reached; 17293288/17348240 bytes (99.68%) of diff not shown.
1.23 MB
html2text {}
    
Offset 108, 14 lines modifiedOffset 108, 33 lines modified
108 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6108 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
109 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4109 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
110 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)110 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
111 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1111 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
112 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5112 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
113 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227113 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
114 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2114 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 115 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 116 #·Remediation·is·applicable·only·in·certain·platforms
 117 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 118 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 119 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 120 if·[·-n·"$files_with_incorrect_hash"·];·then
 121 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 122 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 123 ····yum·reinstall·-y·$packages_to_reinstall
  
 124 fi
  
 125 else
 126 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 127 fi
115 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8128 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
116 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high129 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
117 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium130 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
118 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false131 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
119 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict132 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
120 -·name:·Gather·the·package·facts133 -·name:·Gather·the·package·facts
121 ··package_facts:134 ··package_facts:
Offset 282, 33 lines modifiedOffset 301, 14 lines modified
282 ··-·PCI-DSSv4-11.5.2301 ··-·PCI-DSSv4-11.5.2
283 ··-·high_complexity302 ··-·high_complexity
284 ··-·high_severity303 ··-·high_severity
285 ··-·medium_disruption304 ··-·medium_disruption
286 ··-·no_reboot_needed305 ··-·no_reboot_needed
287 ··-·restrict_strategy306 ··-·restrict_strategy
288 ··-·rpm_verify_hashes307 ··-·rpm_verify_hashes
289 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
290 #·Remediation·is·applicable·only·in·certain·platforms 
291 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
292 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
293 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
294 if·[·-n·"$files_with_incorrect_hash"·];·then 
295 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
296 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
297 ····yum·reinstall·-y·$packages_to_reinstall 
  
298 fi 
  
299 else 
300 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
301 fi 
302 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*308 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
303 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:309 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
304 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'310 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
305 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:311 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
306 $·rpm·-qf·FILENAME312 $·rpm·-qf·FILENAME
  
307 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:313 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 329, 14 lines modifiedOffset 329, 50 lines modified
329 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5329 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
330 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2330 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
331 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)331 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
332 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1332 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
333 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5333 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
334 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108334 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
335 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2335 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 336 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 337 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 338 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 339 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 340 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 341 #·Remediation·is·applicable·only·in·certain·platforms
 342 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 343 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 344 declare·-A·SETPERMS_RPM_DICT
  
 345 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 346 #·is·expected·by·the·RPM·database
 347 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 348 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 349 do
 350 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 351 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 352 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 353 ········do
 354 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 355 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 356 ········done
 357 done
  
 358 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 359 #·correct·values
 360 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 361 do
 362 »       rpm·--restore·"${RPM_PACKAGE}"
 363 done
  
 364 else
 365 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 366 fi
336 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8367 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
337 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high368 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
338 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium369 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
339 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false370 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
340 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict371 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
341 -·name:·Gather·the·package·facts372 -·name:·Gather·the·package·facts
342 ··package_facts:373 ··package_facts:
Offset 448, 50 lines modifiedOffset 484, 14 lines modified
448 ··-·PCI-DSSv4-11.5.2484 ··-·PCI-DSSv4-11.5.2
449 ··-·high_complexity485 ··-·high_complexity
450 ··-·high_severity486 ··-·high_severity
451 ··-·medium_disruption487 ··-·medium_disruption
452 ··-·no_reboot_needed488 ··-·no_reboot_needed
453 ··-·restrict_strategy489 ··-·restrict_strategy
454 ··-·rpm_verify_permissions490 ··-·rpm_verify_permissions
455 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 1278283/1286367 bytes (99.37%) of diff not shown.
12.1 MB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-ism_o.html
    
Offset 15178, 408 lines modifiedOffset 15178, 408 lines modified
0003b490:·6765·743d·2223·6964·6d35·3335·3922·2074··get="#idm5359"·t0003b490:·6765·743d·2223·6964·6d35·3335·3922·2074··get="#idm5359"·t
0003b4a0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003b4a0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003b4b0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003b4b0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003b4c0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003b4c0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003b4d0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003b4d0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003b4e0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003b4e0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b4f0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003b4f0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003b500:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet0003b500:·2053·6865·6c6c·2073·6372·6970·7420·e287···Shell·script·..
0003b510:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div0003b510:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003b520:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0003b520:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003b530:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"0003b530:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003b540:·2069·643d·2269·646d·3533·3539·223e·3c74···id="idm5359"><t0003b540:·3d22·6964·6d35·3335·3922·3e3c·7072·653e··="idm5359"><pre>
0003b550:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl0003b550:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
0003b560:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·0003b560:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
0003b570:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t0003b570:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
0003b580:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">0003b580:·6e20·706c·6174·666f·726d·730a·6966·2021··n·platforms.if·!
0003b590:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi0003b590:·2028·207b·2072·706d·202d·2d71·7569·6574···(·{·rpm·--quiet
0003b5a0:·7479·3a3c·2f74·683e·3c74·643e·6869·6768··ty:</th><td>high0003b5a0:·202d·7120·6b65·726e·656c·203b·7d20·2661···-q·kernel·;}·&a
0003b5b0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003b5b0:·6d70·3b26·616d·703b·207b·2072·706d·202d··mp;&amp;·{·rpm·-
0003b5c0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t0003b5c0:·2d71·7569·6574·202d·7120·7270·6d2d·6f73··-quiet·-q·rpm-os
0003b5d0:·683e·3c74·643e·6d65·6469·756d·3c2f·7464··h><td>medium</td0003b5d0:·7472·6565·203b·7d20·2661·6d70·3b26·616d··tree·;}·&amp;&am
0003b5e0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re0003b5e0:·703b·207b·2072·706d·202d·2d71·7569·6574··p;·{·rpm·--quiet
0003b5f0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa0003b5f0:·202d·7120·626f·6f74·6320·3b7d·2026·616d···-q·bootc·;}·&am
0003b600:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr0003b600:·703b·2661·6d70·3b20·7b20·2120·7270·6d20··p;&amp;·{·!·rpm·
0003b610:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</0003b610:·2d2d·7175·6965·7420·2d71·206f·7065·6e73··--quiet·-q·opens
0003b620:·7468·3e3c·7464·3e72·6573·7472·6963·743c··th><td>restrict<0003b620:·6869·6674·2d6b·7562·656c·6574·203b·7d20··hift-kubelet·;}·
0003b630:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table0003b630:·293b·2074·6865·6e0a·0a23·2046·696e·6420··);·then..#·Find·
0003b640:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na0003b640:·7768·6963·6820·6669·6c65·7320·6861·7665··which·files·have
0003b650:·6d65·3a20·4761·7468·6572·2074·6865·2070··me:·Gather·the·p0003b650:·2069·6e63·6f72·7265·6374·2068·6173·6820···incorrect·hash·
0003b660:·6163·6b61·6765·2066·6163·7473·0a20·2070··ackage·facts.··p0003b660:·286e·6f74·2069·6e20·2f65·7463·2c20·6265··(not·in·/etc,·be
0003b670:·6163·6b61·6765·5f66·6163·7473·3a0a·2020··ackage_facts:.··0003b670:·6361·7573·6520·6f66·2074·6865·2073·7973··cause·of·the·sys
0003b680:·2020·6d61·6e61·6765·723a·2061·7574·6f0a····manager:·auto.0003b680:·7465·6d20·7265·6c61·7465·6420·636f·6e66··tem·related·conf
0003b690:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS0003b690:·6967·2066·696c·6573·2920·616e·6420·7468··ig·files)·and·th
0003b6a0:·2d35·2e31·302e·342e·310a·2020·2d20·4e49··-5.10.4.1.··-·NI0003b6a0:·656e·2067·6574·2066·696c·6573·206e·616d··en·get·files·nam
0003b6b0:·5354·2d38·3030·2d31·3731·2d33·2e33·2e38··ST-800-171-3.3.80003b6b0:·6573·0a66·696c·6573·5f77·6974·685f·696e··es.files_with_in
0003b6c0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170003b6c0:·636f·7272·6563·745f·6861·7368·3d22·2428··correct_hash="$(
0003b6d0:·312d·332e·342e·310a·2020·2d20·4e49·5354··1-3.4.1.··-·NIST0003b6d0:·7270·6d20·2d56·6120·2d2d·6e6f·636f·6e66··rpm·-Va·--noconf
0003b6e0:·2d38·3030·2d35·332d·4155·2d39·2833·290a··-800-53-AU-9(3).0003b6e0:·6967·207c·2067·7265·7020·2d45·2027·5e2e··ig·|·grep·-E·'^.
0003b6f0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b6f0:·2e35·2720·7c20·6177·6b20·277b·7072·696e··.5'·|·awk·'{prin
0003b700:·434d·2d36·2863·290a·2020·2d20·4e49·5354··CM-6(c).··-·NIST0003b700:·7420·244e·467d·2720·2922·0a0a·6966·205b··t·$NF}'·)"..if·[
0003b710:·2d38·3030·2d35·332d·434d·2d36·2864·290a··-800-53-CM-6(d).0003b710:·202d·6e20·2224·6669·6c65·735f·7769·7468···-n·"$files_with
0003b720:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b720:·5f69·6e63·6f72·7265·6374·5f68·6173·6822··_incorrect_hash"
0003b730:·5349·2d37·0a20·202d·204e·4953·542d·3830··SI-7.··-·NIST-800003b730:·205d·3b20·7468·656e·0a20·2020·2023·2046···];·then.····#·F
0003b740:·302d·3533·2d53·492d·3728·3129·0a20·202d··0-53-SI-7(1).··-0003b740:·726f·6d20·6669·6c65·7320·6e61·6d65·7320··rom·files·names·
0003b750:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003b750:·6765·7420·7061·636b·6167·6520·6e61·6d65··get·package·name
0003b760:·3728·3629·0a20·202d·2050·4349·2d44·5353··7(6).··-·PCI-DSS0003b760:·7320·616e·6420·6368·616e·6765·206e·6577··s·and·change·new
0003b770:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC0003b770:·6c69·6e65·2074·6f20·7370·6163·652c·2062··line·to·space,·b
0003b780:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·0003b780:·6563·6175·7365·2072·706d·2077·7269·7465··ecause·rpm·write
0003b790:·202d·2068·6967·685f·636f·6d70·6c65·7869···-·high_complexi0003b790:·7320·6561·6368·2070·6163·6b61·6765·2074··s·each·package·t
0003b7a0:·7479·0a20·202d·2068·6967·685f·7365·7665··ty.··-·high_seve0003b7a0:·6f20·6e65·7720·6c69·6e65·0a20·2020·2070··o·new·line.····p
0003b7b0:·7269·7479·0a20·202d·206d·6564·6975·6d5f··rity.··-·medium_0003b7b0:·6163·6b61·6765·735f·746f·5f72·6569·6e73··ackages_to_reins
0003b7c0:·6469·7372·7570·7469·6f6e·0a20·202d·206e··disruption.··-·n0003b7c0:·7461·6c6c·3d22·2428·7270·6d20·2d71·6620··tall="$(rpm·-qf·
0003b7d0:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003b7d0:·2466·696c·6573·5f77·6974·685f·696e·636f··$files_with_inco
0003b7e0:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str0003b7e0:·7272·6563·745f·6861·7368·207c·2074·7220··rrect_hash·|·tr·
0003b7f0:·6174·6567·790a·2020·2d20·7270·6d5f·7665··ategy.··-·rpm_ve0003b7f0:·275c·6e27·2027·2027·2922·0a0a·2020·2020··'\n'·'·')"..····
0003b800:·7269·6679·5f68·6173·6865·730a·0a2d·206e··rify_hashes..-·n0003b800:·0a20·2020·2079·756d·2072·6569·6e73·7461··.····yum·reinsta
0003b810:·616d·653a·2027·5365·7420·6661·6374·3a20··ame:·'Set·fact:·0003b810:·6c6c·202d·7920·2470·6163·6b61·6765·735f··ll·-y·$packages_
0003b820:·5061·636b·6167·6520·6d61·6e61·6765·7220··Package·manager·0003b820:·746f·5f72·6569·6e73·7461·6c6c·0a20·2020··to_reinstall.···
0003b830:·7265·696e·7374·616c·6c20·636f·6d6d·616e··reinstall·comman0003b830:·200a·6669·0a0a·656c·7365·0a20·2020·2026···.fi..else.····&
0003b840:·6427·0a20·2073·6574·5f66·6163·743a·0a20··d'.··set_fact:.·0003b840:·6774·3b26·616d·703b·3220·6563·686f·2027··gt;&amp;2·echo·'
0003b850:·2020·2070·6163·6b61·6765·5f6d·616e·6167·····package_manag0003b850:·5265·6d65·6469·6174·696f·6e20·6973·206e··Remediation·is·n
0003b860:·6572·5f72·6569·6e73·7461·6c6c·5f63·6d64··er_reinstall_cmd0003b860:·6f74·2061·7070·6c69·6361·626c·652c·206e··ot·applicable,·n
0003b870:·3a20·7975·6d20·7265·696e·7374·616c·6c20··:·yum·reinstall·0003b870:·6f74·6869·6e67·2077·6173·2064·6f6e·6527··othing·was·done'
0003b880:·2d79·0a20·2077·6865·6e3a·0a20·202d·206e··-y.··when:.··-·n0003b880:·0a66·690a·3c2f·636f·6465·3e3c·2f70·7265··.fi.</code></pre
0003b890:·6f74·2028·2022·6b65·726e·656c·2220·696e··ot·(·"kernel"·in0003b890:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class=
0003b8a0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003b8a0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success
0003b8b0:·6163·6b61·6765·7320·616e·6420·2272·706d··ackages·and·"rpm0003b8b0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c
0003b8c0:·2d6f·7374·7265·6522·2069·6e20·616e·7369··-ostree"·in·ansi0003b8c0:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta
0003b8d0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003b8d0:·7267·6574·3d22·2369·646d·3533·3630·2220··rget="#idm5360"·
0003b8e0:·6573·0a20·2020·2061·6e64·2022·626f·6f74··es.····and·"boot0003b8e0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003b8f0:·6322·2069·6e20·616e·7369·626c·655f·6661··c"·in·ansible_fa0003b8f0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003b900:·6374·732e·7061·636b·6167·6573·2061·6e64··cts.packages·and0003b900:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003b910:·206e·6f74·2022·6f70·656e·7368·6966·742d···not·"openshift-0003b910:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003b920:·6b75·6265·6c65·7422·2069·6e20·616e·7369··kubelet"·in·ansi0003b920:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003b930:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003b930:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003b940:·6573·0a20·2020·2029·0a20·202d·2061·6e73··es.····).··-·ans0003b940:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe
0003b950:·6962·6c65·5f64·6973·7472·6962·7574·696f··ible_distributio0003b950:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003b960:·6e20·696e·205b·2022·4665·646f·7261·222c··n·in·[·"Fedora",0003b960:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003b970:·2022·5265·6448·6174·222c·2022·4365·6e74···"RedHat",·"Cent0003b970:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003b980:·4f53·222c·2022·4f72·6163·6c65·4c69·6e75··OS",·"OracleLinu0003b980:·2220·6964·3d22·6964·6d35·3336·3022·3e3c··"·id="idm5360"><
0003b990:·7822·205d·0a20·2074·6167·733a·0a20·202d··x"·].··tags:.··-0003b990:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
0003b9a0:·2043·4a49·532d·352e·3130·2e34·2e31·0a20···CJIS-5.10.4.1.·0003b9a0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
0003b9b0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-0003b9b0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
0003b9c0:·332e·332e·380a·2020·2d20·4e49·5354·2d38··3.3.8.··-·NIST-80003b9c0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
0003b9d0:·3030·2d31·3731·2d33·2e34·2e31·0a20·202d··00-171-3.4.1.··-0003b9d0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
0003b9e0:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-0003b9e0:·6974·793a·3c2f·7468·3e3c·7464·3e68·6967··ity:</th><td>hig
0003b9f0:·3928·3329·0a20·202d·204e·4953·542d·3830··9(3).··-·NIST-800003b9f0:·683c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··h</td></tr><tr><
0003ba00:·302d·3533·2d43·4d2d·3628·6329·0a20·202d··0-53-CM-6(c).··-0003ba00:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
0003ba10:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-0003ba10:·7468·3e3c·7464·3e6d·6564·6975·6d3c·2f74··th><td>medium</t
0003ba20:·3628·6429·0a20·202d·204e·4953·542d·3830··6(d).··-·NIST-800003ba20:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
0003ba30:·302d·3533·2d53·492d·370a·2020·2d20·4e49··0-53-SI-7.··-·NI0003ba30:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
0003ba40:·5354·2d38·3030·2d35·332d·5349·2d37·2831··ST-800-53-SI-7(10003ba40:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
0003ba50:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003ba50:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0003ba60:·332d·5349·2d37·2836·290a·2020·2d20·5043··3-SI-7(6).··-·PC0003ba60:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict
0003ba70:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.·0003ba70:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
0003ba80:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11.0003ba80:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n
0003ba90:·352e·320a·2020·2d20·6869·6768·5f63·6f6d··5.2.··-·high_com0003ba90:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the·
0003baa0:·706c·6578·6974·790a·2020·2d20·6869·6768··plexity.··-·high0003baa0:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.··
0003bab0:·5f73·6576·6572·6974·790a·2020·2d20·6d65··_severity.··-·me0003bab0:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.·
0003bac0:·6469·756d·5f64·6973·7275·7074·696f·6e0a··dium_disruption.0003bac0:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto
0003bad0:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne0003bad0:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
0003bae0:·6564·6564·0a20·202d·2072·6573·7472·6963··eded.··-·restric0003bae0:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N
0003baf0:·745f·7374·7261·7465·6779·0a20·202d·2072··t_strategy.··-·r0003baf0:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.
0003bb00:·706d·5f76·6572·6966·795f·6861·7368·6573··pm_verify_hashes0003bb00:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-1
0003bb10:·0a0a·2d20·6e61·6d65·3a20·2753·6574·2066··..-·name:·'Set·f0003bb10:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS
0003bb20:·6163·743a·2050·6163·6b61·6765·206d·616e··act:·Package·man0003bb20:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)
0003bb30:·6167·6572·2072·6569·6e73·7461·6c6c·2063··ager·reinstall·c0003bb30:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bb40:·6f6d·6d61·6e64·2028·7a79·7070·6572·2927··ommand·(zypper)'0003bb40:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS
0003bb50:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···0003bb50:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)
0003bb60:·2070·6163·6b61·6765·5f6d·616e·6167·6572···package_manager0003bb60:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bb70:·5f72·6569·6e73·7461·6c6c·5f63·6d64·3a20··_reinstall_cmd:·0003bb70:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-8
0003bb80:·7a79·7070·6572·2069·6e20·2d66·202d·790a··zypper·in·-f·-y.0003bb80:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··
0003bb90:·2020·7768·656e·3a0a·2020·2d20·6e6f·7420····when:.··-·not·0003bb90:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI
0003bba0:·2820·226b·6572·6e65·6c22·2069·6e20·616e··(·"kernel"·in·an0003bba0:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS
0003bbb0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003bbb0:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P
0003bbc0:·6167·6573·2061·6e64·2022·7270·6d2d·6f73··ages·and·"rpm-os0003bbc0:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.
0003bbd0:·7472·6565·2220·696e·2061·6e73·6962·6c65··tree"·in·ansible0003bbd0:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex
0003bbe0:·5f66·6163·7473·2e70·6163·6b61·6765·730a··_facts.packages.0003bbe0:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev
0003bbf0:·2020·2020·616e·6420·2262·6f6f·7463·2220······and·"bootc"·0003bbf0:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium
0003bc00:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003bc00:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·
0003bc10:·2e70·6163·6b61·6765·7320·616e·6420·6e6f··.packages·and·no0003bc10:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed
0003bc20:·7420·226f·7065·6e73·6869·6674·2d6b·7562··t·"openshift-kub0003bc20:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st
0003bc30:·656c·6574·2220·696e·2061·6e73·6962·6c65··elet"·in·ansible0003bc30:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v
0003bc40:·5f66·6163·7473·2e70·6163·6b61·6765·730a··_facts.packages.0003bc40:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·
0003bc50:·2020·2020·290a·2020·2d20·616e·7369·626c······).··-·ansibl0003bc50:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:
0003bc60:·655f·6469·7374·7269·6275·7469·6f6e·203d··e_distribution·=0003bc60:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager
Max diff block lines reached; 11482788/11537740 bytes (99.52%) of diff not shown.
1.05 MB
html2text {}
    
Offset 110, 14 lines modifiedOffset 110, 33 lines modified
110 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6110 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
111 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4111 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
112 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)112 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
113 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1113 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
114 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5114 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
115 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227115 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
116 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2116 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 117 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 118 #·Remediation·is·applicable·only·in·certain·platforms
 119 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 120 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 121 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 122 if·[·-n·"$files_with_incorrect_hash"·];·then
 123 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 124 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 125 ····yum·reinstall·-y·$packages_to_reinstall
  
 126 fi
  
 127 else
 128 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 129 fi
117 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
118 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high131 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
119 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium132 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
120 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false133 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
121 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict134 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
122 -·name:·Gather·the·package·facts135 -·name:·Gather·the·package·facts
123 ··package_facts:136 ··package_facts:
Offset 284, 33 lines modifiedOffset 303, 14 lines modified
284 ··-·PCI-DSSv4-11.5.2303 ··-·PCI-DSSv4-11.5.2
285 ··-·high_complexity304 ··-·high_complexity
286 ··-·high_severity305 ··-·high_severity
287 ··-·medium_disruption306 ··-·medium_disruption
288 ··-·no_reboot_needed307 ··-·no_reboot_needed
289 ··-·restrict_strategy308 ··-·restrict_strategy
290 ··-·rpm_verify_hashes309 ··-·rpm_verify_hashes
291 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
292 #·Remediation·is·applicable·only·in·certain·platforms 
293 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
294 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
295 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
296 if·[·-n·"$files_with_incorrect_hash"·];·then 
297 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
298 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
299 ····yum·reinstall·-y·$packages_to_reinstall 
  
300 fi 
  
301 else 
302 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
303 fi 
304 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*310 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
305 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:311 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
306 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'312 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
307 run·the·following·command·to·determine·which·package·owns·it:313 run·the·following·command·to·determine·which·package·owns·it:
308 $·rpm·-qf·FILENAME314 $·rpm·-qf·FILENAME
309 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:315 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
310 $·sudo·rpm·--restore·PACKAGENAME316 $·sudo·rpm·--restore·PACKAGENAME
Offset 329, 14 lines modifiedOffset 329, 46 lines modified
329 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5329 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
330 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2330 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
331 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)331 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
332 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1332 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
333 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5333 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
334 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108334 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
335 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2335 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 336 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 337 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 338 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 339 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 340 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 341 #·Remediation·is·applicable·only·in·certain·platforms
 342 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 343 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 344 declare·-A·SETPERMS_RPM_DICT
  
 345 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 346 #·is·expected·by·the·RPM·database
 347 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 348 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 349 do
 350 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 351 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 352 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 353 done
  
 354 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 355 #·correct·values
 356 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 357 do
 358 ········rpm·--restore·"${RPM_PACKAGE}"
 359 done
  
 360 else
 361 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 362 fi
336 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8363 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
337 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high364 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
338 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium365 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
339 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false366 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
340 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict367 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
341 -·name:·Gather·the·package·facts368 -·name:·Gather·the·package·facts
342 ··package_facts:369 ··package_facts:
Offset 444, 46 lines modifiedOffset 476, 14 lines modified
444 ··-·PCI-DSSv4-11.5.2476 ··-·PCI-DSSv4-11.5.2
445 ··-·high_complexity477 ··-·high_complexity
446 ··-·high_severity478 ··-·high_severity
447 ··-·medium_disruption479 ··-·medium_disruption
448 ··-·no_reboot_needed480 ··-·no_reboot_needed
449 ··-·restrict_strategy481 ··-·restrict_strategy
450 ··-·rpm_verify_ownership482 ··-·rpm_verify_ownership
451 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
452 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
453 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
454 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
455 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 1091634/1099345 bytes (99.30%) of diff not shown.
10.5 MB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-ospp.html
    
Offset 15073, 221 lines modifiedOffset 15073, 221 lines modified
0003ae00:·6172·6765·743d·2223·6964·6d35·3639·3622··arget="#idm5696"0003ae00:·6172·6765·743d·2223·6964·6d35·3639·3622··arget="#idm5696"
0003ae10:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003ae10:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003ae20:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003ae20:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003ae30:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003ae30:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003ae40:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003ae40:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003ae50:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003ae50:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003ae60:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003ae60:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
 0003ae70:·6f6e·2050·7570·7065·7420·736e·6970·7065··on·Puppet·snippe
0003ae70:·6f6e·2041·6e61·636f·6e64·6120·736e·6970··on·Anaconda·snip 
0003ae80:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003ae90:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003aea0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003aeb0:·7365·2220·6964·3d22·6964·6d35·3639·3622··se"·id="idm5696" 
0003aec0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t 
0003aed0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip 
0003aee0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere 
0003aef0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003af00:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl 
0003af10:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l 
0003af20:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003af30:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:< 
0003af40:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003af50:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb 
0003af60:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal 
0003af70:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr> 
0003af80:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t 
0003af90:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td 
0003afa0:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p 
0003afb0:·7265·3e3c·636f·6465·3e0a·7061·636b·6167··re><code>.packag 
0003afc0:·6520·2d2d·6164·643d·6169·6465·0a3c·2f63··e·--add=aide.</c 
0003afd0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003afe0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003aff0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b000:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b010:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b020:·6964·6d35·3639·3722·2074·6162·696e·6465··idm5697"·tabinde 
0003b030:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b040:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b050:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b060:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b070:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b080:·656d·6564·6961·7469·6f6e·2050·7570·7065··emediation·Puppe 
0003b090:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003b0a0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b0b0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b0c0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b0d0:·6d35·3639·3722·3e3c·7461·626c·6520·636c··m5697"><table·cl 
0003b0e0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003b0f0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003b100:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003b110:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003b120:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003b130:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b140:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003b150:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003b160:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b170:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003b180:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003b190:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003b1a0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003b1b0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
0003b1c0:·626c·653e·3c70·7265·3e3c·636f·6465·3e69··ble><pre><code>i 
0003b1d0:·6e63·6c75·6465·2069·6e73·7461·6c6c·5f61··nclude·install_a 
0003b1e0:·6964·650a·0a63·6c61·7373·2069·6e73·7461··ide..class·insta 
0003b1f0:·6c6c·5f61·6964·6520·7b0a·2020·7061·636b··ll_aide·{.··pack 
0003b200:·6167·6520·7b20·2761·6964·6527·3a0a·2020··age·{·'aide':.·· 
0003b210:·2020·656e·7375·7265·203d·2667·743b·2027····ensure·=&gt;·' 
0003b220:·696e·7374·616c·6c65·6427·2c0a·2020·7d0a··installed',.··}. 
0003b230:·7d0a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··}.</code></pre>< 
0003b240:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003b250:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003b260:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003b270:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003b280:·6574·3d22·2369·646d·3536·3938·2220·7461··et="#idm5698"·ta 
0003b290:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003b2a0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003b2b0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003b2c0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003b2d0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003b2e0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003b2f0:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
0003b300:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003b310:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b320:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b330:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b340:·6d35·3639·3822·3e3c·7072·653e·3c63·6f64··m5698"><pre><cod 
0003b350:·653e·0a5b·5b70·6163·6b61·6765·735d·5d0a··e>.[[packages]]. 
0003b360:·6e61·6d65·203d·2022·6169·6465·220a·7665··name·=·"aide".ve 
0003b370:·7273·696f·6e20·3d20·222a·220a·3c2f·636f··rsion·=·"*".</co 
0003b380:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003b390:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003b3a0:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003b3b0:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003b3c0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003b3d0:·646d·3536·3939·2220·7461·6269·6e64·6578··dm5699"·tabindex 
0003b3e0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003b3f0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003b400:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003b410:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003b420:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003b430:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl 
0003b440:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a 
0003b450:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b460:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b470:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b480:·6d35·3639·3922·3e3c·7461·626c·6520·636c··m5699"><table·cl 
0003b490:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003b4a0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003b4b0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003b4c0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003b4d0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003b4e0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b4f0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003b500:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003b510:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b520:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003b530:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003b540:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003b550:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003b560:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
0003b570:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>- 
0003b580:·206e·616d·653a·2047·6174·6865·7220·7468···name:·Gather·th 
0003b590:·6520·7061·636b·6167·6520·6661·6374·730a··e·package·facts. 
0003b5a0:·2020·7061·636b·6167·655f·6661·6374·733a····package_facts: 
0003b5b0:·0a20·2020·206d·616e·6167·6572·3a20·6175··.····manager:·au 
0003b5c0:·746f·0a20·2074·6167·733a·0a20·202d·2043··to.··tags:.··-·C 
0003b5d0:·4a49·532d·352e·3130·2e31·2e33·0a20·202d··JIS-5.10.1.3.··- 
Max diff block lines reached; 9770984/9800130 bytes (99.70%) of diff not shown.
1.12 MB
html2text {}
    
Offset 101, 38 lines modifiedOffset 101, 41 lines modified
101 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3101 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
102 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5102 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
103 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199103 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
104 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL08-00-010359104 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········OL08-00-010359
105 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79105 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
106 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2106 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
107 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-252654r958944_rule107 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-252654r958944_rule
108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
113 package·--add=aide 
114 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
115 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
116 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
117 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
118 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
119 include·install_aide113 include·install_aide
  
120 class·install_aide·{114 class·install_aide·{
121 ··package·{·'aide':115 ··package·{·'aide':
122 ····ensure·=>·'installed',116 ····ensure·=>·'installed',
123 ··}117 ··}
124 }118 }
125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 124 #·Remediation·is·applicable·only·in·certain·platforms
 125 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then
  
126 [[packages]] 
127 name·=·"aide" 
128 version·=·"*"126 if·!·rpm·-q·--quiet·"aide"·;·then
 127 ····yum·install·-y·"aide"
 128 fi
  
 129 else
 130 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 131 fi
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8132 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low133 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low134 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false135 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable136 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
134 -·name:·Gather·the·package·facts137 -·name:·Gather·the·package·facts
135 ··package_facts:138 ··package_facts:
Offset 163, 29 lines modifiedOffset 166, 26 lines modified
163 ··-·PCI-DSSv4-11.5.2166 ··-·PCI-DSSv4-11.5.2
164 ··-·enable_strategy167 ··-·enable_strategy
165 ··-·low_complexity168 ··-·low_complexity
166 ··-·low_disruption169 ··-·low_disruption
167 ··-·medium_severity170 ··-·medium_severity
168 ··-·no_reboot_needed171 ··-·no_reboot_needed
169 ··-·package_aide_installed172 ··-·package_aide_installed
 173 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 174 [[packages]]
 175 name·=·"aide"
 176 version·=·"*"
170 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8177 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
171 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low178 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
172 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low179 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
173 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false180 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
174 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable181 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
175 #·Remediation·is·applicable·only·in·certain·platforms 
176 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then 
  
177 if·!·rpm·-q·--quiet·"aide"·;·then 
178 ····yum·install·-y·"aide" 
179 fi 
  
 182 package·--add=aide
180 else 
181 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
182 fi 
183 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules183 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules
184 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.184 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.
  
185 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Oracle·Linux·8.185 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Oracle·Linux·8.
  
186 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.186 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.
187 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·D\x8Dr\x8ra\x8ac\x8cu\x8ut\x8t·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8du\x8ul\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*187 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·D\x8Dr\x8ra\x8ac\x8cu\x8ut\x8t·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8du\x8ul\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
Offset 201, 14 lines modifiedOffset 201, 27 lines modified
201 ············_\x8i_\x8s_\x8m······1446201 ············_\x8i_\x8s_\x8m······1446
202 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1202 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
203 References:·_\x8n_\x8i_\x8s_\x8t·····SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12203 References:·_\x8n_\x8i_\x8s_\x8t·····SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
204 ············_\x8o_\x8s_\x8p_\x8p·····FCS_RBG_EXT.1204 ············_\x8o_\x8s_\x8p_\x8p·····FCS_RBG_EXT.1
205 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223205 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223
206 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···OL08-00-010020206 ············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···OL08-00-010020
207 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-248524r958408_rule207 ············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-248524r958408_rule
 208 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 209 #·Remediation·is·applicable·only·in·certain·platforms
 210 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·)·&&·{·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·};·then
  
 211 fips-mode-setup·--enable
 212 FIPS_CONF="/etc/dracut.conf.d/40-fips.conf"
 213 if·!·grep·"^add_dracutmodules+=\"·fips·\""·$FIPS_CONF;·then
 214 ····echo·"add_dracutmodules+=\"·fips·\""·>>·$FIPS_CONF
 215 fi
  
 216 else
 217 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 218 fi
208 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8219 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
209 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·medium220 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·medium
210 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium221 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
211 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true222 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
212 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict223 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
213 -·name:·Gather·the·package·facts224 -·name:·Gather·the·package·facts
214 ··package_facts:225 ··package_facts:
Offset 298, 27 lines modifiedOffset 311, 14 lines modified
298 ··-·NIST-800-53-SC-13311 ··-·NIST-800-53-SC-13
299 ··-·enable_dracut_fips_module312 ··-·enable_dracut_fips_module
300 ··-·high_severity313 ··-·high_severity
301 ··-·medium_complexity314 ··-·medium_complexity
302 ··-·medium_disruption315 ··-·medium_disruption
303 ··-·reboot_required316 ··-·reboot_required
304 ··-·restrict_strategy317 ··-·restrict_strategy
305 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
306 #·Remediation·is·applicable·only·in·certain·platforms 
307 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·)·&&·{·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·};·then 
  
308 fips-mode-setup·--enable 
Max diff block lines reached; 1163594/1170045 bytes (99.45%) of diff not shown.
18.5 MB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-pci-dss.html
    
Offset 15166, 408 lines modifiedOffset 15166, 408 lines modified
0003b3d0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003b3d0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003b3e0:·2369·646d·3533·3539·2220·7461·6269·6e64··#idm5359"·tabind0003b3e0:·2369·646d·3533·3539·2220·7461·6269·6e64··#idm5359"·tabind
0003b3f0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003b3f0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003b400:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003b400:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003b410:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003b410:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003b420:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003b420:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b430:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003b430:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003b440:·5265·6d65·6469·6174·696f·6e20·416e·7369··Remediation·Ansi0003b440:·5265·6d65·6469·6174·696f·6e20·5368·656c··Remediation·Shel
0003b450:·626c·6520·736e·6970·7065·7420·e287·b23c··ble·snippet·...<0003b450:·6c20·7363·7269·7074·20e2·87b2·3c2f·613e··l·script·...</a>
0003b460:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003b460:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003b470:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003b470:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003b480:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003b480:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003b490:·6964·6d35·3335·3922·3e3c·7461·626c·6520··idm5359"><table·0003b490:·3533·3539·223e·3c70·7265·3e3c·636f·6465··5359"><pre><code
0003b4a0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003b4a0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
0003b4b0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003b4b0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
0003b4c0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003b4c0:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
0003b4d0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003b4d0:·7466·6f72·6d73·0a69·6620·2120·2820·7b20··tforms.if·!·(·{·
0003b4e0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003b4e0:·7270·6d20·2d2d·7175·6965·7420·2d71·206b··rpm·--quiet·-q·k
0003b4f0:·7468·3e3c·7464·3e68·6967·683c·2f74·643e··th><td>high</td>0003b4f0:·6572·6e65·6c20·3b7d·2026·616d·703b·2661··ernel·;}·&amp;&a
0003b500:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis0003b500:·6d70·3b20·7b20·7270·6d20·2d2d·7175·6965··mp;·{·rpm·--quie
0003b510:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td0003b510:·7420·2d71·2072·706d·2d6f·7374·7265·6520··t·-q·rpm-ostree·
0003b520:·3e6d·6564·6975·6d3c·2f74·643e·3c2f·7472··>medium</td></tr0003b520:·3b7d·2026·616d·703b·2661·6d70·3b20·7b20··;}·&amp;&amp;·{·
0003b530:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:0003b530:·7270·6d20·2d2d·7175·6965·7420·2d71·2062··rpm·--quiet·-q·b
0003b540:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</0003b540:·6f6f·7463·203b·7d20·2661·6d70·3b26·616d··ootc·;}·&amp;&am
0003b550:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>0003b550:·703b·207b·2021·2072·706d·202d·2d71·7569··p;·{·!·rpm·--qui
0003b560:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t0003b560:·6574·202d·7120·6f70·656e·7368·6966·742d··et·-q·openshift-
0003b570:·643e·7265·7374·7269·6374·3c2f·7464·3e3c··d>restrict</td><0003b570:·6b75·6265·6c65·7420·3b7d·2029·3b20·7468··kubelet·;}·);·th
0003b580:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre0003b580:·656e·0a0a·2320·4669·6e64·2077·6869·6368··en..#·Find·which
0003b590:·3e3c·636f·6465·3e2d·206e·616d·653a·2047··><code>-·name:·G0003b590:·2066·696c·6573·2068·6176·6520·696e·636f···files·have·inco
0003b5a0:·6174·6865·7220·7468·6520·7061·636b·6167··ather·the·packag0003b5a0:·7272·6563·7420·6861·7368·2028·6e6f·7420··rrect·hash·(not·
0003b5b0:·6520·6661·6374·730a·2020·7061·636b·6167··e·facts.··packag0003b5b0:·696e·202f·6574·632c·2062·6563·6175·7365··in·/etc,·because
0003b5c0:·655f·6661·6374·733a·0a20·2020·206d·616e··e_facts:.····man0003b5c0:·206f·6620·7468·6520·7379·7374·656d·2072···of·the·system·r
0003b5d0:·6167·6572·3a20·6175·746f·0a20·2074·6167··ager:·auto.··tag0003b5d0:·656c·6174·6564·2063·6f6e·6669·6720·6669··elated·config·fi
0003b5e0:·733a·0a20·202d·2043·4a49·532d·352e·3130··s:.··-·CJIS-5.100003b5e0:·6c65·7329·2061·6e64·2074·6865·6e20·6765··les)·and·then·ge
0003b5f0:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-800003b5f0:·7420·6669·6c65·7320·6e61·6d65·730a·6669··t·files·names.fi
0003b600:·302d·3137·312d·332e·332e·380a·2020·2d20··0-171-3.3.8.··-·0003b600:·6c65·735f·7769·7468·5f69·6e63·6f72·7265··les_with_incorre
0003b610:·4e49·5354·2d38·3030·2d31·3731·2d33·2e34··NIST-800-171-3.40003b610:·6374·5f68·6173·683d·2224·2872·706d·202d··ct_hash="$(rpm·-
0003b620:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-0003b620:·5661·202d·2d6e·6f63·6f6e·6669·6720·7c20··Va·--noconfig·|·
0003b630:·3533·2d41·552d·3928·3329·0a20·202d·204e··53-AU-9(3).··-·N0003b630:·6772·6570·202d·4520·275e·2e2e·3527·207c··grep·-E·'^..5'·|
0003b640:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003b640:·2061·776b·2027·7b70·7269·6e74·2024·4e46···awk·'{print·$NF
0003b650:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-0003b650:·7d27·2029·220a·0a69·6620·5b20·2d6e·2022··}'·)"..if·[·-n·"
0003b660:·3533·2d43·4d2d·3628·6429·0a20·202d·204e··53-CM-6(d).··-·N0003b660:·2466·696c·6573·5f77·6974·685f·696e·636f··$files_with_inco
0003b670:·4953·542d·3830·302d·3533·2d53·492d·370a··IST-800-53-SI-7.0003b670:·7272·6563·745f·6861·7368·2220·5d3b·2074··rrect_hash"·];·t
0003b680:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b680:·6865·6e0a·2020·2020·2320·4672·6f6d·2066··hen.····#·From·f
0003b690:·5349·2d37·2831·290a·2020·2d20·4e49·5354··SI-7(1).··-·NIST0003b690:·696c·6573·206e·616d·6573·2067·6574·2070··iles·names·get·p
0003b6a0:·2d38·3030·2d35·332d·5349·2d37·2836·290a··-800-53-SI-7(6).0003b6a0:·6163·6b61·6765·206e·616d·6573·2061·6e64··ackage·names·and
0003b6b0:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-0003b6b0:·2063·6861·6e67·6520·6e65·776c·696e·6520···change·newline·
0003b6c0:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS0003b6c0:·746f·2073·7061·6365·2c20·6265·6361·7573··to·space,·becaus
0003b6d0:·7634·2d31·312e·352e·320a·2020·2d20·6869··v4-11.5.2.··-·hi0003b6d0:·6520·7270·6d20·7772·6974·6573·2065·6163··e·rpm·writes·eac
0003b6e0:·6768·5f63·6f6d·706c·6578·6974·790a·2020··gh_complexity.··0003b6e0:·6820·7061·636b·6167·6520·746f·206e·6577··h·package·to·new
0003b6f0:·2d20·6869·6768·5f73·6576·6572·6974·790a··-·high_severity.0003b6f0:·206c·696e·650a·2020·2020·7061·636b·6167···line.····packag
0003b700:·2020·2d20·6d65·6469·756d·5f64·6973·7275····-·medium_disru0003b700:·6573·5f74·6f5f·7265·696e·7374·616c·6c3d··es_to_reinstall=
0003b710:·7074·696f·6e0a·2020·2d20·6e6f·5f72·6562··ption.··-·no_reb0003b710:·2224·2872·706d·202d·7166·2024·6669·6c65··"$(rpm·-qf·$file
0003b720:·6f6f·745f·6e65·6564·6564·0a20·202d·2072··oot_needed.··-·r0003b720:·735f·7769·7468·5f69·6e63·6f72·7265·6374··s_with_incorrect
0003b730:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy0003b730:·5f68·6173·6820·7c20·7472·2027·5c6e·2720··_hash·|·tr·'\n'·
0003b740:·0a20·202d·2072·706d·5f76·6572·6966·795f··.··-·rpm_verify_0003b740:·2720·2729·220a·0a20·2020·200a·2020·2020··'·')"..····.····
0003b750:·6861·7368·6573·0a0a·2d20·6e61·6d65·3a20··hashes..-·name:·0003b750:·7975·6d20·7265·696e·7374·616c·6c20·2d79··yum·reinstall·-y
0003b760:·2753·6574·2066·6163·743a·2050·6163·6b61··'Set·fact:·Packa0003b760:·2024·7061·636b·6167·6573·5f74·6f5f·7265···$packages_to_re
0003b770:·6765·206d·616e·6167·6572·2072·6569·6e73··ge·manager·reins0003b770:·696e·7374·616c·6c0a·2020·2020·0a66·690a··install.····.fi.
0003b780:·7461·6c6c·2063·6f6d·6d61·6e64·270a·2020··tall·command'.··0003b780:·0a65·6c73·650a·2020·2020·2667·743b·2661··.else.····&gt;&a
0003b790:·7365·745f·6661·6374·3a0a·2020·2020·7061··set_fact:.····pa0003b790:·6d70·3b32·2065·6368·6f20·2752·656d·6564··mp;2·echo·'Remed
0003b7a0:·636b·6167·655f·6d61·6e61·6765·725f·7265··ckage_manager_re0003b7a0:·6961·7469·6f6e·2069·7320·6e6f·7420·6170··iation·is·not·ap
0003b7b0:·696e·7374·616c·6c5f·636d·643a·2079·756d··install_cmd:·yum0003b7b0:·706c·6963·6162·6c65·2c20·6e6f·7468·696e··plicable,·nothin
0003b7c0:·2072·6569·6e73·7461·6c6c·202d·790a·2020···reinstall·-y.··0003b7c0:·6720·7761·7320·646f·6e65·270a·6669·0a3c··g·was·done'.fi.<
0003b7d0:·7768·656e·3a0a·2020·2d20·6e6f·7420·2820··when:.··-·not·(·0003b7d0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
0003b7e0:·226b·6572·6e65·6c22·2069·6e20·616e·7369··"kernel"·in·ansi0003b7e0:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
0003b7f0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003b7f0:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
0003b800:·6573·2061·6e64·2022·7270·6d2d·6f73·7472··es·and·"rpm-ostr0003b800:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
0003b810:·6565·2220·696e·2061·6e73·6962·6c65·5f66··ee"·in·ansible_f0003b810:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b820:·6163·7473·2e70·6163·6b61·6765·730a·2020··acts.packages.··0003b820:·2223·6964·6d35·3336·3022·2074·6162·696e··"#idm5360"·tabin
0003b830:·2020·616e·6420·2262·6f6f·7463·2220·696e····and·"bootc"·in0003b830:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b840:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003b840:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b850:·6163·6b61·6765·7320·616e·6420·6e6f·7420··ackages·and·not·0003b850:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b860:·226f·7065·6e73·6869·6674·2d6b·7562·656c··"openshift-kubel0003b860:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003b870:·6574·2220·696e·2061·6e73·6962·6c65·5f66··et"·in·ansible_f0003b870:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b880:·6163·7473·2e70·6163·6b61·6765·730a·2020··acts.packages.··0003b880:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans
0003b890:·2020·290a·2020·2d20·616e·7369·626c·655f····).··-·ansible_0003b890:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...
0003b8a0:·6469·7374·7269·6275·7469·6f6e·2069·6e20··distribution·in·0003b8a0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003b8b0:·5b20·2246·6564·6f72·6122·2c20·2252·6564··[·"Fedora",·"Red0003b8b0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003b8c0:·4861·7422·2c20·2243·656e·744f·5322·2c20··Hat",·"CentOS",·0003b8c0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003b8d0:·224f·7261·636c·654c·696e·7578·2220·5d0a··"OracleLinux"·].0003b8d0:·2269·646d·3533·3630·223e·3c74·6162·6c65··"idm5360"><table
0003b8e0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS0003b8e0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
0003b8f0:·2d35·2e31·302e·342e·310a·2020·2d20·4e49··-5.10.4.1.··-·NI0003b8f0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
0003b900:·5354·2d38·3030·2d31·3731·2d33·2e33·2e38··ST-800-171-3.3.80003b900:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
0003b910:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170003b910:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
0003b920:·312d·332e·342e·310a·2020·2d20·4e49·5354··1-3.4.1.··-·NIST0003b920:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
0003b930:·2d38·3030·2d35·332d·4155·2d39·2833·290a··-800-53-AU-9(3).0003b930:·2f74·683e·3c74·643e·6869·6768·3c2f·7464··/th><td>high</td
0003b940:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b940:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di
0003b950:·434d·2d36·2863·290a·2020·2d20·4e49·5354··CM-6(c).··-·NIST0003b950:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t
0003b960:·2d38·3030·2d35·332d·434d·2d36·2864·290a··-800-53-CM-6(d).0003b960:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t
0003b970:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b970:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
0003b980:·5349·2d37·0a20·202d·204e·4953·542d·3830··SI-7.··-·NIST-800003b980:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
0003b990:·302d·3533·2d53·492d·3728·3129·0a20·202d··0-53-SI-7(1).··-0003b990:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003b9a0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003b9a0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
0003b9b0:·3728·3629·0a20·202d·2050·4349·2d44·5353··7(6).··-·PCI-DSS0003b9b0:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>
0003b9c0:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC0003b9c0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
0003b9d0:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·0003b9d0:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·
0003b9e0:·202d·2068·6967·685f·636f·6d70·6c65·7869···-·high_complexi0003b9e0:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa
0003b9f0:·7479·0a20·202d·2068·6967·685f·7365·7665··ty.··-·high_seve0003b9f0:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa
0003ba00:·7269·7479·0a20·202d·206d·6564·6975·6d5f··rity.··-·medium_0003ba00:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma
0003ba10:·6469·7372·7570·7469·6f6e·0a20·202d·206e··disruption.··-·n0003ba10:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta
0003ba20:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003ba20:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.1
0003ba30:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str0003ba30:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-8
0003ba40:·6174·6567·790a·2020·2d20·7270·6d5f·7665··ategy.··-·rpm_ve0003ba40:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-
0003ba50:·7269·6679·5f68·6173·6865·730a·0a2d·206e··rify_hashes..-·n0003ba50:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
0003ba60:·616d·653a·2027·5365·7420·6661·6374·3a20··ame:·'Set·fact:·0003ba60:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-800
0003ba70:·5061·636b·6167·6520·6d61·6e61·6765·7220··Package·manager·0003ba70:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·
0003ba80:·7265·696e·7374·616c·6c20·636f·6d6d·616e··reinstall·comman0003ba80:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
0003ba90:·6420·287a·7970·7065·7229·270a·2020·7365··d·(zypper)'.··se0003ba90:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-800
0003baa0:·745f·6661·6374·3a0a·2020·2020·7061·636b··t_fact:.····pack0003baa0:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·
0003bab0:·6167·655f·6d61·6e61·6765·725f·7265·696e··age_manager_rein0003bab0:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-7
0003bac0:·7374·616c·6c5f·636d·643a·207a·7970·7065··stall_cmd:·zyppe0003bac0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bad0:·7220·696e·202d·6620·2d79·0a20·2077·6865··r·in·-f·-y.··whe0003bad0:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS
0003bae0:·6e3a·0a20·202d·206e·6f74·2028·2022·6b65··n:.··-·not·(·"ke0003bae0:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)
0003baf0:·726e·656c·2220·696e·2061·6e73·6962·6c65··rnel"·in·ansible0003baf0:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req
0003bb00:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003bb00:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS
0003bb10:·616e·6420·2272·706d·2d6f·7374·7265·6522··and·"rpm-ostree"0003bb10:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h
0003bb20:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003bb20:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·
0003bb30:·732e·7061·636b·6167·6573·0a20·2020·2061··s.packages.····a0003bb30:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity
0003bb40:·6e64·2022·626f·6f74·6322·2069·6e20·616e··nd·"bootc"·in·an0003bb40:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr
0003bb50:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003bb50:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re
0003bb60:·6167·6573·2061·6e64·206e·6f74·2022·6f70··ages·and·not·"op0003bb60:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·
0003bb70:·656e·7368·6966·742d·6b75·6265·6c65·7422··enshift-kubelet"0003bb70:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg
0003bb80:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003bb80:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify
0003bb90:·732e·7061·636b·6167·6573·0a20·2020·2029··s.packages.····)0003bb90:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:
0003bba0:·0a20·202d·2061·6e73·6962·6c65·5f64·6973··.··-·ansible_dis0003bba0:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack
Max diff block lines reached; 17740147/17795099 bytes (99.69%) of diff not shown.
1.57 MB
html2text {}
Max HTML report size reached
10.9 MB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-standard.html
    
Offset 15091, 408 lines modifiedOffset 15091, 408 lines modified
0003af20:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003af20:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003af30:·2223·6964·6d35·3335·3922·2074·6162·696e··"#idm5359"·tabin0003af30:·2223·6964·6d35·3335·3922·2074·6162·696e··"#idm5359"·tabin
0003af40:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003af40:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003af50:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003af50:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003af60:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003af60:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003af70:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003af70:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003af80:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003af80:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003af90:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003af90:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
0003afa0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...0003afa0:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
0003afb0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003afb0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003afc0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003afc0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003afd0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003afd0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003afe0:·2269·646d·3533·3539·223e·3c74·6162·6c65··"idm5359"><table0003afe0:·6d35·3335·3922·3e3c·7072·653e·3c63·6f64··m5359"><pre><cod
0003aff0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003aff0:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
0003b000:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003b000:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
0003b010:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003b010:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
0003b020:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003b020:·6174·666f·726d·730a·6966·2021·2028·207b··atforms.if·!·(·{
0003b030:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003b030:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b040:·2f74·683e·3c74·643e·6869·6768·3c2f·7464··/th><td>high</td0003b040:·6b65·726e·656c·203b·7d20·2661·6d70·3b26··kernel·;}·&amp;&
0003b050:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di0003b050:·616d·703b·207b·2072·706d·202d·2d71·7569··amp;·{·rpm·--qui
0003b060:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003b060:·6574·202d·7120·7270·6d2d·6f73·7472·6565··et·-q·rpm-ostree
0003b070:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t0003b070:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003b080:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot0003b080:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b090:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<0003b090:·626f·6f74·6320·3b7d·2026·616d·703b·2661··bootc·;}·&amp;&a
0003b0a0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b0a0:·6d70·3b20·7b20·2120·7270·6d20·2d2d·7175··mp;·{·!·rpm·--qu
0003b0b0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><0003b0b0:·6965·7420·2d71·206f·7065·6e73·6869·6674··iet·-q·openshift
0003b0c0:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>0003b0c0:·2d6b·7562·656c·6574·203b·7d20·293b·2074··-kubelet·;}·);·t
0003b0d0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr0003b0d0:·6865·6e0a·0a23·2046·696e·6420·7768·6963··hen..#·Find·whic
0003b0e0:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·0003b0e0:·6820·6669·6c65·7320·6861·7665·2069·6e63··h·files·have·inc
0003b0f0:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa0003b0f0:·6f72·7265·6374·2068·6173·6820·286e·6f74··orrect·hash·(not
0003b100:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa0003b100:·2069·6e20·2f65·7463·2c20·6265·6361·7573···in·/etc,·becaus
0003b110:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma0003b110:·6520·6f66·2074·6865·2073·7973·7465·6d20··e·of·the·system·
0003b120:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta0003b120:·7265·6c61·7465·6420·636f·6e66·6967·2066··related·config·f
0003b130:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.10003b130:·696c·6573·2920·616e·6420·7468·656e·2067··iles)·and·then·g
0003b140:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-80003b140:·6574·2066·696c·6573·206e·616d·6573·0a66··et·files·names.f
0003b150:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-0003b150:·696c·6573·5f77·6974·685f·696e·636f·7272··iles_with_incorr
0003b160:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003b160:·6563·745f·6861·7368·3d22·2428·7270·6d20··ect_hash="$(rpm·
0003b170:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003b170:·2d56·6120·2d2d·6e6f·636f·6e66·6967·207c··-Va·--noconfig·|
0003b180:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·0003b180:·2067·7265·7020·2d45·2027·5e2e·2e35·2720···grep·-E·'^..5'·
0003b190:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003b190:·7c20·6177·6b20·277b·7072·696e·7420·244e··|·awk·'{print·$N
0003b1a0:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-8000003b1a0:·467d·2720·2922·0a0a·6966·205b·202d·6e20··F}'·)"..if·[·-n·
0003b1b0:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·0003b1b0:·2224·6669·6c65·735f·7769·7468·5f69·6e63··"$files_with_inc
0003b1c0:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003b1c0:·6f72·7265·6374·5f68·6173·6822·205d·3b20··orrect_hash"·];·
0003b1d0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b1d0:·7468·656e·0a20·2020·2023·2046·726f·6d20··then.····#·From·
0003b1e0:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS0003b1e0:·6669·6c65·7320·6e61·6d65·7320·6765·7420··files·names·get·
0003b1f0:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)0003b1f0:·7061·636b·6167·6520·6e61·6d65·7320·616e··package·names·an
0003b200:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003b200:·6420·6368·616e·6765·206e·6577·6c69·6e65··d·change·newline
0003b210:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS0003b210:·2074·6f20·7370·6163·652c·2062·6563·6175···to·space,·becau
0003b220:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h0003b220:·7365·2072·706d·2077·7269·7465·7320·6561··se·rpm·writes·ea
0003b230:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·0003b230:·6368·2070·6163·6b61·6765·2074·6f20·6e65··ch·package·to·ne
0003b240:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity0003b240:·7720·6c69·6e65·0a20·2020·2070·6163·6b61··w·line.····packa
0003b250:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003b250:·6765·735f·746f·5f72·6569·6e73·7461·6c6c··ges_to_reinstall
0003b260:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re0003b260:·3d22·2428·7270·6d20·2d71·6620·2466·696c··="$(rpm·-qf·$fil
0003b270:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003b270:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003b280:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0003b280:·745f·6861·7368·207c·2074·7220·275c·6e27··t_hash·|·tr·'\n'
0003b290:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify0003b290:·2027·2027·2922·0a0a·2020·2020·0a20·2020···'·')"..····.···
0003b2a0:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:0003b2a0:·2079·756d·2072·6569·6e73·7461·6c6c·202d···yum·reinstall·-
0003b2b0:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack0003b2b0:·7920·2470·6163·6b61·6765·735f·746f·5f72··y·$packages_to_r
0003b2c0:·6167·6520·6d61·6e61·6765·7220·7265·696e··age·manager·rein0003b2c0:·6569·6e73·7461·6c6c·0a20·2020·200a·6669··einstall.····.fi
0003b2d0:·7374·616c·6c20·636f·6d6d·616e·6427·0a20··stall·command'.·0003b2d0:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
0003b2e0:·2073·6574·5f66·6163·743a·0a20·2020·2070···set_fact:.····p0003b2e0:·616d·703b·3220·6563·686f·2027·5265·6d65··amp;2·echo·'Reme
0003b2f0:·6163·6b61·6765·5f6d·616e·6167·6572·5f72··ackage_manager_r0003b2f0:·6469·6174·696f·6e20·6973·206e·6f74·2061··diation·is·not·a
0003b300:·6569·6e73·7461·6c6c·5f63·6d64·3a20·7975··einstall_cmd:·yu0003b300:·7070·6c69·6361·626c·652c·206e·6f74·6869··pplicable,·nothi
0003b310:·6d20·7265·696e·7374·616c·6c20·2d79·0a20··m·reinstall·-y.·0003b310:·6e67·2077·6173·2064·6f6e·6527·0a66·690a··ng·was·done'.fi.
0003b320:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003b320:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
0003b330:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003b330:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
0003b340:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003b340:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
0003b350:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003b350:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
0003b360:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003b360:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b370:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003b370:·3d22·2369·646d·3533·3630·2220·7461·6269··="#idm5360"·tabi
0003b380:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003b380:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b390:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b390:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b3a0:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003b3a0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b3b0:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003b3b0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b3c0:·6c65·7422·2069·6e20·616e·7369·626c·655f··let"·in·ansible_0003b3c0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b3d0:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003b3d0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An
0003b3e0:·2020·2029·0a20·202d·2061·6e73·6962·6c65·····).··-·ansible0003b3e0:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..
0003b3f0:·5f64·6973·7472·6962·7574·696f·6e20·696e··_distribution·in0003b3f0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003b400:·205b·2022·4665·646f·7261·222c·2022·5265···[·"Fedora",·"Re0003b400:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003b410:·6448·6174·222c·2022·4365·6e74·4f53·222c··dHat",·"CentOS",0003b410:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003b420:·2022·4f72·6163·6c65·4c69·6e75·7822·205d···"OracleLinux"·]0003b420:·3d22·6964·6d35·3336·3022·3e3c·7461·626c··="idm5360"><tabl
0003b430:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003b430:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
0003b440:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N0003b440:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
0003b450:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.0003b450:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
0003b460:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-10003b460:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
0003b470:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS0003b470:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
0003b480:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)0003b480:·3c2f·7468·3e3c·7464·3e68·6967·683c·2f74··</th><td>high</t
0003b490:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b490:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
0003b4a0:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS0003b4a0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
0003b4b0:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)0003b4b0:·7464·3e6d·6564·6975·6d3c·2f74·643e·3c2f··td>medium</td></
0003b4c0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b4c0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003b4d0:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-80003b4d0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
0003b4e0:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··0003b4e0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003b4f0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003b4f0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
0003b500:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS0003b500:·3c74·643e·7265·7374·7269·6374·3c2f·7464··<td>restrict</td
0003b510:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003b510:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0003b520:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003b520:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
0003b530:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex0003b530:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
0003b540:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev0003b540:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
0003b550:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium0003b550:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
0003b560:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·0003b560:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
0003b570:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed0003b570:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
0003b580:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st0003b580:·3130·2e34·2e31·0a20·202d·204e·4953·542d··10.4.1.··-·NIST-
0003b590:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v0003b590:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··
0003b5a0:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·0003b5a0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003b5b0:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:0003b5b0:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-80
0003b5c0:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager0003b5c0:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-
0003b5d0:·2072·6569·6e73·7461·6c6c·2063·6f6d·6d61···reinstall·comma0003b5d0:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
0003b5e0:·6e64·2028·7a79·7070·6572·2927·0a20·2073··nd·(zypper)'.··s0003b5e0:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-80
0003b5f0:·6574·5f66·6163·743a·0a20·2020·2070·6163··et_fact:.····pac0003b5f0:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-
0003b600:·6b61·6765·5f6d·616e·6167·6572·5f72·6569··kage_manager_rei0003b600:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003b610:·6e73·7461·6c6c·5f63·6d64·3a20·7a79·7070··nstall_cmd:·zypp0003b610:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
0003b620:·6572·2069·6e20·2d66·202d·790a·2020·7768··er·in·-f·-y.··wh0003b620:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI
0003b630:·656e·3a0a·2020·2d20·6e6f·7420·2820·226b··en:.··-·not·(·"k0003b630:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(6
0003b640:·6572·6e65·6c22·2069·6e20·616e·7369·626c··ernel"·in·ansibl0003b640:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re
0003b650:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003b650:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D
0003b660:·2061·6e64·2022·7270·6d2d·6f73·7472·6565···and·"rpm-ostree0003b660:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·
0003b670:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b670:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.
0003b680:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003b680:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit
0003b690:·616e·6420·2262·6f6f·7463·2220·696e·2061··and·"bootc"·in·a0003b690:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis
0003b6a0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003b6a0:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r
0003b6b0:·6b61·6765·7320·616e·6420·6e6f·7420·226f··kages·and·not·"o0003b6b0:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-
0003b6c0:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet0003b6c0:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate
0003b6d0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b6d0:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif
0003b6e0:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003b6e0:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name
0003b6f0:·290a·2020·2d20·616e·7369·626c·655f·6469··).··-·ansible_di0003b6f0:·3a20·2753·6574·2066·6163·743a·2050·6163··:·'Set·fact:·Pac
Max diff block lines reached; 10597698/10652650 bytes (99.48%) of diff not shown.
771 KB
html2text {}
    
Offset 93, 14 lines modifiedOffset 93, 33 lines modified
93 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.693 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
94 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.494 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
95 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)95 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
96 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-196 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
97 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.597 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
98 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-0022798 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
99 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.299 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 100 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 101 #·Remediation·is·applicable·only·in·certain·platforms
 102 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 103 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 104 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 105 if·[·-n·"$files_with_incorrect_hash"·];·then
 106 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 107 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 108 ····yum·reinstall·-y·$packages_to_reinstall
  
 109 fi
  
 110 else
 111 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 112 fi
100 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8113 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
101 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high114 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
102 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium115 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
103 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false116 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
104 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict117 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
105 -·name:·Gather·the·package·facts118 -·name:·Gather·the·package·facts
106 ··package_facts:119 ··package_facts:
Offset 267, 33 lines modifiedOffset 286, 14 lines modified
267 ··-·PCI-DSSv4-11.5.2286 ··-·PCI-DSSv4-11.5.2
268 ··-·high_complexity287 ··-·high_complexity
269 ··-·high_severity288 ··-·high_severity
270 ··-·medium_disruption289 ··-·medium_disruption
271 ··-·no_reboot_needed290 ··-·no_reboot_needed
272 ··-·restrict_strategy291 ··-·restrict_strategy
273 ··-·rpm_verify_hashes292 ··-·rpm_verify_hashes
274 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
275 #·Remediation·is·applicable·only·in·certain·platforms 
276 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
277 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
278 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
279 if·[·-n·"$files_with_incorrect_hash"·];·then 
280 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
281 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
282 ····yum·reinstall·-y·$packages_to_reinstall 
  
283 fi 
  
284 else 
285 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
286 fi 
287 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*293 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
288 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:294 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
289 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'295 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
290 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:296 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
291 $·rpm·-qf·FILENAME297 $·rpm·-qf·FILENAME
  
292 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:298 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 314, 14 lines modifiedOffset 314, 50 lines modified
314 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5314 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
315 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2315 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
316 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)316 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
317 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1317 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
318 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5318 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
319 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108319 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
320 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2320 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 321 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 322 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 323 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 324 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 325 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 326 #·Remediation·is·applicable·only·in·certain·platforms
 327 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 328 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 329 declare·-A·SETPERMS_RPM_DICT
  
 330 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 331 #·is·expected·by·the·RPM·database
 332 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 333 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 334 do
 335 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 336 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 337 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 338 ········do
 339 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 340 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 341 ········done
 342 done
  
 343 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 344 #·correct·values
 345 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 346 do
 347 »       rpm·--restore·"${RPM_PACKAGE}"
 348 done
  
 349 else
 350 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 351 fi
321 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8352 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
322 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high353 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
323 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium354 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
324 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false355 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
325 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict356 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
326 -·name:·Gather·the·package·facts357 -·name:·Gather·the·package·facts
327 ··package_facts:358 ··package_facts:
Offset 433, 50 lines modifiedOffset 469, 14 lines modified
433 ··-·PCI-DSSv4-11.5.2469 ··-·PCI-DSSv4-11.5.2
434 ··-·high_complexity470 ··-·high_complexity
435 ··-·high_severity471 ··-·high_severity
436 ··-·medium_disruption472 ··-·medium_disruption
437 ··-·no_reboot_needed473 ··-·no_reboot_needed
438 ··-·restrict_strategy474 ··-·restrict_strategy
439 ··-·rpm_verify_permissions475 ··-·rpm_verify_permissions
440 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 781274/789356 bytes (98.98%) of diff not shown.
30.1 MB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-stig.html
    
Offset 15083, 221 lines modifiedOffset 15083, 221 lines modified
0003aea0:·6765·743d·2223·6964·6d35·3639·3622·2074··get="#idm5696"·t0003aea0:·6765·743d·2223·6964·6d35·3639·3622·2074··get="#idm5696"·t
0003aeb0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003aeb0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003aec0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003aec0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003aed0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003aed0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003aee0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003aee0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003aef0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003aef0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003af00:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003af00:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
 0003af10:·2050·7570·7065·7420·736e·6970·7065·7420···Puppet·snippet·
0003af10:·2041·6e61·636f·6e64·6120·736e·6970·7065···Anaconda·snippe 
0003af20:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003af30:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003af40:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003af50:·2220·6964·3d22·6964·6d35·3639·3622·3e3c··"·id="idm5696">< 
0003af60:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003af70:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003af80:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003af90:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003afa0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003afb0:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003afc0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003afd0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003afe0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003aff0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b000:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b010:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b020:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b030:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b040:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b050:·3e3c·636f·6465·3e0a·7061·636b·6167·6520··><code>.package· 
0003b060:·2d2d·6164·643d·6169·6465·0a3c·2f63·6f64··--add=aide.</cod 
0003b070:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003b080:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003b090:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003b0a0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003b0b0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003b0c0:·6d35·3639·3722·2074·6162·696e·6465·783d··m5697"·tabindex= 
0003b0d0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003b0e0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003b0f0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003b100:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003b110:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003b120:·6564·6961·7469·6f6e·2050·7570·7065·7420··ediation·Puppet· 
0003b130:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003b140:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b150:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b160:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5 
0003b170:·3639·3722·3e3c·7461·626c·6520·636c·6173··697"><table·clas 
0003b180:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003b190:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003b1a0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003b1b0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003b1c0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003b1d0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b1e0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b1f0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b200:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b210:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b220:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b230:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b240:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b250:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b260:·653e·3c70·7265·3e3c·636f·6465·3e69·6e63··e><pre><code>inc 
0003b270:·6c75·6465·2069·6e73·7461·6c6c·5f61·6964··lude·install_aid 
0003b280:·650a·0a63·6c61·7373·2069·6e73·7461·6c6c··e..class·install 
0003b290:·5f61·6964·6520·7b0a·2020·7061·636b·6167··_aide·{.··packag 
0003b2a0:·6520·7b20·2761·6964·6527·3a0a·2020·2020··e·{·'aide':.···· 
0003b2b0:·656e·7375·7265·203d·2667·743b·2027·696e··ensure·=&gt;·'in 
0003b2c0:·7374·616c·6c65·6427·2c0a·2020·7d0a·7d0a··stalled',.··}.}. 
0003b2d0:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003b2e0:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003b2f0:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003b300:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003b310:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003b320:·3d22·2369·646d·3536·3938·2220·7461·6269··="#idm5698"·tabi 
0003b330:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003b340:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003b350:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003b360:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003b370:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003b380:·223e·5265·6d65·6469·6174·696f·6e20·4f53··">Remediation·OS 
0003b390:·4275·696c·6420·426c·7565·7072·696e·7420··Build·Blueprint· 
0003b3a0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003b3b0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b3c0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b3d0:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5 
0003b3e0:·3639·3822·3e3c·7072·653e·3c63·6f64·653e··698"><pre><code> 
0003b3f0:·0a5b·5b70·6163·6b61·6765·735d·5d0a·6e61··.[[packages]].na 
0003b400:·6d65·203d·2022·6169·6465·220a·7665·7273··me·=·"aide".vers 
0003b410:·696f·6e20·3d20·222a·220a·3c2f·636f·6465··ion·=·"*".</code 
0003b420:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b430:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b440:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b450:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b460:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b470:·3536·3939·2220·7461·6269·6e64·6578·3d22··5699"·tabindex=" 
0003b480:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b490:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b4a0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b4b0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b4c0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b4d0:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible· 
0003b4e0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003b4f0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b500:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b510:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5 
0003b520:·3639·3922·3e3c·7461·626c·6520·636c·6173··699"><table·clas 
0003b530:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003b540:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003b550:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003b560:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003b570:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003b580:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b590:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b5a0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b5b0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b5c0:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b5d0:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b5e0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b5f0:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b600:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b610:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n 
0003b620:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the· 
0003b630:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.·· 
0003b640:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.· 
0003b650:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto 
0003b660:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI 
0003b670:·532d·352e·3130·2e31·2e33·0a20·202d·2044··S-5.10.1.3.··-·D 
Max diff block lines reached; 29166549/29195695 bytes (99.90%) of diff not shown.
2.3 MB
html2text {}
Max HTML report size reached
30.0 MB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-stig_gui.html
    
Offset 15101, 221 lines modifiedOffset 15101, 221 lines modified
0003afc0:·7461·7267·6574·3d22·2369·646d·3536·3936··target="#idm56960003afc0:·7461·7267·6574·3d22·2369·646d·3536·3936··target="#idm5696
0003afd0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003afd0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003afe0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003afe0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003aff0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003aff0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003b000:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003b000:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003b010:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003b010:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003b020:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003b020:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
 0003b030:·696f·6e20·5075·7070·6574·2073·6e69·7070··ion·Puppet·snipp
0003b030:·696f·6e20·416e·6163·6f6e·6461·2073·6e69··ion·Anaconda·sni 
0003b040:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b050:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b060:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b070:·7073·6522·2069·643d·2269·646d·3536·3936··pse"·id="idm5696 
0003b080:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003b090:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003b0a0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003b0b0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003b0c0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003b0d0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003b0e0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b0f0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003b100:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b110:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003b120:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003b130:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003b140:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003b150:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003b160:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003b170:·7072·653e·3c63·6f64·653e·0a70·6163·6b61··pre><code>.packa 
0003b180:·6765·202d·2d61·6464·3d61·6964·650a·3c2f··ge·--add=aide.</ 
0003b190:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003b1a0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003b1b0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003b1c0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003b1d0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003b1e0:·2369·646d·3536·3937·2220·7461·6269·6e64··#idm5697"·tabind 
0003b1f0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003b200:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003b210:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003b220:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003b230:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003b240:·5265·6d65·6469·6174·696f·6e20·5075·7070··Remediation·Pupp 
0003b250:·6574·2073·6e69·7070·6574·20e2·87b2·3c2f··et·snippet·...</ 
0003b260:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b270:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b280:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b290:·646d·3536·3937·223e·3c74·6162·6c65·2063··dm5697"><table·c 
0003b2a0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003b2b0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003b2c0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003b2d0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003b2e0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003b2f0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b300:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003b310:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003b320:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b330:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003b340:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003b350:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b360:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003b370:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003b380:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003b390:·696e·636c·7564·6520·696e·7374·616c·6c5f··include·install_ 
0003b3a0:·6169·6465·0a0a·636c·6173·7320·696e·7374··aide..class·inst 
0003b3b0:·616c·6c5f·6169·6465·207b·0a20·2070·6163··all_aide·{.··pac 
0003b3c0:·6b61·6765·207b·2027·6169·6465·273a·0a20··kage·{·'aide':.· 
0003b3d0:·2020·2065·6e73·7572·6520·3d26·6774·3b20·····ensure·=&gt;· 
0003b3e0:·2769·6e73·7461·6c6c·6564·272c·0a20·207d··'installed',.··} 
0003b3f0:·0a7d·0a3c·2f63·6f64·653e·3c2f·7072·653e··.}.</code></pre> 
0003b400:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003b410:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003b420:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003b430:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003b440:·6765·743d·2223·6964·6d35·3639·3822·2074··get="#idm5698"·t 
0003b450:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003b460:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003b470:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003b480:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003b490:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003b4a0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003b4b0:·204f·5342·7569·6c64·2042·6c75·6570·7269···OSBuild·Bluepri 
0003b4c0:·6e74·2073·6e69·7070·6574·20e2·87b2·3c2f··nt·snippet·...</ 
0003b4d0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b4e0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b4f0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b500:·646d·3536·3938·223e·3c70·7265·3e3c·636f··dm5698"><pre><co 
0003b510:·6465·3e0a·5b5b·7061·636b·6167·6573·5d5d··de>.[[packages]] 
0003b520:·0a6e·616d·6520·3d20·2261·6964·6522·0a76··.name·=·"aide".v 
0003b530:·6572·7369·6f6e·203d·2022·2a22·0a3c·2f63··ersion·=·"*".</c 
0003b540:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b550:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b560:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b570:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b580:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b590:·6964·6d35·3639·3922·2074·6162·696e·6465··idm5699"·tabinde 
0003b5a0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b5b0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b5c0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b5d0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b5e0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b5f0:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib 
0003b600:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</ 
0003b610:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b620:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b630:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b640:·646d·3536·3939·223e·3c74·6162·6c65·2063··dm5699"><table·c 
0003b650:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003b660:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003b670:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003b680:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003b690:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003b6a0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b6b0:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003b6c0:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003b6d0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b6e0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003b6f0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003b700:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b710:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003b720:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003b730:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003b740:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t 
0003b750:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts 
0003b760:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts 
0003b770:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a 
0003b780:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-· 
0003b790:·434a·4953·2d35·2e31·302e·312e·330a·2020··CJIS-5.10.1.3.·· 
Max diff block lines reached; 29041815/29070961 bytes (99.90%) of diff not shown.
2.28 MB
html2text {}
Max HTML report size reached
22.4 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-anssi_bp28_enhanced.html
    
Offset 15037, 218 lines modifiedOffset 15037, 218 lines modified
0003abc0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003abc0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003abd0:·646d·3632·3739·2220·7461·6269·6e64·6578··dm6279"·tabindex0003abd0:·646d·3632·3739·2220·7461·6269·6e64·6578··dm6279"·tabindex
0003abe0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003abe0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003abf0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003abf0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003ac00:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003ac00:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003ac10:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003ac10:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003ac20:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003ac20:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003ac30:·6d65·6469·6174·696f·6e20·416e·6163·6f6e··mediation·Anacon0003ac30:·6d65·6469·6174·696f·6e20·5075·7070·6574··mediation·Puppet
0003ac40:·6461·2073·6e69·7070·6574·20e2·87b2·3c2f··da·snippet·...</0003ac40:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>
0003ac50:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0003ac50:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003ac60:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0003ac60:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003ac70:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0003ac70:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003ac80:·646d·3632·3739·223e·3c74·6162·6c65·2063··dm6279"><table·c0003ac80:·3632·3739·223e·3c74·6162·6c65·2063·6c61··6279"><table·cla
0003ac90:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl0003ac90:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
0003aca0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-0003aca0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
0003acb0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c0003acb0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
0003acc0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t0003acc0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
0003acd0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t0003acd0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003ace0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></0003ace0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
0003acf0:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru0003acf0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
0003ad00:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l0003ad00:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low
0003ad10:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>0003ad10:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003ad20:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>0003ad20:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
0003ad30:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></0003ad30:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
0003ad40:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat0003ad40:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
0003ad50:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena0003ad50:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl
0003ad60:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t0003ad60:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
0003ad70:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>0003ad70:·6c65·3e3c·7072·653e·3c63·6f64·653e·696e··le><pre><code>in
0003ad80:·0a70·6163·6b61·6765·202d·2d61·6464·3d61··.package·--add=a 
0003ad90:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre 
0003ada0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003adb0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003adc0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003add0:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003ade0:·7267·6574·3d22·2369·646d·3632·3830·2220··rget="#idm6280"· 
0003adf0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003ae00:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003ae10:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003ae20:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003ae30:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003ae40:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003ae50:·6e20·5075·7070·6574·2073·6e69·7070·6574··n·Puppet·snippet 
0003ae60:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003ae70:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003ae80:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003ae90:·2069·643d·2269·646d·3632·3830·223e·3c74···id="idm6280"><t 
0003aea0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003aeb0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003aec0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003aed0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003aee0:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003aef0:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003af00:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003af10:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th0003ad80:·636c·7564·6520·696e·7374·616c·6c5f·6169··clude·install_ai
 0003ad90:·6465·0a0a·636c·6173·7320·696e·7374·616c··de..class·instal
 0003ada0:·6c5f·6169·6465·207b·0a20·2070·6163·6b61··l_aide·{.··packa
 0003adb0:·6765·207b·2027·6169·6465·273a·0a20·2020··ge·{·'aide':.···
 0003adc0:·2065·6e73·7572·6520·3d26·6774·3b20·2769···ensure·=&gt;·'i
 0003add0:·6e73·7461·6c6c·6564·272c·0a20·207d·0a7d··nstalled',.··}.}
 0003ade0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
 0003adf0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
 0003ae00:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
 0003ae10:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
 0003ae20:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
 0003ae30:·743d·2223·6964·6d36·3238·3022·2074·6162··t="#idm6280"·tab
 0003ae40:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
 0003ae50:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
 0003ae60:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
 0003ae70:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
 0003ae80:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
 0003ae90:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
 0003aea0:·6865·6c6c·2073·6372·6970·7420·e287·b23c··hell·script·...<
 0003aeb0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003aec0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003aed0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003aee0:·6964·6d36·3238·3022·3e3c·7461·626c·6520··idm6280"><table·
 0003aef0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 0003af00:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 0003af10:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 0003af20:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 0003af30:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
0003af20:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t0003af40:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
0003af30:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003af40:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<0003af50:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 0003af60:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
0003af50:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003af70:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
0003af60:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003af70:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003af80:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003af90:·3c63·6f64·653e·696e·636c·7564·6520·696e··<code>include·in 
0003afa0:·7374·616c·6c5f·6169·6465·0a0a·636c·6173··stall_aide..clas 
0003afb0:·7320·696e·7374·616c·6c5f·6169·6465·207b··s·install_aide·{ 
0003afc0:·0a20·2070·6163·6b61·6765·207b·2027·6169··.··package·{·'ai 
0003afd0:·6465·273a·0a20·2020·2065·6e73·7572·6520··de':.····ensure· 
0003afe0:·3d26·6774·3b20·2769·6e73·7461·6c6c·6564··=&gt;·'installed 
0003aff0:·272c·0a20·207d·0a7d·0a3c·2f63·6f64·653e··',.··}.}.</code> 
0003b000:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003b010:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su0003af80:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 0003af90:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 0003afa0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 0003afb0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
 0003afc0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
 0003afd0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
 0003afe0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
 0003aff0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
 0003b000:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
 0003b010:·7466·6f72·6d73·0a69·6620·7270·6d20·2d2d··tforms.if·rpm·--
 0003b020:·7175·6965·7420·2d71·206b·6572·6e65·6c20··quiet·-q·kernel·
 0003b030:·7c7c·2072·706d·202d·2d71·7569·6574·202d··||·rpm·--quiet·-
 0003b040:·7120·6b65·726e·656c·2d75·656b·3b20·7468··q·kernel-uek;·th
 0003b050:·656e·0a0a·6966·2021·2072·706d·202d·7120··en..if·!·rpm·-q·
 0003b060:·2d2d·7175·6965·7420·2261·6964·6522·203b··--quiet·"aide"·;
 0003b070:·2074·6865·6e0a·2020·2020·7975·6d20·696e···then.····yum·in
 0003b080:·7374·616c·6c20·2d79·2022·6169·6465·220a··stall·-y·"aide".
 0003b090:·6669·0a0a·656c·7365·0a20·2020·2026·6774··fi..else.····&gt
 0003b0a0:·3b26·616d·703b·3220·6563·686f·2027·5265··;&amp;2·echo·'Re
 0003b0b0:·6d65·6469·6174·696f·6e20·6973·206e·6f74··mediation·is·not
 0003b0c0:·2061·7070·6c69·6361·626c·652c·206e·6f74···applicable,·not
 0003b0d0:·6869·6e67·2077·6173·2064·6f6e·6527·0a66··hing·was·done'.f
 0003b0e0:·690a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··i.</code></pre><
 0003b0f0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b
 0003b100:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"·
 0003b110:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col
0003b020:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg0003b120:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ
 0003b130:·6574·3d22·2369·646d·3632·3831·2220·7461··et="#idm6281"·ta
 0003b140:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
 0003b150:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
Max diff block lines reached; 21551400/21580132 bytes (99.87%) of diff not shown.
1.83 MB
html2text {}
Max HTML report size reached
22.7 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-anssi_bp28_high.html
    
Offset 15042, 218 lines modifiedOffset 15042, 218 lines modified
0003ac10:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003ac10:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003ac20:·2223·6964·6d36·3237·3922·2074·6162·696e··"#idm6279"·tabin0003ac20:·2223·6964·6d36·3237·3922·2074·6162·696e··"#idm6279"·tabin
0003ac30:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003ac30:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003ac40:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003ac40:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003ac50:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003ac50:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003ac60:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003ac60:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003ac70:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003ac70:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003ac80:·3e52·656d·6564·6961·7469·6f6e·2041·6e61··>Remediation·Ana0003ac80:·3e52·656d·6564·6961·7469·6f6e·2050·7570··>Remediation·Pup
0003ac90:·636f·6e64·6120·736e·6970·7065·7420·e287··conda·snippet·..0003ac90:·7065·7420·736e·6970·7065·7420·e287·b23c··pet·snippet·...<
0003aca0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl0003aca0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
0003acb0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla0003acb0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
0003acc0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id0003acc0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
0003acd0:·3d22·6964·6d36·3237·3922·3e3c·7461·626c··="idm6279"><tabl0003acd0:·6964·6d36·3237·3922·3e3c·7461·626c·6520··idm6279"><table·
0003ace0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t0003ace0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
0003acf0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab0003acf0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
0003ad00:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl0003ad00:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
0003ad10:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr0003ad10:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
0003ad20:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:0003ad20:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
0003ad30:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td0003ad30:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
0003ad40:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di0003ad40:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
0003ad50:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003ad50:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
0003ad60:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><0003ad60:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
0003ad70:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</0003ad70:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
0003ad80:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td0003ad80:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
0003ad90:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St0003ad90:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
0003ada0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>0003ada0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
0003adb0:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr>0003adb0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
0003adc0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co0003adc0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
0003add0:·6465·3e0a·7061·636b·6167·6520·2d2d·6164··de>.package·--ad 
0003ade0:·643d·6169·6465·0a3c·2f63·6f64·653e·3c2f··d=aide.</code></ 
0003adf0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003ae00:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003ae10:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003ae20:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003ae30:·2d74·6172·6765·743d·2223·6964·6d36·3238··-target="#idm628 
0003ae40:·3022·2074·6162·696e·6465·783d·2230·2220··0"·tabindex="0"· 
0003ae50:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003ae60:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003ae70:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003ae80:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003ae90:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003aea0:·7469·6f6e·2050·7570·7065·7420·736e·6970··tion·Puppet·snip 
0003aeb0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003aec0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003aed0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003aee0:·7365·2220·6964·3d22·6964·6d36·3238·3022··se"·id="idm6280" 
0003aef0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t 
0003af00:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip 
0003af10:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere 
0003af20:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003af30:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl 
0003af40:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l 
0003af50:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003af60:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<0003add0:·3e69·6e63·6c75·6465·2069·6e73·7461·6c6c··>include·install
 0003ade0:·5f61·6964·650a·0a63·6c61·7373·2069·6e73··_aide..class·ins
 0003adf0:·7461·6c6c·5f61·6964·6520·7b0a·2020·7061··tall_aide·{.··pa
 0003ae00:·636b·6167·6520·7b20·2761·6964·6527·3a0a··ckage·{·'aide':.
 0003ae10:·2020·2020·656e·7375·7265·203d·2667·743b······ensure·=&gt;
 0003ae20:·2027·696e·7374·616c·6c65·6427·2c0a·2020···'installed',.··
 0003ae30:·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70·7265··}.}.</code></pre
 0003ae40:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class=
 0003ae50:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success
 0003ae60:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c
 0003ae70:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta
 0003ae80:·7267·6574·3d22·2369·646d·3632·3830·2220··rget="#idm6280"·
 0003ae90:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
 0003aea0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
 0003aeb0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
 0003aec0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
 0003aed0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
 0003aee0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
 0003aef0:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
 0003af00:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
 0003af10:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
 0003af20:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
 0003af30:·643d·2269·646d·3632·3830·223e·3c74·6162··d="idm6280"><tab
 0003af40:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 0003af50:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 0003af60:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 0003af70:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 0003af80:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
0003af70:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>0003af90:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003afa0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003afb0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
 0003afc0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003afd0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003afe0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
0003af80:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb0003aff0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
0003af90:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal 
0003afa0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr> 
0003afb0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t 
0003afc0:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td 
0003afd0:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p 
0003afe0:·7265·3e3c·636f·6465·3e69·6e63·6c75·6465··re><code>include 
0003aff0:·2069·6e73·7461·6c6c·5f61·6964·650a·0a63···install_aide..c 
0003b000:·6c61·7373·2069·6e73·7461·6c6c·5f61·6964··lass·install_aid 
0003b010:·6520·7b0a·2020·7061·636b·6167·6520·7b20··e·{.··package·{· 
0003b020:·2761·6964·6527·3a0a·2020·2020·656e·7375··'aide':.····ensu 
0003b030:·7265·203d·2667·743b·2027·696e·7374·616c··re·=&gt;·'instal 
0003b040:·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f·636f··led',.··}.}.</co 
0003b050:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003b060:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003b070:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003b080:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"0003b000:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003b010:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr
 0003b020:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
 0003b030:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
 0003b040:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
 0003b050:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
 0003b060:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm
 0003b070:·202d·2d71·7569·6574·202d·7120·6b65·726e···--quiet·-q·kern
 0003b080:·656c·207c·7c20·7270·6d20·2d2d·7175·6965··el·||·rpm·--quie
 0003b090:·7420·2d71·206b·6572·6e65·6c2d·7565·6b3b··t·-q·kernel-uek;
 0003b0a0:·2074·6865·6e0a·0a69·6620·2120·7270·6d20···then..if·!·rpm·
 0003b0b0:·2d71·202d·2d71·7569·6574·2022·6169·6465··-q·--quiet·"aide
 0003b0c0:·2220·3b20·7468·656e·0a20·2020·2079·756d··"·;·then.····yum
 0003b0d0:·2069·6e73·7461·6c6c·202d·7920·2261·6964···install·-y·"aid
 0003b0e0:·6522·0a66·690a·0a65·6c73·650a·2020·2020··e".fi..else.····
 0003b0f0:·2667·743b·2661·6d70·3b32·2065·6368·6f20··&gt;&amp;2·echo·
 0003b100:·2752·656d·6564·6961·7469·6f6e·2069·7320··'Remediation·is·
 0003b110:·6e6f·7420·6170·706c·6963·6162·6c65·2c20··not·applicable,·
 0003b120:·6e6f·7468·696e·6720·7761·7320·646f·6e65··nothing·was·done
 0003b130:·270a·6669·0a3c·2f63·6f64·653e·3c2f·7072··'.fi.</code></pr
 0003b140:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class
 0003b150:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes
0003b090:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003b160:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="
0003b0a0:·646d·3632·3831·2220·7461·6269·6e64·6578··dm6281"·tabindex 
Max diff block lines reached; 21856127/21884859 bytes (99.87%) of diff not shown.
1.87 MB
html2text {}
Max HTML report size reached
10.3 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-anssi_bp28_intermediary.html
    
Offset 15033, 218 lines modifiedOffset 15033, 218 lines modified
0003ab80:·7461·2d74·6172·6765·743d·2223·6964·6d36··ta-target="#idm60003ab80:·7461·2d74·6172·6765·743d·2223·6964·6d36··ta-target="#idm6
0003ab90:·3237·3922·2074·6162·696e·6465·783d·2230··279"·tabindex="00003ab90:·3237·3922·2074·6162·696e·6465·783d·2230··279"·tabindex="0
0003aba0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·0003aba0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003abb0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f0003abb0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003abc0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act0003abc0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003abd0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"0003abd0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
0003abe0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed0003abe0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
0003abf0:·6961·7469·6f6e·2041·6e61·636f·6e64·6120··iation·Anaconda·0003abf0:·6961·7469·6f6e·2050·7570·7065·7420·736e··iation·Puppet·sn
0003ac00:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003ac00:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br
0003ac10:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003ac10:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003ac20:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003ac20:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003ac30:·6c6c·6170·7365·2220·6964·3d22·6964·6d36··llapse"·id="idm60003ac30:·6170·7365·2220·6964·3d22·6964·6d36·3237··apse"·id="idm627
0003ac40:·3237·3922·3e3c·7461·626c·6520·636c·6173··279"><table·clas0003ac40:·3922·3e3c·7461·626c·6520·636c·6173·733d··9"><table·class=
0003ac50:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s0003ac50:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
0003ac60:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor0003ac60:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
0003ac70:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond0003ac70:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
0003ac80:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C0003ac80:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
0003ac90:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><0003ac90:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
0003aca0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>0003aca0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
0003acb0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti0003acb0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003acc0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<0003acc0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
0003acd0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003acd0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
0003ace0:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td0003ace0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
0003acf0:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>0003acf0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
0003ad00:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy0003ad00:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0003ad10:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable0003ad10:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
0003ad20:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl0003ad20:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
0003ad30:·653e·3c70·7265·3e3c·636f·6465·3e0a·7061··e><pre><code>.pa0003ad30:·3c70·7265·3e3c·636f·6465·3e69·6e63·6c75··<pre><code>inclu
0003ad40:·636b·6167·6520·2d2d·6164·643d·6169·6465··ckage·--add=aide 
0003ad50:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003ad60:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003ad70:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003ad80:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003ad90:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
0003ada0:·743d·2223·6964·6d36·3238·3022·2074·6162··t="#idm6280"·tab 
0003adb0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003adc0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003add0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003ade0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003adf0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003ae00:·2122·3e52·656d·6564·6961·7469·6f6e·2050··!">Remediation·P 
0003ae10:·7570·7065·7420·736e·6970·7065·7420·e287··uppet·snippet·.. 
0003ae20:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003ae30:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla0003ad40:·6465·2069·6e73·7461·6c6c·5f61·6964·650a··de·install_aide.
 0003ad50:·0a63·6c61·7373·2069·6e73·7461·6c6c·5f61··.class·install_a
 0003ad60:·6964·6520·7b0a·2020·7061·636b·6167·6520··ide·{.··package·
 0003ad70:·7b20·2761·6964·6527·3a0a·2020·2020·656e··{·'aide':.····en
 0003ad80:·7375·7265·203d·2667·743b·2027·696e·7374··sure·=&gt;·'inst
 0003ad90:·616c·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f··alled',.··}.}.</
 0003ada0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div
 0003adb0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b
 0003adc0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data
 0003add0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps
 0003ade0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
 0003adf0:·2369·646d·3632·3830·2220·7461·6269·6e64··#idm6280"·tabind
 0003ae00:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
 0003ae10:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
 0003ae20:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
 0003ae30:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
 0003ae40:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
 0003ae50:·5265·6d65·6469·6174·696f·6e20·5368·656c··Remediation·Shel
 0003ae60:·6c20·7363·7269·7074·20e2·87b2·3c2f·613e··l·script·...</a>
 0003ae70:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003ae40:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id0003ae80:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
 0003ae90:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
 0003aea0:·3632·3830·223e·3c74·6162·6c65·2063·6c61··6280"><table·cla
 0003aeb0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
 0003aec0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
 0003aed0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
 0003aee0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
 0003aef0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003ae50:·3d22·6964·6d36·3238·3022·3e3c·7461·626c··="idm6280"><tabl 
0003ae60:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003ae70:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003ae80:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003ae90:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003aea0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003aeb0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003aec0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003aed0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003aee0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><0003af00:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
0003aef0:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003af00:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td0003af10:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
 0003af20:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low
0003af10:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St0003af30:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003af20:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003af30:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003af40:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003af50:·6465·3e69·6e63·6c75·6465·2069·6e73·7461··de>include·insta 
0003af60:·6c6c·5f61·6964·650a·0a63·6c61·7373·2069··ll_aide..class·i 
0003af70:·6e73·7461·6c6c·5f61·6964·6520·7b0a·2020··nstall_aide·{.·· 
0003af80:·7061·636b·6167·6520·7b20·2761·6964·6527··package·{·'aide' 
0003af90:·3a0a·2020·2020·656e·7375·7265·203d·2667··:.····ensure·=&g 
0003afa0:·743b·2027·696e·7374·616c·6c65·6427·2c0a··t;·'installed',. 
0003afb0:·2020·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70····}.}.</code></p 
0003afc0:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003afd0:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe0003af40:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
 0003af50:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
 0003af60:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
 0003af70:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl
 0003af80:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
 0003af90:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
 0003afa0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
 0003afb0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
 0003afc0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
 0003afd0:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
 0003afe0:·6574·202d·7120·6b65·726e·656c·207c·7c20··et·-q·kernel·||·
 0003aff0:·7270·6d20·2d2d·7175·6965·7420·2d71·206b··rpm·--quiet·-q·k
 0003b000:·6572·6e65·6c2d·7565·6b3b·2074·6865·6e0a··ernel-uek;·then.
 0003b010:·0a69·6620·2120·7270·6d20·2d71·202d·2d71··.if·!·rpm·-q·--q
 0003b020:·7569·6574·2022·6169·6465·2220·3b20·7468··uiet·"aide"·;·th
 0003b030:·656e·0a20·2020·2079·756d·2069·6e73·7461··en.····yum·insta
 0003b040:·6c6c·202d·7920·2261·6964·6522·0a66·690a··ll·-y·"aide".fi.
 0003b050:·0a65·6c73·650a·2020·2020·2667·743b·2661··.else.····&gt;&a
 0003b060:·6d70·3b32·2065·6368·6f20·2752·656d·6564··mp;2·echo·'Remed
 0003b070:·6961·7469·6f6e·2069·7320·6e6f·7420·6170··iation·is·not·ap
 0003b080:·706c·6963·6162·6c65·2c20·6e6f·7468·696e··plicable,·nothin
 0003b090:·6720·7761·7320·646f·6e65·270a·6669·0a3c··g·was·done'.fi.<
 0003b0a0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
 0003b0b0:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
 0003b0c0:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
 0003b0d0:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
0003afe0:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle=0003b0e0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
 0003b0f0:·2223·6964·6d36·3238·3122·2074·6162·696e··"#idm6281"·tabin
 0003b100:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
 0003b110:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
 0003b120:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
Max diff block lines reached; 9762789/9791521 bytes (99.71%) of diff not shown.
1.0 MB
html2text {}
    
Offset 112, 38 lines modifiedOffset 112, 41 lines modified
112 ···························A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.14.2.7,·A.15.2.1,·A.8.2.3112 ···························A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.14.2.7,·A.15.2.1,·A.8.2.3
113 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)113 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
114 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3114 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
116 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199116 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
117 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79117 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
118 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2118 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
124 package·--add=aide 
125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
126 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
127 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
128 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
129 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
130 include·install_aide124 include·install_aide
  
131 class·install_aide·{125 class·install_aide·{
132 ··package·{·'aide':126 ··package·{·'aide':
133 ····ensure·=>·'installed',127 ····ensure·=>·'installed',
134 ··}128 ··}
135 }129 }
136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 131 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 132 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 133 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 134 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 135 #·Remediation·is·applicable·only·in·certain·platforms
 136 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then
  
137 [[packages]] 
138 name·=·"aide" 
139 version·=·"*"137 if·!·rpm·-q·--quiet·"aide"·;·then
 138 ····yum·install·-y·"aide"
 139 fi
  
 140 else
 141 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 142 fi
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
145 -·name:·Gather·the·package·facts148 -·name:·Gather·the·package·facts
146 ··package_facts:149 ··package_facts:
Offset 172, 29 lines modifiedOffset 175, 26 lines modified
172 ··-·PCI-DSSv4-11.5.2175 ··-·PCI-DSSv4-11.5.2
173 ··-·enable_strategy176 ··-·enable_strategy
174 ··-·low_complexity177 ··-·low_complexity
175 ··-·low_disruption178 ··-·low_disruption
176 ··-·medium_severity179 ··-·medium_severity
177 ··-·no_reboot_needed180 ··-·no_reboot_needed
178 ··-·package_aide_installed181 ··-·package_aide_installed
 182 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 183 [[packages]]
 184 name·=·"aide"
 185 version·=·"*"
179 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
180 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low187 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
181 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low188 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
182 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false189 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
183 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable190 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
184 #·Remediation·is·applicable·only·in·certain·platforms 
185 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then 
  
186 if·!·rpm·-q·--quiet·"aide"·;·then 
187 ····yum·install·-y·"aide" 
188 fi 
  
 191 package·--add=aide
189 else 
190 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
191 fi 
192 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*192 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
193 Run·the·following·command·to·generate·a·new·database:193 Run·the·following·command·to·generate·a·new·database:
194 $·sudo·/usr/sbin/aide·--init194 $·sudo·/usr/sbin/aide·--init
195 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the195 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the
196 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these196 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these
197 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their197 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
198 integrity.·The·newly-generated·database·can·be·installed·as·follows:198 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 218, 14 lines modifiedOffset 218, 28 lines modified
218 ···························A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.14.2.7,·A.15.2.1,·A.8.2.3218 ···························A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.14.2.7,·A.15.2.1,·A.8.2.3
219 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)219 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
220 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3220 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
221 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5221 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
222 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199222 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
223 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79223 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
224 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2224 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 225 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 226 #·Remediation·is·applicable·only·in·certain·platforms
 227 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then
  
 228 if·!·rpm·-q·--quiet·"aide"·;·then
 229 ····yum·install·-y·"aide"
 230 fi
  
 231 /usr/sbin/aide·--init
 232 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 233 else
 234 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 235 fi
225 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
226 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low237 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
227 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low238 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
228 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false239 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
229 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict240 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
230 -·name:·Gather·the·package·facts241 -·name:·Gather·the·package·facts
231 ··package_facts:242 ··package_facts:
Offset 310, 28 lines modifiedOffset 324, 14 lines modified
310 ··-·PCI-DSSv4-11.5.2324 ··-·PCI-DSSv4-11.5.2
311 ··-·aide_build_database325 ··-·aide_build_database
312 ··-·low_complexity326 ··-·low_complexity
313 ··-·low_disruption327 ··-·low_disruption
314 ··-·medium_severity328 ··-·medium_severity
315 ··-·no_reboot_needed329 ··-·no_reboot_needed
316 ··-·restrict_strategy330 ··-·restrict_strategy
317 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
318 #·Remediation·is·applicable·only·in·certain·platforms 
319 if·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·then 
  
Max diff block lines reached; 1044193/1049616 bytes (99.48%) of diff not shown.
3.69 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-anssi_bp28_minimal.html
    
Offset 14725, 227 lines modifiedOffset 14725, 227 lines modified
00039840:·6172·6765·743d·2223·6964·6d39·3536·3922··arget="#idm9569"00039840:·6172·6765·743d·2223·6964·6d39·3536·3922··arget="#idm9569"
00039850:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro00039850:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
00039860:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria00039860:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
00039870:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false00039870:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
00039880:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat00039880:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
00039890:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre00039890:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
000398a0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati000398a0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
000398b0:·6f6e·2041·6e61·636f·6e64·6120·736e·6970··on·Anaconda·snip000398b0:·6f6e·2050·7570·7065·7420·736e·6970·7065··on·Puppet·snippe
000398c0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><000398c0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
000398d0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel000398d0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
000398e0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap000398e0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
000398f0:·7365·2220·6964·3d22·6964·6d39·3536·3922··se"·id="idm9569"000398f0:·2220·6964·3d22·6964·6d39·3536·3922·3e3c··"·id="idm9569"><
00039900:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t00039900:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
00039910:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip00039910:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
00039920:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere00039920:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
00039930:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense00039930:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
00039940:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl00039940:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
00039950:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l00039950:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
00039960:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>00039960:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
00039970:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<00039970:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
00039980:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>00039980:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
00039990:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb00039990:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
000399a0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal000399a0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
000399b0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>000399b0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
000399c0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t000399c0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
000399d0:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td000399d0:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><
000399e0:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p000399e0:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
 000399f0:·3e3c·636f·6465·3e69·6e63·6c75·6465·2069··><code>include·i
000399f0:·7265·3e3c·636f·6465·3e0a·7061·636b·6167··re><code>.packag 
00039a00:·6520·2d2d·6164·643d·646e·662d·6175·746f··e·--add=dnf-auto 
00039a10:·6d61·7469·630a·3c2f·636f·6465·3e3c·2f70··matic.</code></p 
00039a20:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
00039a30:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
00039a40:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
00039a50:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
00039a60:·7461·7267·6574·3d22·2369·646d·3935·3730··target="#idm9570 
00039a70:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
00039a80:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
00039a90:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
00039aa0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
00039ab0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
00039ac0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat 
00039ad0:·696f·6e20·5075·7070·6574·2073·6e69·7070··ion·Puppet·snipp 
00039ae0:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d 
00039af0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
00039b00:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
00039b10:·6522·2069·643d·2269·646d·3935·3730·223e··e"·id="idm9570"> 
00039b20:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta 
00039b30:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe 
00039b40:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered 
00039b50:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed 
00039b60:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple 
00039b70:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo 
00039b80:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
00039b90:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</ 
00039ba0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
00039bb0:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo 
00039bc0:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals 
00039bd0:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr>< 
00039be0:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th 
00039bf0:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td> 
00039c00:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
00039c10:·653e·3c63·6f64·653e·696e·636c·7564·6520··e><code>include· 
00039c20:·696e·7374·616c·6c5f·646e·662d·6175·746f··install_dnf-auto 
00039c30:·6d61·7469·630a·0a63·6c61·7373·2069·6e73··matic..class·ins 
00039c40:·7461·6c6c·5f64·6e66·2d61·7574·6f6d·6174··tall_dnf-automat00039a00:·6e73·7461·6c6c·5f64·6e66·2d61·7574·6f6d··nstall_dnf-autom
00039c50:·6963·207b·0a20·2070·6163·6b61·6765·207b··ic·{.··package·{00039a10:·6174·6963·0a0a·636c·6173·7320·696e·7374··atic..class·inst
00039c60:·2027·646e·662d·6175·746f·6d61·7469·6327···'dnf-automatic'00039a20:·616c·6c5f·646e·662d·6175·746f·6d61·7469··all_dnf-automati
00039c70:·3a0a·2020·2020·656e·7375·7265·203d·2667··:.····ensure·=&g 
00039c80:·743b·2027·696e·7374·616c·6c65·6427·2c0a··t;·'installed',. 
00039c90:·2020·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70····}.}.</code></p 
00039ca0:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
00039cb0:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
00039cc0:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
00039cd0:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
00039ce0:·7461·7267·6574·3d22·2369·646d·3935·3731··target="#idm9571 
00039cf0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
00039d00:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
00039d10:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
00039d20:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
00039d30:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
00039d40:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat 
00039d50:·696f·6e20·4f53·4275·696c·6420·426c·7565··ion·OSBuild·Blue 
00039d60:·7072·696e·7420·736e·6970·7065·7420·e287··print·snippet·..00039a30:·6320·7b0a·2020·7061·636b·6167·6520·7b20··c·{.··package·{·
 00039a40:·2764·6e66·2d61·7574·6f6d·6174·6963·273a··'dnf-automatic':
 00039a50:·0a20·2020·2065·6e73·7572·6520·3d26·6774··.····ensure·=&gt
 00039a60:·3b20·2769·6e73·7461·6c6c·6564·272c·0a20··;·'installed',.·
 00039a70:·207d·0a7d·0a3c·2f63·6f64·653e·3c2f·7072···}.}.</code></pr
 00039a80:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class
 00039a90:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes
 00039aa0:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="
 00039ab0:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t
 00039ac0:·6172·6765·743d·2223·6964·6d39·3537·3022··arget="#idm9570"
 00039ad0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
 00039ae0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
 00039af0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
 00039b00:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
 00039b10:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
 00039b20:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
 00039b30:·6f6e·2053·6865·6c6c·2073·6372·6970·7420··on·Shell·script·
00039d70:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl00039b40:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
00039d80:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla00039b50:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
00039d90:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id00039b60:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
00039da0:·3d22·6964·6d39·3537·3122·3e3c·7072·653e··="idm9571"><pre>00039b70:·6964·3d22·6964·6d39·3537·3022·3e3c·7461··id="idm9570"><ta
 00039b80:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
 00039b90:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
 00039ba0:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
 00039bb0:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
 00039bc0:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
00039db0:·3c63·6f64·653e·0a5b·5b70·6163·6b61·6765··<code>.[[package 
00039dc0:·735d·5d0a·6e61·6d65·203d·2022·646e·662d··s]].name·=·"dnf- 
00039dd0:·6175·746f·6d61·7469·6322·0a76·6572·7369··automatic".versi 
00039de0:·6f6e·203d·2022·2a22·0a3c·2f63·6f64·653e··on·=·"*".</code> 
00039df0:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
00039e00:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
00039e10:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
00039e20:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
00039e30:·7461·2d74·6172·6765·743d·2223·6964·6d39··ta-target="#idm9 
00039e40:·3537·3222·2074·6162·696e·6465·783d·2230··572"·tabindex="0 
00039e50:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
00039e60:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
00039e70:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
00039e80:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
00039e90:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
00039ea0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s 
00039eb0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
00039ec0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
Max diff block lines reached; 3603693/3633667 bytes (99.18%) of diff not shown.
229 KB
html2text {}
    
Offset 81, 38 lines modifiedOffset 81, 42 lines modified
81 Rationale:··dnf-automatic·is·an·alternative·command·line·interface·(CLI)·to·dnf·upgrade81 Rationale:··dnf-automatic·is·an·alternative·command·line·interface·(CLI)·to·dnf·upgrade
82 ············suitable·for·automatic,·regular·execution.82 ············suitable·for·automatic,·regular·execution.
83 Severity: ··medium83 Severity: ··medium
84 Rule·ID:····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed84 Rule·ID:····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed
85 ············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.285 ············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.2
86 References:·_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-0008086 References:·_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-00080
87 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R6187 ············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
88 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
89 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
90 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
91 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
92 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
93 package·--add=dnf-automatic 
94 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x888 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
95 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low89 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
96 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low90 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
97 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false91 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
98 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable92 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
99 include·install_dnf-automatic93 include·install_dnf-automatic
  
100 class·install_dnf-automatic·{94 class·install_dnf-automatic·{
101 ··package·{·'dnf-automatic':95 ··package·{·'dnf-automatic':
102 ····ensure·=>·'installed',96 ····ensure·=>·'installed',
103 ··}97 ··}
104 }98 }
105 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x899 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 100 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 101 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 102 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 103 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 104 #·Remediation·is·applicable·only·in·certain·platforms
 105 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-
 106 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
106 [[packages]] 
107 name·=·"dnf-automatic" 
108 version·=·"*"107 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then
 108 ····yum·install·-y·"dnf-automatic"
 109 fi
  
 110 else
 111 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 112 fi
109 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8113 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
110 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low114 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
111 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low115 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
112 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false116 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
113 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable117 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
114 -·name:·Gather·the·package·facts118 -·name:·Gather·the·package·facts
115 ··package_facts:119 ··package_facts:
Offset 136, 30 lines modifiedOffset 140, 26 lines modified
136 ··tags:140 ··tags:
137 ··-·enable_strategy141 ··-·enable_strategy
138 ··-·low_complexity142 ··-·low_complexity
139 ··-·low_disruption143 ··-·low_disruption
140 ··-·medium_severity144 ··-·medium_severity
141 ··-·no_reboot_needed145 ··-·no_reboot_needed
142 ··-·package_dnf-automatic_installed146 ··-·package_dnf-automatic_installed
 147 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 148 [[packages]]
 149 name·=·"dnf-automatic"
 150 version·=·"*"
143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low152 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low153 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false154 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable155 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
148 #·Remediation·is·applicable·only·in·certain·platforms 
149 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·- 
150 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
 156 package·--add=dnf-automatic
151 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then 
152 ····yum·install·-y·"dnf-automatic" 
153 fi 
  
154 else 
155 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
156 fi 
157 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*157 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
158 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed158 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed
159 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/159 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/
160 automatic.conf.160 automatic.conf.
161 ············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation161 ············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation
162 ············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and162 ············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and
163 Rationale:··updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in163 Rationale:··updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in
Offset 304, 14 lines modifiedOffset 304, 42 lines modified
304 ···························(a),·CM-11(b)304 ···························(a),·CM-11(b)
305 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1305 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
306 ············_\x8o_\x8s_\x8p_\x8p···········FPT_TUD_EXT.1,·FPT_TUD_EXT.2306 ············_\x8o_\x8s_\x8p_\x8p···········FPT_TUD_EXT.1,·FPT_TUD_EXT.2
307 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-6.2307 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-6.2
308 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000366-GPOS-00153308 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000366-GPOS-00153
309 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R59309 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R59
310 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········6.3.3,·6.3310 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········6.3.3,·6.3
 311 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 312 #·Remediation·is·applicable·only·in·certain·platforms
 313 if·rpm·--quiet·-q·yum;·then
  
 314 #·Strip·any·search·characters·in·the·key·arg·so·that·the·key·can·be·replaced·without
 315 #·adding·any·search·characters·to·the·config·file.
 316 stripped_key=$(sed·'s/[\^=\$,;+]*//g'·<<<·"^gpgcheck")
  
 317 #·shellcheck·disable=SC2059
 318 printf·-v·formatted_output·"%s·=·%s"·"$stripped_key"·"1"
  
 319 #·If·the·key·exists,·change·it.·Otherwise,·add·it·to·the·config_file.
 320 #·We·search·for·the·key·string·followed·by·a·word·boundary·(matched·by·\>),
 321 #·so·if·we·search·for·'setting',·'setting2'·won't·match.
 322 if·LC_ALL=C·grep·-q·-m·1·-i·-e·"^gpgcheck\\>"·"/etc/yum.conf";·then
 323 ····escaped_formatted_output=$(sed·-e·'s|/|\\/|g'·<<<·"$formatted_output")
 324 ····LC_ALL=C·sed·-i·--follow-symlinks·"s/^gpgcheck\\>.*/$escaped_formatted_output/gi"·"/etc/
 325 yum.conf"
 326 else
 327 ····if·[[·-s·"/etc/yum.conf"·]]·&&·[[·-n·"$(tail·-c·1·--·"/etc/yum.conf"·||·true)"·]];·then
 328 ········LC_ALL=C·sed·-i·--follow-symlinks·'$a'\\·"/etc/yum.conf"
 329 ····fi
 330 ····printf·'%s\n'·"$formatted_output"·>>·"/etc/yum.conf"
 331 fi
  
 332 else
 333 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 334 fi
311 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8335 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
312 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low336 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
313 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium337 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
Max diff block lines reached; 228935/234664 bytes (97.56%) of diff not shown.
12.3 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-ccn_advanced.html
    
Offset 15109, 176 lines modifiedOffset 15109, 176 lines modified
0003b040:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003b040:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b050:·2223·6964·6d37·3034·3622·2074·6162·696e··"#idm7046"·tabin0003b050:·2223·6964·6d37·3034·3622·2074·6162·696e··"#idm7046"·tabin
0003b060:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003b060:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b070:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b070:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b080:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b080:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b090:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b090:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003b0a0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b0a0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b0b0:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003b0b0:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
 0003b0c0:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
 0003b0d0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003b0e0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003b0f0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003b100:·6d37·3034·3622·3e3c·7072·653e·3c63·6f64··m7046"><pre><cod
 0003b110:·653e·0a76·6172·5f73·7973·7465·6d5f·6372··e>.var_system_cr
 0003b120:·7970·746f·5f70·6f6c·6963·793d·273c·6162··ypto_policy='<ab
 0003b130:·6272·2074·6974·6c65·3d22·6672·6f6d·2050··br·title="from·P
 0003b140:·726f·6669·6c65·2f72·6566·696e·652d·7661··rofile/refine-va
 0003b150:·6c75·653a·2078·6363·6466·5f6f·7267·2e73··lue:·xccdf_org.s
 0003b160:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
0003b0c0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·... 
0003b0d0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003b0e0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003b0f0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003b100:·2269·646d·3730·3436·223e·3c74·6162·6c65··"idm7046"><table 
0003b110:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003b120:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003b130:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003b140:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003b150:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
0003b160:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003b170:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis 
0003b180:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td 
0003b190:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003b1a0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
0003b1b0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003b1c0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003b1d0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r 
0003b1e0:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr 
0003b1f0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003b200:·6f64·653e·2d20·6e61·6d65·3a20·5843·4344··ode>-·name:·XCCD 
0003b210:·4620·5661·6c75·6520·7661·725f·7379·7374··F·Value·var_syst0003b170:·745f·7661·6c75·655f·7661·725f·7379·7374··t_value_var_syst
0003b220:·656d·5f63·7279·7074·6f5f·706f·6c69·6379··em_crypto_policy0003b180:·656d·5f63·7279·7074·6f5f·706f·6c69·6379··em_crypto_policy
 0003b190:·223e·4445·4641·554c·543c·2f61·6262·723e··">DEFAULT</abbr>
 0003b1a0:·270a·0a0a·7374·6465·7272·5f6f·665f·6361··'...stderr_of_ca
 0003b1b0:·6c6c·3d24·2875·7064·6174·652d·6372·7970··ll=$(update-cryp
 0003b1c0:·746f·2d70·6f6c·6963·6965·7320·2d2d·7365··to-policies·--se
 0003b1d0:·7420·247b·7661·725f·7379·7374·656d·5f63··t·${var_system_c
 0003b1e0:·7279·7074·6f5f·706f·6c69·6379·7d20·3226··rypto_policy}·2&
 0003b1f0:·6774·3b26·616d·703b·3120·2667·743b·202f··gt;&amp;1·&gt;·/
 0003b200:·6465·762f·6e75·6c6c·290a·7263·3d24·3f0a··dev/null).rc=$?.
 0003b210:·0a69·6620·7465·7374·2022·2472·6322·203d··.if·test·"$rc"·=
 0003b220:·2031·3237·3b20·7468·656e·0a09·6563·686f···127;·then..echo
 0003b230:·2022·2473·7464·6572·725f·6f66·5f63·616c···"$stderr_of_cal
 0003b240:·6c22·2026·6774·3b26·616d·703b·320a·0965··l"·&gt;&amp;2..e
 0003b250:·6368·6f20·224d·616b·6520·7375·7265·2074··cho·"Make·sure·t
 0003b260:·6861·7420·7468·6520·7363·7269·7074·2069··hat·the·script·i
 0003b270:·7320·696e·7374·616c·6c65·6420·6f6e·2074··s·installed·on·t
 0003b280:·6865·2072·656d·6564·6961·7465·6420·7379··he·remediated·sy
 0003b290:·7374·656d·2e22·2026·6774·3b26·616d·703b··stem."·&gt;&amp;
 0003b2a0:·320a·0965·6368·6f20·2253·6565·206f·7574··2..echo·"See·out
 0003b2b0:·7075·7420·6f66·2074·6865·2027·646e·6620··put·of·the·'dnf·
 0003b2c0:·7072·6f76·6964·6573·2075·7064·6174·652d··provides·update-
 0003b2d0:·6372·7970·746f·2d70·6f6c·6963·6965·7327··crypto-policies'
 0003b2e0:·2063·6f6d·6d61·6e64·2220·2667·743b·2661···command"·&gt;&a
 0003b2f0:·6d70·3b32·0a09·6563·686f·2022·746f·2073··mp;2..echo·"to·s
 0003b300:·6565·2077·6861·7420·7061·636b·6167·6520··ee·what·package·
 0003b310:·746f·2028·7265·2969·6e73·7461·6c6c·2220··to·(re)install"·
 0003b320:·2667·743b·2661·6d70·3b32·0a0a·0966·616c··&gt;&amp;2...fal
 0003b330:·7365·2020·2320·656e·6420·7769·7468·2061··se··#·end·with·a
 0003b340:·6e20·6572·726f·7220·636f·6465·0a65·6c69··n·error·code.eli
 0003b350:·6620·7465·7374·2022·2472·6322·2021·3d20··f·test·"$rc"·!=·
 0003b360:·303b·2074·6865·6e0a·0965·6368·6f20·2245··0;·then..echo·"E
 0003b370:·7272·6f72·2069·6e76·6f6b·696e·6720·7468··rror·invoking·th
 0003b380:·6520·7570·6461·7465·2d63·7279·7074·6f2d··e·update-crypto-
 0003b390:·706f·6c69·6369·6573·2073·6372·6970·743a··policies·script:
 0003b3a0:·2024·7374·6465·7272·5f6f·665f·6361·6c6c···$stderr_of_call
 0003b3b0:·2220·2667·743b·2661·6d70·3b32·0a09·6661··"·&gt;&amp;2..fa
 0003b3c0:·6c73·6520·2023·2065·6e64·2077·6974·6820··lse··#·end·with·
 0003b3d0:·616e·2065·7272·6f72·2063·6f64·650a·6669··an·error·code.fi
 0003b3e0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
 0003b3f0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
 0003b400:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
 0003b410:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
 0003b420:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
 0003b430:·743d·2223·6964·6d37·3034·3822·2074·6162··t="#idm7048"·tab
 0003b440:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
 0003b450:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
 0003b460:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
 0003b470:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
 0003b480:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
 0003b490:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A
 0003b4a0:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·.
 0003b4b0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
 0003b4c0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
 0003b4d0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
 0003b4e0:·643d·2269·646d·3730·3438·223e·3c74·6162··d="idm7048"><tab
 0003b4f0:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 0003b500:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 0003b510:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 0003b520:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 0003b530:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
 0003b540:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003b550:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003b560:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
 0003b570:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003b580:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003b590:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
 0003b5a0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 0003b5b0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003b5c0:·3e72·6573·7472·6963·743c·2f74·643e·3c2f··>restrict</td></
 0003b5d0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
 0003b5e0:·3c63·6f64·653e·2d20·6e61·6d65·3a20·5843··<code>-·name:·XC
 0003b5f0:·4344·4620·5661·6c75·6520·7661·725f·7379··CDF·Value·var_sy
 0003b600:·7374·656d·5f63·7279·7074·6f5f·706f·6c69··stem_crypto_poli
0003b230:·2023·2070·726f·6d6f·7465·2074·6f20·7661···#·promote·to·va0003b610:·6379·2023·2070·726f·6d6f·7465·2074·6f20··cy·#·promote·to·
0003b240:·7269·6162·6c65·0a20·2073·6574·5f66·6163··riable.··set_fac0003b620:·7661·7269·6162·6c65·0a20·2073·6574·5f66··variable.··set_f
0003b250:·743a·0a20·2020·2076·6172·5f73·7973·7465··t:.····var_syste0003b630:·6163·743a·0a20·2020·2076·6172·5f73·7973··act:.····var_sys
0003b260:·6d5f·6372·7970·746f·5f70·6f6c·6963·793a··m_crypto_policy: 
0003b270:·2021·2173·7472·203c·6162·6272·2074·6974···!!str·<abbr·tit 
0003b280:·6c65·3d22·6672·6f6d·2050·726f·6669·6c65··le="from·Profile 
0003b290:·2f72·6566·696e·652d·7661·6c75·653a·2078··/refine-value:·x 
0003b2a0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj 
0003b2b0:·6563·742e·636f·6e74·656e·745f·7661·6c75··ect.content_valu 
0003b2c0:·655f·7661·725f·7379·7374·656d·5f63·7279··e_var_system_cry 
0003b2d0:·7074·6f5f·706f·6c69·6379·223e·4445·4641··pto_policy">DEFA 
0003b2e0:·554c·543c·2f61·6262·723e·0a20·2074·6167··ULT</abbr>.··tag 
0003b2f0:·733a·0a20·2020·202d·2061·6c77·6179·730a··s:.····-·always. 
Max diff block lines reached; 11811975/11834911 bytes (99.81%) of diff not shown.
1.02 MB
html2text {}
    
Offset 128, 14 lines modifiedOffset 128, 33 lines modified
128 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1128 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
129 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)129 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
130 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,130 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,
131 ·····················FCS_TLSC_EXT.1131 ·····················FCS_TLSC_EXT.1
132 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174132 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
133 ············_\x8c_\x8c_\x8n······A.5.SEC-OL4133 ············_\x8c_\x8c_\x8n······A.5.SEC-OL4
134 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2134 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 136 var_system_crypto_policy='DEFAULT'
  
  
 137 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 138 rc=$?
  
 139 if·test·"$rc"·=·127;·then
 140 »       echo·"$stderr_of_call"·>&2
 141 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 142 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 143 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 144 »       false··#·end·with·an·error·code
 145 elif·test·"$rc"·!=·0;·then
 146 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 147 »       false··#·end·with·an·error·code
 148 fi
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8149 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low150 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low151 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false152 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict153 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
140 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable154 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
141 ··set_fact:155 ··set_fact:
Offset 180, 33 lines modifiedOffset 199, 14 lines modified
180 ··-·PCI-DSSv4-2.2.7199 ··-·PCI-DSSv4-2.2.7
181 ··-·configure_crypto_policy200 ··-·configure_crypto_policy
182 ··-·high_severity201 ··-·high_severity
183 ··-·low_complexity202 ··-·low_complexity
184 ··-·low_disruption203 ··-·low_disruption
185 ··-·no_reboot_needed204 ··-·no_reboot_needed
186 ··-·restrict_strategy205 ··-·restrict_strategy
187 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
188 var_system_crypto_policy='DEFAULT' 
  
  
189 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
190 rc=$? 
  
191 if·test·"$rc"·=·127;·then 
192 »       echo·"$stderr_of_call"·>&2 
193 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
194 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
195 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
196 »       false··#·end·with·an·error·code 
197 elif·test·"$rc"·!=·0;·then 
198 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
199 »       false··#·end·with·an·error·code 
200 fi 
201 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*206 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
202 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is207 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is
203 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto208 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto
204 Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or209 Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or
205 not·set·at·all·in·the·/etc/sysconfig/sshd.210 not·set·at·all·in·the·/etc/sysconfig/sshd.
206 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,211 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,
207 ············and·makes·system·configuration·more·fragmented.212 ············and·makes·system·configuration·more·fragmented.
Offset 217, 14 lines modifiedOffset 217, 19 lines modified
217 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1217 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
218 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13218 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13
219 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1219 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1
220 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2220 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
221 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093221 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
222 ············_\x8c_\x8c_\x8n······A.5.SEC-OL6222 ············_\x8c_\x8c_\x8n······A.5.SEC-OL6
223 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2223 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 224 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 225 SSH_CONF="/etc/sysconfig/sshd"
  
 226 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
224 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8227 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
225 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low228 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
226 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium229 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
227 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true230 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
228 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable231 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable
229 -·name:·Configure·SSH·to·use·System·Crypto·Policy232 -·name:·Configure·SSH·to·use·System·Crypto·Policy
230 ··lineinfile:233 ··lineinfile:
Offset 242, 19 lines modifiedOffset 247, 14 lines modified
242 ··-·PCI-DSSv4-2.2.7247 ··-·PCI-DSSv4-2.2.7
243 ··-·configure_ssh_crypto_policy248 ··-·configure_ssh_crypto_policy
244 ··-·disable_strategy249 ··-·disable_strategy
245 ··-·low_complexity250 ··-·low_complexity
246 ··-·medium_disruption251 ··-·medium_disruption
247 ··-·medium_severity252 ··-·medium_severity
248 ··-·reboot_required253 ··-·reboot_required
249 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
250 SSH_CONF="/etc/sysconfig/sshd" 
  
251 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF 
252 Group  ·Disk·Partitioning·  Group·contains·1·rule254 Group  ·Disk·Partitioning·  Group·contains·1·rule
253 _\x8[_\x8r_\x8e_\x8f_\x8]  ·To·ensure·separation·and·protection·of·data,·there·are·top-level·system·directories·which·should·be255 _\x8[_\x8r_\x8e_\x8f_\x8]  ·To·ensure·separation·and·protection·of·data,·there·are·top-level·system·directories·which·should·be
254 placed·on·their·own·physical·partition·or·logical·volume.·The·installer's·default·partitioning·scheme256 placed·on·their·own·physical·partition·or·logical·volume.·The·installer's·default·partitioning·scheme
255 creates·separate·logical·volumes·for·/,·/boot,·and·swap.257 creates·separate·logical·volumes·for·/,·/boot,·and·swap.
256 ····*·If·starting·with·any·of·the·default·layouts,·check·the·box·to·\"Review·and·modify·partitioning.\"258 ····*·If·starting·with·any·of·the·default·layouts,·check·the·box·to·\"Review·and·modify·partitioning.\"
257 ······This·allows·for·the·easy·creation·of·additional·logical·volumes·inside·the·volume·group·already259 ······This·allows·for·the·easy·creation·of·additional·logical·volumes·inside·the·volume·group·already
258 ······created,·though·it·may·require·making·/'s·logical·volume·smaller·to·create·space.·In·general,·using260 ······created,·though·it·may·require·making·/'s·logical·volume·smaller·to·create·space.·In·general,·using
Offset 339, 14 lines modifiedOffset 339, 75 lines modified
339 ············the·system·to·quickly·enumerate·known·user·accounts·without·logging·in.339 ············the·system·to·quickly·enumerate·known·user·accounts·without·logging·in.
340 Severity: ··medium340 Severity: ··medium
341 Rule·ID:····xccdf_org.ssgproject.content_rule_dconf_gnome_disable_user_list341 Rule·ID:····xccdf_org.ssgproject.content_rule_dconf_gnome_disable_user_list
342 ············_\x8d_\x8i_\x8s_\x8a···CCI-000366342 ············_\x8d_\x8i_\x8s_\x8a···CCI-000366
343 References:·_\x8n_\x8i_\x8s_\x8t···CM-6(a),·AC-23343 References:·_\x8n_\x8i_\x8s_\x8t···CM-6(a),·AC-23
344 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000480-GPOS-00227344 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000480-GPOS-00227
345 ············_\x8c_\x8c_\x8n····A.11.SEC-OL9345 ············_\x8c_\x8c_\x8n····A.11.SEC-OL9
 346 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 347 #·Remediation·is·applicable·only·in·certain·platforms
 348 if·rpm·--quiet·-q·gdm·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
 349 #·Check·for·setting·in·any·of·the·DConf·db·directories
 350 #·If·files·contain·ibus·or·distro,·ignore·them.
 351 #·The·assignment·assumes·that·individual·filenames·don't·contain·:
 352 readarray·-t·SETTINGSFILES·<·<(grep·-r·"\\[org/gnome/login-screen\\]"·"/etc/dconf/db/"·\
 353 ································|·grep·-v·'distro\|ibus\|local.d'·|·cut·-d":"·-f1)
 354 DCONFFILE="/etc/dconf/db/local.d/00-security-settings"
 355 DBDIR="/etc/dconf/db/local.d"
  
Max diff block lines reached; 1065943/1073726 bytes (99.28%) of diff not shown.
8.21 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-ccn_basic.html
    
Offset 15069, 176 lines modifiedOffset 15069, 176 lines modified
0003adc0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003adc0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003add0:·3d22·2369·646d·3730·3436·2220·7461·6269··="#idm7046"·tabi0003add0:·3d22·2369·646d·3730·3436·2220·7461·6269··="#idm7046"·tabi
0003ade0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003ade0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003adf0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003adf0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003ae00:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003ae00:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003ae10:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003ae10:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003ae20:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003ae20:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003ae30:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003ae30:·223e·5265·6d65·6469·6174·696f·6e20·5368··">Remediation·Sh
 0003ae40:·656c·6c20·7363·7269·7074·20e2·87b2·3c2f··ell·script·...</
 0003ae50:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
 0003ae60:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
 0003ae70:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
 0003ae80:·646d·3730·3436·223e·3c70·7265·3e3c·636f··dm7046"><pre><co
 0003ae90:·6465·3e0a·7661·725f·7379·7374·656d·5f63··de>.var_system_c
 0003aea0:·7279·7074·6f5f·706f·6c69·6379·3d27·3c61··rypto_policy='<a
 0003aeb0:·6262·7220·7469·746c·653d·2266·726f·6d20··bbr·title="from·
 0003aec0:·5072·6f66·696c·652f·7265·6669·6e65·2d76··Profile/refine-v
 0003aed0:·616c·7565·3a20·7863·6364·665f·6f72·672e··alue:·xccdf_org.
 0003aee0:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
0003ae40:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·.. 
0003ae50:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003ae60:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003ae70:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003ae80:·3d22·6964·6d37·3034·3622·3e3c·7461·626c··="idm7046"><tabl 
0003ae90:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003aea0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003aeb0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003aec0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003aed0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003aee0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003aef0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003af00:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003af10:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003af20:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003af30:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003af40:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003af50:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003af60:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t 
0003af70:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003af80:·636f·6465·3e2d·206e·616d·653a·2058·4343··code>-·name:·XCC 
0003af90:·4446·2056·616c·7565·2076·6172·5f73·7973··DF·Value·var_sys0003aef0:·6e74·5f76·616c·7565·5f76·6172·5f73·7973··nt_value_var_sys
0003afa0:·7465·6d5f·6372·7970·746f·5f70·6f6c·6963··tem_crypto_polic0003af00:·7465·6d5f·6372·7970·746f·5f70·6f6c·6963··tem_crypto_polic
 0003af10:·7922·3e44·4546·4155·4c54·3c2f·6162·6272··y">DEFAULT</abbr
 0003af20:·3e27·0a0a·0a73·7464·6572·725f·6f66·5f63··>'...stderr_of_c
 0003af30:·616c·6c3d·2428·7570·6461·7465·2d63·7279··all=$(update-cry
 0003af40:·7074·6f2d·706f·6c69·6369·6573·202d·2d73··pto-policies·--s
 0003af50:·6574·2024·7b76·6172·5f73·7973·7465·6d5f··et·${var_system_
 0003af60:·6372·7970·746f·5f70·6f6c·6963·797d·2032··crypto_policy}·2
 0003af70:·2667·743b·2661·6d70·3b31·2026·6774·3b20··&gt;&amp;1·&gt;·
 0003af80:·2f64·6576·2f6e·756c·6c29·0a72·633d·243f··/dev/null).rc=$?
 0003af90:·0a0a·6966·2074·6573·7420·2224·7263·2220··..if·test·"$rc"·
 0003afa0:·3d20·3132·373b·2074·6865·6e0a·0965·6368··=·127;·then..ech
 0003afb0:·6f20·2224·7374·6465·7272·5f6f·665f·6361··o·"$stderr_of_ca
 0003afc0:·6c6c·2220·2667·743b·2661·6d70·3b32·0a09··ll"·&gt;&amp;2..
 0003afd0:·6563·686f·2022·4d61·6b65·2073·7572·6520··echo·"Make·sure·
 0003afe0:·7468·6174·2074·6865·2073·6372·6970·7420··that·the·script·
 0003aff0:·6973·2069·6e73·7461·6c6c·6564·206f·6e20··is·installed·on·
 0003b000:·7468·6520·7265·6d65·6469·6174·6564·2073··the·remediated·s
 0003b010:·7973·7465·6d2e·2220·2667·743b·2661·6d70··ystem."·&gt;&amp
 0003b020:·3b32·0a09·6563·686f·2022·5365·6520·6f75··;2..echo·"See·ou
 0003b030:·7470·7574·206f·6620·7468·6520·2764·6e66··tput·of·the·'dnf
 0003b040:·2070·726f·7669·6465·7320·7570·6461·7465···provides·update
 0003b050:·2d63·7279·7074·6f2d·706f·6c69·6369·6573··-crypto-policies
 0003b060:·2720·636f·6d6d·616e·6422·2026·6774·3b26··'·command"·&gt;&
 0003b070:·616d·703b·320a·0965·6368·6f20·2274·6f20··amp;2..echo·"to·
 0003b080:·7365·6520·7768·6174·2070·6163·6b61·6765··see·what·package
 0003b090:·2074·6f20·2872·6529·696e·7374·616c·6c22···to·(re)install"
 0003b0a0:·2026·6774·3b26·616d·703b·320a·0a09·6661···&gt;&amp;2...fa
 0003b0b0:·6c73·6520·2023·2065·6e64·2077·6974·6820··lse··#·end·with·
 0003b0c0:·616e·2065·7272·6f72·2063·6f64·650a·656c··an·error·code.el
 0003b0d0:·6966·2074·6573·7420·2224·7263·2220·213d··if·test·"$rc"·!=
 0003b0e0:·2030·3b20·7468·656e·0a09·6563·686f·2022···0;·then..echo·"
 0003b0f0:·4572·726f·7220·696e·766f·6b69·6e67·2074··Error·invoking·t
 0003b100:·6865·2075·7064·6174·652d·6372·7970·746f··he·update-crypto
 0003b110:·2d70·6f6c·6963·6965·7320·7363·7269·7074··-policies·script
 0003b120:·3a20·2473·7464·6572·725f·6f66·5f63·616c··:·$stderr_of_cal
 0003b130:·6c22·2026·6774·3b26·616d·703b·320a·0966··l"·&gt;&amp;2..f
 0003b140:·616c·7365·2020·2320·656e·6420·7769·7468··alse··#·end·with
 0003b150:·2061·6e20·6572·726f·7220·636f·6465·0a66···an·error·code.f
 0003b160:·690a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··i.</code></pre><
 0003b170:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b
 0003b180:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"·
 0003b190:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col
 0003b1a0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ
 0003b1b0:·6574·3d22·2369·646d·3730·3438·2220·7461··et="#idm7048"·ta
 0003b1c0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
 0003b1d0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
 0003b1e0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
 0003b1f0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
 0003b200:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
 0003b210:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
 0003b220:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet·
 0003b230:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
 0003b240:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
 0003b250:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
 0003b260:·6964·3d22·6964·6d37·3034·3822·3e3c·7461··id="idm7048"><ta
 0003b270:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
 0003b280:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
 0003b290:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
 0003b2a0:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
 0003b2b0:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
 0003b2c0:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</
 0003b2d0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003b2e0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th>
 0003b2f0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
 0003b300:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:
 0003b310:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</
 0003b320:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003b330:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
 0003b340:·643e·7265·7374·7269·6374·3c2f·7464·3e3c··d>restrict</td><
 0003b350:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
 0003b360:·3e3c·636f·6465·3e2d·206e·616d·653a·2058··><code>-·name:·X
 0003b370:·4343·4446·2056·616c·7565·2076·6172·5f73··CCDF·Value·var_s
 0003b380:·7973·7465·6d5f·6372·7970·746f·5f70·6f6c··ystem_crypto_pol
0003afb0:·7920·2320·7072·6f6d·6f74·6520·746f·2076··y·#·promote·to·v0003b390:·6963·7920·2320·7072·6f6d·6f74·6520·746f··icy·#·promote·to
0003afc0:·6172·6961·626c·650a·2020·7365·745f·6661··ariable.··set_fa0003b3a0:·2076·6172·6961·626c·650a·2020·7365·745f···variable.··set_
0003afd0:·6374·3a0a·2020·2020·7661·725f·7379·7374··ct:.····var_syst0003b3b0:·6661·6374·3a0a·2020·2020·7661·725f·7379··fact:.····var_sy
0003afe0:·656d·5f63·7279·7074·6f5f·706f·6c69·6379··em_crypto_policy 
0003aff0:·3a20·2121·7374·7220·3c61·6262·7220·7469··:·!!str·<abbr·ti 
0003b000:·746c·653d·2266·726f·6d20·5072·6f66·696c··tle="from·Profil 
0003b010:·652f·7265·6669·6e65·2d76·616c·7565·3a20··e/refine-value:· 
0003b020:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro 
0003b030:·6a65·6374·2e63·6f6e·7465·6e74·5f76·616c··ject.content_val 
0003b040:·7565·5f76·6172·5f73·7973·7465·6d5f·6372··ue_var_system_cr 
0003b050:·7970·746f·5f70·6f6c·6963·7922·3e44·4546··ypto_policy">DEF 
0003b060:·4155·4c54·3c2f·6162·6272·3e0a·2020·7461··AULT</abbr>.··ta 
0003b070:·6773·3a0a·2020·2020·2d20·616c·7761·7973··gs:.····-·always 
Max diff block lines reached; 7776749/7799685 bytes (99.71%) of diff not shown.
787 KB
html2text {}
    
Offset 125, 14 lines modifiedOffset 125, 33 lines modified
125 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1125 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
126 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)126 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
127 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,127 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,
128 ·····················FCS_TLSC_EXT.1128 ·····················FCS_TLSC_EXT.1
129 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174129 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
130 ············_\x8c_\x8c_\x8n······A.5.SEC-OL4130 ············_\x8c_\x8c_\x8n······A.5.SEC-OL4
131 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2131 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 132 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 133 var_system_crypto_policy='DEFAULT'
  
  
 134 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 135 rc=$?
  
 136 if·test·"$rc"·=·127;·then
 137 »       echo·"$stderr_of_call"·>&2
 138 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 139 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 140 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 141 »       false··#·end·with·an·error·code
 142 elif·test·"$rc"·!=·0;·then
 143 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 144 »       false··#·end·with·an·error·code
 145 fi
132 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
133 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
134 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
135 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
136 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
137 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable151 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
138 ··set_fact:152 ··set_fact:
Offset 177, 33 lines modifiedOffset 196, 14 lines modified
177 ··-·PCI-DSSv4-2.2.7196 ··-·PCI-DSSv4-2.2.7
178 ··-·configure_crypto_policy197 ··-·configure_crypto_policy
179 ··-·high_severity198 ··-·high_severity
180 ··-·low_complexity199 ··-·low_complexity
181 ··-·low_disruption200 ··-·low_disruption
182 ··-·no_reboot_needed201 ··-·no_reboot_needed
183 ··-·restrict_strategy202 ··-·restrict_strategy
184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
185 var_system_crypto_policy='DEFAULT' 
  
  
186 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
187 rc=$? 
  
188 if·test·"$rc"·=·127;·then 
189 »       echo·"$stderr_of_call"·>&2 
190 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
191 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
192 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
193 »       false··#·end·with·an·error·code 
194 elif·test·"$rc"·!=·0;·then 
195 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
196 »       false··#·end·with·an·error·code 
197 fi 
198 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*203 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
199 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is204 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is
200 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that205 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that
201 Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either206 Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either
202 commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.207 commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.
203 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate208 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate
204 ············expectations,·and·makes·system·configuration·more·fragmented.209 ············expectations,·and·makes·system·configuration·more·fragmented.
Offset 214, 14 lines modifiedOffset 214, 19 lines modified
214 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1214 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
215 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13215 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13
216 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1216 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1
217 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2217 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
218 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093218 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
219 ············_\x8c_\x8c_\x8n······A.5.SEC-OL6219 ············_\x8c_\x8c_\x8n······A.5.SEC-OL6
220 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2220 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 221 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 222 SSH_CONF="/etc/sysconfig/sshd"
  
 223 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
221 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8224 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
222 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low225 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
223 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium226 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
224 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true227 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
225 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable228 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable
226 -·name:·Configure·SSH·to·use·System·Crypto·Policy229 -·name:·Configure·SSH·to·use·System·Crypto·Policy
227 ··lineinfile:230 ··lineinfile:
Offset 239, 19 lines modifiedOffset 244, 14 lines modified
239 ··-·PCI-DSSv4-2.2.7244 ··-·PCI-DSSv4-2.2.7
240 ··-·configure_ssh_crypto_policy245 ··-·configure_ssh_crypto_policy
241 ··-·disable_strategy246 ··-·disable_strategy
242 ··-·low_complexity247 ··-·low_complexity
243 ··-·medium_disruption248 ··-·medium_disruption
244 ··-·medium_severity249 ··-·medium_severity
245 ··-·reboot_required250 ··-·reboot_required
246 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
247 SSH_CONF="/etc/sysconfig/sshd" 
  
248 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF 
249 Group  ·GNOME·Desktop·Environment·  Group·contains·1·rule251 Group  ·GNOME·Desktop·Environment·  Group·contains·1·rule
250 _\x8[_\x8r_\x8e_\x8f_\x8]  ·GNOME·is·a·graphical·desktop·environment·bundled·with·many·Linux·distributions·that·allow252 _\x8[_\x8r_\x8e_\x8f_\x8]  ·GNOME·is·a·graphical·desktop·environment·bundled·with·many·Linux·distributions·that·allow
251 users·to·easily·interact·with·the·operating·system·graphically·rather·than·textually.·The·GNOME253 users·to·easily·interact·with·the·operating·system·graphically·rather·than·textually.·The·GNOME
252 Graphical·Display·Manager·(GDM)·provides·login,·logout,·and·user·switching·contexts·as·well·as254 Graphical·Display·Manager·(GDM)·provides·login,·logout,·and·user·switching·contexts·as·well·as
253 display·server·management.255 display·server·management.
  
254 GNOME·is·developed·by·the·GNOME·Project·and·is·considered·the·default·Oracle·Linux·Graphical256 GNOME·is·developed·by·the·GNOME·Project·and·is·considered·the·default·Oracle·Linux·Graphical
Offset 274, 14 lines modifiedOffset 274, 23 lines modified
274 Rule·ID:····xccdf_org.ssgproject.content_rule_dconf_db_up_to_date274 Rule·ID:····xccdf_org.ssgproject.content_rule_dconf_db_up_to_date
275 ············_\x8d_\x8i_\x8s_\x8a····CCI-000366275 ············_\x8d_\x8i_\x8s_\x8a····CCI-000366
276 ············_\x8h_\x8i_\x8p_\x8a_\x8a···164.308(a)(1)(ii)(B),·164.308(a)(5)(ii)(A)276 ············_\x8h_\x8i_\x8p_\x8a_\x8a···164.308(a)(1)(ii)(B),·164.308(a)(5)(ii)(A)
277 References:·_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s··Req-6.2277 References:·_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s··Req-6.2
278 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000480-GPOS-00227278 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000480-GPOS-00227
279 ············_\x8c_\x8c_\x8n·····reload_dconf_db279 ············_\x8c_\x8c_\x8n·····reload_dconf_db
280 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84·8.2.8,·8.2280 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84·8.2.8,·8.2
 281 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 282 #·Remediation·is·applicable·only·in·certain·platforms
 283 if·rpm·--quiet·-q·gdm·&&·{·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek;·};·then
  
 284 dconf·update
  
 285 else
 286 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 287 fi
281 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8288 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
282 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low289 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
283 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium290 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
Max diff block lines reached; 800575/806305 bytes (99.29%) of diff not shown.
9.47 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-ccn_intermediate.html
    
Offset 15110, 176 lines modifiedOffset 15110, 176 lines modified
0003b050:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003b050:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b060:·2223·6964·6d37·3034·3622·2074·6162·696e··"#idm7046"·tabin0003b060:·2223·6964·6d37·3034·3622·2074·6162·696e··"#idm7046"·tabin
0003b070:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003b070:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b080:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b080:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b090:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b090:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b0a0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b0a0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003b0b0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b0b0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b0c0:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003b0c0:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
 0003b0d0:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
 0003b0e0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003b0f0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003b100:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003b110:·6d37·3034·3622·3e3c·7072·653e·3c63·6f64··m7046"><pre><cod
 0003b120:·653e·0a76·6172·5f73·7973·7465·6d5f·6372··e>.var_system_cr
 0003b130:·7970·746f·5f70·6f6c·6963·793d·273c·6162··ypto_policy='<ab
 0003b140:·6272·2074·6974·6c65·3d22·6672·6f6d·2050··br·title="from·P
 0003b150:·726f·6669·6c65·2f72·6566·696e·652d·7661··rofile/refine-va
 0003b160:·6c75·653a·2078·6363·6466·5f6f·7267·2e73··lue:·xccdf_org.s
 0003b170:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
0003b0d0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·... 
0003b0e0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003b0f0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003b100:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003b110:·2269·646d·3730·3436·223e·3c74·6162·6c65··"idm7046"><table 
0003b120:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003b130:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003b140:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003b150:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003b160:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
0003b170:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003b180:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis 
0003b190:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td 
0003b1a0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003b1b0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
0003b1c0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003b1d0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003b1e0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r 
0003b1f0:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr 
0003b200:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003b210:·6f64·653e·2d20·6e61·6d65·3a20·5843·4344··ode>-·name:·XCCD 
0003b220:·4620·5661·6c75·6520·7661·725f·7379·7374··F·Value·var_syst0003b180:·745f·7661·6c75·655f·7661·725f·7379·7374··t_value_var_syst
0003b230:·656d·5f63·7279·7074·6f5f·706f·6c69·6379··em_crypto_policy0003b190:·656d·5f63·7279·7074·6f5f·706f·6c69·6379··em_crypto_policy
 0003b1a0:·223e·4445·4641·554c·543c·2f61·6262·723e··">DEFAULT</abbr>
 0003b1b0:·270a·0a0a·7374·6465·7272·5f6f·665f·6361··'...stderr_of_ca
 0003b1c0:·6c6c·3d24·2875·7064·6174·652d·6372·7970··ll=$(update-cryp
 0003b1d0:·746f·2d70·6f6c·6963·6965·7320·2d2d·7365··to-policies·--se
 0003b1e0:·7420·247b·7661·725f·7379·7374·656d·5f63··t·${var_system_c
 0003b1f0:·7279·7074·6f5f·706f·6c69·6379·7d20·3226··rypto_policy}·2&
 0003b200:·6774·3b26·616d·703b·3120·2667·743b·202f··gt;&amp;1·&gt;·/
 0003b210:·6465·762f·6e75·6c6c·290a·7263·3d24·3f0a··dev/null).rc=$?.
 0003b220:·0a69·6620·7465·7374·2022·2472·6322·203d··.if·test·"$rc"·=
 0003b230:·2031·3237·3b20·7468·656e·0a09·6563·686f···127;·then..echo
 0003b240:·2022·2473·7464·6572·725f·6f66·5f63·616c···"$stderr_of_cal
 0003b250:·6c22·2026·6774·3b26·616d·703b·320a·0965··l"·&gt;&amp;2..e
 0003b260:·6368·6f20·224d·616b·6520·7375·7265·2074··cho·"Make·sure·t
 0003b270:·6861·7420·7468·6520·7363·7269·7074·2069··hat·the·script·i
 0003b280:·7320·696e·7374·616c·6c65·6420·6f6e·2074··s·installed·on·t
 0003b290:·6865·2072·656d·6564·6961·7465·6420·7379··he·remediated·sy
 0003b2a0:·7374·656d·2e22·2026·6774·3b26·616d·703b··stem."·&gt;&amp;
 0003b2b0:·320a·0965·6368·6f20·2253·6565·206f·7574··2..echo·"See·out
 0003b2c0:·7075·7420·6f66·2074·6865·2027·646e·6620··put·of·the·'dnf·
 0003b2d0:·7072·6f76·6964·6573·2075·7064·6174·652d··provides·update-
 0003b2e0:·6372·7970·746f·2d70·6f6c·6963·6965·7327··crypto-policies'
 0003b2f0:·2063·6f6d·6d61·6e64·2220·2667·743b·2661···command"·&gt;&a
 0003b300:·6d70·3b32·0a09·6563·686f·2022·746f·2073··mp;2..echo·"to·s
 0003b310:·6565·2077·6861·7420·7061·636b·6167·6520··ee·what·package·
 0003b320:·746f·2028·7265·2969·6e73·7461·6c6c·2220··to·(re)install"·
 0003b330:·2667·743b·2661·6d70·3b32·0a0a·0966·616c··&gt;&amp;2...fal
 0003b340:·7365·2020·2320·656e·6420·7769·7468·2061··se··#·end·with·a
 0003b350:·6e20·6572·726f·7220·636f·6465·0a65·6c69··n·error·code.eli
 0003b360:·6620·7465·7374·2022·2472·6322·2021·3d20··f·test·"$rc"·!=·
 0003b370:·303b·2074·6865·6e0a·0965·6368·6f20·2245··0;·then..echo·"E
 0003b380:·7272·6f72·2069·6e76·6f6b·696e·6720·7468··rror·invoking·th
 0003b390:·6520·7570·6461·7465·2d63·7279·7074·6f2d··e·update-crypto-
 0003b3a0:·706f·6c69·6369·6573·2073·6372·6970·743a··policies·script:
 0003b3b0:·2024·7374·6465·7272·5f6f·665f·6361·6c6c···$stderr_of_call
 0003b3c0:·2220·2667·743b·2661·6d70·3b32·0a09·6661··"·&gt;&amp;2..fa
 0003b3d0:·6c73·6520·2023·2065·6e64·2077·6974·6820··lse··#·end·with·
 0003b3e0:·616e·2065·7272·6f72·2063·6f64·650a·6669··an·error·code.fi
 0003b3f0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
 0003b400:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
 0003b410:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
 0003b420:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
 0003b430:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
 0003b440:·743d·2223·6964·6d37·3034·3822·2074·6162··t="#idm7048"·tab
 0003b450:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
 0003b460:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
 0003b470:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
 0003b480:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
 0003b490:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
 0003b4a0:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A
 0003b4b0:·6e73·6962·6c65·2073·6e69·7070·6574·20e2··nsible·snippet·.
 0003b4c0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
 0003b4d0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
 0003b4e0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
 0003b4f0:·643d·2269·646d·3730·3438·223e·3c74·6162··d="idm7048"><tab
 0003b500:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 0003b510:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 0003b520:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 0003b530:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 0003b540:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
 0003b550:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003b560:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003b570:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
 0003b580:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003b590:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003b5a0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
 0003b5b0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 0003b5c0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003b5d0:·3e72·6573·7472·6963·743c·2f74·643e·3c2f··>restrict</td></
 0003b5e0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
 0003b5f0:·3c63·6f64·653e·2d20·6e61·6d65·3a20·5843··<code>-·name:·XC
 0003b600:·4344·4620·5661·6c75·6520·7661·725f·7379··CDF·Value·var_sy
 0003b610:·7374·656d·5f63·7279·7074·6f5f·706f·6c69··stem_crypto_poli
0003b240:·2023·2070·726f·6d6f·7465·2074·6f20·7661···#·promote·to·va0003b620:·6379·2023·2070·726f·6d6f·7465·2074·6f20··cy·#·promote·to·
0003b250:·7269·6162·6c65·0a20·2073·6574·5f66·6163··riable.··set_fac0003b630:·7661·7269·6162·6c65·0a20·2073·6574·5f66··variable.··set_f
0003b260:·743a·0a20·2020·2076·6172·5f73·7973·7465··t:.····var_syste0003b640:·6163·743a·0a20·2020·2076·6172·5f73·7973··act:.····var_sys
0003b270:·6d5f·6372·7970·746f·5f70·6f6c·6963·793a··m_crypto_policy: 
0003b280:·2021·2173·7472·203c·6162·6272·2074·6974···!!str·<abbr·tit 
0003b290:·6c65·3d22·6672·6f6d·2050·726f·6669·6c65··le="from·Profile 
0003b2a0:·2f72·6566·696e·652d·7661·6c75·653a·2078··/refine-value:·x 
0003b2b0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj 
0003b2c0:·6563·742e·636f·6e74·656e·745f·7661·6c75··ect.content_valu 
0003b2d0:·655f·7661·725f·7379·7374·656d·5f63·7279··e_var_system_cry 
0003b2e0:·7074·6f5f·706f·6c69·6379·223e·4445·4641··pto_policy">DEFA 
0003b2f0:·554c·543c·2f61·6262·723e·0a20·2074·6167··ULT</abbr>.··tag 
0003b300:·733a·0a20·2020·202d·2061·6c77·6179·730a··s:.····-·always. 
Max diff block lines reached; 8968255/8991191 bytes (99.74%) of diff not shown.
921 KB
html2text {}
    
Offset 128, 14 lines modifiedOffset 128, 33 lines modified
128 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1128 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
129 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)129 References:·_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
130 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,130 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,
131 ·····················FCS_TLSC_EXT.1131 ·····················FCS_TLSC_EXT.1
132 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174132 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
133 ············_\x8c_\x8c_\x8n······A.5.SEC-OL4133 ············_\x8c_\x8c_\x8n······A.5.SEC-OL4
134 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2134 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 136 var_system_crypto_policy='DEFAULT'
  
  
 137 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 138 rc=$?
  
 139 if·test·"$rc"·=·127;·then
 140 »       echo·"$stderr_of_call"·>&2
 141 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 142 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 143 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 144 »       false··#·end·with·an·error·code
 145 elif·test·"$rc"·!=·0;·then
 146 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 147 »       false··#·end·with·an·error·code
 148 fi
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8149 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low150 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low151 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false152 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict153 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
140 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable154 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
141 ··set_fact:155 ··set_fact:
Offset 180, 33 lines modifiedOffset 199, 14 lines modified
180 ··-·PCI-DSSv4-2.2.7199 ··-·PCI-DSSv4-2.2.7
181 ··-·configure_crypto_policy200 ··-·configure_crypto_policy
182 ··-·high_severity201 ··-·high_severity
183 ··-·low_complexity202 ··-·low_complexity
184 ··-·low_disruption203 ··-·low_disruption
185 ··-·no_reboot_needed204 ··-·no_reboot_needed
186 ··-·restrict_strategy205 ··-·restrict_strategy
187 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
188 var_system_crypto_policy='DEFAULT' 
  
  
189 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
190 rc=$? 
  
191 if·test·"$rc"·=·127;·then 
192 »       echo·"$stderr_of_call"·>&2 
193 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
194 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
195 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
196 »       false··#·end·with·an·error·code 
197 elif·test·"$rc"·!=·0;·then 
198 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
199 »       false··#·end·with·an·error·code 
200 fi 
201 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*206 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
202 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is207 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is
203 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto208 supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto
204 Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or209 Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or
205 not·set·at·all·in·the·/etc/sysconfig/sshd.210 not·set·at·all·in·the·/etc/sysconfig/sshd.
206 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,211 Rationale:··Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,
207 ············and·makes·system·configuration·more·fragmented.212 ············and·makes·system·configuration·more·fragmented.
Offset 217, 14 lines modifiedOffset 217, 19 lines modified
217 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1217 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
218 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13218 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13
219 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1219 References:·_\x8o_\x8s_\x8p_\x8p·····FCS_SSH_EXT.1,·FCS_SSHS_EXT.1,·FCS_SSHC_EXT.1
220 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2220 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
221 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093221 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
222 ············_\x8c_\x8c_\x8n······A.5.SEC-OL6222 ············_\x8c_\x8c_\x8n······A.5.SEC-OL6
223 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2223 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 224 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 225 SSH_CONF="/etc/sysconfig/sshd"
  
 226 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
224 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8227 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
225 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low228 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
226 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium229 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
227 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true230 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
228 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable231 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···disable
229 -·name:·Configure·SSH·to·use·System·Crypto·Policy232 -·name:·Configure·SSH·to·use·System·Crypto·Policy
230 ··lineinfile:233 ··lineinfile:
Offset 242, 19 lines modifiedOffset 247, 14 lines modified
242 ··-·PCI-DSSv4-2.2.7247 ··-·PCI-DSSv4-2.2.7
243 ··-·configure_ssh_crypto_policy248 ··-·configure_ssh_crypto_policy
244 ··-·disable_strategy249 ··-·disable_strategy
245 ··-·low_complexity250 ··-·low_complexity
246 ··-·medium_disruption251 ··-·medium_disruption
247 ··-·medium_severity252 ··-·medium_severity
248 ··-·reboot_required253 ··-·reboot_required
249 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
250 SSH_CONF="/etc/sysconfig/sshd" 
  
251 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF 
252 Group  ·GNOME·Desktop·Environment·  Group·contains·3·groups·and·7·rules254 Group  ·GNOME·Desktop·Environment·  Group·contains·3·groups·and·7·rules
253 _\x8[_\x8r_\x8e_\x8f_\x8]  ·GNOME·is·a·graphical·desktop·environment·bundled·with·many·Linux·distributions·that·allow·users·to255 _\x8[_\x8r_\x8e_\x8f_\x8]  ·GNOME·is·a·graphical·desktop·environment·bundled·with·many·Linux·distributions·that·allow·users·to
254 easily·interact·with·the·operating·system·graphically·rather·than·textually.·The·GNOME·Graphical·Display256 easily·interact·with·the·operating·system·graphically·rather·than·textually.·The·GNOME·Graphical·Display
255 Manager·(GDM)·provides·login,·logout,·and·user·switching·contexts·as·well·as·display·server·management.257 Manager·(GDM)·provides·login,·logout,·and·user·switching·contexts·as·well·as·display·server·management.
  
256 GNOME·is·developed·by·the·GNOME·Project·and·is·considered·the·default·Oracle·Linux·Graphical·environment.258 GNOME·is·developed·by·the·GNOME·Project·and·is·considered·the·default·Oracle·Linux·Graphical·environment.
  
Offset 282, 14 lines modifiedOffset 282, 75 lines modified
282 ············the·system·to·quickly·enumerate·known·user·accounts·without·logging·in.282 ············the·system·to·quickly·enumerate·known·user·accounts·without·logging·in.
283 Severity: ··medium283 Severity: ··medium
284 Rule·ID:····xccdf_org.ssgproject.content_rule_dconf_gnome_disable_user_list284 Rule·ID:····xccdf_org.ssgproject.content_rule_dconf_gnome_disable_user_list
285 ············_\x8d_\x8i_\x8s_\x8a···CCI-000366285 ············_\x8d_\x8i_\x8s_\x8a···CCI-000366
286 References:·_\x8n_\x8i_\x8s_\x8t···CM-6(a),·AC-23286 References:·_\x8n_\x8i_\x8s_\x8t···CM-6(a),·AC-23
287 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000480-GPOS-00227287 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000480-GPOS-00227
288 ············_\x8c_\x8c_\x8n····A.11.SEC-OL9288 ············_\x8c_\x8c_\x8n····A.11.SEC-OL9
 289 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 290 #·Remediation·is·applicable·only·in·certain·platforms
 291 if·rpm·--quiet·-q·gdm·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
 292 #·Check·for·setting·in·any·of·the·DConf·db·directories
 293 #·If·files·contain·ibus·or·distro,·ignore·them.
 294 #·The·assignment·assumes·that·individual·filenames·don't·contain·:
 295 readarray·-t·SETTINGSFILES·<·<(grep·-r·"\\[org/gnome/login-screen\\]"·"/etc/dconf/db/"·\
 296 ································|·grep·-v·'distro\|ibus\|local.d'·|·cut·-d":"·-f1)
 297 DCONFFILE="/etc/dconf/db/local.d/00-security-settings"
 298 DBDIR="/etc/dconf/db/local.d"
  
Max diff block lines reached; 935497/943147 bytes (99.19%) of diff not shown.
5.34 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-cui.html
    
Offset 15040, 259 lines modifiedOffset 15040, 259 lines modified
0003abf0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003abf0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003ac00:·3637·3731·2220·7461·6269·6e64·6578·3d22··6771"·tabindex="0003ac00:·3637·3731·2220·7461·6269·6e64·6578·3d22··6771"·tabindex="
0003ac10:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003ac10:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003ac20:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003ac20:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003ac30:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003ac30:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003ac40:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003ac40:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003ac50:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003ac50:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003ac60:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible· 
0003ac70:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003ac80:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003ac90:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003aca0:·6c6c·6170·7365·2220·6964·3d22·6964·6d36··llapse"·id="idm6 
0003acb0:·3737·3122·3e3c·7461·626c·6520·636c·6173··771"><table·clas 
0003acc0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003acd0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003ace0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003acf0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003ad00:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><0003ac60:·6469·6174·696f·6e20·5368·656c·6c20·7363··diation·Shell·sc
 0003ac70:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
 0003ac80:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
 0003ac90:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
 0003aca0:·7073·6522·2069·643d·2269·646d·3637·3731··pse"·id="idm6771
 0003acb0:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
 0003acc0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
 0003acd0:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
 0003ace0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
 0003acf0:·6d73·0a69·6620·2820·2120·2820·5b20·2224··ms.if·(·!·(·[·"$
 0003ad00:·7b63·6f6e·7461·696e·6572·3a2d·7d22·203d··{container:-}"·=
 0003ad10:·3d20·2262·7772·6170·2d6f·7362·7569·6c64··=·"bwrap-osbuild
 0003ad20:·2220·5d20·2920·2661·6d70·3b26·616d·703b··"·]·)·&amp;&amp;
 0003ad30:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
 0003ad40:·6b65·726e·656c·207c·7c20·7270·6d20·2d2d··kernel·||·rpm·--
 0003ad50:·7175·6965·7420·2d71·206b·6572·6e65·6c2d··quiet·-q·kernel-
 0003ad60:·7565·6b20·2920·2661·6d70·3b26·616d·703b··uek·)·&amp;&amp;
 0003ad70:·207b·2021·2028·207b·2072·706d·202d·2d71···{·!·(·{·rpm·--q
 0003ad80:·7569·6574·202d·7120·6b65·726e·656c·203b··uiet·-q·kernel·;
 0003ad90:·7d20·2661·6d70·3b26·616d·703b·207b·2072··}·&amp;&amp;·{·r
 0003ada0:·706d·202d·2d71·7569·6574·202d·7120·7270··pm·--quiet·-q·rp
 0003adb0:·6d2d·6f73·7472·6565·203b·7d20·2661·6d70··m-ostree·;}·&amp
 0003adc0:·3b26·616d·703b·207b·2072·706d·202d·2d71··;&amp;·{·rpm·--q
 0003add0:·7569·6574·202d·7120·626f·6f74·6320·3b7d··uiet·-q·bootc·;}
 0003ade0:·2026·616d·703b·2661·6d70·3b20·7b20·2120···&amp;&amp;·{·!·
 0003adf0:·7270·6d20·2d2d·7175·6965·7420·2d71·206f··rpm·--quiet·-q·o
 0003ae00:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet
 0003ae10:·203b·7d20·293b·207d·3b20·7468·656e·0a0a···;}·);·};·then..
 0003ae20:·6669·7073·2d6d·6f64·652d·7365·7475·7020··fips-mode-setup·
 0003ae30:·2d2d·656e·6162·6c65·0a46·4950·535f·434f··--enable.FIPS_CO
 0003ae40:·4e46·3d22·2f65·7463·2f64·7261·6375·742e··NF="/etc/dracut.
 0003ae50:·636f·6e66·2e64·2f34·302d·6669·7073·2e63··conf.d/40-fips.c
 0003ae60:·6f6e·6622·0a69·6620·2120·6772·6570·2022··onf".if·!·grep·"
 0003ae70:·5e61·6464·5f64·7261·6375·746d·6f64·756c··^add_dracutmodul
 0003ae80:·6573·2b3d·5c22·2066·6970·7320·5c22·2220··es+=\"·fips·\""·
 0003ae90:·2446·4950·535f·434f·4e46·3b20·7468·656e··$FIPS_CONF;·then
 0003aea0:·0a20·2020·2065·6368·6f20·2261·6464·5f64··.····echo·"add_d
 0003aeb0:·7261·6375·746d·6f64·756c·6573·2b3d·5c22··racutmodules+=\"
 0003aec0:·2066·6970·7320·5c22·2220·2667·743b·2667···fips·\""·&gt;&g
 0003aed0:·743b·2024·4649·5053·5f43·4f4e·460a·6669··t;·$FIPS_CONF.fi
 0003aee0:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
 0003aef0:·616d·703b·3220·6563·686f·2027·5265·6d65··amp;2·echo·'Reme
 0003af00:·6469·6174·696f·6e20·6973·206e·6f74·2061··diation·is·not·a
 0003af10:·7070·6c69·6361·626c·652c·206e·6f74·6869··pplicable,·nothi
 0003af20:·6e67·2077·6173·2064·6f6e·6527·0a66·690a··ng·was·done'.fi.
 0003af30:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
 0003af40:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
 0003af50:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
 0003af60:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
 0003af70:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
 0003af80:·3d22·2369·646d·3637·3732·2220·7461·6269··="#idm6772"·tabi
 0003af90:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
 0003afa0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
 0003afb0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
 0003afc0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
 0003afd0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
 0003afe0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An
 0003aff0:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..
 0003b000:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
 0003b010:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
 0003b020:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
 0003b030:·3d22·6964·6d36·3737·3222·3e3c·7461·626c··="idm6772"><tabl
 0003b040:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
 0003b050:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
 0003b060:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
 0003b070:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
 0003b080:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
 0003b090:·3c2f·7468·3e3c·7464·3e6d·6564·6975·6d3c··</th><td>medium<
 0003b0a0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b0b0:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th
0003ad10:·7464·3e6d·6564·6975·6d3c·2f74·643e·3c2f··td>medium</td></0003b0c0:·3e3c·7464·3e6d·6564·6975·6d3c·2f74·643e··><td>medium</td>
0003ad20:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003ad30:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6d··ption:</th><td>m 
0003ad40:·6564·6975·6d3c·2f74·643e·3c2f·7472·3e3c··edium</td></tr>< 
0003ad50:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003ad60:·7468·3e3c·7464·3e74·7275·653c·2f74·643e··th><td>true</td> 
0003ad70:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str0003b0d0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
0003ad80:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r0003b0e0:·6f6f·743a·3c2f·7468·3e3c·7464·3e74·7275··oot:</th><td>tru
 0003b0f0:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><
 0003b100:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
 0003b110:·3e3c·7464·3e72·6573·7472·6963·743c·2f74··><td>restrict</t
 0003b120:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
 0003b130:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name
 0003b140:·3a20·4761·7468·6572·2074·6865·2070·6163··:·Gather·the·pac
 0003b150:·6b61·6765·2066·6163·7473·0a20·2070·6163··kage·facts.··pac
 0003b160:·6b61·6765·5f66·6163·7473·3a0a·2020·2020··kage_facts:.····
 0003b170:·6d61·6e61·6765·723a·2061·7574·6f0a·2020··manager:·auto.··
 0003b180:·7461·6773·3a0a·2020·2d20·4e49·5354·2d38··tags:.··-·NIST-8
 0003b190:·3030·2d35·332d·434d·2d36·2861·290a·2020··00-53-CM-6(a).··
0003ad90:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr 
0003ada0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003adb0:·6f64·653e·2d20·6e61·6d65·3a20·4761·7468··ode>-·name:·Gath 
0003adc0:·6572·2074·6865·2070·6163·6b61·6765·2066··er·the·package·f 
0003add0:·6163·7473·0a20·2070·6163·6b61·6765·5f66··acts.··package_f 
0003ade0:·6163·7473·3a0a·2020·2020·6d61·6e61·6765··acts:.····manage 
0003adf0:·723a·2061·7574·6f0a·2020·7461·6773·3a0a··r:·auto.··tags:. 
0003ae00:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53- 
0003ae10:·434d·2d36·2861·290a·2020·2d20·4e49·5354··CM-6(a).··-·NIST 
0003ae20:·2d38·3030·2d35·332d·4941·2d37·0a20·202d··-800-53-IA-7.··- 
0003ae30:·204e·4953·542d·3830·302d·3533·2d53·432d···NIST-800-53-SC- 
0003ae40:·3132·0a20·202d·204e·4953·542d·3830·302d··12.··-·NIST-800- 
0003ae50:·3533·2d53·432d·3132·2832·290a·2020·2d20··53-SC-12(2).··-· 
0003ae60:·4e49·5354·2d38·3030·2d35·332d·5343·2d31··NIST-800-53-SC-1 
0003ae70:·3228·3329·0a20·202d·204e·4953·542d·3830··2(3).··-·NIST-80 
0003ae80:·302d·3533·2d53·432d·3133·0a20·202d·2065··0-53-SC-13.··-·e 
0003ae90:·6e61·626c·655f·6472·6163·7574·5f66·6970··nable_dracut_fip 
0003aea0:·735f·6d6f·6475·6c65·0a20·202d·2068·6967··s_module.··-·hig 
0003aeb0:·685f·7365·7665·7269·7479·0a20·202d·206d··h_severity.··-·m 
0003aec0:·6564·6975·6d5f·636f·6d70·6c65·7869·7479··edium_complexity 
0003aed0:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr 
Max diff block lines reached; 4979886/5014276 bytes (99.31%) of diff not shown.
573 KB
html2text {}
    
Offset 97, 14 lines modifiedOffset 97, 27 lines modified
97 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_dracut_fips_module97 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_dracut_fips_module
98 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-00087798 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
99 ············_\x8i_\x8s_\x8m······144699 ············_\x8i_\x8s_\x8m······1446
100 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1100 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
101 ············_\x8n_\x8i_\x8s_\x8t·····SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12101 ············_\x8n_\x8i_\x8s_\x8t·····SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
102 ············_\x8o_\x8s_\x8p_\x8p·····FCS_RBG_EXT.1102 ············_\x8o_\x8s_\x8p_\x8p·····FCS_RBG_EXT.1
103 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223103 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223
 104 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 105 #·Remediation·is·applicable·only·in·certain·platforms
 106 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·)·&&·{·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·};·then
  
 107 fips-mode-setup·--enable
 108 FIPS_CONF="/etc/dracut.conf.d/40-fips.conf"
 109 if·!·grep·"^add_dracutmodules+=\"·fips·\""·$FIPS_CONF;·then
 110 ····echo·"add_dracutmodules+=\"·fips·\""·>>·$FIPS_CONF
 111 fi
  
 112 else
 113 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 114 fi
104 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8115 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
105 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·medium116 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·medium
106 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium117 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
107 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true118 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
108 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict119 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
109 -·name:·Gather·the·package·facts120 -·name:·Gather·the·package·facts
110 ··package_facts:121 ··package_facts:
Offset 190, 27 lines modifiedOffset 203, 14 lines modified
190 ··-·NIST-800-53-SC-13203 ··-·NIST-800-53-SC-13
191 ··-·enable_dracut_fips_module204 ··-·enable_dracut_fips_module
192 ··-·high_severity205 ··-·high_severity
193 ··-·medium_complexity206 ··-·medium_complexity
194 ··-·medium_disruption207 ··-·medium_disruption
195 ··-·reboot_required208 ··-·reboot_required
196 ··-·restrict_strategy209 ··-·restrict_strategy
197 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
198 #·Remediation·is·applicable·only·in·certain·platforms 
199 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·)·&&·{·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·};·then 
  
200 fips-mode-setup·--enable 
201 FIPS_CONF="/etc/dracut.conf.d/40-fips.conf" 
202 if·!·grep·"^add_dracutmodules+=\"·fips·\""·$FIPS_CONF;·then 
203 ····echo·"add_dracutmodules+=\"·fips·\""·>>·$FIPS_CONF 
204 fi 
  
205 else 
206 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
207 fi 
208 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*210 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
209 To·enable·FIPS·mode,·run·the·following·command:211 To·enable·FIPS·mode,·run·the·following·command:
210 fips-mode-setup·--enable212 fips-mode-setup·--enable
  
211 The·fips-mode-setup·command·will·configure·the·system·in·FIPS·mode·by·automatically·configuring·the·following:213 The·fips-mode-setup·command·will·configure·the·system·in·FIPS·mode·by·automatically·configuring·the·following:
212 ····*·Setting·the·kernel·FIPS·mode·flag·(/proc/sys/crypto/fips_enabled)·to·1214 ····*·Setting·the·kernel·FIPS·mode·flag·(/proc/sys/crypto/fips_enabled)·to·1
213 ····*·Creating·/etc/system-fips215 ····*·Creating·/etc/system-fips
Offset 223, 31 lines modifiedOffset 223, 31 lines modified
223 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_fips_mode223 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_fips_mode
224 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877224 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
225 ············_\x8i_\x8s_\x8m······1446225 ············_\x8i_\x8s_\x8m······1446
226 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1226 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
227 ············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12227 ············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
228 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1228 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
229 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176229 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
230 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
231 [customizations] 
232 fips·=·true 
233 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8230 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
234 #·Remediation·is·applicable·only·in·certain·platforms231 #·Remediation·is·applicable·only·in·certain·platforms
235 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·);·then232 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·);·then
  
236 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then233 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
237 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF234 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
238 kargs·=·["fips=1"]235 kargs·=·["fips=1"]
239 EOF236 EOF
240 fi237 fi
  
241 else238 else
242 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'239 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
243 fi240 fi
 241 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 242 [customizations]
 243 fips·=·true
244 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules244 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules
245 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:245 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:
246 ····*·GnuTLS·library246 ····*·GnuTLS·library
247 ····*·OpenSSL·library247 ····*·OpenSSL·library
248 ····*·NSS·library248 ····*·NSS·library
249 ····*·OpenJDK249 ····*·OpenJDK
250 ····*·Libkrb5250 ····*·Libkrb5
Offset 259, 38 lines modifiedOffset 259, 35 lines modified
259 $·sudo·yum·install·crypto-policies259 $·sudo·yum·install·crypto-policies
260 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.260 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.
261 Severity: ··medium261 Severity: ··medium
262 Rule·ID:····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed262 Rule·ID:····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed
263 ············_\x8d_\x8i_\x8s_\x8a···CCI-002890,·CCI-002450,·CCI-003123263 ············_\x8d_\x8i_\x8s_\x8a···CCI-002890,·CCI-002450,·CCI-003123
264 References:·_\x8o_\x8s_\x8p_\x8p···FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1264 References:·_\x8o_\x8s_\x8p_\x8p···FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
265 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174265 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
266 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
267 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
268 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
269 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
270 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
271 package·--add=crypto-policies 
272 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8266 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
273 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low267 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
274 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low268 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
275 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false269 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
276 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable270 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
277 include·install_crypto-policies271 include·install_crypto-policies
  
278 class·install_crypto-policies·{272 class·install_crypto-policies·{
279 ··package·{·'crypto-policies':273 ··package·{·'crypto-policies':
280 ····ensure·=>·'installed',274 ····ensure·=>·'installed',
281 ··}275 ··}
282 }276 }
283 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8277 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 278 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 279 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 280 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 281 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
284 [[packages]] 
285 name·=·"crypto-policies" 
286 version·=·"*"282 if·!·rpm·-q·--quiet·"crypto-policies"·;·then
Max diff block lines reached; 580145/586915 bytes (98.85%) of diff not shown.
6.65 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-e8.html
    
Offset 15136, 408 lines modifiedOffset 15136, 408 lines modified
0003b1f0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003b1f0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003b200:·6d35·3934·3422·2074·6162·696e·6465·783d··m5944"·tabindex=0003b200:·6d35·3934·3422·2074·6162·696e·6465·783d··m5944"·tabindex=
0003b210:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003b210:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003b220:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003b220:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003b230:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003b230:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003b240:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003b240:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b250:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003b250:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
0003b260:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible0003b260:·6564·6961·7469·6f6e·2053·6865·6c6c·2073··ediation·Shell·s
0003b270:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>0003b270:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br
0003b280:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="0003b280:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003b290:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c0003b290:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003b2a0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm0003b2a0:·6170·7365·2220·6964·3d22·6964·6d35·3934··apse"·id="idm594
0003b2b0:·3539·3434·223e·3c74·6162·6c65·2063·6c61··5944"><table·cla0003b2b0:·3422·3e3c·7072·653e·3c63·6f64·653e·2320··4"><pre><code>#·
0003b2c0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-0003b2c0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
0003b2d0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo0003b2d0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
0003b2e0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con0003b2e0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
0003b2f0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>0003b2f0:·726d·730a·6966·2021·2028·207b·2072·706d··rms.if·!·(·{·rpm
0003b300:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>0003b300:·202d·2d71·7569·6574·202d·7120·6b65·726e···--quiet·-q·kern
0003b310:·3c74·643e·6869·6768·3c2f·7464·3e3c·2f74··<td>high</td></t0003b310:·656c·203b·7d20·2661·6d70·3b26·616d·703b··el·;}·&amp;&amp;
0003b320:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup0003b320:·207b·2072·706d·202d·2d71·7569·6574·202d···{·rpm·--quiet·-
0003b330:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6d65··tion:</th><td>me0003b330:·7120·7270·6d2d·6f73·7472·6565·203b·7d20··q·rpm-ostree·;}·
0003b340:·6469·756d·3c2f·7464·3e3c·2f74·723e·3c74··dium</td></tr><t0003b340:·2661·6d70·3b26·616d·703b·207b·2072·706d··&amp;&amp;·{·rpm
0003b350:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t0003b350:·202d·2d71·7569·6574·202d·7120·626f·6f74···--quiet·-q·boot
0003b360:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>0003b360:·6320·3b7d·2026·616d·703b·2661·6d70·3b20··c·;}·&amp;&amp;·
0003b370:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str0003b370:·7b20·2120·7270·6d20·2d2d·7175·6965·7420··{·!·rpm·--quiet·
0003b380:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r0003b380:·2d71·206f·7065·6e73·6869·6674·2d6b·7562··-q·openshift-kub
0003b390:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr0003b390:·656c·6574·203b·7d20·293b·2074·6865·6e0a··elet·;}·);·then.
0003b3a0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c0003b3a0:·0a23·2046·696e·6420·7768·6963·6820·6669··.#·Find·which·fi
0003b3b0:·6f64·653e·2d20·6e61·6d65·3a20·4761·7468··ode>-·name:·Gath0003b3b0:·6c65·7320·6861·7665·2069·6e63·6f72·7265··les·have·incorre
0003b3c0:·6572·2074·6865·2070·6163·6b61·6765·2066··er·the·package·f0003b3c0:·6374·2068·6173·6820·286e·6f74·2069·6e20··ct·hash·(not·in·
0003b3d0:·6163·7473·0a20·2070·6163·6b61·6765·5f66··acts.··package_f0003b3d0:·2f65·7463·2c20·6265·6361·7573·6520·6f66··/etc,·because·of
0003b3e0:·6163·7473·3a0a·2020·2020·6d61·6e61·6765··acts:.····manage0003b3e0:·2074·6865·2073·7973·7465·6d20·7265·6c61···the·system·rela
0003b3f0:·723a·2061·7574·6f0a·2020·7461·6773·3a0a··r:·auto.··tags:.0003b3f0:·7465·6420·636f·6e66·6967·2066·696c·6573··ted·config·files
0003b400:·2020·2d20·434a·4953·2d35·2e31·302e·342e····-·CJIS-5.10.4.0003b400:·2920·616e·6420·7468·656e·2067·6574·2066··)·and·then·get·f
0003b410:·310a·2020·2d20·4e49·5354·2d38·3030·2d31··1.··-·NIST-800-10003b410:·696c·6573·206e·616d·6573·0a66·696c·6573··iles·names.files
0003b420:·3731·2d33·2e33·2e38·0a20·202d·204e·4953··71-3.3.8.··-·NIS0003b420:·5f77·6974·685f·696e·636f·7272·6563·745f··_with_incorrect_
0003b430:·542d·3830·302d·3137·312d·332e·342e·310a··T-800-171-3.4.1.0003b430:·6861·7368·3d22·2428·7270·6d20·2d56·6120··hash="$(rpm·-Va·
0003b440:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b440:·2d2d·6e6f·636f·6e66·6967·207c·2067·7265··--noconfig·|·gre
0003b450:·4155·2d39·2833·290a·2020·2d20·4e49·5354··AU-9(3).··-·NIST0003b450:·7020·2d45·2027·5e2e·2e35·2720·7c20·6177··p·-E·'^..5'·|·aw
0003b460:·2d38·3030·2d35·332d·434d·2d36·2863·290a··-800-53-CM-6(c).0003b460:·6b20·277b·7072·696e·7420·244e·467d·2720··k·'{print·$NF}'·
0003b470:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b470:·2922·0a0a·6966·205b·202d·6e20·2224·6669··)"..if·[·-n·"$fi
0003b480:·434d·2d36·2864·290a·2020·2d20·4e49·5354··CM-6(d).··-·NIST0003b480:·6c65·735f·7769·7468·5f69·6e63·6f72·7265··les_with_incorre
0003b490:·2d38·3030·2d35·332d·5349·2d37·0a20·202d··-800-53-SI-7.··-0003b490:·6374·5f68·6173·6822·205d·3b20·7468·656e··ct_hash"·];·then
0003b4a0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003b4a0:·0a20·2020·2023·2046·726f·6d20·6669·6c65··.····#·From·file
0003b4b0:·3728·3129·0a20·202d·204e·4953·542d·3830··7(1).··-·NIST-800003b4b0:·7320·6e61·6d65·7320·6765·7420·7061·636b··s·names·get·pack
0003b4c0:·302d·3533·2d53·492d·3728·3629·0a20·202d··0-53-SI-7(6).··-0003b4c0:·6167·6520·6e61·6d65·7320·616e·6420·6368··age·names·and·ch
0003b4d0:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.0003b4d0:·616e·6765·206e·6577·6c69·6e65·2074·6f20··ange·newline·to·
0003b4e0:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-0003b4e0:·7370·6163·652c·2062·6563·6175·7365·2072··space,·because·r
0003b4f0:·3131·2e35·2e32·0a20·202d·2068·6967·685f··11.5.2.··-·high_0003b4f0:·706d·2077·7269·7465·7320·6561·6368·2070··pm·writes·each·p
0003b500:·636f·6d70·6c65·7869·7479·0a20·202d·2068··complexity.··-·h0003b500:·6163·6b61·6765·2074·6f20·6e65·7720·6c69··ackage·to·new·li
0003b510:·6967·685f·7365·7665·7269·7479·0a20·202d··igh_severity.··-0003b510:·6e65·0a20·2020·2070·6163·6b61·6765·735f··ne.····packages_
0003b520:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti0003b520:·746f·5f72·6569·6e73·7461·6c6c·3d22·2428··to_reinstall="$(
0003b530:·6f6e·0a20·202d·206e·6f5f·7265·626f·6f74··on.··-·no_reboot0003b530:·7270·6d20·2d71·6620·2466·696c·6573·5f77··rpm·-qf·$files_w
0003b540:·5f6e·6565·6465·640a·2020·2d20·7265·7374··_needed.··-·rest0003b540:·6974·685f·696e·636f·7272·6563·745f·6861··ith_incorrect_ha
0003b550:·7269·6374·5f73·7472·6174·6567·790a·2020··rict_strategy.··0003b550:·7368·207c·2074·7220·275c·6e27·2027·2027··sh·|·tr·'\n'·'·'
0003b560:·2d20·7270·6d5f·7665·7269·6679·5f68·6173··-·rpm_verify_has0003b560:·2922·0a0a·2020·2020·0a20·2020·2079·756d··)"..····.····yum
0003b570:·6865·730a·0a2d·206e·616d·653a·2027·5365··hes..-·name:·'Se0003b570:·2072·6569·6e73·7461·6c6c·202d·7920·2470···reinstall·-y·$p
0003b580:·7420·6661·6374·3a20·5061·636b·6167·6520··t·fact:·Package·0003b580:·6163·6b61·6765·735f·746f·5f72·6569·6e73··ackages_to_reins
0003b590:·6d61·6e61·6765·7220·7265·696e·7374·616c··manager·reinstal0003b590:·7461·6c6c·0a20·2020·200a·6669·0a0a·656c··tall.····.fi..el
0003b5a0:·6c20·636f·6d6d·616e·6427·0a20·2073·6574··l·command'.··set0003b5a0:·7365·0a20·2020·2026·6774·3b26·616d·703b··se.····&gt;&amp;
0003b5b0:·5f66·6163·743a·0a20·2020·2070·6163·6b61··_fact:.····packa0003b5b0:·3220·6563·686f·2027·5265·6d65·6469·6174··2·echo·'Remediat
0003b5c0:·6765·5f6d·616e·6167·6572·5f72·6569·6e73··ge_manager_reins0003b5c0:·696f·6e20·6973·206e·6f74·2061·7070·6c69··ion·is·not·appli
0003b5d0:·7461·6c6c·5f63·6d64·3a20·7975·6d20·7265··tall_cmd:·yum·re0003b5d0:·6361·626c·652c·206e·6f74·6869·6e67·2077··cable,·nothing·w
0003b5e0:·696e·7374·616c·6c20·2d79·0a20·2077·6865··install·-y.··whe0003b5e0:·6173·2064·6f6e·6527·0a66·690a·3c2f·636f··as·done'.fi.</co
0003b5f0:·6e3a·0a20·202d·206e·6f74·2028·2022·6b65··n:.··-·not·(·"ke0003b5f0:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
0003b600:·726e·656c·2220·696e·2061·6e73·6962·6c65··rnel"·in·ansible0003b600:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
0003b610:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003b610:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
0003b620:·616e·6420·2272·706d·2d6f·7374·7265·6522··and·"rpm-ostree"0003b620:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
0003b630:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003b630:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003b640:·732e·7061·636b·6167·6573·0a20·2020·2061··s.packages.····a0003b640:·646d·3539·3435·2220·7461·6269·6e64·6578··dm5945"·tabindex
0003b650:·6e64·2022·626f·6f74·6322·2069·6e20·616e··nd·"bootc"·in·an0003b650:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003b660:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003b660:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003b670:·6167·6573·2061·6e64·206e·6f74·2022·6f70··ages·and·not·"op0003b670:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003b680:·656e·7368·6966·742d·6b75·6265·6c65·7422··enshift-kubelet"0003b680:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003b690:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003b690:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003b6a0:·732e·7061·636b·6167·6573·0a20·2020·2029··s.packages.····)0003b6a0:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl
0003b6b0:·0a20·202d·2061·6e73·6962·6c65·5f64·6973··.··-·ansible_dis0003b6b0:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a
0003b6c0:·7472·6962·7574·696f·6e20·696e·205b·2022··tribution·in·[·"0003b6c0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003b6d0:·4665·646f·7261·222c·2022·5265·6448·6174··Fedora",·"RedHat0003b6d0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003b6e0:·222c·2022·4365·6e74·4f53·222c·2022·4f72··",·"CentOS",·"Or0003b6e0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003b6f0:·6163·6c65·4c69·6e75·7822·205d·0a20·2074··acleLinux"·].··t0003b6f0:·6d35·3934·3522·3e3c·7461·626c·6520·636c··m5945"><table·cl
0003b700:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.0003b700:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
0003b710:·3130·2e34·2e31·0a20·202d·204e·4953·542d··10.4.1.··-·NIST-0003b710:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003b720:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··0003b720:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
0003b730:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003b730:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
0003b740:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-800003b740:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003b750:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-0003b750:·3e3c·7464·3e68·6967·683c·2f74·643e·3c2f··><td>high</td></
0003b760:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-0003b760:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
0003b770:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-800003b770:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6d··ption:</th><td>m
0003b780:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-0003b780:·6564·6975·6d3c·2f74·643e·3c2f·7472·3e3c··edium</td></tr><
0003b790:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003b790:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</
0003b7a0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-50003b7a0:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td
0003b7b0:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI0003b7b0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
0003b7c0:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(60003b7c0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
0003b7d0:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re0003b7d0:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t
0003b7e0:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D0003b7e0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
0003b7f0:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·0003b7f0:·636f·6465·3e2d·206e·616d·653a·2047·6174··code>-·name:·Gat
0003b800:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.0003b800:·6865·7220·7468·6520·7061·636b·6167·6520··her·the·package·
0003b810:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit0003b810:·6661·6374·730a·2020·7061·636b·6167·655f··facts.··package_
0003b820:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis0003b820:·6661·6374·733a·0a20·2020·206d·616e·6167··facts:.····manag
0003b830:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r0003b830:·6572·3a20·6175·746f·0a20·2074·6167·733a··er:·auto.··tags:
0003b840:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-0003b840:·0a20·202d·2043·4a49·532d·352e·3130·2e34··.··-·CJIS-5.10.4
0003b850:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate0003b850:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-
0003b860:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif0003b860:·3137·312d·332e·332e·380a·2020·2d20·4e49··171-3.3.8.··-·NI
0003b870:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name0003b870:·5354·2d38·3030·2d31·3731·2d33·2e34·2e31··ST-800-171-3.4.1
0003b880:·3a20·2753·6574·2066·6163·743a·2050·6163··:·'Set·fact:·Pac0003b880:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003b890:·6b61·6765·206d·616e·6167·6572·2072·6569··kage·manager·rei0003b890:·2d41·552d·3928·3329·0a20·202d·204e·4953··-AU-9(3).··-·NIS
0003b8a0:·6e73·7461·6c6c·2063·6f6d·6d61·6e64·2028··nstall·command·(0003b8a0:·542d·3830·302d·3533·2d43·4d2d·3628·6329··T-800-53-CM-6(c)
0003b8b0:·7a79·7070·6572·2927·0a20·2073·6574·5f66··zypper)'.··set_f0003b8b0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003b8c0:·6163·743a·0a20·2020·2070·6163·6b61·6765··act:.····package0003b8c0:·2d43·4d2d·3628·6429·0a20·202d·204e·4953··-CM-6(d).··-·NIS
0003b8d0:·5f6d·616e·6167·6572·5f72·6569·6e73·7461··_manager_reinsta0003b8d0:·542d·3830·302d·3533·2d53·492d·370a·2020··T-800-53-SI-7.··
0003b8e0:·6c6c·5f63·6d64·3a20·7a79·7070·6572·2069··ll_cmd:·zypper·i0003b8e0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI
0003b8f0:·6e20·2d66·202d·790a·2020·7768·656e·3a0a··n·-f·-y.··when:.0003b8f0:·2d37·2831·290a·2020·2d20·4e49·5354·2d38··-7(1).··-·NIST-8
0003b900:·2020·2d20·6e6f·7420·2820·226b·6572·6e65····-·not·(·"kerne0003b900:·3030·2d35·332d·5349·2d37·2836·290a·2020··00-53-SI-7(6).··
0003b910:·6c22·2069·6e20·616e·7369·626c·655f·6661··l"·in·ansible_fa0003b910:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-11
0003b920:·6374·732e·7061·636b·6167·6573·2061·6e64··cts.packages·and0003b920:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv4
0003b930:·2022·7270·6d2d·6f73·7472·6565·2220·696e···"rpm-ostree"·in0003b930:·2d31·312e·352e·320a·2020·2d20·6869·6768··-11.5.2.··-·high
0003b940:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003b940:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·
0003b950:·6163·6b61·6765·730a·2020·2020·616e·6420··ackages.····and·0003b950:·6869·6768·5f73·6576·6572·6974·790a·2020··high_severity.··
0003b960:·2262·6f6f·7463·2220·696e·2061·6e73·6962··"bootc"·in·ansib0003b960:·2d20·6d65·6469·756d·5f64·6973·7275·7074··-·medium_disrupt
0003b970:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003b970:·696f·6e0a·2020·2d20·6e6f·5f72·6562·6f6f··ion.··-·no_reboo
0003b980:·7320·616e·6420·6e6f·7420·226f·7065·6e73··s·and·not·"opens0003b980:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res
0003b990:·6869·6674·2d6b·7562·656c·6574·2220·696e··hift-kubelet"·in0003b990:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.·
0003b9a0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003b9a0:·202d·2072·706d·5f76·6572·6966·795f·6861···-·rpm_verify_ha
0003b9b0:·6163·6b61·6765·730a·2020·2020·290a·2020··ackages.····).··0003b9b0:·7368·6573·0a0a·2d20·6e61·6d65·3a20·2753··shes..-·name:·'S
0003b9c0:·2d20·616e·7369·626c·655f·6469·7374·7269··-·ansible_distri0003b9c0:·6574·2066·6163·743a·2050·6163·6b61·6765··et·fact:·Package
Max diff block lines reached; 6258043/6312995 bytes (99.13%) of diff not shown.
645 KB
html2text {}
    
Offset 101, 14 lines modifiedOffset 101, 33 lines modified
101 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6101 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
102 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4102 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
103 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)103 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
104 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1104 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
105 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5105 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
106 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227106 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
107 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2107 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 109 #·Remediation·is·applicable·only·in·certain·platforms
 110 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 111 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 112 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 113 if·[·-n·"$files_with_incorrect_hash"·];·then
 114 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 115 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 116 ····yum·reinstall·-y·$packages_to_reinstall
  
 117 fi
  
 118 else
 119 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 120 fi
108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8121 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high122 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium123 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false124 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict125 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
113 -·name:·Gather·the·package·facts126 -·name:·Gather·the·package·facts
114 ··package_facts:127 ··package_facts:
Offset 275, 33 lines modifiedOffset 294, 14 lines modified
275 ··-·PCI-DSSv4-11.5.2294 ··-·PCI-DSSv4-11.5.2
276 ··-·high_complexity295 ··-·high_complexity
277 ··-·high_severity296 ··-·high_severity
278 ··-·medium_disruption297 ··-·medium_disruption
279 ··-·no_reboot_needed298 ··-·no_reboot_needed
280 ··-·restrict_strategy299 ··-·restrict_strategy
281 ··-·rpm_verify_hashes300 ··-·rpm_verify_hashes
282 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
283 #·Remediation·is·applicable·only·in·certain·platforms 
284 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
285 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
286 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
287 if·[·-n·"$files_with_incorrect_hash"·];·then 
288 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
289 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
290 ····yum·reinstall·-y·$packages_to_reinstall 
  
291 fi 
  
292 else 
293 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
294 fi 
295 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*301 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
296 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:302 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
297 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'303 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
298 run·the·following·command·to·determine·which·package·owns·it:304 run·the·following·command·to·determine·which·package·owns·it:
299 $·rpm·-qf·FILENAME305 $·rpm·-qf·FILENAME
300 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:306 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
301 $·sudo·rpm·--restore·PACKAGENAME307 $·sudo·rpm·--restore·PACKAGENAME
Offset 320, 14 lines modifiedOffset 320, 46 lines modified
320 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5320 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
321 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2321 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
322 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)322 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
323 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1323 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
324 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5324 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
325 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108325 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
326 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2326 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 327 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 328 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 329 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 330 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 331 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 332 #·Remediation·is·applicable·only·in·certain·platforms
 333 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 334 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 335 declare·-A·SETPERMS_RPM_DICT
  
 336 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 337 #·is·expected·by·the·RPM·database
 338 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 339 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 340 do
 341 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 342 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 343 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 344 done
  
 345 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 346 #·correct·values
 347 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 348 do
 349 ········rpm·--restore·"${RPM_PACKAGE}"
 350 done
  
 351 else
 352 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 353 fi
327 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8354 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
328 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high355 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
329 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium356 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
330 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false357 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
331 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict358 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
332 -·name:·Gather·the·package·facts359 -·name:·Gather·the·package·facts
333 ··package_facts:360 ··package_facts:
Offset 435, 46 lines modifiedOffset 467, 14 lines modified
435 ··-·PCI-DSSv4-11.5.2467 ··-·PCI-DSSv4-11.5.2
436 ··-·high_complexity468 ··-·high_complexity
437 ··-·high_severity469 ··-·high_severity
438 ··-·medium_disruption470 ··-·medium_disruption
439 ··-·no_reboot_needed471 ··-·no_reboot_needed
440 ··-·restrict_strategy472 ··-·restrict_strategy
441 ··-·rpm_verify_ownership473 ··-·rpm_verify_ownership
442 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
443 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
444 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
445 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
446 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 653193/660904 bytes (98.83%) of diff not shown.
16.4 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-hipaa.html
    
Offset 15162, 408 lines modifiedOffset 15162, 408 lines modified
0003b390:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003b390:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b3a0:·3539·3434·2220·7461·6269·6e64·6578·3d22··5944"·tabindex="0003b3a0:·3539·3434·2220·7461·6269·6e64·6578·3d22··5944"·tabindex="
0003b3b0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003b3b0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b3c0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003b3c0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b3d0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003b3d0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b3e0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003b3e0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b3f0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003b3f0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003b400:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·0003b400:·6469·6174·696f·6e20·5368·656c·6c20·7363··diation·Shell·sc
0003b410:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003b410:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
0003b420:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003b420:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003b430:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003b430:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003b440:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm50003b440:·7073·6522·2069·643d·2269·646d·3539·3434··pse"·id="idm5944
0003b450:·3934·3422·3e3c·7461·626c·6520·636c·6173··944"><table·clas0003b450:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
0003b460:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s0003b460:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
0003b470:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor0003b470:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
0003b480:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond0003b480:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
0003b490:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C0003b490:·6d73·0a69·6620·2120·2820·7b20·7270·6d20··ms.if·!·(·{·rpm·
0003b4a0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><0003b4a0:·2d2d·7175·6965·7420·2d71·206b·6572·6e65··--quiet·-q·kerne
0003b4b0:·7464·3e68·6967·683c·2f74·643e·3c2f·7472··td>high</td></tr0003b4b0:·6c20·3b7d·2026·616d·703b·2661·6d70·3b20··l·;}·&amp;&amp;·
0003b4c0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt0003b4c0:·7b20·7270·6d20·2d2d·7175·6965·7420·2d71··{·rpm·--quiet·-q
0003b4d0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6d·6564··ion:</th><td>med0003b4d0:·2072·706d·2d6f·7374·7265·6520·3b7d·2026···rpm-ostree·;}·&
0003b4e0:·6975·6d3c·2f74·643e·3c2f·7472·3e3c·7472··ium</td></tr><tr0003b4e0:·616d·703b·2661·6d70·3b20·7b20·7270·6d20··amp;&amp;·{·rpm·
0003b4f0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th0003b4f0:·2d2d·7175·6965·7420·2d71·2062·6f6f·7463··--quiet·-q·bootc
0003b500:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><0003b500:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003b510:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra0003b510:·2021·2072·706d·202d·2d71·7569·6574·202d···!·rpm·--quiet·-
0003b520:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re0003b520:·7120·6f70·656e·7368·6966·742d·6b75·6265··q·openshift-kube
0003b530:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>0003b530:·6c65·7420·3b7d·2029·3b20·7468·656e·0a0a··let·;}·);·then..
0003b540:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co0003b540:·2320·4669·6e64·2077·6869·6368·2066·696c··#·Find·which·fil
0003b550:·6465·3e2d·206e·616d·653a·2047·6174·6865··de>-·name:·Gathe0003b550:·6573·2068·6176·6520·696e·636f·7272·6563··es·have·incorrec
0003b560:·7220·7468·6520·7061·636b·6167·6520·6661··r·the·package·fa0003b560:·7420·6861·7368·2028·6e6f·7420·696e·202f··t·hash·(not·in·/
0003b570:·6374·730a·2020·7061·636b·6167·655f·6661··cts.··package_fa0003b570:·6574·632c·2062·6563·6175·7365·206f·6620··etc,·because·of·
0003b580:·6374·733a·0a20·2020·206d·616e·6167·6572··cts:.····manager0003b580:·7468·6520·7379·7374·656d·2072·656c·6174··the·system·relat
0003b590:·3a20·6175·746f·0a20·2074·6167·733a·0a20··:·auto.··tags:.·0003b590:·6564·2063·6f6e·6669·6720·6669·6c65·7329··ed·config·files)
0003b5a0:·202d·2043·4a49·532d·352e·3130·2e34·2e31···-·CJIS-5.10.4.10003b5a0:·2061·6e64·2074·6865·6e20·6765·7420·6669···and·then·get·fi
0003b5b0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170003b5b0:·6c65·7320·6e61·6d65·730a·6669·6c65·735f··les·names.files_
0003b5c0:·312d·332e·332e·380a·2020·2d20·4e49·5354··1-3.3.8.··-·NIST0003b5c0:·7769·7468·5f69·6e63·6f72·7265·6374·5f68··with_incorrect_h
0003b5d0:·2d38·3030·2d31·3731·2d33·2e34·2e31·0a20··-800-171-3.4.1.·0003b5d0:·6173·683d·2224·2872·706d·202d·5661·202d··ash="$(rpm·-Va·-
0003b5e0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A0003b5e0:·2d6e·6f63·6f6e·6669·6720·7c20·6772·6570··-noconfig·|·grep
0003b5f0:·552d·3928·3329·0a20·202d·204e·4953·542d··U-9(3).··-·NIST-0003b5f0:·202d·4520·275e·2e2e·3527·207c·2061·776b···-E·'^..5'·|·awk
0003b600:·3830·302d·3533·2d43·4d2d·3628·6329·0a20··800-53-CM-6(c).·0003b600:·2027·7b70·7269·6e74·2024·4e46·7d27·2029···'{print·$NF}'·)
0003b610:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C0003b610:·220a·0a69·6620·5b20·2d6e·2022·2466·696c··"..if·[·-n·"$fil
0003b620:·4d2d·3628·6429·0a20·202d·204e·4953·542d··M-6(d).··-·NIST-0003b620:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003b630:·3830·302d·3533·2d53·492d·370a·2020·2d20··800-53-SI-7.··-·0003b630:·745f·6861·7368·2220·5d3b·2074·6865·6e0a··t_hash"·];·then.
0003b640:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003b640:·2020·2020·2320·4672·6f6d·2066·696c·6573······#·From·files
0003b650:·2831·290a·2020·2d20·4e49·5354·2d38·3030··(1).··-·NIST-8000003b650:·206e·616d·6573·2067·6574·2070·6163·6b61···names·get·packa
0003b660:·2d35·332d·5349·2d37·2836·290a·2020·2d20··-53-SI-7(6).··-·0003b660:·6765·206e·616d·6573·2061·6e64·2063·6861··ge·names·and·cha
0003b670:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.50003b670:·6e67·6520·6e65·776c·696e·6520·746f·2073··nge·newline·to·s
0003b680:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-10003b680:·7061·6365·2c20·6265·6361·7573·6520·7270··pace,·because·rp
0003b690:·312e·352e·320a·2020·2d20·6869·6768·5f63··1.5.2.··-·high_c0003b690:·6d20·7772·6974·6573·2065·6163·6820·7061··m·writes·each·pa
0003b6a0:·6f6d·706c·6578·6974·790a·2020·2d20·6869··omplexity.··-·hi0003b6a0:·636b·6167·6520·746f·206e·6577·206c·696e··ckage·to·new·lin
0003b6b0:·6768·5f73·6576·6572·6974·790a·2020·2d20··gh_severity.··-·0003b6b0:·650a·2020·2020·7061·636b·6167·6573·5f74··e.····packages_t
0003b6c0:·6d65·6469·756d·5f64·6973·7275·7074·696f··medium_disruptio0003b6c0:·6f5f·7265·696e·7374·616c·6c3d·2224·2872··o_reinstall="$(r
0003b6d0:·6e0a·2020·2d20·6e6f·5f72·6562·6f6f·745f··n.··-·no_reboot_0003b6d0:·706d·202d·7166·2024·6669·6c65·735f·7769··pm·-qf·$files_wi
0003b6e0:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr0003b6e0:·7468·5f69·6e63·6f72·7265·6374·5f68·6173··th_incorrect_has
0003b6f0:·6963·745f·7374·7261·7465·6779·0a20·202d··ict_strategy.··-0003b6f0:·6820·7c20·7472·2027·5c6e·2720·2720·2729··h·|·tr·'\n'·'·')
0003b700:·2072·706d·5f76·6572·6966·795f·6861·7368···rpm_verify_hash0003b700:·220a·0a20·2020·200a·2020·2020·7975·6d20··"..····.····yum·
0003b710:·6573·0a0a·2d20·6e61·6d65·3a20·2753·6574··es..-·name:·'Set0003b710:·7265·696e·7374·616c·6c20·2d79·2024·7061··reinstall·-y·$pa
0003b720:·2066·6163·743a·2050·6163·6b61·6765·206d···fact:·Package·m0003b720:·636b·6167·6573·5f74·6f5f·7265·696e·7374··ckages_to_reinst
0003b730:·616e·6167·6572·2072·6569·6e73·7461·6c6c··anager·reinstall0003b730:·616c·6c0a·2020·2020·0a66·690a·0a65·6c73··all.····.fi..els
0003b740:·2063·6f6d·6d61·6e64·270a·2020·7365·745f···command'.··set_0003b740:·650a·2020·2020·2667·743b·2661·6d70·3b32··e.····&gt;&amp;2
0003b750:·6661·6374·3a0a·2020·2020·7061·636b·6167··fact:.····packag0003b750:·2065·6368·6f20·2752·656d·6564·6961·7469···echo·'Remediati
0003b760:·655f·6d61·6e61·6765·725f·7265·696e·7374··e_manager_reinst0003b760:·6f6e·2069·7320·6e6f·7420·6170·706c·6963··on·is·not·applic
0003b770:·616c·6c5f·636d·643a·2079·756d·2072·6569··all_cmd:·yum·rei0003b770:·6162·6c65·2c20·6e6f·7468·696e·6720·7761··able,·nothing·wa
0003b780:·6e73·7461·6c6c·202d·790a·2020·7768·656e··nstall·-y.··when0003b780:·7320·646f·6e65·270a·6669·0a3c·2f63·6f64··s·done'.fi.</cod
0003b790:·3a0a·2020·2d20·6e6f·7420·2820·226b·6572··:.··-·not·(·"ker0003b790:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a
0003b7a0:·6e65·6c22·2069·6e20·616e·7369·626c·655f··nel"·in·ansible_0003b7a0:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-
0003b7b0:·6661·6374·732e·7061·636b·6167·6573·2061··facts.packages·a0003b7b0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to
0003b7c0:·6e64·2022·7270·6d2d·6f73·7472·6565·2220··nd·"rpm-ostree"·0003b7c0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·
0003b7d0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003b7d0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003b7e0:·2e70·6163·6b61·6765·730a·2020·2020·616e··.packages.····an0003b7e0:·6d35·3934·3522·2074·6162·696e·6465·783d··m5945"·tabindex=
0003b7f0:·6420·2262·6f6f·7463·2220·696e·2061·6e73··d·"bootc"·in·ans0003b7f0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003b800:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003b800:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003b810:·6765·7320·616e·6420·6e6f·7420·226f·7065··ges·and·not·"ope0003b810:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003b820:·6e73·6869·6674·2d6b·7562·656c·6574·2220··nshift-kubelet"·0003b820:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
0003b830:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003b830:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
0003b840:·2e70·6163·6b61·6765·730a·2020·2020·290a··.packages.····).0003b840:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible
0003b850:·2020·2d20·616e·7369·626c·655f·6469·7374····-·ansible_dist0003b850:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>
0003b860:·7269·6275·7469·6f6e·2069·6e20·5b20·2246··ribution·in·[·"F0003b860:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003b870:·6564·6f72·6122·2c20·2252·6564·4861·7422··edora",·"RedHat"0003b870:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003b880:·2c20·2243·656e·744f·5322·2c20·224f·7261··,·"CentOS",·"Ora0003b880:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003b890:·636c·654c·696e·7578·2220·5d0a·2020·7461··cleLinux"·].··ta0003b890:·3539·3435·223e·3c74·6162·6c65·2063·6c61··5945"><table·cla
0003b8a0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.10003b8a0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
0003b8b0:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-80003b8b0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
0003b8c0:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-0003b8c0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
0003b8d0:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003b8d0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
0003b8e0:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003b8e0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003b8f0:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·0003b8f0:·3c74·643e·6869·6768·3c2f·7464·3e3c·2f74··<td>high</td></t
0003b900:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003b900:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
0003b910:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-8000003b910:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6d65··tion:</th><td>me
0003b920:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·0003b920:·6469·756d·3c2f·7464·3e3c·2f74·723e·3c74··dium</td></tr><t
0003b930:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003b930:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
0003b940:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b940:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
0003b950:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS0003b950:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
0003b960:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)0003b960:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r
0003b970:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003b970:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr
0003b980:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS0003b980:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
0003b990:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h0003b990:·6f64·653e·2d20·6e61·6d65·3a20·4761·7468··ode>-·name:·Gath
0003b9a0:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·0003b9a0:·6572·2074·6865·2070·6163·6b61·6765·2066··er·the·package·f
0003b9b0:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity0003b9b0:·6163·7473·0a20·2070·6163·6b61·6765·5f66··acts.··package_f
0003b9c0:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003b9c0:·6163·7473·3a0a·2020·2020·6d61·6e61·6765··acts:.····manage
0003b9d0:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re0003b9d0:·723a·2061·7574·6f0a·2020·7461·6773·3a0a··r:·auto.··tags:.
0003b9e0:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003b9e0:·2020·2d20·434a·4953·2d35·2e31·302e·342e····-·CJIS-5.10.4.
0003b9f0:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0003b9f0:·310a·2020·2d20·4e49·5354·2d38·3030·2d31··1.··-·NIST-800-1
0003ba00:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify0003ba00:·3731·2d33·2e33·2e38·0a20·202d·204e·4953··71-3.3.8.··-·NIS
0003ba10:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:0003ba10:·542d·3830·302d·3137·312d·332e·342e·310a··T-800-171-3.4.1.
0003ba20:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack0003ba20:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003ba30:·6167·6520·6d61·6e61·6765·7220·7265·696e··age·manager·rein0003ba30:·4155·2d39·2833·290a·2020·2d20·4e49·5354··AU-9(3).··-·NIST
0003ba40:·7374·616c·6c20·636f·6d6d·616e·6420·287a··stall·command·(z0003ba40:·2d38·3030·2d35·332d·434d·2d36·2863·290a··-800-53-CM-6(c).
0003ba50:·7970·7065·7229·270a·2020·7365·745f·6661··ypper)'.··set_fa0003ba50:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003ba60:·6374·3a0a·2020·2020·7061·636b·6167·655f··ct:.····package_0003ba60:·434d·2d36·2864·290a·2020·2d20·4e49·5354··CM-6(d).··-·NIST
0003ba70:·6d61·6e61·6765·725f·7265·696e·7374·616c··manager_reinstal0003ba70:·2d38·3030·2d35·332d·5349·2d37·0a20·202d··-800-53-SI-7.··-
0003ba80:·6c5f·636d·643a·207a·7970·7065·7220·696e··l_cmd:·zypper·in0003ba80:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003ba90:·202d·6620·2d79·0a20·2077·6865·6e3a·0a20···-f·-y.··when:.·0003ba90:·3728·3129·0a20·202d·204e·4953·542d·3830··7(1).··-·NIST-80
0003baa0:·202d·206e·6f74·2028·2022·6b65·726e·656c···-·not·(·"kernel0003baa0:·302d·3533·2d53·492d·3728·3629·0a20·202d··0-53-SI-7(6).··-
0003bab0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003bab0:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.
0003bac0:·7473·2e70·6163·6b61·6765·7320·616e·6420··ts.packages·and·0003bac0:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-
0003bad0:·2272·706d·2d6f·7374·7265·6522·2069·6e20··"rpm-ostree"·in·0003bad0:·3131·2e35·2e32·0a20·202d·2068·6967·685f··11.5.2.··-·high_
0003bae0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003bae0:·636f·6d70·6c65·7869·7479·0a20·202d·2068··complexity.··-·h
0003baf0:·636b·6167·6573·0a20·2020·2061·6e64·2022··ckages.····and·"0003baf0:·6967·685f·7365·7665·7269·7479·0a20·202d··igh_severity.··-
0003bb00:·626f·6f74·6322·2069·6e20·616e·7369·626c··bootc"·in·ansibl0003bb00:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti
0003bb10:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003bb10:·6f6e·0a20·202d·206e·6f5f·7265·626f·6f74··on.··-·no_reboot
0003bb20:·2061·6e64·206e·6f74·2022·6f70·656e·7368···and·not·"opensh0003bb20:·5f6e·6565·6465·640a·2020·2d20·7265·7374··_needed.··-·rest
0003bb30:·6966·742d·6b75·6265·6c65·7422·2069·6e20··ift-kubelet"·in·0003bb30:·7269·6374·5f73·7472·6174·6567·790a·2020··rict_strategy.··
0003bb40:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003bb40:·2d20·7270·6d5f·7665·7269·6679·5f68·6173··-·rpm_verify_has
0003bb50:·636b·6167·6573·0a20·2020·2029·0a20·202d··ckages.····).··-0003bb50:·6865·730a·0a2d·206e·616d·653a·2027·5365··hes..-·name:·'Se
0003bb60:·2061·6e73·6962·6c65·5f64·6973·7472·6962···ansible_distrib0003bb60:·7420·6661·6374·3a20·5061·636b·6167·6520··t·fact:·Package·
Max diff block lines reached; 15869996/15924948 bytes (99.65%) of diff not shown.
1.18 MB
html2text {}
    
Offset 108, 14 lines modifiedOffset 108, 33 lines modified
108 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6108 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
109 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4109 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
110 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)110 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
111 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1111 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
112 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5112 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
113 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227113 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
114 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2114 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 115 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 116 #·Remediation·is·applicable·only·in·certain·platforms
 117 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 118 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 119 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 120 if·[·-n·"$files_with_incorrect_hash"·];·then
 121 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 122 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 123 ····yum·reinstall·-y·$packages_to_reinstall
  
 124 fi
  
 125 else
 126 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 127 fi
115 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8128 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
116 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high129 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
117 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium130 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
118 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false131 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
119 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict132 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
120 -·name:·Gather·the·package·facts133 -·name:·Gather·the·package·facts
121 ··package_facts:134 ··package_facts:
Offset 282, 33 lines modifiedOffset 301, 14 lines modified
282 ··-·PCI-DSSv4-11.5.2301 ··-·PCI-DSSv4-11.5.2
283 ··-·high_complexity302 ··-·high_complexity
284 ··-·high_severity303 ··-·high_severity
285 ··-·medium_disruption304 ··-·medium_disruption
286 ··-·no_reboot_needed305 ··-·no_reboot_needed
287 ··-·restrict_strategy306 ··-·restrict_strategy
288 ··-·rpm_verify_hashes307 ··-·rpm_verify_hashes
289 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
290 #·Remediation·is·applicable·only·in·certain·platforms 
291 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
292 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
293 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
294 if·[·-n·"$files_with_incorrect_hash"·];·then 
295 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
296 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
297 ····yum·reinstall·-y·$packages_to_reinstall 
  
298 fi 
  
299 else 
300 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
301 fi 
302 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*308 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
303 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:309 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
304 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'310 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
305 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:311 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
306 $·rpm·-qf·FILENAME312 $·rpm·-qf·FILENAME
  
307 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:313 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 329, 14 lines modifiedOffset 329, 50 lines modified
329 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5329 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
330 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2330 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
331 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)331 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
332 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1332 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
333 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5333 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
334 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108334 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
335 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2335 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 336 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 337 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 338 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 339 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 340 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 341 #·Remediation·is·applicable·only·in·certain·platforms
 342 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 343 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 344 declare·-A·SETPERMS_RPM_DICT
  
 345 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 346 #·is·expected·by·the·RPM·database
 347 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 348 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 349 do
 350 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 351 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 352 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 353 ········do
 354 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 355 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 356 ········done
 357 done
  
 358 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 359 #·correct·values
 360 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 361 do
 362 »       rpm·--restore·"${RPM_PACKAGE}"
 363 done
  
 364 else
 365 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 366 fi
336 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8367 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
337 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high368 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
338 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium369 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
339 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false370 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
340 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict371 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
341 -·name:·Gather·the·package·facts372 -·name:·Gather·the·package·facts
342 ··package_facts:373 ··package_facts:
Offset 448, 50 lines modifiedOffset 484, 14 lines modified
448 ··-·PCI-DSSv4-11.5.2484 ··-·PCI-DSSv4-11.5.2
449 ··-·high_complexity485 ··-·high_complexity
450 ··-·high_severity486 ··-·high_severity
451 ··-·medium_disruption487 ··-·medium_disruption
452 ··-·no_reboot_needed488 ··-·no_reboot_needed
453 ··-·restrict_strategy489 ··-·restrict_strategy
454 ··-·rpm_verify_permissions490 ··-·rpm_verify_permissions
455 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 1223998/1232082 bytes (99.34%) of diff not shown.
11.7 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-ism_o.html
    
Offset 15173, 408 lines modifiedOffset 15173, 408 lines modified
0003b440:·7461·2d74·6172·6765·743d·2223·6964·6d35··ta-target="#idm50003b440:·7461·2d74·6172·6765·743d·2223·6964·6d35··ta-target="#idm5
0003b450:·3934·3422·2074·6162·696e·6465·783d·2230··944"·tabindex="00003b450:·3934·3422·2074·6162·696e·6465·783d·2230··944"·tabindex="0
0003b460:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·0003b460:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003b470:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f0003b470:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003b480:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act0003b480:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003b490:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"0003b490:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b4a0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed0003b4a0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
0003b4b0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s0003b4b0:·6961·7469·6f6e·2053·6865·6c6c·2073·6372··iation·Shell·scr
0003b4c0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b0003b4c0:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br><
0003b4d0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa0003b4d0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003b4e0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col0003b4e0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003b4f0:·6c61·7073·6522·2069·643d·2269·646d·3539··lapse"·id="idm590003b4f0:·7365·2220·6964·3d22·6964·6d35·3934·3422··se"·id="idm5944"
0003b500:·3434·223e·3c74·6162·6c65·2063·6c61·7373··44"><table·class0003b500:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
0003b510:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st0003b510:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
0003b520:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord0003b520:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
0003b530:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde0003b530:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
0003b540:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co0003b540:·730a·6966·2021·2028·207b·2072·706d·202d··s.if·!·(·{·rpm·-
0003b550:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t0003b550:·2d71·7569·6574·202d·7120·6b65·726e·656c··-quiet·-q·kernel
0003b560:·643e·6869·6768·3c2f·7464·3e3c·2f74·723e··d>high</td></tr>0003b560:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003b570:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti0003b570:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b580:·6f6e·3a3c·2f74·683e·3c74·643e·6d65·6469··on:</th><td>medi0003b580:·7270·6d2d·6f73·7472·6565·203b·7d20·2661··rpm-ostree·;}·&a
0003b590:·756d·3c2f·7464·3e3c·2f74·723e·3c74·723e··um</td></tr><tr>0003b590:·6d70·3b26·616d·703b·207b·2072·706d·202d··mp;&amp;·{·rpm·-
0003b5a0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>0003b5a0:·2d71·7569·6574·202d·7120·626f·6f74·6320··-quiet·-q·bootc·
0003b5b0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></0003b5b0:·3b7d·2026·616d·703b·2661·6d70·3b20·7b20··;}·&amp;&amp;·{·
0003b5c0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat0003b5c0:·2120·7270·6d20·2d2d·7175·6965·7420·2d71··!·rpm·--quiet·-q
0003b5d0:·6567·793a·3c2f·7468·3e3c·7464·3e72·6573··egy:</th><td>res0003b5d0:·206f·7065·6e73·6869·6674·2d6b·7562·656c···openshift-kubel
0003b5e0:·7472·6963·743c·2f74·643e·3c2f·7472·3e3c··trict</td></tr><0003b5e0:·6574·203b·7d20·293b·2074·6865·6e0a·0a23··et·;}·);·then..#
0003b5f0:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod0003b5f0:·2046·696e·6420·7768·6963·6820·6669·6c65···Find·which·file
0003b600:·653e·2d20·6e61·6d65·3a20·4761·7468·6572··e>-·name:·Gather0003b600:·7320·6861·7665·2069·6e63·6f72·7265·6374··s·have·incorrect
0003b610:·2074·6865·2070·6163·6b61·6765·2066·6163···the·package·fac0003b610:·2068·6173·6820·286e·6f74·2069·6e20·2f65···hash·(not·in·/e
0003b620:·7473·0a20·2070·6163·6b61·6765·5f66·6163··ts.··package_fac0003b620:·7463·2c20·6265·6361·7573·6520·6f66·2074··tc,·because·of·t
0003b630:·7473·3a0a·2020·2020·6d61·6e61·6765·723a··ts:.····manager:0003b630:·6865·2073·7973·7465·6d20·7265·6c61·7465··he·system·relate
0003b640:·2061·7574·6f0a·2020·7461·6773·3a0a·2020···auto.··tags:.··0003b640:·6420·636f·6e66·6967·2066·696c·6573·2920··d·config·files)·
0003b650:·2d20·434a·4953·2d35·2e31·302e·342e·310a··-·CJIS-5.10.4.1.0003b650:·616e·6420·7468·656e·2067·6574·2066·696c··and·then·get·fil
0003b660:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003b660:·6573·206e·616d·6573·0a66·696c·6573·5f77··es·names.files_w
0003b670:·2d33·2e33·2e38·0a20·202d·204e·4953·542d··-3.3.8.··-·NIST-0003b670:·6974·685f·696e·636f·7272·6563·745f·6861··ith_incorrect_ha
0003b680:·3830·302d·3137·312d·332e·342e·310a·2020··800-171-3.4.1.··0003b680:·7368·3d22·2428·7270·6d20·2d56·6120·2d2d··sh="$(rpm·-Va·--
0003b690:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU0003b690:·6e6f·636f·6e66·6967·207c·2067·7265·7020··noconfig·|·grep·
0003b6a0:·2d39·2833·290a·2020·2d20·4e49·5354·2d38··-9(3).··-·NIST-80003b6a0:·2d45·2027·5e2e·2e35·2720·7c20·6177·6b20··-E·'^..5'·|·awk·
0003b6b0:·3030·2d35·332d·434d·2d36·2863·290a·2020··00-53-CM-6(c).··0003b6b0:·277b·7072·696e·7420·244e·467d·2720·2922··'{print·$NF}'·)"
0003b6c0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003b6c0:·0a0a·6966·205b·202d·6e20·2224·6669·6c65··..if·[·-n·"$file
0003b6d0:·2d36·2864·290a·2020·2d20·4e49·5354·2d38··-6(d).··-·NIST-80003b6d0:·735f·7769·7468·5f69·6e63·6f72·7265·6374··s_with_incorrect
0003b6e0:·3030·2d35·332d·5349·2d37·0a20·202d·204e··00-53-SI-7.··-·N0003b6e0:·5f68·6173·6822·205d·3b20·7468·656e·0a20··_hash"·];·then.·
0003b6f0:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003b6f0:·2020·2023·2046·726f·6d20·6669·6c65·7320·····#·From·files·
0003b700:·3129·0a20·202d·204e·4953·542d·3830·302d··1).··-·NIST-800-0003b700:·6e61·6d65·7320·6765·7420·7061·636b·6167··names·get·packag
0003b710:·3533·2d53·492d·3728·3629·0a20·202d·2050··53-SI-7(6).··-·P0003b710:·6520·6e61·6d65·7320·616e·6420·6368·616e··e·names·and·chan
0003b720:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.0003b720:·6765·206e·6577·6c69·6e65·2074·6f20·7370··ge·newline·to·sp
0003b730:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-110003b730:·6163·652c·2062·6563·6175·7365·2072·706d··ace,·because·rpm
0003b740:·2e35·2e32·0a20·202d·2068·6967·685f·636f··.5.2.··-·high_co0003b740:·2077·7269·7465·7320·6561·6368·2070·6163···writes·each·pac
0003b750:·6d70·6c65·7869·7479·0a20·202d·2068·6967··mplexity.··-·hig0003b750:·6b61·6765·2074·6f20·6e65·7720·6c69·6e65··kage·to·new·line
0003b760:·685f·7365·7665·7269·7479·0a20·202d·206d··h_severity.··-·m0003b760:·0a20·2020·2070·6163·6b61·6765·735f·746f··.····packages_to
0003b770:·6564·6975·6d5f·6469·7372·7570·7469·6f6e··edium_disruption0003b770:·5f72·6569·6e73·7461·6c6c·3d22·2428·7270··_reinstall="$(rp
0003b780:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n0003b780:·6d20·2d71·6620·2466·696c·6573·5f77·6974··m·-qf·$files_wit
0003b790:·6565·6465·640a·2020·2d20·7265·7374·7269··eeded.··-·restri0003b790:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003b7a0:·6374·5f73·7472·6174·6567·790a·2020·2d20··ct_strategy.··-·0003b7a0:·207c·2074·7220·275c·6e27·2027·2027·2922···|·tr·'\n'·'·')"
0003b7b0:·7270·6d5f·7665·7269·6679·5f68·6173·6865··rpm_verify_hashe0003b7b0:·0a0a·2020·2020·0a20·2020·2079·756d·2072··..····.····yum·r
0003b7c0:·730a·0a2d·206e·616d·653a·2027·5365·7420··s..-·name:·'Set·0003b7c0:·6569·6e73·7461·6c6c·202d·7920·2470·6163··einstall·-y·$pac
0003b7d0:·6661·6374·3a20·5061·636b·6167·6520·6d61··fact:·Package·ma0003b7d0:·6b61·6765·735f·746f·5f72·6569·6e73·7461··kages_to_reinsta
0003b7e0:·6e61·6765·7220·7265·696e·7374·616c·6c20··nager·reinstall·0003b7e0:·6c6c·0a20·2020·200a·6669·0a0a·656c·7365··ll.····.fi..else
0003b7f0:·636f·6d6d·616e·6427·0a20·2073·6574·5f66··command'.··set_f0003b7f0:·0a20·2020·2026·6774·3b26·616d·703b·3220··.····&gt;&amp;2·
0003b800:·6163·743a·0a20·2020·2070·6163·6b61·6765··act:.····package0003b800:·6563·686f·2027·5265·6d65·6469·6174·696f··echo·'Remediatio
0003b810:·5f6d·616e·6167·6572·5f72·6569·6e73·7461··_manager_reinsta0003b810:·6e20·6973·206e·6f74·2061·7070·6c69·6361··n·is·not·applica
0003b820:·6c6c·5f63·6d64·3a20·7975·6d20·7265·696e··ll_cmd:·yum·rein0003b820:·626c·652c·206e·6f74·6869·6e67·2077·6173··ble,·nothing·was
0003b830:·7374·616c·6c20·2d79·0a20·2077·6865·6e3a··stall·-y.··when:0003b830:·2064·6f6e·6527·0a66·690a·3c2f·636f·6465···done'.fi.</code
0003b840:·0a20·202d·206e·6f74·2028·2022·6b65·726e··.··-·not·(·"kern0003b840:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
0003b850:·656c·2220·696e·2061·6e73·6962·6c65·5f66··el"·in·ansible_f0003b850:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
0003b860:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003b860:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
0003b870:·6420·2272·706d·2d6f·7374·7265·6522·2069··d·"rpm-ostree"·i0003b870:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
0003b880:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b880:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b890:·7061·636b·6167·6573·0a20·2020·2061·6e64··packages.····and0003b890:·3539·3435·2220·7461·6269·6e64·6578·3d22··5945"·tabindex="
0003b8a0:·2022·626f·6f74·6322·2069·6e20·616e·7369···"bootc"·in·ansi0003b8a0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b8b0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003b8b0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b8c0:·6573·2061·6e64·206e·6f74·2022·6f70·656e··es·and·not·"open0003b8c0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b8d0:·7368·6966·742d·6b75·6265·6c65·7422·2069··shift-kubelet"·i0003b8d0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003b8e0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b8e0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003b8f0:·7061·636b·6167·6573·0a20·2020·2029·0a20··packages.····).·0003b8f0:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·
0003b900:·202d·2061·6e73·6962·6c65·5f64·6973·7472···-·ansible_distr0003b900:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
0003b910:·6962·7574·696f·6e20·696e·205b·2022·4665··ibution·in·[·"Fe0003b910:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003b920:·646f·7261·222c·2022·5265·6448·6174·222c··dora",·"RedHat",0003b920:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003b930:·2022·4365·6e74·4f53·222c·2022·4f72·6163···"CentOS",·"Orac0003b930:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5
0003b940:·6c65·4c69·6e75·7822·205d·0a20·2074·6167··leLinux"·].··tag0003b940:·3934·3522·3e3c·7461·626c·6520·636c·6173··945"><table·clas
0003b950:·733a·0a20·202d·2043·4a49·532d·352e·3130··s:.··-·CJIS-5.100003b950:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003b960:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-800003b960:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003b970:·302d·3137·312d·332e·332e·380a·2020·2d20··0-171-3.3.8.··-·0003b970:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003b980:·4e49·5354·2d38·3030·2d31·3731·2d33·2e34··NIST-800-171-3.40003b980:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003b990:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-0003b990:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003b9a0:·3533·2d41·552d·3928·3329·0a20·202d·204e··53-AU-9(3).··-·N0003b9a0:·7464·3e68·6967·683c·2f74·643e·3c2f·7472··td>high</td></tr
0003b9b0:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003b9b0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
0003b9c0:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-0003b9c0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6d·6564··ion:</th><td>med
0003b9d0:·3533·2d43·4d2d·3628·6429·0a20·202d·204e··53-CM-6(d).··-·N0003b9d0:·6975·6d3c·2f74·643e·3c2f·7472·3e3c·7472··ium</td></tr><tr
0003b9e0:·4953·542d·3830·302d·3533·2d53·492d·370a··IST-800-53-SI-7.0003b9e0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
0003b9f0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b9f0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
0003ba00:·5349·2d37·2831·290a·2020·2d20·4e49·5354··SI-7(1).··-·NIST0003ba00:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
0003ba10:·2d38·3030·2d35·332d·5349·2d37·2836·290a··-800-53-SI-7(6).0003ba10:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re
0003ba20:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-0003ba20:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>
0003ba30:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS0003ba30:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
0003ba40:·7634·2d31·312e·352e·320a·2020·2d20·6869··v4-11.5.2.··-·hi0003ba40:·6465·3e2d·206e·616d·653a·2047·6174·6865··de>-·name:·Gathe
0003ba50:·6768·5f63·6f6d·706c·6578·6974·790a·2020··gh_complexity.··0003ba50:·7220·7468·6520·7061·636b·6167·6520·6661··r·the·package·fa
0003ba60:·2d20·6869·6768·5f73·6576·6572·6974·790a··-·high_severity.0003ba60:·6374·730a·2020·7061·636b·6167·655f·6661··cts.··package_fa
0003ba70:·2020·2d20·6d65·6469·756d·5f64·6973·7275····-·medium_disru0003ba70:·6374·733a·0a20·2020·206d·616e·6167·6572··cts:.····manager
0003ba80:·7074·696f·6e0a·2020·2d20·6e6f·5f72·6562··ption.··-·no_reb0003ba80:·3a20·6175·746f·0a20·2074·6167·733a·0a20··:·auto.··tags:.·
0003ba90:·6f6f·745f·6e65·6564·6564·0a20·202d·2072··oot_needed.··-·r0003ba90:·202d·2043·4a49·532d·352e·3130·2e34·2e31···-·CJIS-5.10.4.1
0003baa0:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy0003baa0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0003bab0:·0a20·202d·2072·706d·5f76·6572·6966·795f··.··-·rpm_verify_0003bab0:·312d·332e·332e·380a·2020·2d20·4e49·5354··1-3.3.8.··-·NIST
0003bac0:·6861·7368·6573·0a0a·2d20·6e61·6d65·3a20··hashes..-·name:·0003bac0:·2d38·3030·2d31·3731·2d33·2e34·2e31·0a20··-800-171-3.4.1.·
0003bad0:·2753·6574·2066·6163·743a·2050·6163·6b61··'Set·fact:·Packa0003bad0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
0003bae0:·6765·206d·616e·6167·6572·2072·6569·6e73··ge·manager·reins0003bae0:·552d·3928·3329·0a20·202d·204e·4953·542d··U-9(3).··-·NIST-
0003baf0:·7461·6c6c·2063·6f6d·6d61·6e64·2028·7a79··tall·command·(zy0003baf0:·3830·302d·3533·2d43·4d2d·3628·6329·0a20··800-53-CM-6(c).·
0003bb00:·7070·6572·2927·0a20·2073·6574·5f66·6163··pper)'.··set_fac0003bb00:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C
0003bb10:·743a·0a20·2020·2070·6163·6b61·6765·5f6d··t:.····package_m0003bb10:·4d2d·3628·6429·0a20·202d·204e·4953·542d··M-6(d).··-·NIST-
0003bb20:·616e·6167·6572·5f72·6569·6e73·7461·6c6c··anager_reinstall0003bb20:·3830·302d·3533·2d53·492d·370a·2020·2d20··800-53-SI-7.··-·
0003bb30:·5f63·6d64·3a20·7a79·7070·6572·2069·6e20··_cmd:·zypper·in·0003bb30:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-7
0003bb40:·2d66·202d·790a·2020·7768·656e·3a0a·2020··-f·-y.··when:.··0003bb40:·2831·290a·2020·2d20·4e49·5354·2d38·3030··(1).··-·NIST-800
0003bb50:·2d20·6e6f·7420·2820·226b·6572·6e65·6c22··-·not·(·"kernel"0003bb50:·2d35·332d·5349·2d37·2836·290a·2020·2d20··-53-SI-7(6).··-·
0003bb60:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003bb60:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.5
0003bb70:·732e·7061·636b·6167·6573·2061·6e64·2022··s.packages·and·"0003bb70:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1
0003bb80:·7270·6d2d·6f73·7472·6565·2220·696e·2061··rpm-ostree"·in·a0003bb80:·312e·352e·320a·2020·2d20·6869·6768·5f63··1.5.2.··-·high_c
0003bb90:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003bb90:·6f6d·706c·6578·6974·790a·2020·2d20·6869··omplexity.··-·hi
0003bba0:·6b61·6765·730a·2020·2020·616e·6420·2262··kages.····and·"b0003bba0:·6768·5f73·6576·6572·6974·790a·2020·2d20··gh_severity.··-·
0003bbb0:·6f6f·7463·2220·696e·2061·6e73·6962·6c65··ootc"·in·ansible0003bbb0:·6d65·6469·756d·5f64·6973·7275·7074·696f··medium_disruptio
0003bbc0:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003bbc0:·6e0a·2020·2d20·6e6f·5f72·6562·6f6f·745f··n.··-·no_reboot_
0003bbd0:·616e·6420·6e6f·7420·226f·7065·6e73·6869··and·not·"openshi0003bbd0:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr
0003bbe0:·6674·2d6b·7562·656c·6574·2220·696e·2061··ft-kubelet"·in·a0003bbe0:·6963·745f·7374·7261·7465·6779·0a20·202d··ict_strategy.··-
0003bbf0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003bbf0:·2072·706d·5f76·6572·6966·795f·6861·7368···rpm_verify_hash
0003bc00:·6b61·6765·730a·2020·2020·290a·2020·2d20··kages.····).··-·0003bc00:·6573·0a0a·2d20·6e61·6d65·3a20·2753·6574··es..-·name:·'Set
0003bc10:·616e·7369·626c·655f·6469·7374·7269·6275··ansible_distribu0003bc10:·2066·6163·743a·2050·6163·6b61·6765·206d···fact:·Package·m
Max diff block lines reached; 11187302/11242254 bytes (99.51%) of diff not shown.
1.02 MB
html2text {}
    
Offset 109, 14 lines modifiedOffset 109, 33 lines modified
109 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6109 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
110 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4110 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
111 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)111 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
112 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1112 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
113 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5113 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
114 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227114 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2115 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 116 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 117 #·Remediation·is·applicable·only·in·certain·platforms
 118 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 119 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 120 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 121 if·[·-n·"$files_with_incorrect_hash"·];·then
 122 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 123 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 124 ····yum·reinstall·-y·$packages_to_reinstall
  
 125 fi
  
 126 else
 127 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 128 fi
116 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
117 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
118 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
119 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
120 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
121 -·name:·Gather·the·package·facts134 -·name:·Gather·the·package·facts
122 ··package_facts:135 ··package_facts:
Offset 283, 33 lines modifiedOffset 302, 14 lines modified
283 ··-·PCI-DSSv4-11.5.2302 ··-·PCI-DSSv4-11.5.2
284 ··-·high_complexity303 ··-·high_complexity
285 ··-·high_severity304 ··-·high_severity
286 ··-·medium_disruption305 ··-·medium_disruption
287 ··-·no_reboot_needed306 ··-·no_reboot_needed
288 ··-·restrict_strategy307 ··-·restrict_strategy
289 ··-·rpm_verify_hashes308 ··-·rpm_verify_hashes
290 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
291 #·Remediation·is·applicable·only·in·certain·platforms 
292 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
293 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
294 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
295 if·[·-n·"$files_with_incorrect_hash"·];·then 
296 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
297 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
298 ····yum·reinstall·-y·$packages_to_reinstall 
  
299 fi 
  
300 else 
301 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
302 fi 
303 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*309 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
304 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:310 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
305 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'311 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
306 run·the·following·command·to·determine·which·package·owns·it:312 run·the·following·command·to·determine·which·package·owns·it:
307 $·rpm·-qf·FILENAME313 $·rpm·-qf·FILENAME
308 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:314 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
309 $·sudo·rpm·--restore·PACKAGENAME315 $·sudo·rpm·--restore·PACKAGENAME
Offset 328, 14 lines modifiedOffset 328, 46 lines modified
328 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5328 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
329 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2329 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
330 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)330 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
331 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1331 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
332 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5332 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
333 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108333 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
334 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2334 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 335 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 336 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 337 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 338 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 339 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 340 #·Remediation·is·applicable·only·in·certain·platforms
 341 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 342 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 343 declare·-A·SETPERMS_RPM_DICT
  
 344 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 345 #·is·expected·by·the·RPM·database
 346 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 347 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 348 do
 349 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 350 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 351 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 352 done
  
 353 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 354 #·correct·values
 355 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 356 do
 357 ········rpm·--restore·"${RPM_PACKAGE}"
 358 done
  
 359 else
 360 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 361 fi
335 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8362 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
336 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high363 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
337 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium364 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
338 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false365 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
339 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict366 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
340 -·name:·Gather·the·package·facts367 -·name:·Gather·the·package·facts
341 ··package_facts:368 ··package_facts:
Offset 443, 46 lines modifiedOffset 475, 14 lines modified
443 ··-·PCI-DSSv4-11.5.2475 ··-·PCI-DSSv4-11.5.2
444 ··-·high_complexity476 ··-·high_complexity
445 ··-·high_severity477 ··-·high_severity
446 ··-·medium_disruption478 ··-·medium_disruption
447 ··-·no_reboot_needed479 ··-·no_reboot_needed
448 ··-·restrict_strategy480 ··-·restrict_strategy
449 ··-·rpm_verify_ownership481 ··-·rpm_verify_ownership
450 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
451 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
452 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
453 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
454 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 1065996/1073707 bytes (99.28%) of diff not shown.
5.34 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-ospp.html
    
Offset 15009, 258 lines modifiedOffset 15009, 258 lines modified
0003aa00:·6765·743d·2223·6964·6d36·3737·3122·2074··get="#idm6771"·t0003aa00:·6765·743d·2223·6964·6d36·3737·3122·2074··get="#idm6771"·t
0003aa10:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003aa10:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003aa20:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003aa20:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003aa30:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003aa30:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003aa40:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003aa40:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003aa50:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003aa50:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003aa60:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003aa60:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003aa70:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet 
0003aa80:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003aa90:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003aaa0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003aab0:·2069·643d·2269·646d·3637·3731·223e·3c74···id="idm6771"><t 
0003aac0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003aad0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003aae0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003aaf0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003ab00:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi0003aa70:·2053·6865·6c6c·2073·6372·6970·7420·e287···Shell·script·..
 0003aa80:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
 0003aa90:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
 0003aaa0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
 0003aab0:·3d22·6964·6d36·3737·3122·3e3c·7072·653e··="idm6771"><pre>
 0003aac0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
 0003aad0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
 0003aae0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
 0003aaf0:·6e20·706c·6174·666f·726d·730a·6966·2028··n·platforms.if·(
 0003ab00:·2021·2028·205b·2022·247b·636f·6e74·6169···!·(·[·"${contai
 0003ab10:·6e65·723a·2d7d·2220·3d3d·2022·6277·7261··ner:-}"·==·"bwra
 0003ab20:·702d·6f73·6275·696c·6422·205d·2029·2026··p-osbuild"·]·)·&
 0003ab30:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·--
 0003ab40:·7175·6965·7420·2d71·206b·6572·6e65·6c20··quiet·-q·kernel·
 0003ab50:·7c7c·2072·706d·202d·2d71·7569·6574·202d··||·rpm·--quiet·-
 0003ab60:·7120·6b65·726e·656c·2d75·656b·2029·2026··q·kernel-uek·)·&
 0003ab70:·616d·703b·2661·6d70·3b20·7b20·2120·2820··amp;&amp;·{·!·(·
 0003ab80:·7b20·7270·6d20·2d2d·7175·6965·7420·2d71··{·rpm·--quiet·-q
 0003ab90:·206b·6572·6e65·6c20·3b7d·2026·616d·703b···kernel·;}·&amp;
 0003aba0:·2661·6d70·3b20·7b20·7270·6d20·2d2d·7175··&amp;·{·rpm·--qu
 0003abb0:·6965·7420·2d71·2072·706d·2d6f·7374·7265··iet·-q·rpm-ostre
 0003abc0:·6520·3b7d·2026·616d·703b·2661·6d70·3b20··e·;}·&amp;&amp;·
 0003abd0:·7b20·7270·6d20·2d2d·7175·6965·7420·2d71··{·rpm·--quiet·-q
 0003abe0:·2062·6f6f·7463·203b·7d20·2661·6d70·3b26···bootc·;}·&amp;&
 0003abf0:·616d·703b·207b·2021·2072·706d·202d·2d71··amp;·{·!·rpm·--q
 0003ac00:·7569·6574·202d·7120·6f70·656e·7368·6966··uiet·-q·openshif
 0003ac10:·742d·6b75·6265·6c65·7420·3b7d·2029·3b20··t-kubelet·;}·);·
 0003ac20:·7d3b·2074·6865·6e0a·0a66·6970·732d·6d6f··};·then..fips-mo
 0003ac30:·6465·2d73·6574·7570·202d·2d65·6e61·626c··de-setup·--enabl
 0003ac40:·650a·4649·5053·5f43·4f4e·463d·222f·6574··e.FIPS_CONF="/et
 0003ac50:·632f·6472·6163·7574·2e63·6f6e·662e·642f··c/dracut.conf.d/
 0003ac60:·3430·2d66·6970·732e·636f·6e66·220a·6966··40-fips.conf".if
 0003ac70:·2021·2067·7265·7020·225e·6164·645f·6472···!·grep·"^add_dr
 0003ac80:·6163·7574·6d6f·6475·6c65·732b·3d5c·2220··acutmodules+=\"·
 0003ac90:·6669·7073·205c·2222·2024·4649·5053·5f43··fips·\""·$FIPS_C
 0003aca0:·4f4e·463b·2074·6865·6e0a·2020·2020·6563··ONF;·then.····ec
 0003acb0:·686f·2022·6164·645f·6472·6163·7574·6d6f··ho·"add_dracutmo
 0003acc0:·6475·6c65·732b·3d5c·2220·6669·7073·205c··dules+=\"·fips·\
 0003acd0:·2222·2026·6774·3b26·6774·3b20·2446·4950··""·&gt;&gt;·$FIP
 0003ace0:·535f·434f·4e46·0a66·690a·0a65·6c73·650a··S_CONF.fi..else.
 0003acf0:·2020·2020·2667·743b·2661·6d70·3b32·2065······&gt;&amp;2·e
 0003ad00:·6368·6f20·2752·656d·6564·6961·7469·6f6e··cho·'Remediation
 0003ad10:·2069·7320·6e6f·7420·6170·706c·6963·6162···is·not·applicab
 0003ad20:·6c65·2c20·6e6f·7468·696e·6720·7761·7320··le,·nothing·was·
 0003ad30:·646f·6e65·270a·6669·0a3c·2f63·6f64·653e··done'.fi.</code>
 0003ad40:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
 0003ad50:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
 0003ad60:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
 0003ad70:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
 0003ad80:·7461·2d74·6172·6765·743d·2223·6964·6d36··ta-target="#idm6
 0003ad90:·3737·3222·2074·6162·696e·6465·783d·2230··772"·tabindex="0
 0003ada0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
 0003adb0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
 0003adc0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
 0003add0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
 0003ade0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003adf0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s
 0003ae00:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b
 0003ae10:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
 0003ae20:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
 0003ae30:·6c61·7073·6522·2069·643d·2269·646d·3637··lapse"·id="idm67
 0003ae40:·3732·223e·3c74·6162·6c65·2063·6c61·7373··72"><table·class
 0003ae50:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
 0003ae60:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
 0003ae70:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
 0003ae80:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
 0003ae90:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
 0003aea0:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t
 0003aeb0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
0003ab10:·7479·3a3c·2f74·683e·3c74·643e·6d65·6469··ty:</th><td>medi0003aec0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6d65··tion:</th><td>me
0003ab20:·756d·3c2f·7464·3e3c·2f74·723e·3c74·723e··um</td></tr><tr>0003aed0:·6469·756d·3c2f·7464·3e3c·2f74·723e·3c74··dium</td></tr><t
0003ab30:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:< 
0003ab40:·2f74·683e·3c74·643e·6d65·6469·756d·3c2f··/th><td>medium</0003aee0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
 0003aef0:·683e·3c74·643e·7472·7565·3c2f·7464·3e3c··h><td>true</td><
0003ab50:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>0003af00:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
0003ab60:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>0003af10:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re
0003ab70:·7472·7565·3c2f·7464·3e3c·2f74·723e·3c74··true</td></tr><t0003af20:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>
 0003af30:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
 0003af40:·6465·3e2d·206e·616d·653a·2047·6174·6865··de>-·name:·Gathe
 0003af50:·7220·7468·6520·7061·636b·6167·6520·6661··r·the·package·fa
 0003af60:·6374·730a·2020·7061·636b·6167·655f·6661··cts.··package_fa
 0003af70:·6374·733a·0a20·2020·206d·616e·6167·6572··cts:.····manager
 0003af80:·3a20·6175·746f·0a20·2074·6167·733a·0a20··:·auto.··tags:.·
0003ab80:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:< 
0003ab90:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict 
0003aba0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003abb0:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n 
0003abc0:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the· 
0003abd0:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.·· 
0003abe0:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.· 
0003abf0:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto 
0003ac00:·0a20·2074·6167·733a·0a20·202d·204e·4953··.··tags:.··-·NIS 
0003ac10:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a) 
0003ac20:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003af90:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C
0003ac30:·2d49·412d·370a·2020·2d20·4e49·5354·2d38··-IA-7.··-·NIST-80003afa0:·4d2d·3628·6129·0a20·202d·204e·4953·542d··M-6(a).··-·NIST-
0003ac40:·3030·2d35·332d·5343·2d31·320a·2020·2d20··00-53-SC-12.··-·0003afb0:·3830·302d·3533·2d49·412d·370a·2020·2d20··800-53-IA-7.··-·
0003ac50:·4e49·5354·2d38·3030·2d35·332d·5343·2d31··NIST-800-53-SC-10003afc0:·4e49·5354·2d38·3030·2d35·332d·5343·2d31··NIST-800-53-SC-1
0003ac60:·3228·3229·0a20·202d·204e·4953·542d·3830··2(2).··-·NIST-80 
0003ac70:·302d·3533·2d53·432d·3132·2833·290a·2020··0-53-SC-12(3).·· 
0003ac80:·2d20·4e49·5354·2d38·3030·2d35·332d·5343··-·NIST-800-53-SC 
0003ac90:·2d31·330a·2020·2d20·656e·6162·6c65·5f64··-13.··-·enable_d 
0003aca0:·7261·6375·745f·6669·7073·5f6d·6f64·756c··racut_fips_modul 
0003acb0:·650a·2020·2d20·6869·6768·5f73·6576·6572··e.··-·high_sever 
0003acc0:·6974·790a·2020·2d20·6d65·6469·756d·5f63··ity.··-·medium_c 
0003acd0:·6f6d·706c·6578·6974·790a·2020·2d20·6d65··omplexity.··-·me 
0003ace0:·6469·756d·5f64·6973·7275·7074·696f·6e0a··dium_disruption. 
0003acf0:·2020·2d20·7265·626f·6f74·5f72·6571·7569····-·reboot_requi 
0003ad00:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict 
0003ad10:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam 
0003ad20:·653a·2043·6865·636b·2074·6f20·7365·6520··e:·Check·to·see· 
0003ad30:·7468·6520·6375·7272·656e·7420·7374·6174··the·current·stat 
Max diff block lines reached; 4978713/5012965 bytes (99.32%) of diff not shown.
573 KB
html2text {}
    
Offset 89, 14 lines modifiedOffset 89, 27 lines modified
89 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_dracut_fips_module89 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_dracut_fips_module
90 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-00087790 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
91 ············_\x8i_\x8s_\x8m······144691 ············_\x8i_\x8s_\x8m······1446
92 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.192 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
93 ············_\x8n_\x8i_\x8s_\x8t·····SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-1293 ············_\x8n_\x8i_\x8s_\x8t·····SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
94 ············_\x8o_\x8s_\x8p_\x8p·····FCS_RBG_EXT.194 ············_\x8o_\x8s_\x8p_\x8p·····FCS_RBG_EXT.1
95 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-0022395 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223
 96 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 97 #·Remediation·is·applicable·only·in·certain·platforms
 98 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·)·&&·{·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·};·then
  
 99 fips-mode-setup·--enable
 100 FIPS_CONF="/etc/dracut.conf.d/40-fips.conf"
 101 if·!·grep·"^add_dracutmodules+=\"·fips·\""·$FIPS_CONF;·then
 102 ····echo·"add_dracutmodules+=\"·fips·\""·>>·$FIPS_CONF
 103 fi
  
 104 else
 105 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 106 fi
96 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8107 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
97 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·medium108 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·medium
98 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium109 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
99 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true110 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
100 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict111 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
101 -·name:·Gather·the·package·facts112 -·name:·Gather·the·package·facts
102 ··package_facts:113 ··package_facts:
Offset 182, 27 lines modifiedOffset 195, 14 lines modified
182 ··-·NIST-800-53-SC-13195 ··-·NIST-800-53-SC-13
183 ··-·enable_dracut_fips_module196 ··-·enable_dracut_fips_module
184 ··-·high_severity197 ··-·high_severity
185 ··-·medium_complexity198 ··-·medium_complexity
186 ··-·medium_disruption199 ··-·medium_disruption
187 ··-·reboot_required200 ··-·reboot_required
188 ··-·restrict_strategy201 ··-·restrict_strategy
189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
190 #·Remediation·is·applicable·only·in·certain·platforms 
191 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·)·&&·{·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·};·then 
  
192 fips-mode-setup·--enable 
193 FIPS_CONF="/etc/dracut.conf.d/40-fips.conf" 
194 if·!·grep·"^add_dracutmodules+=\"·fips·\""·$FIPS_CONF;·then 
195 ····echo·"add_dracutmodules+=\"·fips·\""·>>·$FIPS_CONF 
196 fi 
  
197 else 
198 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
199 fi 
200 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*202 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
201 To·enable·FIPS·mode,·run·the·following·command:203 To·enable·FIPS·mode,·run·the·following·command:
202 fips-mode-setup·--enable204 fips-mode-setup·--enable
  
203 The·fips-mode-setup·command·will·configure·the·system·in·FIPS·mode·by·automatically·configuring·the·following:205 The·fips-mode-setup·command·will·configure·the·system·in·FIPS·mode·by·automatically·configuring·the·following:
204 ····*·Setting·the·kernel·FIPS·mode·flag·(/proc/sys/crypto/fips_enabled)·to·1206 ····*·Setting·the·kernel·FIPS·mode·flag·(/proc/sys/crypto/fips_enabled)·to·1
205 ····*·Creating·/etc/system-fips207 ····*·Creating·/etc/system-fips
Offset 215, 31 lines modifiedOffset 215, 31 lines modified
215 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_fips_mode215 Rule·ID:····xccdf_org.ssgproject.content_rule_enable_fips_mode
216 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877216 ············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
217 ············_\x8i_\x8s_\x8m······1446217 ············_\x8i_\x8s_\x8m······1446
218 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1218 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
219 ············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12219 ············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
220 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1220 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
221 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176221 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
222 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
223 [customizations] 
224 fips·=·true 
225 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8222 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
226 #·Remediation·is·applicable·only·in·certain·platforms223 #·Remediation·is·applicable·only·in·certain·platforms
227 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·);·then224 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·||·rpm·--quiet·-q·kernel-uek·);·then
  
228 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then225 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
229 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF226 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
230 kargs·=·["fips=1"]227 kargs·=·["fips=1"]
231 EOF228 EOF
232 fi229 fi
  
233 else230 else
234 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'231 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
235 fi232 fi
 233 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 234 [customizations]
 235 fips·=·true
236 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules236 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules
237 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:237 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:
238 ····*·GnuTLS·library238 ····*·GnuTLS·library
239 ····*·OpenSSL·library239 ····*·OpenSSL·library
240 ····*·NSS·library240 ····*·NSS·library
241 ····*·OpenJDK241 ····*·OpenJDK
242 ····*·Libkrb5242 ····*·Libkrb5
Offset 251, 38 lines modifiedOffset 251, 35 lines modified
251 $·sudo·yum·install·crypto-policies251 $·sudo·yum·install·crypto-policies
252 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.252 Rationale:··Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.
253 Severity: ··medium253 Severity: ··medium
254 Rule·ID:····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed254 Rule·ID:····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed
255 ············_\x8d_\x8i_\x8s_\x8a···CCI-002890,·CCI-002450,·CCI-003123255 ············_\x8d_\x8i_\x8s_\x8a···CCI-002890,·CCI-002450,·CCI-003123
256 References:·_\x8o_\x8s_\x8p_\x8p···FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1256 References:·_\x8o_\x8s_\x8p_\x8p···FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
257 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174257 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
258 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
259 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
260 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
261 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
262 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
263 package·--add=crypto-policies 
264 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8258 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
265 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low259 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
266 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low260 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
267 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false261 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
268 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable262 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
269 include·install_crypto-policies263 include·install_crypto-policies
  
270 class·install_crypto-policies·{264 class·install_crypto-policies·{
271 ··package·{·'crypto-policies':265 ··package·{·'crypto-policies':
272 ····ensure·=>·'installed',266 ····ensure·=>·'installed',
273 ··}267 ··}
274 }268 }
275 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8269 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 270 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 271 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 272 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 273 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
276 [[packages]] 
277 name·=·"crypto-policies" 
278 version·=·"*"274 if·!·rpm·-q·--quiet·"crypto-policies"·;·then
Max diff block lines reached; 580145/586915 bytes (98.85%) of diff not shown.
17.0 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-pci-dss.html
    
Offset 15161, 408 lines modifiedOffset 15161, 408 lines modified
0003b380:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003b380:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003b390:·646d·3539·3434·2220·7461·6269·6e64·6578··dm5944"·tabindex0003b390:·646d·3539·3434·2220·7461·6269·6e64·6578··dm5944"·tabindex
0003b3a0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003b3a0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003b3b0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003b3b0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003b3c0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003b3c0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003b3d0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003b3d0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b3e0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003b3e0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003b3f0:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl0003b3f0:·6d65·6469·6174·696f·6e20·5368·656c·6c20··mediation·Shell·
0003b400:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a0003b400:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b
0003b410:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=0003b410:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
0003b420:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·0003b420:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
0003b430:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id0003b430:·6c61·7073·6522·2069·643d·2269·646d·3539··lapse"·id="idm59
0003b440:·6d35·3934·3422·3e3c·7461·626c·6520·636c··m5944"><table·cl0003b440:·3434·223e·3c70·7265·3e3c·636f·6465·3e23··44"><pre><code>#
0003b450:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table0003b450:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
0003b460:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b0003b460:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
0003b470:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co0003b470:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
0003b480:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th0003b480:·6f72·6d73·0a69·6620·2120·2820·7b20·7270··orms.if·!·(·{·rp
0003b490:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th0003b490:·6d20·2d2d·7175·6965·7420·2d71·206b·6572··m·--quiet·-q·ker
0003b4a0:·3e3c·7464·3e68·6967·683c·2f74·643e·3c2f··><td>high</td></0003b4a0:·6e65·6c20·3b7d·2026·616d·703b·2661·6d70··nel·;}·&amp;&amp
0003b4b0:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru0003b4b0:·3b20·7b20·7270·6d20·2d2d·7175·6965·7420··;·{·rpm·--quiet·
0003b4c0:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6d··ption:</th><td>m0003b4c0:·2d71·2072·706d·2d6f·7374·7265·6520·3b7d··-q·rpm-ostree·;}
0003b4d0:·6564·6975·6d3c·2f74·643e·3c2f·7472·3e3c··edium</td></tr><0003b4d0:·2026·616d·703b·2661·6d70·3b20·7b20·7270···&amp;&amp;·{·rp
0003b4e0:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</0003b4e0:·6d20·2d2d·7175·6965·7420·2d71·2062·6f6f··m·--quiet·-q·boo
0003b4f0:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td0003b4f0:·7463·203b·7d20·2661·6d70·3b26·616d·703b··tc·;}·&amp;&amp;
0003b500:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St0003b500:·207b·2021·2072·706d·202d·2d71·7569·6574···{·!·rpm·--quiet
0003b510:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>0003b510:·202d·7120·6f70·656e·7368·6966·742d·6b75···-q·openshift-ku
0003b520:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t0003b520:·6265·6c65·7420·3b7d·2029·3b20·7468·656e··belet·;}·);·then
0003b530:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><0003b530:·0a0a·2320·4669·6e64·2077·6869·6368·2066··..#·Find·which·f
0003b540:·636f·6465·3e2d·206e·616d·653a·2047·6174··code>-·name:·Gat0003b540:·696c·6573·2068·6176·6520·696e·636f·7272··iles·have·incorr
0003b550:·6865·7220·7468·6520·7061·636b·6167·6520··her·the·package·0003b550:·6563·7420·6861·7368·2028·6e6f·7420·696e··ect·hash·(not·in
0003b560:·6661·6374·730a·2020·7061·636b·6167·655f··facts.··package_0003b560:·202f·6574·632c·2062·6563·6175·7365·206f···/etc,·because·o
0003b570:·6661·6374·733a·0a20·2020·206d·616e·6167··facts:.····manag0003b570:·6620·7468·6520·7379·7374·656d·2072·656c··f·the·system·rel
0003b580:·6572·3a20·6175·746f·0a20·2074·6167·733a··er:·auto.··tags:0003b580:·6174·6564·2063·6f6e·6669·6720·6669·6c65··ated·config·file
0003b590:·0a20·202d·2043·4a49·532d·352e·3130·2e34··.··-·CJIS-5.10.40003b590:·7329·2061·6e64·2074·6865·6e20·6765·7420··s)·and·then·get·
0003b5a0:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-0003b5a0:·6669·6c65·7320·6e61·6d65·730a·6669·6c65··files·names.file
0003b5b0:·3137·312d·332e·332e·380a·2020·2d20·4e49··171-3.3.8.··-·NI0003b5b0:·735f·7769·7468·5f69·6e63·6f72·7265·6374··s_with_incorrect
0003b5c0:·5354·2d38·3030·2d31·3731·2d33·2e34·2e31··ST-800-171-3.4.10003b5c0:·5f68·6173·683d·2224·2872·706d·202d·5661··_hash="$(rpm·-Va
0003b5d0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b5d0:·202d·2d6e·6f63·6f6e·6669·6720·7c20·6772···--noconfig·|·gr
0003b5e0:·2d41·552d·3928·3329·0a20·202d·204e·4953··-AU-9(3).··-·NIS0003b5e0:·6570·202d·4520·275e·2e2e·3527·207c·2061··ep·-E·'^..5'·|·a
0003b5f0:·542d·3830·302d·3533·2d43·4d2d·3628·6329··T-800-53-CM-6(c)0003b5f0:·776b·2027·7b70·7269·6e74·2024·4e46·7d27··wk·'{print·$NF}'
0003b600:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b600:·2029·220a·0a69·6620·5b20·2d6e·2022·2466···)"..if·[·-n·"$f
0003b610:·2d43·4d2d·3628·6429·0a20·202d·204e·4953··-CM-6(d).··-·NIS0003b610:·696c·6573·5f77·6974·685f·696e·636f·7272··iles_with_incorr
0003b620:·542d·3830·302d·3533·2d53·492d·370a·2020··T-800-53-SI-7.··0003b620:·6563·745f·6861·7368·2220·5d3b·2074·6865··ect_hash"·];·the
0003b630:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003b630:·6e0a·2020·2020·2320·4672·6f6d·2066·696c··n.····#·From·fil
0003b640:·2d37·2831·290a·2020·2d20·4e49·5354·2d38··-7(1).··-·NIST-80003b640:·6573·206e·616d·6573·2067·6574·2070·6163··es·names·get·pac
0003b650:·3030·2d35·332d·5349·2d37·2836·290a·2020··00-53-SI-7(6).··0003b650:·6b61·6765·206e·616d·6573·2061·6e64·2063··kage·names·and·c
0003b660:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-110003b660:·6861·6e67·6520·6e65·776c·696e·6520·746f··hange·newline·to
0003b670:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv40003b670:·2073·7061·6365·2c20·6265·6361·7573·6520···space,·because·
0003b680:·2d31·312e·352e·320a·2020·2d20·6869·6768··-11.5.2.··-·high0003b680:·7270·6d20·7772·6974·6573·2065·6163·6820··rpm·writes·each·
0003b690:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·0003b690:·7061·636b·6167·6520·746f·206e·6577·206c··package·to·new·l
0003b6a0:·6869·6768·5f73·6576·6572·6974·790a·2020··high_severity.··0003b6a0:·696e·650a·2020·2020·7061·636b·6167·6573··ine.····packages
0003b6b0:·2d20·6d65·6469·756d·5f64·6973·7275·7074··-·medium_disrupt0003b6b0:·5f74·6f5f·7265·696e·7374·616c·6c3d·2224··_to_reinstall="$
0003b6c0:·696f·6e0a·2020·2d20·6e6f·5f72·6562·6f6f··ion.··-·no_reboo0003b6c0:·2872·706d·202d·7166·2024·6669·6c65·735f··(rpm·-qf·$files_
0003b6d0:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res0003b6d0:·7769·7468·5f69·6e63·6f72·7265·6374·5f68··with_incorrect_h
0003b6e0:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.·0003b6e0:·6173·6820·7c20·7472·2027·5c6e·2720·2720··ash·|·tr·'\n'·'·
0003b6f0:·202d·2072·706d·5f76·6572·6966·795f·6861···-·rpm_verify_ha0003b6f0:·2729·220a·0a20·2020·200a·2020·2020·7975··')"..····.····yu
0003b700:·7368·6573·0a0a·2d20·6e61·6d65·3a20·2753··shes..-·name:·'S0003b700:·6d20·7265·696e·7374·616c·6c20·2d79·2024··m·reinstall·-y·$
0003b710:·6574·2066·6163·743a·2050·6163·6b61·6765··et·fact:·Package0003b710:·7061·636b·6167·6573·5f74·6f5f·7265·696e··packages_to_rein
0003b720:·206d·616e·6167·6572·2072·6569·6e73·7461···manager·reinsta0003b720:·7374·616c·6c0a·2020·2020·0a66·690a·0a65··stall.····.fi..e
0003b730:·6c6c·2063·6f6d·6d61·6e64·270a·2020·7365··ll·command'.··se0003b730:·6c73·650a·2020·2020·2667·743b·2661·6d70··lse.····&gt;&amp
0003b740:·745f·6661·6374·3a0a·2020·2020·7061·636b··t_fact:.····pack0003b740:·3b32·2065·6368·6f20·2752·656d·6564·6961··;2·echo·'Remedia
0003b750:·6167·655f·6d61·6e61·6765·725f·7265·696e··age_manager_rein0003b750:·7469·6f6e·2069·7320·6e6f·7420·6170·706c··tion·is·not·appl
0003b760:·7374·616c·6c5f·636d·643a·2079·756d·2072··stall_cmd:·yum·r0003b760:·6963·6162·6c65·2c20·6e6f·7468·696e·6720··icable,·nothing·
0003b770:·6569·6e73·7461·6c6c·202d·790a·2020·7768··einstall·-y.··wh0003b770:·7761·7320·646f·6e65·270a·6669·0a3c·2f63··was·done'.fi.</c
0003b780:·656e·3a0a·2020·2d20·6e6f·7420·2820·226b··en:.··-·not·(·"k0003b780:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div>
0003b790:·6572·6e65·6c22·2069·6e20·616e·7369·626c··ernel"·in·ansibl0003b790:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt
0003b7a0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003b7a0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data-
0003b7b0:·2061·6e64·2022·7270·6d2d·6f73·7472·6565···and·"rpm-ostree0003b7b0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse
0003b7c0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b7c0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003b7d0:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003b7d0:·6964·6d35·3934·3522·2074·6162·696e·6465··idm5945"·tabinde
0003b7e0:·616e·6420·2262·6f6f·7463·2220·696e·2061··and·"bootc"·in·a0003b7e0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003b7f0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003b7f0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003b800:·6b61·6765·7320·616e·6420·6e6f·7420·226f··kages·and·not·"o0003b800:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003b810:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet0003b810:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003b820:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b820:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003b830:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003b830:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib
0003b840:·290a·2020·2d20·616e·7369·626c·655f·6469··).··-·ansible_di0003b840:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</
0003b850:·7374·7269·6275·7469·6f6e·2069·6e20·5b20··stribution·in·[·0003b850:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0003b860:·2246·6564·6f72·6122·2c20·2252·6564·4861··"Fedora",·"RedHa0003b860:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0003b870:·7422·2c20·2243·656e·744f·5322·2c20·224f··t",·"CentOS",·"O0003b870:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0003b880:·7261·636c·654c·696e·7578·2220·5d0a·2020··racleLinux"·].··0003b880:·646d·3539·3435·223e·3c74·6162·6c65·2063··dm5945"><table·c
0003b890:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-50003b890:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
0003b8a0:·2e31·302e·342e·310a·2020·2d20·4e49·5354··.10.4.1.··-·NIST0003b8a0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
0003b8b0:·2d38·3030·2d31·3731·2d33·2e33·2e38·0a20··-800-171-3.3.8.·0003b8b0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
0003b8c0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-0003b8c0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
0003b8d0:·332e·342e·310a·2020·2d20·4e49·5354·2d38··3.4.1.··-·NIST-80003b8d0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
0003b8e0:·3030·2d35·332d·4155·2d39·2833·290a·2020··00-53-AU-9(3).··0003b8e0:·683e·3c74·643e·6869·6768·3c2f·7464·3e3c··h><td>high</td><
0003b8f0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003b8f0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
0003b900:·2d36·2863·290a·2020·2d20·4e49·5354·2d38··-6(c).··-·NIST-80003b900:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
0003b910:·3030·2d35·332d·434d·2d36·2864·290a·2020··00-53-CM-6(d).··0003b910:·6d65·6469·756d·3c2f·7464·3e3c·2f74·723e··medium</td></tr>
0003b920:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003b920:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
0003b930:·2d37·0a20·202d·204e·4953·542d·3830·302d··-7.··-·NIST-800-0003b930:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
0003b940:·3533·2d53·492d·3728·3129·0a20·202d·204e··53-SI-7(1).··-·N0003b940:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
0003b950:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003b950:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
0003b960:·3629·0a20·202d·2050·4349·2d44·5353·2d52··6).··-·PCI-DSS-R0003b960:·3e72·6573·7472·6963·743c·2f74·643e·3c2f··>restrict</td></
0003b970:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI-0003b970:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
0003b980:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··-0003b980:·3c63·6f64·653e·2d20·6e61·6d65·3a20·4761··<code>-·name:·Ga
0003b990:·2068·6967·685f·636f·6d70·6c65·7869·7479···high_complexity0003b990:·7468·6572·2074·6865·2070·6163·6b61·6765··ther·the·package
0003b9a0:·0a20·202d·2068·6967·685f·7365·7665·7269··.··-·high_severi0003b9a0:·2066·6163·7473·0a20·2070·6163·6b61·6765···facts.··package
0003b9b0:·7479·0a20·202d·206d·6564·6975·6d5f·6469··ty.··-·medium_di0003b9b0:·5f66·6163·7473·3a0a·2020·2020·6d61·6e61··_facts:.····mana
0003b9c0:·7372·7570·7469·6f6e·0a20·202d·206e·6f5f··sruption.··-·no_0003b9c0:·6765·723a·2061·7574·6f0a·2020·7461·6773··ger:·auto.··tags
0003b9d0:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.··0003b9d0:·3a0a·2020·2d20·434a·4953·2d35·2e31·302e··:.··-·CJIS-5.10.
0003b9e0:·2d20·7265·7374·7269·6374·5f73·7472·6174··-·restrict_strat0003b9e0:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-800
0003b9f0:·6567·790a·2020·2d20·7270·6d5f·7665·7269··egy.··-·rpm_veri0003b9f0:·2d31·3731·2d33·2e33·2e38·0a20·202d·204e··-171-3.3.8.··-·N
0003ba00:·6679·5f68·6173·6865·730a·0a2d·206e·616d··fy_hashes..-·nam0003ba00:·4953·542d·3830·302d·3137·312d·332e·342e··IST-800-171-3.4.
0003ba10:·653a·2027·5365·7420·6661·6374·3a20·5061··e:·'Set·fact:·Pa0003ba10:·310a·2020·2d20·4e49·5354·2d38·3030·2d35··1.··-·NIST-800-5
0003ba20:·636b·6167·6520·6d61·6e61·6765·7220·7265··ckage·manager·re0003ba20:·332d·4155·2d39·2833·290a·2020·2d20·4e49··3-AU-9(3).··-·NI
0003ba30:·696e·7374·616c·6c20·636f·6d6d·616e·6420··install·command·0003ba30:·5354·2d38·3030·2d35·332d·434d·2d36·2863··ST-800-53-CM-6(c
0003ba40:·287a·7970·7065·7229·270a·2020·7365·745f··(zypper)'.··set_0003ba40:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003ba50:·6661·6374·3a0a·2020·2020·7061·636b·6167··fact:.····packag0003ba50:·332d·434d·2d36·2864·290a·2020·2d20·4e49··3-CM-6(d).··-·NI
0003ba60:·655f·6d61·6e61·6765·725f·7265·696e·7374··e_manager_reinst0003ba60:·5354·2d38·3030·2d35·332d·5349·2d37·0a20··ST-800-53-SI-7.·
0003ba70:·616c·6c5f·636d·643a·207a·7970·7065·7220··all_cmd:·zypper·0003ba70:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S
0003ba80:·696e·202d·6620·2d79·0a20·2077·6865·6e3a··in·-f·-y.··when:0003ba80:·492d·3728·3129·0a20·202d·204e·4953·542d··I-7(1).··-·NIST-
0003ba90:·0a20·202d·206e·6f74·2028·2022·6b65·726e··.··-·not·(·"kern0003ba90:·3830·302d·3533·2d53·492d·3728·3629·0a20··800-53-SI-7(6).·
0003baa0:·656c·2220·696e·2061·6e73·6962·6c65·5f66··el"·in·ansible_f0003baa0:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1
0003bab0:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003bab0:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv
0003bac0:·6420·2272·706d·2d6f·7374·7265·6522·2069··d·"rpm-ostree"·i0003bac0:·342d·3131·2e35·2e32·0a20·202d·2068·6967··4-11.5.2.··-·hig
0003bad0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003bad0:·685f·636f·6d70·6c65·7869·7479·0a20·202d··h_complexity.··-
0003bae0:·7061·636b·6167·6573·0a20·2020·2061·6e64··packages.····and0003bae0:·2068·6967·685f·7365·7665·7269·7479·0a20···high_severity.·
0003baf0:·2022·626f·6f74·6322·2069·6e20·616e·7369···"bootc"·in·ansi0003baf0:·202d·206d·6564·6975·6d5f·6469·7372·7570···-·medium_disrup
0003bb00:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003bb00:·7469·6f6e·0a20·202d·206e·6f5f·7265·626f··tion.··-·no_rebo
0003bb10:·6573·2061·6e64·206e·6f74·2022·6f70·656e··es·and·not·"open0003bb10:·6f74·5f6e·6565·6465·640a·2020·2d20·7265··ot_needed.··-·re
0003bb20:·7368·6966·742d·6b75·6265·6c65·7422·2069··shift-kubelet"·i0003bb20:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.
0003bb30:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003bb30:·2020·2d20·7270·6d5f·7665·7269·6679·5f68····-·rpm_verify_h
0003bb40:·7061·636b·6167·6573·0a20·2020·2029·0a20··packages.····).·0003bb40:·6173·6865·730a·0a2d·206e·616d·653a·2027··ashes..-·name:·'
0003bb50:·202d·2061·6e73·6962·6c65·5f64·6973·7472···-·ansible_distr0003bb50:·5365·7420·6661·6374·3a20·5061·636b·6167··Set·fact:·Packag
Max diff block lines reached; 16221582/16276534 bytes (99.66%) of diff not shown.
1.49 MB
html2text {}
    
Offset 106, 14 lines modifiedOffset 106, 33 lines modified
106 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6106 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
107 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4107 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
108 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)108 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
109 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1109 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
110 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5110 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
111 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227111 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
112 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2112 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 113 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 114 #·Remediation·is·applicable·only·in·certain·platforms
 115 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 116 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 117 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 118 if·[·-n·"$files_with_incorrect_hash"·];·then
 119 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 120 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 121 ····yum·reinstall·-y·$packages_to_reinstall
  
 122 fi
  
 123 else
 124 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 125 fi
113 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8126 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
114 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high127 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
115 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium128 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
116 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false129 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
117 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict130 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
118 -·name:·Gather·the·package·facts131 -·name:·Gather·the·package·facts
119 ··package_facts:132 ··package_facts:
Offset 280, 33 lines modifiedOffset 299, 14 lines modified
280 ··-·PCI-DSSv4-11.5.2299 ··-·PCI-DSSv4-11.5.2
281 ··-·high_complexity300 ··-·high_complexity
282 ··-·high_severity301 ··-·high_severity
283 ··-·medium_disruption302 ··-·medium_disruption
284 ··-·no_reboot_needed303 ··-·no_reboot_needed
285 ··-·restrict_strategy304 ··-·restrict_strategy
286 ··-·rpm_verify_hashes305 ··-·rpm_verify_hashes
287 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
288 #·Remediation·is·applicable·only·in·certain·platforms 
289 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
290 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
291 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
292 if·[·-n·"$files_with_incorrect_hash"·];·then 
293 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
294 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
295 ····yum·reinstall·-y·$packages_to_reinstall 
  
296 fi 
  
297 else 
298 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
299 fi 
300 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*306 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
301 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:307 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
302 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'308 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
303 run·the·following·command·to·determine·which·package·owns·it:309 run·the·following·command·to·determine·which·package·owns·it:
304 $·rpm·-qf·FILENAME310 $·rpm·-qf·FILENAME
305 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:311 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
306 $·sudo·rpm·--restore·PACKAGENAME312 $·sudo·rpm·--restore·PACKAGENAME
Offset 325, 14 lines modifiedOffset 325, 46 lines modified
325 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5325 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
326 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2326 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
327 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)327 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
328 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1328 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
329 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5329 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
330 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108330 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
331 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2331 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 332 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 333 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 334 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 335 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 336 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 337 #·Remediation·is·applicable·only·in·certain·platforms
 338 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 339 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 340 declare·-A·SETPERMS_RPM_DICT
  
 341 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 342 #·is·expected·by·the·RPM·database
 343 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 344 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 345 do
 346 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 347 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 348 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 349 done
  
 350 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 351 #·correct·values
 352 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 353 do
 354 ········rpm·--restore·"${RPM_PACKAGE}"
 355 done
  
 356 else
 357 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 358 fi
332 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8359 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
333 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high360 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
334 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium361 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
335 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false362 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
336 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict363 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
337 -·name:·Gather·the·package·facts364 -·name:·Gather·the·package·facts
338 ··package_facts:365 ··package_facts:
Offset 440, 46 lines modifiedOffset 472, 14 lines modified
440 ··-·PCI-DSSv4-11.5.2472 ··-·PCI-DSSv4-11.5.2
441 ··-·high_complexity473 ··-·high_complexity
442 ··-·high_severity474 ··-·high_severity
443 ··-·medium_disruption475 ··-·medium_disruption
444 ··-·no_reboot_needed476 ··-·no_reboot_needed
445 ··-·restrict_strategy477 ··-·restrict_strategy
446 ··-·rpm_verify_ownership478 ··-·rpm_verify_ownership
447 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
448 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
449 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
450 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
451 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 1556550/1564129 bytes (99.52%) of diff not shown.
9.77 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-standard.html
    
Offset 15091, 408 lines modifiedOffset 15091, 408 lines modified
0003af20:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003af20:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003af30:·2223·6964·6d35·3934·3422·2074·6162·696e··"#idm5944"·tabin0003af30:·2223·6964·6d35·3934·3422·2074·6162·696e··"#idm5944"·tabin
0003af40:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003af40:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003af50:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003af50:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003af60:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003af60:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003af70:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003af70:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003af80:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003af80:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003af90:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003af90:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
0003afa0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...0003afa0:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
0003afb0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003afb0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003afc0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003afc0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003afd0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003afd0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003afe0:·2269·646d·3539·3434·223e·3c74·6162·6c65··"idm5944"><table0003afe0:·6d35·3934·3422·3e3c·7072·653e·3c63·6f64··m5944"><pre><cod
0003aff0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003aff0:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
0003b000:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003b000:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
0003b010:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003b010:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
0003b020:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003b020:·6174·666f·726d·730a·6966·2021·2028·207b··atforms.if·!·(·{
0003b030:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003b030:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b040:·2f74·683e·3c74·643e·6869·6768·3c2f·7464··/th><td>high</td0003b040:·6b65·726e·656c·203b·7d20·2661·6d70·3b26··kernel·;}·&amp;&
0003b050:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di0003b050:·616d·703b·207b·2072·706d·202d·2d71·7569··amp;·{·rpm·--qui
0003b060:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003b060:·6574·202d·7120·7270·6d2d·6f73·7472·6565··et·-q·rpm-ostree
0003b070:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t0003b070:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003b080:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot0003b080:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b090:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<0003b090:·626f·6f74·6320·3b7d·2026·616d·703b·2661··bootc·;}·&amp;&a
0003b0a0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b0a0:·6d70·3b20·7b20·2120·7270·6d20·2d2d·7175··mp;·{·!·rpm·--qu
0003b0b0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><0003b0b0:·6965·7420·2d71·206f·7065·6e73·6869·6674··iet·-q·openshift
0003b0c0:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>0003b0c0:·2d6b·7562·656c·6574·203b·7d20·293b·2074··-kubelet·;}·);·t
0003b0d0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr0003b0d0:·6865·6e0a·0a23·2046·696e·6420·7768·6963··hen..#·Find·whic
0003b0e0:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·0003b0e0:·6820·6669·6c65·7320·6861·7665·2069·6e63··h·files·have·inc
0003b0f0:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa0003b0f0:·6f72·7265·6374·2068·6173·6820·286e·6f74··orrect·hash·(not
0003b100:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa0003b100:·2069·6e20·2f65·7463·2c20·6265·6361·7573···in·/etc,·becaus
0003b110:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma0003b110:·6520·6f66·2074·6865·2073·7973·7465·6d20··e·of·the·system·
0003b120:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta0003b120:·7265·6c61·7465·6420·636f·6e66·6967·2066··related·config·f
0003b130:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.10003b130:·696c·6573·2920·616e·6420·7468·656e·2067··iles)·and·then·g
0003b140:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-80003b140:·6574·2066·696c·6573·206e·616d·6573·0a66··et·files·names.f
0003b150:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-0003b150:·696c·6573·5f77·6974·685f·696e·636f·7272··iles_with_incorr
0003b160:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003b160:·6563·745f·6861·7368·3d22·2428·7270·6d20··ect_hash="$(rpm·
0003b170:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003b170:·2d56·6120·2d2d·6e6f·636f·6e66·6967·207c··-Va·--noconfig·|
0003b180:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·0003b180:·2067·7265·7020·2d45·2027·5e2e·2e35·2720···grep·-E·'^..5'·
0003b190:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003b190:·7c20·6177·6b20·277b·7072·696e·7420·244e··|·awk·'{print·$N
0003b1a0:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-8000003b1a0:·467d·2720·2922·0a0a·6966·205b·202d·6e20··F}'·)"..if·[·-n·
0003b1b0:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·0003b1b0:·2224·6669·6c65·735f·7769·7468·5f69·6e63··"$files_with_inc
0003b1c0:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003b1c0:·6f72·7265·6374·5f68·6173·6822·205d·3b20··orrect_hash"·];·
0003b1d0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b1d0:·7468·656e·0a20·2020·2023·2046·726f·6d20··then.····#·From·
0003b1e0:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS0003b1e0:·6669·6c65·7320·6e61·6d65·7320·6765·7420··files·names·get·
0003b1f0:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)0003b1f0:·7061·636b·6167·6520·6e61·6d65·7320·616e··package·names·an
0003b200:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003b200:·6420·6368·616e·6765·206e·6577·6c69·6e65··d·change·newline
0003b210:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS0003b210:·2074·6f20·7370·6163·652c·2062·6563·6175···to·space,·becau
0003b220:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h0003b220:·7365·2072·706d·2077·7269·7465·7320·6561··se·rpm·writes·ea
0003b230:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·0003b230:·6368·2070·6163·6b61·6765·2074·6f20·6e65··ch·package·to·ne
0003b240:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity0003b240:·7720·6c69·6e65·0a20·2020·2070·6163·6b61··w·line.····packa
0003b250:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003b250:·6765·735f·746f·5f72·6569·6e73·7461·6c6c··ges_to_reinstall
0003b260:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re0003b260:·3d22·2428·7270·6d20·2d71·6620·2466·696c··="$(rpm·-qf·$fil
0003b270:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003b270:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003b280:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0003b280:·745f·6861·7368·207c·2074·7220·275c·6e27··t_hash·|·tr·'\n'
0003b290:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify0003b290:·2027·2027·2922·0a0a·2020·2020·0a20·2020···'·')"..····.···
0003b2a0:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:0003b2a0:·2079·756d·2072·6569·6e73·7461·6c6c·202d···yum·reinstall·-
0003b2b0:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack0003b2b0:·7920·2470·6163·6b61·6765·735f·746f·5f72··y·$packages_to_r
0003b2c0:·6167·6520·6d61·6e61·6765·7220·7265·696e··age·manager·rein0003b2c0:·6569·6e73·7461·6c6c·0a20·2020·200a·6669··einstall.····.fi
0003b2d0:·7374·616c·6c20·636f·6d6d·616e·6427·0a20··stall·command'.·0003b2d0:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
0003b2e0:·2073·6574·5f66·6163·743a·0a20·2020·2070···set_fact:.····p0003b2e0:·616d·703b·3220·6563·686f·2027·5265·6d65··amp;2·echo·'Reme
0003b2f0:·6163·6b61·6765·5f6d·616e·6167·6572·5f72··ackage_manager_r0003b2f0:·6469·6174·696f·6e20·6973·206e·6f74·2061··diation·is·not·a
0003b300:·6569·6e73·7461·6c6c·5f63·6d64·3a20·7975··einstall_cmd:·yu0003b300:·7070·6c69·6361·626c·652c·206e·6f74·6869··pplicable,·nothi
0003b310:·6d20·7265·696e·7374·616c·6c20·2d79·0a20··m·reinstall·-y.·0003b310:·6e67·2077·6173·2064·6f6e·6527·0a66·690a··ng·was·done'.fi.
0003b320:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003b320:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
0003b330:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003b330:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
0003b340:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003b340:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
0003b350:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003b350:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
0003b360:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003b360:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b370:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003b370:·3d22·2369·646d·3539·3435·2220·7461·6269··="#idm5945"·tabi
0003b380:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003b380:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b390:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b390:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b3a0:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003b3a0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b3b0:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003b3b0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b3c0:·6c65·7422·2069·6e20·616e·7369·626c·655f··let"·in·ansible_0003b3c0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b3d0:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003b3d0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An
0003b3e0:·2020·2029·0a20·202d·2061·6e73·6962·6c65·····).··-·ansible0003b3e0:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..
0003b3f0:·5f64·6973·7472·6962·7574·696f·6e20·696e··_distribution·in0003b3f0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003b400:·205b·2022·4665·646f·7261·222c·2022·5265···[·"Fedora",·"Re0003b400:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003b410:·6448·6174·222c·2022·4365·6e74·4f53·222c··dHat",·"CentOS",0003b410:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003b420:·2022·4f72·6163·6c65·4c69·6e75·7822·205d···"OracleLinux"·]0003b420:·3d22·6964·6d35·3934·3522·3e3c·7461·626c··="idm5945"><tabl
0003b430:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003b430:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
0003b440:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N0003b440:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
0003b450:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.0003b450:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
0003b460:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-10003b460:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
0003b470:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS0003b470:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
0003b480:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)0003b480:·3c2f·7468·3e3c·7464·3e68·6967·683c·2f74··</th><td>high</t
0003b490:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b490:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
0003b4a0:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS0003b4a0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
0003b4b0:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)0003b4b0:·7464·3e6d·6564·6975·6d3c·2f74·643e·3c2f··td>medium</td></
0003b4c0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b4c0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003b4d0:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-80003b4d0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
0003b4e0:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··0003b4e0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003b4f0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003b4f0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
0003b500:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS0003b500:·3c74·643e·7265·7374·7269·6374·3c2f·7464··<td>restrict</td
0003b510:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003b510:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0003b520:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003b520:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
0003b530:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex0003b530:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
0003b540:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev0003b540:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
0003b550:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium0003b550:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
0003b560:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·0003b560:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
0003b570:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed0003b570:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
0003b580:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st0003b580:·3130·2e34·2e31·0a20·202d·204e·4953·542d··10.4.1.··-·NIST-
0003b590:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v0003b590:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··
0003b5a0:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·0003b5a0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003b5b0:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:0003b5b0:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-80
0003b5c0:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager0003b5c0:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-
0003b5d0:·2072·6569·6e73·7461·6c6c·2063·6f6d·6d61···reinstall·comma0003b5d0:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
0003b5e0:·6e64·2028·7a79·7070·6572·2927·0a20·2073··nd·(zypper)'.··s0003b5e0:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-80
0003b5f0:·6574·5f66·6163·743a·0a20·2020·2070·6163··et_fact:.····pac0003b5f0:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-
0003b600:·6b61·6765·5f6d·616e·6167·6572·5f72·6569··kage_manager_rei0003b600:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003b610:·6e73·7461·6c6c·5f63·6d64·3a20·7a79·7070··nstall_cmd:·zypp0003b610:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
0003b620:·6572·2069·6e20·2d66·202d·790a·2020·7768··er·in·-f·-y.··wh0003b620:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI
0003b630:·656e·3a0a·2020·2d20·6e6f·7420·2820·226b··en:.··-·not·(·"k0003b630:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(6
0003b640:·6572·6e65·6c22·2069·6e20·616e·7369·626c··ernel"·in·ansibl0003b640:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re
0003b650:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003b650:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D
0003b660:·2061·6e64·2022·7270·6d2d·6f73·7472·6565···and·"rpm-ostree0003b660:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·
0003b670:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b670:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.
0003b680:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003b680:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit
0003b690:·616e·6420·2262·6f6f·7463·2220·696e·2061··and·"bootc"·in·a0003b690:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis
0003b6a0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003b6a0:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r
0003b6b0:·6b61·6765·7320·616e·6420·6e6f·7420·226f··kages·and·not·"o0003b6b0:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-
0003b6c0:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet0003b6c0:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate
0003b6d0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b6d0:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif
0003b6e0:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003b6e0:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name
0003b6f0:·290a·2020·2d20·616e·7369·626c·655f·6469··).··-·ansible_di0003b6f0:·3a20·2753·6574·2066·6163·743a·2050·6163··:·'Set·fact:·Pac
Max diff block lines reached; 9420285/9475237 bytes (99.42%) of diff not shown.
747 KB
html2text {}
    
Offset 93, 14 lines modifiedOffset 93, 33 lines modified
93 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.693 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
94 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.494 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
95 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)95 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
96 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-196 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
97 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.597 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
98 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-0022798 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
99 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.299 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 100 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 101 #·Remediation·is·applicable·only·in·certain·platforms
 102 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 103 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 104 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 105 if·[·-n·"$files_with_incorrect_hash"·];·then
 106 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 107 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 108 ····yum·reinstall·-y·$packages_to_reinstall
  
 109 fi
  
 110 else
 111 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 112 fi
100 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8113 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
101 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high114 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
102 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium115 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
103 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false116 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
104 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict117 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
105 -·name:·Gather·the·package·facts118 -·name:·Gather·the·package·facts
106 ··package_facts:119 ··package_facts:
Offset 267, 33 lines modifiedOffset 286, 14 lines modified
267 ··-·PCI-DSSv4-11.5.2286 ··-·PCI-DSSv4-11.5.2
268 ··-·high_complexity287 ··-·high_complexity
269 ··-·high_severity288 ··-·high_severity
270 ··-·medium_disruption289 ··-·medium_disruption
271 ··-·no_reboot_needed290 ··-·no_reboot_needed
272 ··-·restrict_strategy291 ··-·restrict_strategy
273 ··-·rpm_verify_hashes292 ··-·rpm_verify_hashes
274 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
275 #·Remediation·is·applicable·only·in·certain·platforms 
276 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
277 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
278 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
279 if·[·-n·"$files_with_incorrect_hash"·];·then 
280 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
281 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
282 ····yum·reinstall·-y·$packages_to_reinstall 
  
283 fi 
  
284 else 
285 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
286 fi 
287 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*293 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
288 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:294 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
289 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'295 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
290 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:296 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
291 $·rpm·-qf·FILENAME297 $·rpm·-qf·FILENAME
  
292 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:298 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 314, 14 lines modifiedOffset 314, 50 lines modified
314 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5314 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
315 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2315 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
316 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)316 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
317 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1317 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
318 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5318 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
319 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108319 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
320 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2320 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 321 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 322 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 323 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 324 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 325 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 326 #·Remediation·is·applicable·only·in·certain·platforms
 327 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 328 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 329 declare·-A·SETPERMS_RPM_DICT
  
 330 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 331 #·is·expected·by·the·RPM·database
 332 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 333 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 334 do
 335 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 336 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 337 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 338 ········do
 339 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 340 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 341 ········done
 342 done
  
 343 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 344 #·correct·values
 345 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 346 do
 347 »       rpm·--restore·"${RPM_PACKAGE}"
 348 done
  
 349 else
 350 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 351 fi
321 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8352 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
322 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high353 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
323 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium354 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
324 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false355 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
325 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict356 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
326 -·name:·Gather·the·package·facts357 -·name:·Gather·the·package·facts
327 ··package_facts:358 ··package_facts:
Offset 433, 50 lines modifiedOffset 469, 14 lines modified
433 ··-·PCI-DSSv4-11.5.2469 ··-·PCI-DSSv4-11.5.2
434 ··-·high_complexity470 ··-·high_complexity
435 ··-·high_severity471 ··-·high_severity
436 ··-·medium_disruption472 ··-·medium_disruption
437 ··-·no_reboot_needed473 ··-·no_reboot_needed
438 ··-·restrict_strategy474 ··-·restrict_strategy
439 ··-·rpm_verify_permissions475 ··-·rpm_verify_permissions
440 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 756632/764714 bytes (98.94%) of diff not shown.
32.7 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-stig.html
    
Offset 15067, 218 lines modifiedOffset 15067, 218 lines modified
0003ada0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003ada0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003adb0:·6d36·3237·3922·2074·6162·696e·6465·783d··m6279"·tabindex=0003adb0:·6d36·3237·3922·2074·6162·696e·6465·783d··m6279"·tabindex=
0003adc0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003adc0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003add0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003add0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003ade0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003ade0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003adf0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003adf0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
0003ae00:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003ae00:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
0003ae10:·6564·6961·7469·6f6e·2041·6e61·636f·6e64··ediation·Anacond0003ae10:·6564·6961·7469·6f6e·2050·7570·7065·7420··ediation·Puppet·
0003ae20:·6120·736e·6970·7065·7420·e287·b23c·2f61··a·snippet·...</a0003ae20:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
0003ae30:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=0003ae30:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003ae40:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·0003ae40:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003ae50:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id0003ae50:·6c6c·6170·7365·2220·6964·3d22·6964·6d36··llapse"·id="idm6
0003ae60:·6d36·3237·3922·3e3c·7461·626c·6520·636c··m6279"><table·cl0003ae60:·3237·3922·3e3c·7461·626c·6520·636c·6173··279"><table·clas
0003ae70:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table0003ae70:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003ae80:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b0003ae80:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003ae90:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co0003ae90:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003aea0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th0003aea0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003aeb0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th0003aeb0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003aec0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t0003aec0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
0003aed0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup0003aed0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
0003aee0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo0003aee0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
0003aef0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><0003aef0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003af00:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><0003af00:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
0003af10:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t0003af10:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
0003af20:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate0003af20:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
0003af30:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab0003af30:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable
0003af40:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta0003af40:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
0003af50:·626c·653e·3c70·7265·3e3c·636f·6465·3e0a··ble><pre><code>.0003af50:·653e·3c70·7265·3e3c·636f·6465·3e69·6e63··e><pre><code>inc
0003af60:·7061·636b·6167·6520·2d2d·6164·643d·6169··package·--add=ai 
0003af70:·6465·0a3c·2f63·6f64·653e·3c2f·7072·653e··de.</code></pre> 
0003af80:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003af90:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003afa0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003afb0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003afc0:·6765·743d·2223·6964·6d36·3238·3022·2074··get="#idm6280"·t 
0003afd0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003afe0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003aff0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003b000:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003b010:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003b020:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003b030:·2050·7570·7065·7420·736e·6970·7065·7420···Puppet·snippet· 
0003b040:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003b050:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003b060:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003b070:·6964·3d22·6964·6d36·3238·3022·3e3c·7461··id="idm6280"><ta 
0003b080:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003b090:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003b0a0:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
0003b0b0:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
0003b0c0:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
0003b0d0:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</ 
0003b0e0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b0f0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th>0003af60:·6c75·6465·2069·6e73·7461·6c6c·5f61·6964··lude·install_aid
 0003af70:·650a·0a63·6c61·7373·2069·6e73·7461·6c6c··e..class·install
 0003af80:·5f61·6964·6520·7b0a·2020·7061·636b·6167··_aide·{.··packag
 0003af90:·6520·7b20·2761·6964·6527·3a0a·2020·2020··e·{·'aide':.····
 0003afa0:·656e·7375·7265·203d·2667·743b·2027·696e··ensure·=&gt;·'in
 0003afb0:·7374·616c·6c65·6427·2c0a·2020·7d0a·7d0a··stalled',.··}.}.
 0003afc0:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
 0003afd0:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
 0003afe0:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
 0003aff0:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
 0003b000:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
 0003b010:·3d22·2369·646d·3632·3830·2220·7461·6269··="#idm6280"·tabi
 0003b020:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
 0003b030:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
 0003b040:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
 0003b050:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
 0003b060:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
 0003b070:·223e·5265·6d65·6469·6174·696f·6e20·5368··">Remediation·Sh
 0003b080:·656c·6c20·7363·7269·7074·20e2·87b2·3c2f··ell·script·...</
 0003b090:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
 0003b0a0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
 0003b0b0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
 0003b0c0:·646d·3632·3830·223e·3c74·6162·6c65·2063··dm6280"><table·c
 0003b0d0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
 0003b0e0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
 0003b0f0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
 0003b100:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
 0003b110:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
0003b100:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr0003b120:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
0003b110:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003b120:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</0003b130:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
 0003b140:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l
0003b130:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>0003b150:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
0003b140:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t 
0003b150:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t 
0003b160:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003b170:·636f·6465·3e69·6e63·6c75·6465·2069·6e73··code>include·ins 
0003b180:·7461·6c6c·5f61·6964·650a·0a63·6c61·7373··tall_aide..class 
0003b190:·2069·6e73·7461·6c6c·5f61·6964·6520·7b0a···install_aide·{. 
0003b1a0:·2020·7061·636b·6167·6520·7b20·2761·6964····package·{·'aid 
0003b1b0:·6527·3a0a·2020·2020·656e·7375·7265·203d··e':.····ensure·= 
0003b1c0:·2667·743b·2027·696e·7374·616c·6c65·6427··&gt;·'installed' 
0003b1d0:·2c0a·2020·7d0a·7d0a·3c2f·636f·6465·3e3c··,.··}.}.</code>< 
0003b1e0:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003b1f0:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc0003b160:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>
 0003b170:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></
 0003b180:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
 0003b190:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena
 0003b1a0:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t
 0003b1b0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
 0003b1c0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
 0003b1d0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
 0003b1e0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
 0003b1f0:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q
 0003b200:·7569·6574·202d·7120·6b65·726e·656c·207c··uiet·-q·kernel·|
 0003b210:·7c20·7270·6d20·2d2d·7175·6965·7420·2d71··|·rpm·--quiet·-q
 0003b220:·206b·6572·6e65·6c2d·7565·6b3b·2074·6865···kernel-uek;·the
 0003b230:·6e0a·0a69·6620·2120·7270·6d20·2d71·202d··n..if·!·rpm·-q·-
 0003b240:·2d71·7569·6574·2022·6169·6465·2220·3b20··-quiet·"aide"·;·
 0003b250:·7468·656e·0a20·2020·2079·756d·2069·6e73··then.····yum·ins
 0003b260:·7461·6c6c·202d·7920·2261·6964·6522·0a66··tall·-y·"aide".f
 0003b270:·690a·0a65·6c73·650a·2020·2020·2667·743b··i..else.····&gt;
 0003b280:·2661·6d70·3b32·2065·6368·6f20·2752·656d··&amp;2·echo·'Rem
 0003b290:·6564·6961·7469·6f6e·2069·7320·6e6f·7420··ediation·is·not·
 0003b2a0:·6170·706c·6963·6162·6c65·2c20·6e6f·7468··applicable,·noth
 0003b2b0:·696e·6720·7761·7320·646f·6e65·270a·6669··ing·was·done'.fi
 0003b2c0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
 0003b2d0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
 0003b2e0:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
 0003b2f0:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
0003b200:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl0003b300:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
 0003b310:·743d·2223·6964·6d36·3238·3122·2074·6162··t="#idm6281"·tab
 0003b320:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
 0003b330:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
Max diff block lines reached; 31615020/31643752 bytes (99.91%) of diff not shown.
2.54 MB
html2text {}
Max HTML report size reached
32.6 MB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-stig_gui.html
    
Offset 15085, 217 lines modifiedOffset 15085, 217 lines modified
0003aec0:·2d74·6172·6765·743d·2223·6964·6d36·3237··-target="#idm6270003aec0:·2d74·6172·6765·743d·2223·6964·6d36·3237··-target="#idm627
0003aed0:·3922·2074·6162·696e·6465·783d·2230·2220··9"·tabindex="0"·0003aed0:·3922·2074·6162·696e·6465·783d·2230·2220··9"·tabindex="0"·
0003aee0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003aee0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003aef0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003aef0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003af00:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003af00:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003af10:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003af10:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003af20:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003af20:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003af30:·7469·6f6e·2041·6e61·636f·6e64·6120·736e··tion·Anaconda·sn0003af30:·7469·6f6e·2050·7570·7065·7420·736e·6970··tion·Puppet·snip
0003af40:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br0003af40:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><
0003af50:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan0003af50:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003af60:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll0003af60:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003af70:·6170·7365·2220·6964·3d22·6964·6d36·3237··apse"·id="idm6270003af70:·7365·2220·6964·3d22·6964·6d36·3237·3922··se"·id="idm6279"
0003af80:·3922·3e3c·7461·626c·6520·636c·6173·733d··9"><table·class=0003af80:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
0003af90:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str0003af90:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
0003afa0:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde0003afa0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
0003afb0:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden0003afb0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
0003afc0:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com0003afc0:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
0003afd0:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td0003afd0:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
0003afe0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t0003afe0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
0003aff0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption0003aff0:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
0003b000:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t0003b000:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
0003b010:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R0003b010:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
0003b020:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f0003b020:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
0003b030:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t0003b030:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
0003b040:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0003b040:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
0003b050:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</0003b050:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td
0003b060:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>0003b060:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0003b070:·3c70·7265·3e3c·636f·6465·3e0a·7061·636b··<pre><code>.pack 
0003b080:·6167·6520·2d2d·6164·643d·6169·6465·0a3c··age·--add=aide.< 
0003b090:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003b0a0:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003b0b0:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003b0c0:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003b0d0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003b0e0:·2223·6964·6d36·3238·3022·2074·6162·696e··"#idm6280"·tabin 
0003b0f0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003b100:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003b110:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003b120:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003b130:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003b140:·3e52·656d·6564·6961·7469·6f6e·2050·7570··>Remediation·Pup 
0003b150:·7065·7420·736e·6970·7065·7420·e287·b23c··pet·snippet·...< 
0003b160:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b170:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b180:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b190:·6964·6d36·3238·3022·3e3c·7461·626c·6520··idm6280"><table· 
0003b1a0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003b1b0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003b1c0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003b1d0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003b1e0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003b1f0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b200:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003b210:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>0003b070:·7265·3e3c·636f·6465·3e69·6e63·6c75·6465··re><code>include
 0003b080:·2069·6e73·7461·6c6c·5f61·6964·650a·0a63···install_aide..c
 0003b090:·6c61·7373·2069·6e73·7461·6c6c·5f61·6964··lass·install_aid
 0003b0a0:·6520·7b0a·2020·7061·636b·6167·6520·7b20··e·{.··package·{·
 0003b0b0:·2761·6964·6527·3a0a·2020·2020·656e·7375··'aide':.····ensu
 0003b0c0:·7265·203d·2667·743b·2027·696e·7374·616c··re·=&gt;·'instal
 0003b0d0:·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f·636f··led',.··}.}.</co
 0003b0e0:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
 0003b0f0:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
 0003b100:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
 0003b110:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
 0003b120:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
 0003b130:·646d·3632·3830·2220·7461·6269·6e64·6578··dm6280"·tabindex
 0003b140:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
 0003b150:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
 0003b160:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
 0003b170:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
 0003b180:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
 0003b190:·6d65·6469·6174·696f·6e20·5368·656c·6c20··mediation·Shell·
 0003b1a0:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b
 0003b1b0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
 0003b1c0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
 0003b1d0:·6c61·7073·6522·2069·643d·2269·646d·3632··lapse"·id="idm62
 0003b1e0:·3830·223e·3c74·6162·6c65·2063·6c61·7373··80"><table·class
 0003b1f0:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
 0003b200:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
 0003b210:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
 0003b220:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
 0003b230:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
0003b220:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr0003b240:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
0003b230:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003b240:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><0003b250:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio
 0003b260:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</
0003b250:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra0003b270:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003b260:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en0003b280:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>
0003b270:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003b280:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b290:·3e69·6e63·6c75·6465·2069·6e73·7461·6c6c··>include·install 
0003b2a0:·5f61·6964·650a·0a63·6c61·7373·2069·6e73··_aide..class·ins 
0003b2b0:·7461·6c6c·5f61·6964·6520·7b0a·2020·7061··tall_aide·{.··pa 
0003b2c0:·636b·6167·6520·7b20·2761·6964·6527·3a0a··ckage·{·'aide':. 
0003b2d0:·2020·2020·656e·7375·7265·203d·2667·743b······ensure·=&gt; 
0003b2e0:·2027·696e·7374·616c·6c65·6427·2c0a·2020···'installed',.·· 
0003b2f0:·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70·7265··}.}.</code></pre 
0003b300:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b310:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success0003b290:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><
 0003b2a0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
 0003b2b0:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable<
 0003b2c0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
 0003b2d0:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
 0003b2e0:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
 0003b2f0:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
 0003b300:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
 0003b310:·730a·6966·2072·706d·202d·2d71·7569·6574··s.if·rpm·--quiet
 0003b320:·202d·7120·6b65·726e·656c·207c·7c20·7270···-q·kernel·||·rp
 0003b330:·6d20·2d2d·7175·6965·7420·2d71·206b·6572··m·--quiet·-q·ker
 0003b340:·6e65·6c2d·7565·6b3b·2074·6865·6e0a·0a69··nel-uek;·then..i
 0003b350:·6620·2120·7270·6d20·2d71·202d·2d71·7569··f·!·rpm·-q·--qui
 0003b360:·6574·2022·6169·6465·2220·3b20·7468·656e··et·"aide"·;·then
 0003b370:·0a20·2020·2079·756d·2069·6e73·7461·6c6c··.····yum·install
 0003b380:·202d·7920·2261·6964·6522·0a66·690a·0a65···-y·"aide".fi..e
 0003b390:·6c73·650a·2020·2020·2667·743b·2661·6d70··lse.····&gt;&amp
 0003b3a0:·3b32·2065·6368·6f20·2752·656d·6564·6961··;2·echo·'Remedia
 0003b3b0:·7469·6f6e·2069·7320·6e6f·7420·6170·706c··tion·is·not·appl
 0003b3c0:·6963·6162·6c65·2c20·6e6f·7468·696e·6720··icable,·nothing·
 0003b3d0:·7761·7320·646f·6e65·270a·6669·0a3c·2f63··was·done'.fi.</c
 0003b3e0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div>
 0003b3f0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt
 0003b400:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data-
 0003b410:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse
0003b320:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c0003b420:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003b330:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b340:·7267·6574·3d22·2369·646d·3632·3831·2220··rget="#idm6281"· 
0003b350:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
Max diff block lines reached; 31555178/31583772 bytes (99.91%) of diff not shown.
2.53 MB
html2text {}
Max HTML report size reached
2.82 MB
./usr/share/doc/ssg-nondebian/ssg-openembedded-guide-expanded.html
    
Offset 15130, 95 lines modifiedOffset 15130, 95 lines modified
0003b190:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003b190:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003b1a0:·6964·6d31·3039·3022·2074·6162·696e·6465··idm1090"·tabinde0003b1a0:·6964·6d31·3039·3022·2074·6162·696e·6465··idm1090"·tabinde
0003b1b0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003b1b0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003b1c0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003b1c0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003b1d0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003b1d0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003b1e0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003b1e0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003b1f0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003b1f0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003b200:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui0003b200:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib
 0003b210:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</
 0003b220:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
 0003b230:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
 0003b240:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
 0003b250:·646d·3130·3930·223e·3c74·6162·6c65·2063··dm1090"><table·c
 0003b260:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
 0003b270:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
 0003b280:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
 0003b290:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
 0003b2a0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
 0003b2b0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003b2c0:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
 0003b2d0:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l
 0003b2e0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003b2f0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>
 0003b300:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></
 0003b310:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
 0003b320:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena
0003b210:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
0003b220:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b230:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b240:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b250:·7073·6522·2069·643d·2269·646d·3130·3930··pse"·id="idm1090 
0003b260:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[ 
0003b270:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name· 
0003b280:·3d20·2261·6964·6522·0a76·6572·7369·6f6e··=·"aide".version 
0003b290:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></ 
0003b2a0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003b2b0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003b2c0:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003b2d0:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003b2e0:·2d74·6172·6765·743d·2223·6964·6d31·3039··-target="#idm109 
0003b2f0:·3122·2074·6162·696e·6465·783d·2230·2220··1"·tabindex="0"· 
0003b300:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003b310:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003b320:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003b330:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003b340:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003b350:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni 
0003b360:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b370:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b380:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b390:·7073·6522·2069·643d·2269·646d·3130·3931··pse"·id="idm1091 
0003b3a0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003b3b0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003b3c0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003b3d0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003b3e0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003b3f0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003b400:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b410:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003b420:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b430:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003b440:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003b450:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr0003b330:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t
 0003b340:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
 0003b350:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t
 0003b360:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts
 0003b370:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts
 0003b380:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a
0003b460:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003b470:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003b480:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003b490:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name 
0003b4a0:·3a20·4761·7468·6572·2074·6865·2070·6163··:·Gather·the·pac 
0003b4b0:·6b61·6765·2066·6163·7473·0a20·2070·6163··kage·facts.··pac 
0003b4c0:·6b61·6765·5f66·6163·7473·3a0a·2020·2020··kage_facts:.···· 
0003b4d0:·6d61·6e61·6765·723a·2061·7574·6f0a·2020··manager:·auto.·· 
0003b4e0:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5 
0003b4f0:·2e31·302e·312e·330a·2020·2d20·4e49·5354··.10.1.3.··-·NIST 
0003b500:·2d38·3030·2d35·332d·434d·2d36·2861·290a··-800-53-CM-6(a). 
0003b510:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req- 
0003b520:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS 
0003b530:·7634·2d31·312e·352e·320a·2020·2d20·656e··v4-11.5.2.··-·en 
0003b540:·6162·6c65·5f73·7472·6174·6567·790a·2020··able_strategy.·· 
0003b550:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity 
0003b560:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt 
0003b570:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s 
0003b580:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r 
0003b590:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··- 
0003b5a0:·2070·6163·6b61·6765·5f61·6964·655f·696e···package_aide_in 
0003b5b0:·7374·616c·6c65·640a·0a2d·206e·616d·653a··stalled..-·name: 
0003b5c0:·2045·6e73·7572·6520·6169·6465·2069·7320···Ensure·aide·is· 
0003b5d0:·696e·7374·616c·6c65·640a·2020·7061·636b··installed.··pack 
0003b5e0:·6167·653a·0a20·2020·206e·616d·653a·2061··age:.····name:·a 
0003b5f0:·6964·650a·2020·2020·7374·6174·653a·2070··ide.····state:·p 
0003b600:·7265·7365·6e74·0a20·2077·6865·6e3a·2027··resent.··when:·' 
0003b610:·226b·6572·6e65·6c22·2069·6e20·616e·7369··"kernel"·in·ansi 
0003b620:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
0003b630:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·0003b390:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-·
0003b640:·434a·4953·2d35·2e31·302e·312e·330a·2020··CJIS-5.10.1.3.··0003b3a0:·434a·4953·2d35·2e31·302e·312e·330a·2020··CJIS-5.10.1.3.··
0003b650:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003b3b0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM
0003b660:·2d36·2861·290a·2020·2d20·5043·492d·4453··-6(a).··-·PCI-DS0003b3c0:·2d36·2861·290a·2020·2d20·5043·492d·4453··-6(a).··-·PCI-DS
0003b670:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003b3d0:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P
0003b680:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003b3e0:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.
0003b690:·2020·2d20·656e·6162·6c65·5f73·7472·6174····-·enable_strat0003b3f0:·2020·2d20·656e·6162·6c65·5f73·7472·6174····-·enable_strat
0003b6a0:·6567·790a·2020·2d20·6c6f·775f·636f·6d70··egy.··-·low_comp0003b400:·6567·790a·2020·2d20·6c6f·775f·636f·6d70··egy.··-·low_comp
0003b6b0:·6c65·7869·7479·0a20·202d·206c·6f77·5f64··lexity.··-·low_d0003b410:·6c65·7869·7479·0a20·202d·206c·6f77·5f64··lexity.··-·low_d
0003b6c0:·6973·7275·7074·696f·6e0a·2020·2d20·6d65··isruption.··-·me0003b420:·6973·7275·7074·696f·6e0a·2020·2d20·6d65··isruption.··-·me
0003b6d0:·6469·756d·5f73·6576·6572·6974·790a·2020··dium_severity.··0003b430:·6469·756d·5f73·6576·6572·6974·790a·2020··dium_severity.··
0003b6e0:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need0003b440:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need
0003b6f0:·6564·0a20·202d·2070·6163·6b61·6765·5f61··ed.··-·package_a0003b450:·6564·0a20·202d·2070·6163·6b61·6765·5f61··ed.··-·package_a
0003b700:·6964·655f·696e·7374·616c·6c65·640a·3c2f··ide_installed.</0003b460:·6964·655f·696e·7374·616c·6c65·640a·0a2d··ide_installed..-
 0003b470:·206e·616d·653a·2045·6e73·7572·6520·6169···name:·Ensure·ai
 0003b480:·6465·2069·7320·696e·7374·616c·6c65·640a··de·is·installed.
 0003b490:·2020·7061·636b·6167·653a·0a20·2020·206e····package:.····n
 0003b4a0:·616d·653a·2061·6964·650a·2020·2020·7374··ame:·aide.····st
 0003b4b0:·6174·653a·2070·7265·7365·6e74·0a20·2077··ate:·present.··w
 0003b4c0:·6865·6e3a·2027·226b·6572·6e65·6c22·2069··hen:·'"kernel"·i
 0003b4d0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 0003b4e0:·7061·636b·6167·6573·270a·2020·7461·6773··packages'.··tags
 0003b4f0:·3a0a·2020·2d20·434a·4953·2d35·2e31·302e··:.··-·CJIS-5.10.
 0003b500:·312e·330a·2020·2d20·4e49·5354·2d38·3030··1.3.··-·NIST-800
 0003b510:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-·
 0003b520:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.5
 0003b530:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1
 0003b540:·312e·352e·320a·2020·2d20·656e·6162·6c65··1.5.2.··-·enable
 0003b550:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo
 0003b560:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-
Max diff block lines reached; 2654336/2666092 bytes (99.56%) of diff not shown.
288 KB
html2text {}
    
Offset 132, 19 lines modifiedOffset 132, 14 lines modified
132 include·install_aide132 include·install_aide
  
133 class·install_aide·{133 class·install_aide·{
134 ··package·{·'aide':134 ··package·{·'aide':
135 ····ensure·=>·'installed',135 ····ensure·=>·'installed',
136 ··}136 ··}
137 }137 }
138 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
139 [[packages]] 
140 name·=·"aide" 
141 version·=·"*" 
142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8138 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low139 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low140 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false141 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable142 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
147 -·name:·Gather·the·package·facts143 -·name:·Gather·the·package·facts
148 ··package_facts:144 ··package_facts:
Offset 173, 14 lines modifiedOffset 168, 19 lines modified
173 ··-·PCI-DSSv4-11.5.2168 ··-·PCI-DSSv4-11.5.2
174 ··-·enable_strategy169 ··-·enable_strategy
175 ··-·low_complexity170 ··-·low_complexity
176 ··-·low_disruption171 ··-·low_disruption
177 ··-·medium_severity172 ··-·medium_severity
178 ··-·no_reboot_needed173 ··-·no_reboot_needed
179 ··-·package_aide_installed174 ··-·package_aide_installed
 175 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 176 [[packages]]
 177 name·=·"aide"
 178 version·=·"*"
180 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*179 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
181 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of180 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of
182 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:181 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:
183 05·4·*·*·*·root·/usr/sbin/aide·--check182 05·4·*·*·*·root·/usr/sbin/aide·--check
184 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/183 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/
185 crontab:184 crontab:
186 05·4·*·*·0·root·/usr/sbin/aide·--check185 05·4·*·*·0·root·/usr/sbin/aide·--check
Offset 393, 14 lines modifiedOffset 393, 33 lines modified
393 ············_\x8i_\x8s_\x8m······1446393 ············_\x8i_\x8s_\x8m······1446
394 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1394 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
395 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)395 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
396 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,396 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,
397 ·····················FCS_TLSC_EXT.1397 ·····················FCS_TLSC_EXT.1
398 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174398 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
399 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2399 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 400 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 401 var_system_crypto_policy='DEFAULT'
  
  
 402 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 403 rc=$?
  
 404 if·test·"$rc"·=·127;·then
 405 »       echo·"$stderr_of_call"·>&2
 406 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 407 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 408 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 409 »       false··#·end·with·an·error·code
 410 elif·test·"$rc"·!=·0;·then
 411 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 412 »       false··#·end·with·an·error·code
 413 fi
400 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8414 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
401 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low415 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
402 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low416 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
403 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false417 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
404 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict418 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
405 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable419 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
406 ··set_fact:420 ··set_fact:
Offset 445, 33 lines modifiedOffset 464, 14 lines modified
445 ··-·PCI-DSSv4-2.2.7464 ··-·PCI-DSSv4-2.2.7
446 ··-·configure_crypto_policy465 ··-·configure_crypto_policy
447 ··-·high_severity466 ··-·high_severity
448 ··-·low_complexity467 ··-·low_complexity
449 ··-·low_disruption468 ··-·low_disruption
450 ··-·no_reboot_needed469 ··-·no_reboot_needed
451 ··-·restrict_strategy470 ··-·restrict_strategy
452 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
453 var_system_crypto_policy='DEFAULT' 
  
  
454 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
455 rc=$? 
  
456 if·test·"$rc"·=·127;·then 
457 »       echo·"$stderr_of_call"·>&2 
458 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
459 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
460 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
461 »       false··#·end·with·an·error·code 
462 elif·test·"$rc"·!=·0;·then 
463 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
464 »       false··#·end·with·an·error·code 
465 fi 
466 Group  ·Updating·Software·  Group·contains·1·rule471 Group  ·Updating·Software·  Group·contains·1·rule
467 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·dnf·command·line·tool·is·used·to·install·and·update·software·packages.·The·system·also472 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·dnf·command·line·tool·is·used·to·install·and·update·software·packages.·The·system·also
468 provides·a·graphical·software·update·tool·in·the·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·menu,·in·the·A\x8Ad\x8dm\x8mi\x8in\x8ni\x8is\x8st\x8tr\x8ra\x8at\x8ti\x8io\x8on\x8n·submenu,·called473 provides·a·graphical·software·update·tool·in·the·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·menu,·in·the·A\x8Ad\x8dm\x8mi\x8in\x8ni\x8is\x8st\x8tr\x8ra\x8at\x8ti\x8io\x8on\x8n·submenu,·called
469 S\x8So\x8of\x8ft\x8tw\x8wa\x8ar\x8re\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8e.474 S\x8So\x8of\x8ft\x8tw\x8wa\x8ar\x8re\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8e.
  
470 OpenEmbedded·systems·contain·an·installed·software·catalog·called·the·RPM·database,·which·records475 OpenEmbedded·systems·contain·an·installed·software·catalog·called·the·RPM·database,·which·records
471 metadata·of·installed·packages.·Consistently·using·dnf·or·the·graphical·S\x8So\x8of\x8ft\x8tw\x8wa\x8ar\x8re\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8e·for·all476 metadata·of·installed·packages.·Consistently·using·dnf·or·the·graphical·S\x8So\x8of\x8ft\x8tw\x8wa\x8ar\x8re\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8e·for·all
Offset 676, 14 lines modifiedOffset 676, 20 lines modified
676 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the676 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the
677 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent677 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent
678 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,678 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,
679 ···········standards,·and·guidance.679 ···········standards,·and·guidance.
680 ···········Proper·group·ownership·will·ensure·that·only·root·user·can·modify·the·banner.680 ···········Proper·group·ownership·will·ensure·that·only·root·user·can·modify·the·banner.
681 Severity: ·medium681 Severity: ·medium
682 Rule·ID:···xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue682 Rule·ID:···xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue
 683 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 684 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 685 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 686 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 687 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
 688 chgrp·0·/etc/issue
683 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8689 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
684 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low690 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
685 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low691 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
686 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false692 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
687 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure693 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
688 -·name:·Test·for·existence·/etc/issue694 -·name:·Test·for·existence·/etc/issue
Max diff block lines reached; 289068/294521 bytes (98.15%) of diff not shown.
2.76 MB
./usr/share/doc/ssg-nondebian/ssg-openembedded-guide-standard.html
    
Offset 15125, 95 lines modifiedOffset 15125, 95 lines modified
0003b140:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003b140:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003b150:·646d·3130·3930·2220·7461·6269·6e64·6578··dm1090"·tabindex0003b150:·646d·3130·3930·2220·7461·6269·6e64·6578··dm1090"·tabindex
0003b160:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003b160:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003b170:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003b170:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003b180:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003b180:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003b190:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003b190:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003b1a0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003b1a0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003b1b0:·6d65·6469·6174·696f·6e20·4f53·4275·696c··mediation·OSBuil0003b1b0:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl
 0003b1c0:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a
 0003b1d0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003b1e0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003b1f0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003b200:·6d31·3039·3022·3e3c·7461·626c·6520·636c··m1090"><table·cl
 0003b210:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
 0003b220:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
 0003b230:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
 0003b240:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
 0003b250:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
 0003b260:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003b270:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
 0003b280:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
 0003b290:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003b2a0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
 0003b2b0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
 0003b2c0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
 0003b2d0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab
0003b1c0:·6420·426c·7565·7072·696e·7420·736e·6970··d·Blueprint·snip 
0003b1d0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003b1e0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003b1f0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003b200:·7365·2220·6964·3d22·6964·6d31·3039·3022··se"·id="idm1090" 
0003b210:·3e3c·7072·653e·3c63·6f64·653e·0a5b·5b70··><pre><code>.[[p 
0003b220:·6163·6b61·6765·735d·5d0a·6e61·6d65·203d··ackages]].name·= 
0003b230:·2022·6169·6465·220a·7665·7273·696f·6e20···"aide".version· 
0003b240:·3d20·222a·220a·3c2f·636f·6465·3e3c·2f70··=·"*".</code></p 
0003b250:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003b260:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
0003b270:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
0003b280:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
0003b290:·7461·7267·6574·3d22·2369·646d·3130·3931··target="#idm1091 
0003b2a0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
0003b2b0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
0003b2c0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
0003b2d0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
0003b2e0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
0003b2f0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat 
0003b300:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip 
0003b310:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003b320:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003b330:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003b340:·7365·2220·6964·3d22·6964·6d31·3039·3122··se"·id="idm1091" 
0003b350:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t 
0003b360:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip 
0003b370:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere 
0003b380:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003b390:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl 
0003b3a0:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l 
0003b3b0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b3c0:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:< 
0003b3d0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003b3e0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb 
0003b3f0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal 
0003b400:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>0003b2e0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta
 0003b2f0:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-
 0003b300:·206e·616d·653a·2047·6174·6865·7220·7468···name:·Gather·th
 0003b310:·6520·7061·636b·6167·6520·6661·6374·730a··e·package·facts.
 0003b320:·2020·7061·636b·6167·655f·6661·6374·733a····package_facts:
 0003b330:·0a20·2020·206d·616e·6167·6572·3a20·6175··.····manager:·au
0003b410:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t 
0003b420:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td 
0003b430:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p 
0003b440:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name: 
0003b450:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack 
0003b460:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack 
0003b470:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m 
0003b480:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t 
0003b490:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5. 
0003b4a0:·3130·2e31·2e33·0a20·202d·204e·4953·542d··10.1.3.··-·NIST- 
0003b4b0:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).· 
0003b4c0:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1 
0003b4d0:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv 
0003b4e0:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena 
0003b4f0:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··- 
0003b500:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity. 
0003b510:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti 
0003b520:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se 
0003b530:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re 
0003b540:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-· 
0003b550:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins 
0003b560:·7461·6c6c·6564·0a0a·2d20·6e61·6d65·3a20··talled..-·name:· 
0003b570:·456e·7375·7265·2061·6964·6520·6973·2069··Ensure·aide·is·i 
0003b580:·6e73·7461·6c6c·6564·0a20·2070·6163·6b61··nstalled.··packa 
0003b590:·6765·3a0a·2020·2020·6e61·6d65·3a20·6169··ge:.····name:·ai 
0003b5a0:·6465·0a20·2020·2073·7461·7465·3a20·7072··de.····state:·pr 
0003b5b0:·6573·656e·740a·2020·7768·656e·3a20·2722··esent.··when:·'" 
0003b5c0:·6b65·726e·656c·2220·696e·2061·6e73·6962··kernel"·in·ansib 
0003b5d0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
0003b5e0:·7327·0a20·2074·6167·733a·0a20·202d·2043··s'.··tags:.··-·C0003b340:·746f·0a20·2074·6167·733a·0a20·202d·2043··to.··tags:.··-·C
0003b5f0:·4a49·532d·352e·3130·2e31·2e33·0a20·202d··JIS-5.10.1.3.··-0003b350:·4a49·532d·352e·3130·2e31·2e33·0a20·202d··JIS-5.10.1.3.··-
0003b600:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-0003b360:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
0003b610:·3628·6129·0a20·202d·2050·4349·2d44·5353··6(a).··-·PCI-DSS0003b370:·3628·6129·0a20·202d·2050·4349·2d44·5353··6(a).··-·PCI-DSS
0003b620:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC0003b380:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC
0003b630:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·0003b390:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·
0003b640:·202d·2065·6e61·626c·655f·7374·7261·7465···-·enable_strate0003b3a0:·202d·2065·6e61·626c·655f·7374·7261·7465···-·enable_strate
0003b650:·6779·0a20·202d·206c·6f77·5f63·6f6d·706c··gy.··-·low_compl0003b3b0:·6779·0a20·202d·206c·6f77·5f63·6f6d·706c··gy.··-·low_compl
0003b660:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di0003b3c0:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di
0003b670:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med0003b3d0:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med
0003b680:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··-0003b3e0:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··-
0003b690:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede0003b3f0:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede
0003b6a0:·640a·2020·2d20·7061·636b·6167·655f·6169··d.··-·package_ai0003b400:·640a·2020·2d20·7061·636b·6167·655f·6169··d.··-·package_ai
0003b6b0:·6465·5f69·6e73·7461·6c6c·6564·0a3c·2f63··de_installed.</c0003b410:·6465·5f69·6e73·7461·6c6c·6564·0a0a·2d20··de_installed..-·
 0003b420:·6e61·6d65·3a20·456e·7375·7265·2061·6964··name:·Ensure·aid
 0003b430:·6520·6973·2069·6e73·7461·6c6c·6564·0a20··e·is·installed.·
 0003b440:·2070·6163·6b61·6765·3a0a·2020·2020·6e61···package:.····na
 0003b450:·6d65·3a20·6169·6465·0a20·2020·2073·7461··me:·aide.····sta
 0003b460:·7465·3a20·7072·6573·656e·740a·2020·7768··te:·present.··wh
 0003b470:·656e·3a20·2722·6b65·726e·656c·2220·696e··en:·'"kernel"·in
 0003b480:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 0003b490:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags:
 0003b4a0:·0a20·202d·2043·4a49·532d·352e·3130·2e31··.··-·CJIS-5.10.1
 0003b4b0:·2e33·0a20·202d·204e·4953·542d·3830·302d··.3.··-·NIST-800-
 0003b4c0:·3533·2d43·4d2d·3628·6129·0a20·202d·2050··53-CM-6(a).··-·P
 0003b4d0:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.
 0003b4e0:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-11
 0003b4f0:·2e35·2e32·0a20·202d·2065·6e61·626c·655f··.5.2.··-·enable_
 0003b500:·7374·7261·7465·6779·0a20·202d·206c·6f77··strategy.··-·low
 0003b510:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·
Max diff block lines reached; 2596527/2608283 bytes (99.55%) of diff not shown.
281 KB
html2text {}
    
Offset 130, 19 lines modifiedOffset 130, 14 lines modified
130 include·install_aide130 include·install_aide
  
131 class·install_aide·{131 class·install_aide·{
132 ··package·{·'aide':132 ··package·{·'aide':
133 ····ensure·=>·'installed',133 ····ensure·=>·'installed',
134 ··}134 ··}
135 }135 }
136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
137 [[packages]] 
138 name·=·"aide" 
139 version·=·"*" 
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
145 -·name:·Gather·the·package·facts141 -·name:·Gather·the·package·facts
146 ··package_facts:142 ··package_facts:
Offset 171, 14 lines modifiedOffset 166, 19 lines modified
171 ··-·PCI-DSSv4-11.5.2166 ··-·PCI-DSSv4-11.5.2
172 ··-·enable_strategy167 ··-·enable_strategy
173 ··-·low_complexity168 ··-·low_complexity
174 ··-·low_disruption169 ··-·low_disruption
175 ··-·medium_severity170 ··-·medium_severity
176 ··-·no_reboot_needed171 ··-·no_reboot_needed
177 ··-·package_aide_installed172 ··-·package_aide_installed
 173 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 174 [[packages]]
 175 name·=·"aide"
 176 version·=·"*"
178 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*177 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
179 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of178 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of
180 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:179 AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:
181 05·4·*·*·*·root·/usr/sbin/aide·--check180 05·4·*·*·*·root·/usr/sbin/aide·--check
182 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/181 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/
183 crontab:182 crontab:
184 05·4·*·*·0·root·/usr/sbin/aide·--check183 05·4·*·*·0·root·/usr/sbin/aide·--check
Offset 549, 14 lines modifiedOffset 549, 20 lines modified
549 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the549 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the
550 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent550 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent
551 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,551 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,
552 ···········standards,·and·guidance.552 ···········standards,·and·guidance.
553 ···········Proper·group·ownership·will·ensure·that·only·root·user·can·modify·the·banner.553 ···········Proper·group·ownership·will·ensure·that·only·root·user·can·modify·the·banner.
554 Severity: ·medium554 Severity: ·medium
555 Rule·ID:···xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue555 Rule·ID:···xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue
 556 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 557 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 558 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 559 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 560 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
 561 chgrp·0·/etc/issue
556 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8562 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
557 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low563 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
558 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low564 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
559 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false565 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
560 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure566 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
561 -·name:·Test·for·existence·/etc/issue567 -·name:·Test·for·existence·/etc/issue
562 ··stat:568 ··stat:
Offset 578, 30 lines modifiedOffset 584, 30 lines modified
578 ··tags:584 ··tags:
579 ··-·configure_strategy585 ··-·configure_strategy
580 ··-·file_groupowner_etc_issue586 ··-·file_groupowner_etc_issue
581 ··-·low_complexity587 ··-·low_complexity
582 ··-·low_disruption588 ··-·low_disruption
583 ··-·medium_severity589 ··-·medium_severity
584 ··-·no_reboot_needed590 ··-·no_reboot_needed
585 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
586 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
587 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
588 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
589 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure 
590 chgrp·0·/etc/issue 
591 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·G\x8Gr\x8ro\x8ou\x8up\x8p·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·o\x8of\x8f·M\x8Me\x8es\x8ss\x8sa\x8ag\x8ge\x8e·o\x8of\x8f·t\x8th\x8he\x8e·D\x8Da\x8ay\x8y·B\x8Ba\x8an\x8nn\x8ne\x8er\x8r·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*591 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·G\x8Gr\x8ro\x8ou\x8up\x8p·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·o\x8of\x8f·M\x8Me\x8es\x8ss\x8sa\x8ag\x8ge\x8e·o\x8of\x8f·t\x8th\x8he\x8e·D\x8Da\x8ay\x8y·B\x8Ba\x8an\x8nn\x8ne\x8er\x8r·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
592 To·properly·set·the·group·owner·of·/etc/motd,·run·the·command:592 To·properly·set·the·group·owner·of·/etc/motd,·run·the·command:
593 $·sudo·chgrp·root·/etc/motd593 $·sudo·chgrp·root·/etc/motd
594 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the594 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the
595 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent595 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent
596 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,596 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,
597 ···········standards,·and·guidance.597 ···········standards,·and·guidance.
598 ···········Proper·group·ownership·will·ensure·that·only·root·user·can·modify·the·banner.598 ···········Proper·group·ownership·will·ensure·that·only·root·user·can·modify·the·banner.
599 Severity: ·medium599 Severity: ·medium
600 Rule·ID:···xccdf_org.ssgproject.content_rule_file_groupowner_etc_motd600 Rule·ID:···xccdf_org.ssgproject.content_rule_file_groupowner_etc_motd
 601 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 602 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 603 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 604 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 605 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
 606 chgrp·0·/etc/motd
601 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8607 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
602 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low608 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
603 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low609 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
604 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false610 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
605 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure611 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
606 -·name:·Test·for·existence·/etc/motd612 -·name:·Test·for·existence·/etc/motd
607 ··stat:613 ··stat:
Offset 623, 30 lines modifiedOffset 629, 30 lines modified
623 ··tags:629 ··tags:
624 ··-·configure_strategy630 ··-·configure_strategy
625 ··-·file_groupowner_etc_motd631 ··-·file_groupowner_etc_motd
626 ··-·low_complexity632 ··-·low_complexity
627 ··-·low_disruption633 ··-·low_disruption
628 ··-·medium_severity634 ··-·medium_severity
629 ··-·no_reboot_needed635 ··-·no_reboot_needed
630 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
631 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
632 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
633 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
634 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure 
635 chgrp·0·/etc/motd 
636 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·o\x8ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·o\x8of\x8f·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·L\x8Lo\x8og\x8gi\x8in\x8n·B\x8Ba\x8an\x8nn\x8ne\x8er\x8r·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*636 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·o\x8ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·o\x8of\x8f·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·L\x8Lo\x8og\x8gi\x8in\x8n·B\x8Ba\x8an\x8nn\x8ne\x8er\x8r·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
637 To·properly·set·the·owner·of·/etc/issue,·run·the·command:637 To·properly·set·the·owner·of·/etc/issue,·run·the·command:
638 $·sudo·chown·root·/etc/issue638 $·sudo·chown·root·/etc/issue
639 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the639 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the
640 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent640 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent
641 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,641 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,
642 ···········standards,·and·guidance.642 ···········standards,·and·guidance.
643 ···········Proper·ownership·will·ensure·that·only·root·user·can·modify·the·banner.643 ···········Proper·ownership·will·ensure·that·only·root·user·can·modify·the·banner.
644 Severity: ·medium644 Severity: ·medium
645 Rule·ID:···xccdf_org.ssgproject.content_rule_file_owner_etc_issue645 Rule·ID:···xccdf_org.ssgproject.content_rule_file_owner_etc_issue
 646 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 647 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 648 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 649 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 650 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
 651 chown·0·/etc/issue
Max diff block lines reached; 281575/287392 bytes (97.98%) of diff not shown.
3.55 MB
./usr/share/doc/ssg-nondebian/ssg-openeuler2203-guide-standard.html
    
Offset 15151, 95 lines modifiedOffset 15151, 95 lines modified
0003b2e0:·7267·6574·3d22·2369·646d·3131·3530·2220··rget="#idm1150"·0003b2e0:·7267·6574·3d22·2369·646d·3131·3530·2220··rget="#idm1150"·
0003b2f0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003b2f0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003b300:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003b300:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003b310:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003b310:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003b320:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003b320:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003b330:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003b330:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003b340:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003b340:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
 0003b350:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe
 0003b360:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
 0003b370:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
 0003b380:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
 0003b390:·2220·6964·3d22·6964·6d31·3135·3022·3e3c··"·id="idm1150"><
 0003b3a0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
 0003b3b0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
 0003b3c0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
 0003b3d0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
 0003b3e0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
 0003b3f0:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
 0003b400:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003b410:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
 0003b420:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003b430:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
 0003b440:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
 0003b450:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003b460:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
0003b350:·6e20·4f53·4275·696c·6420·426c·7565·7072··n·OSBuild·Bluepr 
0003b360:·696e·7420·736e·6970·7065·7420·e287·b23c··int·snippet·...< 
0003b370:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b380:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b390:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b3a0:·6964·6d31·3135·3022·3e3c·7072·653e·3c63··idm1150"><pre><c 
0003b3b0:·6f64·653e·0a5b·5b70·6163·6b61·6765·735d··ode>.[[packages] 
0003b3c0:·5d0a·6e61·6d65·203d·2022·6169·6465·220a··].name·=·"aide". 
0003b3d0:·7665·7273·696f·6e20·3d20·222a·220a·3c2f··version·=·"*".</ 
0003b3e0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003b3f0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003b400:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003b410:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003b420:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003b430:·2369·646d·3131·3531·2220·7461·6269·6e64··#idm1151"·tabind 
0003b440:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003b450:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003b460:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003b470:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003b480:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003b490:·5265·6d65·6469·6174·696f·6e20·416e·7369··Remediation·Ansi 
0003b4a0:·626c·6520·736e·6970·7065·7420·e287·b23c··ble·snippet·...< 
0003b4b0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b4c0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b4d0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b4e0:·6964·6d31·3135·3122·3e3c·7461·626c·6520··idm1151"><table· 
0003b4f0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003b500:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003b510:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003b520:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003b530:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003b540:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b550:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003b560:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003b570:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b580:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003b590:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><0003b470:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><
 0003b480:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
 0003b490:·3e3c·636f·6465·3e2d·206e·616d·653a·2047··><code>-·name:·G
 0003b4a0:·6174·6865·7220·7468·6520·7061·636b·6167··ather·the·packag
 0003b4b0:·6520·6661·6374·730a·2020·7061·636b·6167··e·facts.··packag
 0003b4c0:·655f·6661·6374·733a·0a20·2020·206d·616e··e_facts:.····man
 0003b4d0:·6167·6572·3a20·6175·746f·0a20·2074·6167··ager:·auto.··tag
0003b5a0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003b5b0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003b5c0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003b5d0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b5e0:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather· 
0003b5f0:·7468·6520·7061·636b·6167·6520·6661·6374··the·package·fact 
0003b600:·730a·2020·7061·636b·6167·655f·6661·6374··s.··package_fact 
0003b610:·733a·0a20·2020·206d·616e·6167·6572·3a20··s:.····manager:· 
0003b620:·6175·746f·0a20·2074·6167·733a·0a20·202d··auto.··tags:.··- 
0003b630:·2043·4a49·532d·352e·3130·2e31·2e33·0a20···CJIS-5.10.1.3.· 
0003b640:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C 
0003b650:·4d2d·3628·6129·0a20·202d·2050·4349·2d44··M-6(a).··-·PCI-D 
0003b660:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-· 
0003b670:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.2 
0003b680:·0a20·202d·2065·6e61·626c·655f·7374·7261··.··-·enable_stra 
0003b690:·7465·6779·0a20·202d·206c·6f77·5f63·6f6d··tegy.··-·low_com 
0003b6a0:·706c·6578·6974·790a·2020·2d20·6c6f·775f··plexity.··-·low_ 
0003b6b0:·6469·7372·7570·7469·6f6e·0a20·202d·206d··disruption.··-·m 
0003b6c0:·6564·6975·6d5f·7365·7665·7269·7479·0a20··edium_severity.· 
0003b6d0:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee 
0003b6e0:·6465·640a·2020·2d20·7061·636b·6167·655f··ded.··-·package_ 
0003b6f0:·6169·6465·5f69·6e73·7461·6c6c·6564·0a0a··aide_installed.. 
0003b700:·2d20·6e61·6d65·3a20·456e·7375·7265·2061··-·name:·Ensure·a 
0003b710:·6964·6520·6973·2069·6e73·7461·6c6c·6564··ide·is·installed 
0003b720:·0a20·2070·6163·6b61·6765·3a0a·2020·2020··.··package:.···· 
0003b730:·6e61·6d65·3a20·6169·6465·0a20·2020·2073··name:·aide.····s 
0003b740:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.·· 
0003b750:·7768·656e·3a20·2722·6b65·726e·656c·2220··when:·'"kernel"· 
0003b760:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
0003b770:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag 
0003b780:·733a·0a20·202d·2043·4a49·532d·352e·3130··s:.··-·CJIS-5.100003b4e0:·733a·0a20·202d·2043·4a49·532d·352e·3130··s:.··-·CJIS-5.10
0003b790:·2e31·2e33·0a20·202d·204e·4953·542d·3830··.1.3.··-·NIST-800003b4f0:·2e31·2e33·0a20·202d·204e·4953·542d·3830··.1.3.··-·NIST-80
0003b7a0:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··-0003b500:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··-
0003b7b0:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.0003b510:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.
0003b7c0:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-0003b520:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-
0003b7d0:·3131·2e35·2e32·0a20·202d·2065·6e61·626c··11.5.2.··-·enabl0003b530:·3131·2e35·2e32·0a20·202d·2065·6e61·626c··11.5.2.··-·enabl
0003b7e0:·655f·7374·7261·7465·6779·0a20·202d·206c··e_strategy.··-·l0003b540:·655f·7374·7261·7465·6779·0a20·202d·206c··e_strategy.··-·l
0003b7f0:·6f77·5f63·6f6d·706c·6578·6974·790a·2020··ow_complexity.··0003b550:·6f77·5f63·6f6d·706c·6578·6974·790a·2020··ow_complexity.··
0003b800:·2d20·6c6f·775f·6469·7372·7570·7469·6f6e··-·low_disruption0003b560:·2d20·6c6f·775f·6469·7372·7570·7469·6f6e··-·low_disruption
0003b810:·0a20·202d·206d·6564·6975·6d5f·7365·7665··.··-·medium_seve0003b570:·0a20·202d·206d·6564·6975·6d5f·7365·7665··.··-·medium_seve
0003b820:·7269·7479·0a20·202d·206e·6f5f·7265·626f··rity.··-·no_rebo0003b580:·7269·7479·0a20·202d·206e·6f5f·7265·626f··rity.··-·no_rebo
0003b830:·6f74·5f6e·6565·6465·640a·2020·2d20·7061··ot_needed.··-·pa0003b590:·6f74·5f6e·6565·6465·640a·2020·2d20·7061··ot_needed.··-·pa
0003b840:·636b·6167·655f·6169·6465·5f69·6e73·7461··ckage_aide_insta0003b5a0:·636b·6167·655f·6169·6465·5f69·6e73·7461··ckage_aide_insta
 0003b5b0:·6c6c·6564·0a0a·2d20·6e61·6d65·3a20·456e··lled..-·name:·En
 0003b5c0:·7375·7265·2061·6964·6520·6973·2069·6e73··sure·aide·is·ins
 0003b5d0:·7461·6c6c·6564·0a20·2070·6163·6b61·6765··talled.··package
 0003b5e0:·3a0a·2020·2020·6e61·6d65·3a20·6169·6465··:.····name:·aide
 0003b5f0:·0a20·2020·2073·7461·7465·3a20·7072·6573··.····state:·pres
 0003b600:·656e·740a·2020·7768·656e·3a20·2722·6b65··ent.··when:·'"ke
 0003b610:·726e·656c·2220·696e·2061·6e73·6962·6c65··rnel"·in·ansible
 0003b620:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 0003b630:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
 0003b640:·532d·352e·3130·2e31·2e33·0a20·202d·204e··S-5.10.1.3.··-·N
 0003b650:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(
 0003b660:·6129·0a20·202d·2050·4349·2d44·5353·2d52··a).··-·PCI-DSS-R
 0003b670:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI-
 0003b680:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··-
 0003b690:·2065·6e61·626c·655f·7374·7261·7465·6779···enable_strategy
 0003b6a0:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex
Max diff block lines reached; 3326259/3338015 bytes (99.65%) of diff not shown.
373 KB
html2text {}
    
Offset 134, 19 lines modifiedOffset 134, 14 lines modified
134 include·install_aide134 include·install_aide
  
135 class·install_aide·{135 class·install_aide·{
136 ··package·{·'aide':136 ··package·{·'aide':
137 ····ensure·=>·'installed',137 ····ensure·=>·'installed',
138 ··}138 ··}
139 }139 }
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
141 [[packages]] 
142 name·=·"aide" 
143 version·=·"*" 
144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
145 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
146 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
147 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
148 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
149 -·name:·Gather·the·package·facts145 -·name:·Gather·the·package·facts
150 ··package_facts:146 ··package_facts:
Offset 175, 14 lines modifiedOffset 170, 19 lines modified
175 ··-·PCI-DSSv4-11.5.2170 ··-·PCI-DSSv4-11.5.2
176 ··-·enable_strategy171 ··-·enable_strategy
177 ··-·low_complexity172 ··-·low_complexity
178 ··-·low_disruption173 ··-·low_disruption
179 ··-·medium_severity174 ··-·medium_severity
180 ··-·no_reboot_needed175 ··-·no_reboot_needed
181 ··-·package_aide_installed176 ··-·package_aide_installed
 177 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 178 [[packages]]
 179 name·=·"aide"
 180 version·=·"*"
182 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*181 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
183 Run·the·following·command·to·generate·a·new·database:182 Run·the·following·command·to·generate·a·new·database:
184 $·sudo·/usr/sbin/aide·--init183 $·sudo·/usr/sbin/aide·--init
185 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the184 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the
186 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of185 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of
187 these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance186 these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance
188 about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:187 about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 353, 14 lines modifiedOffset 353, 33 lines modified
353 ············_\x8i_\x8s_\x8m······1446353 ············_\x8i_\x8s_\x8m······1446
354 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1354 References:·_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
355 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)355 ············_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
356 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,356 ············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,
357 ·····················FCS_TLSC_EXT.1357 ·····················FCS_TLSC_EXT.1
358 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174358 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
359 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2359 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
 360 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 361 var_system_crypto_policy='DEFAULT'
  
  
 362 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 363 rc=$?
  
 364 if·test·"$rc"·=·127;·then
 365 »       echo·"$stderr_of_call"·>&2
 366 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 367 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 368 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 369 »       false··#·end·with·an·error·code
 370 elif·test·"$rc"·!=·0;·then
 371 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 372 »       false··#·end·with·an·error·code
 373 fi
360 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8374 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
361 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low375 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
362 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low376 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
363 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false377 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
364 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict378 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
365 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable379 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
366 ··set_fact:380 ··set_fact:
Offset 405, 33 lines modifiedOffset 424, 14 lines modified
405 ··-·PCI-DSSv4-2.2.7424 ··-·PCI-DSSv4-2.2.7
406 ··-·configure_crypto_policy425 ··-·configure_crypto_policy
407 ··-·high_severity426 ··-·high_severity
408 ··-·low_complexity427 ··-·low_complexity
409 ··-·low_disruption428 ··-·low_disruption
410 ··-·no_reboot_needed429 ··-·no_reboot_needed
411 ··-·restrict_strategy430 ··-·restrict_strategy
412 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
  
413 var_system_crypto_policy='DEFAULT' 
  
  
414 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
415 rc=$? 
  
416 if·test·"$rc"·=·127;·then 
417 »       echo·"$stderr_of_call"·>&2 
418 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
419 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
420 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
421 »       false··#·end·with·an·error·code 
422 elif·test·"$rc"·!=·0;·then 
423 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
424 »       false··#·end·with·an·error·code 
425 fi 
426 Group  ·Sudo·  Group·contains·1·rule431 Group  ·Sudo·  Group·contains·1·rule
427 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Sudo,·which·stands·for·"su·'do'",·provides·the·ability·to·delegate·authority·to·certain432 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Sudo,·which·stands·for·"su·'do'",·provides·the·ability·to·delegate·authority·to·certain
428 users,·groups·of·users,·or·system·administrators.·When·configured·for·system·users·and/or·groups,433 users,·groups·of·users,·or·system·administrators.·When·configured·for·system·users·and/or·groups,
429 Sudo·can·allow·a·user·or·group·to·execute·privileged·commands·that·normally·only·root·is·allowed434 Sudo·can·allow·a·user·or·group·to·execute·privileged·commands·that·normally·only·root·is·allowed
430 to·execute.435 to·execute.
  
431 For·more·information·on·Sudo·and·addition·Sudo·configuration·options,·see·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8w\x8w_\x8w\x8w_\x8w\x8w_\x8.\x8._\x8s\x8s_\x8u\x8u_\x8d\x8d_\x8o\x8o_\x8.\x8._\x8w\x8w_\x8s\x8s.436 For·more·information·on·Sudo·and·addition·Sudo·configuration·options,·see·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8w\x8w_\x8w\x8w_\x8w\x8w_\x8.\x8._\x8s\x8s_\x8u\x8u_\x8d\x8d_\x8o\x8o_\x8.\x8._\x8w\x8w_\x8s\x8s.
Offset 613, 14 lines modifiedOffset 613, 20 lines modified
613 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the613 ···········Display·of·a·standardized·and·approved·use·notification·before·granting·access·to·the
614 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent614 ···········operating·system·ensures·privacy·and·security·notification·verbiage·used·is·consistent
615 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,615 Rationale:·with·applicable·federal·laws,·Executive·Orders,·directives,·policies,·regulations,
616 ···········standards,·and·guidance.616 ···········standards,·and·guidance.
617 ···········Proper·group·ownership·will·ensure·that·only·root·user·can·modify·the·banner.617 ···········Proper·group·ownership·will·ensure·that·only·root·user·can·modify·the·banner.
618 Severity: ·high618 Severity: ·high
619 Rule·ID:···xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue619 Rule·ID:···xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue
 620 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 621 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 622 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 623 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 624 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
 625 chgrp·0·/etc/issue
620 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8626 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
621 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low627 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
622 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low628 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
623 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false629 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
624 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure630 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
625 -·name:·Test·for·existence·/etc/issue631 -·name:·Test·for·existence·/etc/issue
Max diff block lines reached; 376168/381652 bytes (98.56%) of diff not shown.
50.4 KB
./usr/share/doc/ssg-nondebian/ssg-opensuse-guide-standard.html
    
Offset 14931, 117 lines modifiedOffset 14931, 117 lines modified
0003a520:·6574·3d22·2369·646d·3636·3234·2220·7461··et="#idm6624"·ta0003a520:·6574·3d22·2369·646d·3636·3234·2220·7461··et="#idm6624"·ta
0003a530:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003a530:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003a540:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003a540:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003a550:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003a550:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003a560:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003a560:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003a570:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003a570:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003a580:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003a580:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003a590:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet· 
0003a5a0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003a5b0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col0003a590:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
 0003a5a0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
 0003a5b0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
 0003a5c0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
 0003a5d0:·2269·646d·3636·3234·223e·3c74·6162·6c65··"idm6624"><table
 0003a5e0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
 0003a5f0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
 0003a600:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
 0003a610:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
 0003a620:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
 0003a630:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003a640:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
 0003a650:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
 0003a660:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003a670:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
 0003a680:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
 0003a690:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
 0003a6a0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c
 0003a6b0:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t
 0003a6c0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 0003a6d0:·636f·6465·3e63·6867·7270·2030·202f·6574··code>chgrp·0·/et
 0003a6e0:·632f·7061·7373·7764·0a3c·2f63·6f64·653e··c/passwd.</code>
 0003a6f0:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
 0003a700:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
 0003a710:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
0003a5c0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·0003a720:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
 0003a730:·7461·2d74·6172·6765·743d·2223·6964·6d36··ta-target="#idm6
 0003a740:·3632·3522·2074·6162·696e·6465·783d·2230··625"·tabindex="0
 0003a750:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
 0003a760:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
 0003a770:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
 0003a780:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
 0003a790:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003a7a0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s
 0003a7b0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b
 0003a7c0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
 0003a7d0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
 0003a7e0:·6c61·7073·6522·2069·643d·2269·646d·3636··lapse"·id="idm66
 0003a7f0:·3235·223e·3c74·6162·6c65·2063·6c61·7373··25"><table·class
 0003a800:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
 0003a810:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
 0003a820:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
 0003a830:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
 0003a840:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
0003a5d0:·6964·3d22·6964·6d36·3632·3422·3e3c·7461··id="idm6624"><ta 
0003a5e0:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003a5f0:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003a600:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
0003a610:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
0003a620:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
0003a630:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</ 
0003a640:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003a650:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
0003a660:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003a670:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003a680:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</ 
0003a690:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003a6a0:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t 
0003a6b0:·643e·636f·6e66·6967·7572·653c·2f74·643e··d>configure</td> 
0003a6c0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
0003a6d0:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:· 
0003a6e0:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen 
0003a6f0:·6365·202f·6574·632f·7061·7373·7764·0a20··ce·/etc/passwd.· 
0003a700:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path: 
0003a710:·202f·6574·632f·7061·7373·7764·0a20·2072···/etc/passwd.··r 
0003a720:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex 
0003a730:·6973·7473·0a20·2074·6167·733a·0a20·202d··ists.··tags:.··- 
0003a740:·2043·4a49·532d·352e·352e·322e·320a·2020···CJIS-5.5.2.2.·· 
0003a750:·2d20·4e49·5354·2d38·3030·2d35·332d·4143··-·NIST-800-53-AC 
0003a760:·2d36·2831·290a·2020·2d20·4e49·5354·2d38··-6(1).··-·NIST-8 
0003a770:·3030·2d35·332d·434d·2d36·2861·290a·2020··00-53-CM-6(a).·· 
0003a780:·2d20·5043·492d·4453·532d·5265·712d·382e··-·PCI-DSS-Req-8. 
0003a790:·372e·630a·2020·2d20·5043·492d·4453·5376··7.c.··-·PCI-DSSv 
0003a7a0:·342d·322e·320a·2020·2d20·5043·492d·4453··4-2.2.··-·PCI-DS 
0003a7b0:·5376·342d·322e·322e·360a·2020·2d20·636f··Sv4-2.2.6.··-·co 
0003a7c0:·6e66·6967·7572·655f·7374·7261·7465·6779··nfigure_strategy 
0003a7d0:·0a20·202d·2066·696c·655f·6772·6f75·706f··.··-·file_groupo 
0003a7e0:·776e·6572·5f65·7463·5f70·6173·7377·640a··wner_etc_passwd. 
0003a7f0:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi 
0003a800:·7479·0a20·202d·206c·6f77·5f64·6973·7275··ty.··-·low_disru 
0003a810:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium 
0003a820:·5f73·6576·6572·6974·790a·2020·2d20·6e6f··_severity.··-·no 
0003a830:·5f72·6562·6f6f·745f·6e65·6564·6564·0a0a··_reboot_needed.. 
0003a840:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g 
0003a850:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on· 
0003a860:·2f65·7463·2f70·6173·7377·640a·2020·6669··/etc/passwd.··fi 
0003a870:·6c65·3a0a·2020·2020·7061·7468·3a20·2f65··le:.····path:·/e 
0003a880:·7463·2f70·6173·7377·640a·2020·2020·6772··tc/passwd.····gr 
0003a890:·6f75·703a·2027·3027·0a20·2077·6865·6e3a··oup:·'0'.··when: 
0003a8a0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta 
0003a8b0:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and 
0003a8c0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta 
0003a8d0:·742e·6578·6973·7473·0a20·2074·6167·733a··t.exists.··tags: 
0003a8e0:·0a20·202d·2043·4a49·532d·352e·352e·322e··.··-·CJIS-5.5.2. 
0003a8f0:·320a·2020·2d20·4e49·5354·2d38·3030·2d35··2.··-·NIST-800-5 
0003a900:·332d·4143·2d36·2831·290a·2020·2d20·4e49··3-AC-6(1).··-·NI 
0003a910:·5354·2d38·3030·2d35·332d·434d·2d36·2861··ST-800-53-CM-6(a 
0003a920:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re 
0003a930:·712d·382e·372e·630a·2020·2d20·5043·492d··q-8.7.c.··-·PCI- 
0003a940:·4453·5376·342d·322e·320a·2020·2d20·5043··DSSv4-2.2.··-·PC 
0003a950:·492d·4453·5376·342d·322e·322e·360a·2020··I-DSSv4-2.2.6.·· 
0003a960:·2d20·636f·6e66·6967·7572·655f·7374·7261··-·configure_stra 
0003a970:·7465·6779·0a20·202d·2066·696c·655f·6772··tegy.··-·file_gr 
0003a980:·6f75·706f·776e·6572·5f65·7463·5f70·6173··oupowner_etc_pas 
0003a990:·7377·640a·2020·2d20·6c6f·775f·636f·6d70··swd.··-·low_comp 
0003a9a0:·6c65·7869·7479·0a20·202d·206c·6f77·5f64··lexity.··-·low_d 
0003a9b0:·6973·7275·7074·696f·6e0a·2020·2d20·6d65··isruption.··-·me 
0003a9c0:·6469·756d·5f73·6576·6572·6974·790a·2020··dium_severity.·· 
0003a9d0:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need 
0003a9e0:·6564·0a3c·2f63·6f64·653e·3c2f·7072·653e··ed.</code></pre> 
0003a9f0:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003aa00:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003aa10:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003aa20:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003aa30:·6765·743d·2223·6964·6d36·3632·3522·2074··get="#idm6625"·t 
0003aa40:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003aa50:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003aa60:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
Max diff block lines reached; 31106/45900 bytes (67.77%) of diff not shown.
5.43 KB
html2text {}
    
Offset 107, 14 lines modifiedOffset 107, 20 lines modified
107 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2107 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2
108 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)108 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)
109 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5109 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5
110 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.7.c110 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.7.c
111 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227111 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
112 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R50112 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R50
113 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········2.2.6,·2.2113 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········2.2.6,·2.2
 114 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 115 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 116 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 117 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 118 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
 119 chgrp·0·/etc/passwd
114 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8120 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
115 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low121 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
116 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low122 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
117 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false123 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
118 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure124 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
119 -·name:·Test·for·existence·/etc/passwd125 -·name:·Test·for·existence·/etc/passwd
120 ··stat:126 ··stat:
Offset 148, 20 lines modifiedOffset 154, 14 lines modified
148 ··-·PCI-DSSv4-2.2.6154 ··-·PCI-DSSv4-2.2.6
149 ··-·configure_strategy155 ··-·configure_strategy
150 ··-·file_groupowner_etc_passwd156 ··-·file_groupowner_etc_passwd
151 ··-·low_complexity157 ··-·low_complexity
152 ··-·low_disruption158 ··-·low_disruption
153 ··-·medium_severity159 ··-·medium_severity
154 ··-·no_reboot_needed160 ··-·no_reboot_needed
155 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
156 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
157 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
158 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
159 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure 
160 chgrp·0·/etc/passwd 
161 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·U\x8Us\x8se\x8er\x8r·W\x8Wh\x8ho\x8o·O\x8Ow\x8wn\x8ns\x8s·p\x8pa\x8as\x8ss\x8sw\x8wd\x8d·F\x8Fi\x8il\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*161 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·U\x8Us\x8se\x8er\x8r·W\x8Wh\x8ho\x8o·O\x8Ow\x8wn\x8ns\x8s·p\x8pa\x8as\x8ss\x8sw\x8wd\x8d·F\x8Fi\x8il\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
162 To·properly·set·the·owner·of·/etc/passwd,·run·the·command:162 To·properly·set·the·owner·of·/etc/passwd,·run·the·command:
163 $·sudo·chown·root·/etc/passwd163 $·sudo·chown·root·/etc/passwd
164 ············The·/etc/passwd·file·contains·information·about·the·users·that·are164 ············The·/etc/passwd·file·contains·information·about·the·users·that·are
165 Rationale:··configured·on·the·system.·Protection·of·this·file·is·critical·for165 Rationale:··configured·on·the·system.·Protection·of·this·file·is·critical·for
166 ············system·security.166 ············system·security.
167 Severity: ··medium167 Severity: ··medium
Offset 182, 14 lines modifiedOffset 182, 20 lines modified
182 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2182 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2
183 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)183 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)
184 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5184 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5
185 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.7.c185 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.7.c
186 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227186 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
187 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R50187 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R50
188 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········2.2.6,·2.2188 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········2.2.6,·2.2
 189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 190 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 191 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 192 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 193 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
 194 chown·0·/etc/passwd
189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8195 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
190 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low196 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
191 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low197 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
192 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false198 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
193 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure199 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
194 -·name:·Test·for·existence·/etc/passwd200 -·name:·Test·for·existence·/etc/passwd
195 ··stat:201 ··stat:
Offset 223, 20 lines modifiedOffset 229, 14 lines modified
223 ··-·PCI-DSSv4-2.2.6229 ··-·PCI-DSSv4-2.2.6
224 ··-·configure_strategy230 ··-·configure_strategy
225 ··-·file_owner_etc_passwd231 ··-·file_owner_etc_passwd
226 ··-·low_complexity232 ··-·low_complexity
227 ··-·low_disruption233 ··-·low_disruption
228 ··-·medium_severity234 ··-·medium_severity
229 ··-·no_reboot_needed235 ··-·no_reboot_needed
230 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
231 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
232 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
233 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
234 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure 
235 chown·0·/etc/passwd 
236 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·o\x8on\x8n·p\x8pa\x8as\x8ss\x8sw\x8wd\x8d·F\x8Fi\x8il\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*236 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·o\x8on\x8n·p\x8pa\x8as\x8ss\x8sw\x8wd\x8d·F\x8Fi\x8il\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
237 To·properly·set·the·permissions·of·/etc/passwd,·run·the·command:237 To·properly·set·the·permissions·of·/etc/passwd,·run·the·command:
238 $·sudo·chmod·0644·/etc/passwd238 $·sudo·chmod·0644·/etc/passwd
239 ············If·the·/etc/passwd·file·is·writable·by·a·group-owner·or·the·world239 ············If·the·/etc/passwd·file·is·writable·by·a·group-owner·or·the·world
240 Rationale:··the·risk·of·its·compromise·is·increased.·The·file·contains·the·list240 Rationale:··the·risk·of·its·compromise·is·increased.·The·file·contains·the·list
241 ············of·accounts·on·the·system·and·associated·information,·and241 ············of·accounts·on·the·system·and·associated·information,·and
242 ············protection·of·this·file·is·critical·for·system·security.242 ············protection·of·this·file·is·critical·for·system·security.
Offset 258, 14 lines modifiedOffset 258, 24 lines modified
258 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2258 ···························007-3·R5.1,·CIP-007-3·R5.1.1,·CIP-007-3·R5.1.2
259 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)259 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)
260 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5260 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5
261 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.7.c261 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.7.c
262 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227262 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
263 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R50263 ············_\x8a_\x8n_\x8s_\x8s_\x8i··········R50
264 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········2.2.6,·2.2264 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········2.2.6,·2.2
 265 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 266 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 267 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 268 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 269 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
  
  
  
  
 270 chmod·u-xs,g-xws,o-xwt·/etc/passwd
265 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8271 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
266 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low272 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
267 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low273 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
268 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false274 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
269 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure275 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
270 -·name:·Test·for·existence·/etc/passwd276 -·name:·Test·for·existence·/etc/passwd
271 ··stat:277 ··stat:
Offset 299, 21 lines modifiedOffset 309, 11 lines modified
299 ··-·PCI-DSSv4-2.2.6309 ··-·PCI-DSSv4-2.2.6
300 ··-·configure_strategy310 ··-·configure_strategy
301 ··-·file_permissions_etc_passwd311 ··-·file_permissions_etc_passwd
302 ··-·low_complexity312 ··-·low_complexity
303 ··-·low_disruption313 ··-·low_disruption
304 ··-·medium_severity314 ··-·medium_severity
305 ··-·no_reboot_needed315 ··-·no_reboot_needed
306 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
307 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
308 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
309 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
310 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure 
  
  
  
  
311 chmod·u-xs,g-xws,o-xwt·/etc/passwd 
312 Red·Hat·and·Red·Hat·Enterprise·Linux·are·either·registered·trademarks·or316 Red·Hat·and·Red·Hat·Enterprise·Linux·are·either·registered·trademarks·or
Max diff block lines reached; 126/5541 bytes (2.27%) of diff not shown.
22.4 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-anssi_bp28_enhanced.html
    
Offset 15095, 281 lines modifiedOffset 15095, 281 lines modified
0003af60:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003af60:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003af70:·3733·3037·2220·7461·6269·6e64·6578·3d22··7307"·tabindex="0003af70:·3733·3037·2220·7461·6269·6e64·6578·3d22··7307"·tabindex="
0003af80:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003af80:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003af90:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003af90:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003afa0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003afa0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003afb0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003afb0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003afc0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003afc0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
 0003afd0:·6469·6174·696f·6e20·7363·7269·7074·20e2··diation·script·.
0003afd0:·6469·6174·696f·6e20·416e·6163·6f6e·6461··diation·Anaconda 
0003afe0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003aff0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b000:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b010:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b020:·3733·3037·223e·3c74·6162·6c65·2063·6c61··7307"><table·cla 
0003b030:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003b040:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003b050:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003b060:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003b070:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003b080:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b090:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003b0a0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003b0b0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b0c0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b0d0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b0e0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b0f0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b100:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003b110:·6c65·3e3c·7072·653e·3c63·6f64·653e·0a70··le><pre><code>.p 
0003b120:·6163·6b61·6765·202d·2d61·6464·3d61·6964··ackage·--add=aid 
0003b130:·650a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··e.</code></pre>< 
0003b140:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003b150:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003b160:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003b170:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003b180:·6574·3d22·2369·646d·3733·3038·2220·7461··et="#idm7308"·ta 
0003b190:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003b1a0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003b1b0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003b1c0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003b1d0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003b1e0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003b1f0:·5075·7070·6574·2073·6e69·7070·6574·20e2··Puppet·snippet·. 
0003b200:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c0003afe0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
0003b210:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll0003aff0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0003b220:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i0003b000:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0003b230:·643d·2269·646d·3733·3038·223e·3c74·6162··d="idm7308"><tab0003b010:·643d·2269·646d·3733·3037·223e·3c74·6162··d="idm7307"><tab
0003b240:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·0003b020:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
0003b250:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta0003b030:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
0003b260:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab0003b040:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
0003b270:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t0003b050:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
0003b280:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity0003b060:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
0003b290:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b2a0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003b2b0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003b2c0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b2d0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003b2e0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003b2f0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003b300:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003b310:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003b320:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003b330:·6f64·653e·696e·636c·7564·6520·696e·7374··ode>include·inst 
0003b340:·616c·6c5f·6169·6465·0a0a·636c·6173·7320··all_aide..class· 
0003b350:·696e·7374·616c·6c5f·6169·6465·207b·0a20··install_aide·{.· 
0003b360:·2070·6163·6b61·6765·207b·2027·6169·6465···package·{·'aide 
0003b370:·273a·0a20·2020·2065·6e73·7572·6520·3d26··':.····ensure·=& 
0003b380:·6774·3b20·2769·6e73·7461·6c6c·6564·272c··gt;·'installed', 
0003b390:·0a20·207d·0a7d·0a3c·2f63·6f64·653e·3c2f··.··}.}.</code></ 
0003b3a0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003b3b0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003b3c0:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003b3d0:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003b3e0:·2d74·6172·6765·743d·2223·6964·6d37·3330··-target="#idm730 
0003b3f0:·3922·2074·6162·696e·6465·783d·2230·2220··9"·tabindex="0"· 
0003b400:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003b410:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003b420:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003b430:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003b440:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003b450:·7469·6f6e·204f·5342·7569·6c64·2042·6c75··tion·OSBuild·Blu 
0003b460:·6570·7269·6e74·2073·6e69·7070·6574·20e2··eprint·snippet·. 
0003b470:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003b480:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003b490:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003b4a0:·643d·2269·646d·3733·3039·223e·3c70·7265··d="idm7309"><pre 
0003b4b0:·3e3c·636f·6465·3e0a·5b5b·7061·636b·6167··><code>.[[packag 
0003b4c0:·6573·5d5d·0a6e·616d·6520·3d20·2261·6964··es]].name·=·"aid 
0003b4d0:·6522·0a76·6572·7369·6f6e·203d·2022·2a22··e".version·=·"*" 
0003b4e0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003b4f0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003b500:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003b510:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003b520:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
0003b530:·743d·2223·6964·6d37·3331·3022·2074·6162··t="#idm7310"·tab 
0003b540:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003b550:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003b560:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003b570:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003b580:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003b590:·2122·3e52·656d·6564·6961·7469·6f6e·2073··!">Remediation·s 
0003b5a0:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br 
0003b5b0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003b5c0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003b5d0:·6170·7365·2220·6964·3d22·6964·6d37·3331··apse"·id="idm731 
0003b5e0:·3022·3e3c·7461·626c·6520·636c·6173·733d··0"><table·class= 
0003b5f0:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str 
0003b600:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde 
0003b610:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden 
0003b620:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com 
0003b630:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td 
0003b640:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003b650:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption 
0003b660:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b670:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R 
0003b680:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f 
0003b690:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t 
0003b6a0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:< 
0003b6b0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</ 
0003b6c0:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table> 
0003b6d0:·3c70·7265·3e3c·636f·6465·3e0a·7061·636b··<pre><code>.pack 
0003b6e0:·6167·6520·696e·7374·616c·6c20·6169·6465··age·install·aide 
0003b6f0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003b700:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003b710:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003b720:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003b730:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
Max diff block lines reached; 21373116/21410542 bytes (99.83%) of diff not shown.
1.94 MB
html2text {}
Max HTML report size reached
22.6 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-anssi_bp28_high.html
    
Offset 15100, 281 lines modifiedOffset 15100, 281 lines modified
0003afb0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003afb0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003afc0:·6964·6d37·3330·3722·2074·6162·696e·6465··idm7307"·tabinde0003afc0:·6964·6d37·3330·3722·2074·6162·696e·6465··idm7307"·tabinde
0003afd0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003afd0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003afe0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003afe0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003aff0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003aff0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003b000:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003b000:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003b010:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003b010:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003b020:·656d·6564·6961·7469·6f6e·2041·6e61·636f··emediation·Anaco0003b020:·656d·6564·6961·7469·6f6e·2073·6372·6970··emediation·scrip
0003b030:·6e64·6120·736e·6970·7065·7420·e287·b23c··nda·snippet·...< 
0003b040:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b050:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b060:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b070:·6964·6d37·3330·3722·3e3c·7461·626c·6520··idm7307"><table· 
0003b080:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003b090:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003b0a0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003b0b0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003b0c0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003b0d0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b0e0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003b0f0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003b100:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b110:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003b120:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003b130:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003b140:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003b150:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003b160:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b170:·3e0a·7061·636b·6167·6520·2d2d·6164·643d··>.package·--add= 
0003b180:·6169·6465·0a3c·2f63·6f64·653e·3c2f·7072··aide.</code></pr 
0003b190:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003b1a0:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003b1b0:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003b1c0:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003b1d0:·6172·6765·743d·2223·6964·6d37·3330·3822··arget="#idm7308" 
0003b1e0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003b1f0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003b200:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003b210:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003b220:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003b230:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003b240:·6f6e·2050·7570·7065·7420·736e·6970·7065··on·Puppet·snippe 
0003b250:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di0003b030:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003b260:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b270:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b280:·2220·6964·3d22·6964·6d37·3330·3822·3e3c··"·id="idm7308">< 
0003b290:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003b2a0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003b2b0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003b2c0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003b2d0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003b2e0:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003b2f0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b300:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b310:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b320:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b330:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b340:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b350:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b360:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b370:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b380:·3e3c·636f·6465·3e69·6e63·6c75·6465·2069··><code>include·i 
0003b390:·6e73·7461·6c6c·5f61·6964·650a·0a63·6c61··nstall_aide..cla 
0003b3a0:·7373·2069·6e73·7461·6c6c·5f61·6964·6520··ss·install_aide· 
0003b3b0:·7b0a·2020·7061·636b·6167·6520·7b20·2761··{.··package·{·'a 
0003b3c0:·6964·6527·3a0a·2020·2020·656e·7375·7265··ide':.····ensure 
0003b3d0:·203d·2667·743b·2027·696e·7374·616c·6c65···=&gt;·'installe 
0003b3e0:·6427·2c0a·2020·7d0a·7d0a·3c2f·636f·6465··d',.··}.}.</code 
0003b3f0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b400:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b410:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b420:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b430:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b440:·3733·3039·2220·7461·6269·6e64·6578·3d22··7309"·tabindex=" 
0003b450:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b460:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b470:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b480:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b490:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b4a0:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild· 
0003b4b0:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003b4c0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b4d0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c0003b040:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003b4e0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse0003b050:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003b4f0:·2220·6964·3d22·6964·6d37·3330·3922·3e3c··"·id="idm7309"><0003b060:·2220·6964·3d22·6964·6d37·3330·3722·3e3c··"·id="idm7307"><
0003b500:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac 
0003b510:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·" 
0003b520:·6169·6465·220a·7665·7273·696f·6e20·3d20··aide".version·=· 
0003b530:·222a·220a·3c2f·636f·6465·3e3c·2f70·7265··"*".</code></pre 
0003b540:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b550:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b560:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b570:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b580:·7267·6574·3d22·2369·646d·3733·3130·2220··rget="#idm7310"· 
0003b590:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003b5a0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003b5b0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003b5c0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003b5d0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003b5e0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003b5f0:·6e20·7363·7269·7074·20e2·87b2·3c2f·613e··n·script·...</a> 
0003b600:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b610:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b620:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b630:·3733·3130·223e·3c74·6162·6c65·2063·6c61··7310"><table·cla 
0003b640:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003b650:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003b660:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003b670:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003b680:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003b690:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b6a0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003b6b0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003b6c0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b6d0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b6e0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b6f0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b700:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b710:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003b720:·6c65·3e3c·7072·653e·3c63·6f64·653e·0a70··le><pre><code>.p 
0003b730:·6163·6b61·6765·2069·6e73·7461·6c6c·2061··ackage·install·a 
0003b740:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre 
0003b750:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b760:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b770:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b780:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b790:·7267·6574·3d22·2369·646d·3733·3131·2220··rget="#idm7311"· 
Max diff block lines reached; 21668149/21705575 bytes (99.83%) of diff not shown.
1.95 MB
html2text {}
Max HTML report size reached
9.91 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-anssi_bp28_intermediary.html
    
Offset 15091, 281 lines modifiedOffset 15091, 281 lines modified
0003af20:·2d74·6172·6765·743d·2223·6964·6d37·3330··-target="#idm7300003af20:·2d74·6172·6765·743d·2223·6964·6d37·3330··-target="#idm730
0003af30:·3722·2074·6162·696e·6465·783d·2230·2220··7"·tabindex="0"·0003af30:·3722·2074·6162·696e·6465·783d·2230·2220··7"·tabindex="0"·
0003af40:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003af40:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003af50:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003af50:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003af60:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003af60:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003af70:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003af70:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003af80:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003af80:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
 0003af90:·7469·6f6e·2073·6372·6970·7420·e287·b23c··tion·script·...<
0003af90:·7469·6f6e·2041·6e61·636f·6e64·6120·736e··tion·Anaconda·sn 
0003afa0:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br 
0003afb0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003afc0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003afd0:·6170·7365·2220·6964·3d22·6964·6d37·3330··apse"·id="idm730 
0003afe0:·3722·3e3c·7461·626c·6520·636c·6173·733d··7"><table·class= 
0003aff0:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str 
0003b000:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde 
0003b010:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden 
0003b020:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com 
0003b030:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td 
0003b040:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003b050:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption 
0003b060:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b070:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R 
0003b080:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f 
0003b090:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t 
0003b0a0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:< 
0003b0b0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</ 
0003b0c0:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table> 
0003b0d0:·3c70·7265·3e3c·636f·6465·3e0a·7061·636b··<pre><code>.pack 
0003b0e0:·6167·6520·2d2d·6164·643d·6169·6465·0a3c··age·--add=aide.< 
0003b0f0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003b100:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003b110:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003b120:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003b130:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003b140:·2223·6964·6d37·3330·3822·2074·6162·696e··"#idm7308"·tabin 
0003b150:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003b160:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003b170:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003b180:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003b190:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003b1a0:·3e52·656d·6564·6961·7469·6f6e·2050·7570··>Remediation·Pup 
0003b1b0:·7065·7420·736e·6970·7065·7420·e287·b23c··pet·snippet·...< 
0003b1c0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003afa0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
0003b1d0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003afb0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
0003b1e0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003afc0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
0003b1f0:·6964·6d37·3330·3822·3e3c·7461·626c·6520··idm7308"><table·0003afd0:·6964·6d37·3330·3722·3e3c·7461·626c·6520··idm7307"><table·
0003b200:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003afe0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
0003b210:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003aff0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
0003b220:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003b000:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
0003b230:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003b010:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
0003b240:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003b020:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
0003b250:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b260:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003b270:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003b280:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b290:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003b2a0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003b2b0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003b2c0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003b2d0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003b2e0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b2f0:·3e69·6e63·6c75·6465·2069·6e73·7461·6c6c··>include·install 
0003b300:·5f61·6964·650a·0a63·6c61·7373·2069·6e73··_aide..class·ins 
0003b310:·7461·6c6c·5f61·6964·6520·7b0a·2020·7061··tall_aide·{.··pa 
0003b320:·636b·6167·6520·7b20·2761·6964·6527·3a0a··ckage·{·'aide':. 
0003b330:·2020·2020·656e·7375·7265·203d·2667·743b······ensure·=&gt; 
0003b340:·2027·696e·7374·616c·6c65·6427·2c0a·2020···'installed',.·· 
0003b350:·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70·7265··}.}.</code></pre 
0003b360:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b370:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b380:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b390:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b3a0:·7267·6574·3d22·2369·646d·3733·3039·2220··rget="#idm7309"· 
0003b3b0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003b3c0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003b3d0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003b3e0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003b3f0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003b400:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003b410:·6e20·4f53·4275·696c·6420·426c·7565·7072··n·OSBuild·Bluepr 
0003b420:·696e·7420·736e·6970·7065·7420·e287·b23c··int·snippet·...< 
0003b430:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b440:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b450:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b460:·6964·6d37·3330·3922·3e3c·7072·653e·3c63··idm7309"><pre><c 
0003b470:·6f64·653e·0a5b·5b70·6163·6b61·6765·735d··ode>.[[packages] 
0003b480:·5d0a·6e61·6d65·203d·2022·6169·6465·220a··].name·=·"aide". 
0003b490:·7665·7273·696f·6e20·3d20·222a·220a·3c2f··version·=·"*".</ 
0003b4a0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003b4b0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003b4c0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003b4d0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003b4e0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003b4f0:·2369·646d·3733·3130·2220·7461·6269·6e64··#idm7310"·tabind 
0003b500:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003b510:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003b520:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003b530:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003b540:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003b550:·5265·6d65·6469·6174·696f·6e20·7363·7269··Remediation·scri 
0003b560:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d 
0003b570:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003b580:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003b590:·6522·2069·643d·2269·646d·3733·3130·223e··e"·id="idm7310"> 
0003b5a0:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta 
0003b5b0:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe 
0003b5c0:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered 
0003b5d0:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed 
0003b5e0:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple 
0003b5f0:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo 
0003b600:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b610:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</ 
0003b620:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b630:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo 
0003b640:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals 
0003b650:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr>< 
0003b660:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th 
0003b670:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td> 
0003b680:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
0003b690:·653e·3c63·6f64·653e·0a70·6163·6b61·6765··e><code>.package 
0003b6a0:·2069·6e73·7461·6c6c·2061·6964·650a·3c2f···install·aide.</ 
0003b6b0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003b6c0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003b6d0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003b6e0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003b6f0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
Max diff block lines reached; 9285043/9322469 bytes (99.60%) of diff not shown.
1.02 MB
html2text {}
    
Offset 118, 52 lines modifiedOffset 118, 48 lines modified
118 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)118 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
119 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3119 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
120 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5120 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
121 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199121 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
122 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79122 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
123 ·············_\x8c_\x8i_\x8s············6.1.1123 ·············_\x8c_\x8i_\x8s············6.1.1
124 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2124 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
126 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low126 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
127 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low127 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
128 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false128 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
129 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable129 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
130 package·--add=aide130 dnf·install·aide
131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
136 include·install_aide136 include·install_aide
  
137 class·install_aide·{137 class·install_aide·{
138 ··package·{·'aide':138 ··package·{·'aide':
139 ····ensure·=>·'installed',139 ····ensure·=>·'installed',
140 ··}140 ··}
141 }141 }
142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
143 [[packages]] 
144 name·=·"aide" 
145 version·=·"*" 
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 147 #·Remediation·is·applicable·only·in·certain·platforms
 148 if·rpm·--quiet·-q·kernel;·then
  
 149 if·!·rpm·-q·--quiet·"aide"·;·then
 150 ····dnf·install·-y·"aide"
 151 fi
151 package·install·aide 
152 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
153 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
154 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
155 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
156 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
157 dnf·install·aide152 else
 153 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 154 fi
158 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8155 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
159 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low156 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
160 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low157 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
161 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false158 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
162 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable159 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
163 -·name:·Gather·the·package·facts160 -·name:·Gather·the·package·facts
164 ··package_facts:161 ··package_facts:
Offset 194, 29 lines modifiedOffset 190, 33 lines modified
194 ··-·PCI-DSSv4-11.5.2190 ··-·PCI-DSSv4-11.5.2
195 ··-·enable_strategy191 ··-·enable_strategy
196 ··-·low_complexity192 ··-·low_complexity
197 ··-·low_disruption193 ··-·low_disruption
198 ··-·medium_severity194 ··-·medium_severity
199 ··-·no_reboot_needed195 ··-·no_reboot_needed
200 ··-·package_aide_installed196 ··-·package_aide_installed
 197 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 198 [[packages]]
 199 name·=·"aide"
 200 version·=·"*"
201 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8201 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
202 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low202 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
203 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low203 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
204 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false204 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
205 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable205 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
206 #·Remediation·is·applicable·only·in·certain·platforms 
207 if·rpm·--quiet·-q·kernel;·then 
  
208 if·!·rpm·-q·--quiet·"aide"·;·then 
209 ····dnf·install·-y·"aide" 
210 fi206 package·install·aide
 207 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 208 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 209 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 210 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 211 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 212 package·--add=aide
211 else 
212 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
213 fi 
214 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*213 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
215 Run·the·following·command·to·generate·a·new·database:214 Run·the·following·command·to·generate·a·new·database:
216 $·sudo·/usr/sbin/aide·--init215 $·sudo·/usr/sbin/aide·--init
217 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the216 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the
218 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these217 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these
219 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their218 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
220 integrity.·The·newly-generated·database·can·be·installed·as·follows:219 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 242, 14 lines modifiedOffset 242, 28 lines modified
242 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)242 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
243 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3243 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
244 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5244 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
245 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199245 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
246 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79246 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
247 ·············_\x8c_\x8i_\x8s············6.1.1247 ·············_\x8c_\x8i_\x8s············6.1.1
248 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2248 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 249 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 250 #·Remediation·is·applicable·only·in·certain·platforms
 251 if·rpm·--quiet·-q·kernel;·then
  
 252 if·!·rpm·-q·--quiet·"aide"·;·then
 253 ····dnf·install·-y·"aide"
 254 fi
  
 255 /usr/sbin/aide·--init
 256 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 257 else
 258 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 259 fi
249 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8260 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
250 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low261 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
251 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low262 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
252 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false263 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
253 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict264 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1065495/1070685 bytes (99.52%) of diff not shown.
2.93 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-anssi_bp28_minimal.html
    
Offset 14772, 297 lines modifiedOffset 14772, 297 lines modified
00039b30:·612d·7461·7267·6574·3d22·2369·646d·3130··a-target="#idm1000039b30:·612d·7461·7267·6574·3d22·2369·646d·3130··a-target="#idm10
00039b40:·3630·3722·2074·6162·696e·6465·783d·2230··607"·tabindex="000039b40:·3630·3722·2074·6162·696e·6465·783d·2230··607"·tabindex="0
00039b50:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·00039b50:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
00039b60:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f00039b60:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
00039b70:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act00039b70:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
00039b80:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"00039b80:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
00039b90:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed00039b90:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 00039ba0:·6961·7469·6f6e·2073·6372·6970·7420·e287··iation·script·..
 00039bb0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
 00039bc0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
00039ba0:·6961·7469·6f6e·2041·6e61·636f·6e64·6120··iation·Anaconda· 
00039bb0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
00039bc0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
00039bd0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
00039be0:·6c6c·6170·7365·2220·6964·3d22·6964·6d31··llapse"·id="idm1 
00039bf0:·3036·3037·223e·3c74·6162·6c65·2063·6c61··0607"><table·cla 
00039c00:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
00039c10:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
00039c20:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
00039c30:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
00039c40:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
00039c50:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
00039c60:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
00039c70:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
00039c80:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
00039c90:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
00039ca0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
00039cb0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
00039cc0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
00039cd0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
00039ce0:·6c65·3e3c·7072·653e·3c63·6f64·653e·0a70··le><pre><code>.p 
00039cf0:·6163·6b61·6765·202d·2d61·6464·3d64·6e66··ackage·--add=dnf 
00039d00:·2d61·7574·6f6d·6174·6963·0a3c·2f63·6f64··-automatic.</cod 
00039d10:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
00039d20:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
00039d30:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
00039d40:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·00039bd0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
 00039be0:·3d22·6964·6d31·3036·3037·223e·3c74·6162··="idm10607"><tab
 00039bf0:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 00039c00:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 00039c10:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 00039c20:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 00039c30:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
 00039c40:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 00039c50:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 00039c60:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
00039d50:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
00039d60:·6d31·3036·3038·2220·7461·6269·6e64·6578··m10608"·tabindex 
00039d70:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
00039d80:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
00039d90:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
00039da0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
00039db0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
00039dc0:·6d65·6469·6174·696f·6e20·5075·7070·6574··mediation·Puppet 
00039dd0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
00039de0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
00039df0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
00039e00:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
00039e10:·3130·3630·3822·3e3c·7461·626c·6520·636c··10608"><table·cl 
00039e20:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
00039e30:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
00039e40:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
00039e50:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
00039e60:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
00039e70:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t00039c70:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
00039e80:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
00039e90:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo00039c80:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 00039c90:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
00039ea0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><00039ca0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 00039cb0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
00039eb0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
00039ec0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
00039ed0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
00039ee0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
00039ef0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
00039f00:·626c·653e·3c70·7265·3e3c·636f·6465·3e69··ble><pre><code>i 
00039f10:·6e63·6c75·6465·2069·6e73·7461·6c6c·5f64··nclude·install_d 
00039f20:·6e66·2d61·7574·6f6d·6174·6963·0a0a·636c··nf-automatic..cl 
00039f30:·6173·7320·696e·7374·616c·6c5f·646e·662d··ass·install_dnf- 
00039f40:·6175·746f·6d61·7469·6320·7b0a·2020·7061··automatic·{.··pa 
00039f50:·636b·6167·6520·7b20·2764·6e66·2d61·7574··ckage·{·'dnf-aut 
00039f60:·6f6d·6174·6963·273a·0a20·2020·2065·6e73··omatic':.····ens 
00039f70:·7572·6520·3d26·6774·3b20·2769·6e73·7461··ure·=&gt;·'insta 
00039f80:·6c6c·6564·272c·0a20·207d·0a7d·0a3c·2f63··lled',.··}.}.</c 
00039f90:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
00039fa0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
00039fb0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
00039fc0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
00039fd0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
00039fe0:·6964·6d31·3036·3039·2220·7461·6269·6e64··idm10609"·tabind 
00039ff0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003a000:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003a010:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003a020:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003a030:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003a040:·5265·6d65·6469·6174·696f·6e20·4f53·4275··Remediation·OSBu 
0003a050:·696c·6420·426c·7565·7072·696e·7420·736e··ild·Blueprint·sn 
0003a060:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br 
0003a070:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003a080:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003a090:·6170·7365·2220·6964·3d22·6964·6d31·3036··apse"·id="idm106 
0003a0a0:·3039·223e·3c70·7265·3e3c·636f·6465·3e0a··09"><pre><code>. 
0003a0b0:·5b5b·7061·636b·6167·6573·5d5d·0a6e·616d··[[packages]].nam 
0003a0c0:·6520·3d20·2264·6e66·2d61·7574·6f6d·6174··e·=·"dnf-automat 
0003a0d0:·6963·220a·7665·7273·696f·6e20·3d20·222a··ic".version·=·"* 
0003a0e0:·220a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··".</code></pre>< 
0003a0f0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003a100:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003a110:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003a120:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003a130:·6574·3d22·2369·646d·3130·3631·3022·2074··et="#idm10610"·t 
0003a140:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003a150:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003a160:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003a170:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003a180:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003a190:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003a1a0:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a>< 
0003a1b0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003a1c0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003a1d0:·6c6c·6170·7365·2220·6964·3d22·6964·6d31··llapse"·id="idm1 
0003a1e0:·3036·3130·223e·3c74·6162·6c65·2063·6c61··0610"><table·cla 
0003a1f0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003a200:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003a210:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003a220:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003a230:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
Max diff block lines reached; 2830546/2870180 bytes (98.62%) of diff not shown.
193 KB
html2text {}
    
Offset 84, 52 lines modifiedOffset 84, 49 lines modified
84 ·············suitable·for·automatic,·regular·execution.84 ·············suitable·for·automatic,·regular·execution.
85 Severity: ···medium85 Severity: ···medium
86 Rule·ID:·····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed86 Rule·ID:·····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed
87 Identifiers:·CCE-87561-787 Identifiers:·CCE-87561-7
88 ·············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.288 ·············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.2
89 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-0008089 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-00080
90 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R6190 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
91 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x891 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
92 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low92 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
93 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low93 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
94 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false94 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
95 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable95 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
96 package·--add=dnf-automatic96 dnf·install·dnf-automatic
97 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x897 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
98 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low98 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
99 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low99 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
100 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false100 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
101 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable101 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
102 include·install_dnf-automatic102 include·install_dnf-automatic
  
103 class·install_dnf-automatic·{103 class·install_dnf-automatic·{
104 ··package·{·'dnf-automatic':104 ··package·{·'dnf-automatic':
105 ····ensure·=>·'installed',105 ····ensure·=>·'installed',
106 ··}106 ··}
107 }107 }
108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
109 [[packages]] 
110 name·=·"dnf-automatic" 
111 version·=·"*" 
112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
113 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
114 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
115 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
116 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 113 #·Remediation·is·applicable·only·in·certain·platforms
 114 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc
 115 ;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 116 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then
 117 ····dnf·install·-y·"dnf-automatic"
 118 fi
117 package·install·dnf-automatic 
118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
123 dnf·install·dnf-automatic119 else
 120 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 121 fi
124 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8122 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
125 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low123 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
126 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low124 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
127 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false125 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
128 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable126 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
129 -·name:·Gather·the·package·facts127 -·name:·Gather·the·package·facts
130 ··package_facts:128 ··package_facts:
Offset 155, 30 lines modifiedOffset 152, 33 lines modified
155 ··-·CCE-87561-7152 ··-·CCE-87561-7
156 ··-·enable_strategy153 ··-·enable_strategy
157 ··-·low_complexity154 ··-·low_complexity
158 ··-·low_disruption155 ··-·low_disruption
159 ··-·medium_severity156 ··-·medium_severity
160 ··-·no_reboot_needed157 ··-·no_reboot_needed
161 ··-·package_dnf-automatic_installed158 ··-·package_dnf-automatic_installed
 159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 160 [[packages]]
 161 name·=·"dnf-automatic"
 162 version·=·"*"
162 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8163 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
163 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low164 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
164 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low165 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
165 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false166 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
166 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable167 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
167 #·Remediation·is·applicable·only·in·certain·platforms 
168 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc 
169 ;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
170 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then 
171 ····dnf·install·-y·"dnf-automatic" 
172 fi168 package·install·dnf-automatic
 169 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 170 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 171 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 172 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 173 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 174 package·--add=dnf-automatic
173 else 
174 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
175 fi 
176 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*175 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
177 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed176 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed
178 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/177 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/
179 automatic.conf.178 automatic.conf.
180 ·············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation179 ·············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation
181 ·············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and180 ·············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and
182 Rationale:···updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in181 Rationale:···updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in
Offset 189, 14 lines modifiedOffset 189, 56 lines modified
189 Rule·ID:·····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates189 Rule·ID:·····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates
190 Identifiers:·CCE-86671-5190 Identifiers:·CCE-86671-5
191 ·············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495191 ·············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495
192 ·············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)192 ·············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)
193 References:··_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1193 References:··_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1
194 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260194 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260
195 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61195 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
 196 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 197 #·Remediation·is·applicable·only·in·certain·platforms
 198 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc
 199 ;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 200 found=false
  
 201 #·set·value·in·all·files·if·they·contain·section·or·key
 202 for·f·in·$(echo·-n·"/etc/dnf/automatic.conf");·do
 203 ····if·[·!·-e·"$f"·];·then
 204 ········continue
 205 ····fi
  
 206 ····#·find·key·in·section·and·change·value
 207 ····if·grep·-qzosP·"[[:space:]]*\[commands\]([^\n\[]*\n+)+?[[:space:]]*apply_updates"·"$f";
 208 then
  
Max diff block lines reached; 191724/198000 bytes (96.83%) of diff not shown.
25.5 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-cis.html
    
Offset 15141, 281 lines modifiedOffset 15141, 281 lines modified
0003b240:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe0003b240:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003b250:·743d·2223·6964·6d37·3330·3722·2074·6162··t="#idm7307"·tab0003b250:·743d·2223·6964·6d37·3330·3722·2074·6162··t="#idm7307"·tab
0003b260:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="0003b260:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003b270:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp0003b270:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003b280:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti0003b280:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003b290:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to0003b290:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003b2a0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#0003b2a0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003b2b0:·2122·3e52·656d·6564·6961·7469·6f6e·2041··!">Remediation·A0003b2b0:·2122·3e52·656d·6564·6961·7469·6f6e·2073··!">Remediation·s
0003b2c0:·6e61·636f·6e64·6120·736e·6970·7065·7420··naconda·snippet· 
0003b2d0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003b2e0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003b2f0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003b300:·6964·3d22·6964·6d37·3330·3722·3e3c·7461··id="idm7307"><ta 
0003b310:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003b320:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003b330:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
0003b340:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
0003b350:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
0003b360:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</ 
0003b370:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b380:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
0003b390:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b3a0:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003b3b0:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</ 
0003b3c0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b3d0:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t 
0003b3e0:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t 
0003b3f0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003b400:·636f·6465·3e0a·7061·636b·6167·6520·2d2d··code>.package·-- 
0003b410:·6164·643d·6169·6465·0a3c·2f63·6f64·653e··add=aide.</code> 
0003b420:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003b430:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003b440:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003b450:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003b460:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm7 
0003b470:·3330·3822·2074·6162·696e·6465·783d·2230··308"·tabindex="0 
0003b480:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003b490:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003b4a0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003b4b0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003b4c0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003b4d0:·6961·7469·6f6e·2050·7570·7065·7420·736e··iation·Puppet·sn 
0003b4e0:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br0003b2c0:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br
0003b4f0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan0003b2d0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003b500:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll0003b2e0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003b510:·6170·7365·2220·6964·3d22·6964·6d37·3330··apse"·id="idm7300003b2f0:·6170·7365·2220·6964·3d22·6964·6d37·3330··apse"·id="idm730
0003b520:·3822·3e3c·7461·626c·6520·636c·6173·733d··8"><table·class=0003b300:·3722·3e3c·7461·626c·6520·636c·6173·733d··7"><table·class=
0003b530:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str0003b310:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
0003b540:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde0003b320:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
0003b550:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden0003b330:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
0003b560:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com0003b340:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
0003b570:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td0003b350:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
0003b580:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003b590:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption 
0003b5a0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b5b0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R 
0003b5c0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f 
0003b5d0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t 
0003b5e0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:< 
0003b5f0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</ 
0003b600:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table> 
0003b610:·3c70·7265·3e3c·636f·6465·3e69·6e63·6c75··<pre><code>inclu 
0003b620:·6465·2069·6e73·7461·6c6c·5f61·6964·650a··de·install_aide. 
0003b630:·0a63·6c61·7373·2069·6e73·7461·6c6c·5f61··.class·install_a 
0003b640:·6964·6520·7b0a·2020·7061·636b·6167·6520··ide·{.··package· 
0003b650:·7b20·2761·6964·6527·3a0a·2020·2020·656e··{·'aide':.····en 
0003b660:·7375·7265·203d·2667·743b·2027·696e·7374··sure·=&gt;·'inst 
0003b670:·616c·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f··alled',.··}.}.</ 
0003b680:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003b690:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003b6a0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003b6b0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003b6c0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003b6d0:·2369·646d·3733·3039·2220·7461·6269·6e64··#idm7309"·tabind 
0003b6e0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003b6f0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003b700:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003b710:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003b720:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003b730:·5265·6d65·6469·6174·696f·6e20·4f53·4275··Remediation·OSBu 
0003b740:·696c·6420·426c·7565·7072·696e·7420·736e··ild·Blueprint·sn 
0003b750:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br 
0003b760:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003b770:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003b780:·6170·7365·2220·6964·3d22·6964·6d37·3330··apse"·id="idm730 
0003b790:·3922·3e3c·7072·653e·3c63·6f64·653e·0a5b··9"><pre><code>.[ 
0003b7a0:·5b70·6163·6b61·6765·735d·5d0a·6e61·6d65··[packages]].name 
0003b7b0:·203d·2022·6169·6465·220a·7665·7273·696f···=·"aide".versio 
0003b7c0:·6e20·3d20·222a·220a·3c2f·636f·6465·3e3c··n·=·"*".</code>< 
0003b7d0:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003b7e0:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003b7f0:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003b800:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003b810:·612d·7461·7267·6574·3d22·2369·646d·3733··a-target="#idm73 
0003b820:·3130·2220·7461·6269·6e64·6578·3d22·3022··10"·tabindex="0" 
0003b830:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003b840:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003b850:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003b860:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003b870:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi 
0003b880:·6174·696f·6e20·7363·7269·7074·20e2·87b2··ation·script·... 
0003b890:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003b8a0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003b8b0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003b8c0:·2269·646d·3733·3130·223e·3c74·6162·6c65··"idm7310"><table 
0003b8d0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003b8e0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003b8f0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003b900:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003b910:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
0003b920:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003b930:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis 
0003b940:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td 
0003b950:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003b960:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
0003b970:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003b980:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003b990:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e 
0003b9a0:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr>< 
0003b9b0:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod 
0003b9c0:·653e·0a70·6163·6b61·6765·2069·6e73·7461··e>.package·insta 
0003b9d0:·6c6c·2061·6964·650a·3c2f·636f·6465·3e3c··ll·aide.</code>< 
0003b9e0:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003b9f0:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003ba00:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003ba10:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003ba20:·612d·7461·7267·6574·3d22·2369·646d·3733··a-target="#idm73 
Max diff block lines reached; 24391505/24428931 bytes (99.85%) of diff not shown.
2.21 MB
html2text {}
Max HTML report size reached
12.0 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-cis_server_l1.html
    
Offset 15103, 281 lines modifiedOffset 15103, 281 lines modified
0003afe0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003afe0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003aff0:·646d·3733·3037·2220·7461·6269·6e64·6578··dm7307"·tabindex0003aff0:·646d·3733·3037·2220·7461·6269·6e64·6578··dm7307"·tabindex
0003b000:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003b000:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003b010:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003b010:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003b020:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003b020:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003b030:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003b030:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003b040:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003b040:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003b050:·6d65·6469·6174·696f·6e20·416e·6163·6f6e··mediation·Anacon0003b050:·6d65·6469·6174·696f·6e20·7363·7269·7074··mediation·script
0003b060:·6461·2073·6e69·7070·6574·20e2·87b2·3c2f··da·snippet·...</ 
0003b070:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b080:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b090:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b0a0:·646d·3733·3037·223e·3c74·6162·6c65·2063··dm7307"><table·c 
0003b0b0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003b0c0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003b0d0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003b0e0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003b0f0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003b100:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b110:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003b120:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003b130:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b140:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003b150:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003b160:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b170:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003b180:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003b190:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003b1a0:·0a70·6163·6b61·6765·202d·2d61·6464·3d61··.package·--add=a 
0003b1b0:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre 
0003b1c0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b1d0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b1e0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b1f0:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b200:·7267·6574·3d22·2369·646d·3733·3038·2220··rget="#idm7308"· 
0003b210:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003b220:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003b230:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003b240:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003b250:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003b260:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003b270:·6e20·5075·7070·6574·2073·6e69·7070·6574··n·Puppet·snippet 
0003b280:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div0003b060:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003b290:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003b2a0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003b2b0:·2069·643d·2269·646d·3733·3038·223e·3c74···id="idm7308"><t 
0003b2c0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003b2d0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003b2e0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003b2f0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003b300:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003b310:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003b320:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b330:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003b340:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b350:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003b360:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003b370:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b380:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003b390:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003b3a0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003b3b0:·3c63·6f64·653e·696e·636c·7564·6520·696e··<code>include·in 
0003b3c0:·7374·616c·6c5f·6169·6465·0a0a·636c·6173··stall_aide..clas 
0003b3d0:·7320·696e·7374·616c·6c5f·6169·6465·207b··s·install_aide·{ 
0003b3e0:·0a20·2070·6163·6b61·6765·207b·2027·6169··.··package·{·'ai 
0003b3f0:·6465·273a·0a20·2020·2065·6e73·7572·6520··de':.····ensure· 
0003b400:·3d26·6774·3b20·2769·6e73·7461·6c6c·6564··=&gt;·'installed 
0003b410:·272c·0a20·207d·0a7d·0a3c·2f63·6f64·653e··',.··}.}.</code> 
0003b420:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003b430:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003b440:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003b450:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003b460:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm7 
0003b470:·3330·3922·2074·6162·696e·6465·783d·2230··309"·tabindex="0 
0003b480:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003b490:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003b4a0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003b4b0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003b4c0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003b4d0:·6961·7469·6f6e·204f·5342·7569·6c64·2042··iation·OSBuild·B 
0003b4e0:·6c75·6570·7269·6e74·2073·6e69·7070·6574··lueprint·snippet 
0003b4f0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003b500:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0003b070:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003b510:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003b520:·2069·643d·2269·646d·3733·3039·223e·3c70···id="idm7309"><p 
0003b530:·7265·3e3c·636f·6465·3e0a·5b5b·7061·636b··re><code>.[[pack 
0003b540:·6167·6573·5d5d·0a6e·616d·6520·3d20·2261··ages]].name·=·"a 
0003b550:·6964·6522·0a76·6572·7369·6f6e·203d·2022··ide".version·=·" 
0003b560:·2a22·0a3c·2f63·6f64·653e·3c2f·7072·653e··*".</code></pre> 
0003b570:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003b580:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003b590:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003b5a0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003b5b0:·6765·743d·2223·6964·6d37·3331·3022·2074··get="#idm7310"·t 
0003b5c0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003b5d0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003b5e0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003b5f0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003b600:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003b610:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003b620:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a>< 
0003b630:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b640:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b650:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm7 
0003b660:·3331·3022·3e3c·7461·626c·6520·636c·6173··310"><table·clas 
0003b670:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003b680:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003b690:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003b6a0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003b6b0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003b6c0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b6d0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b6e0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b6f0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b700:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b710:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b720:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b730:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b740:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b750:·653e·3c70·7265·3e3c·636f·6465·3e0a·7061··e><pre><code>.pa 
0003b760:·636b·6167·6520·696e·7374·616c·6c20·6169··ckage·install·ai 
0003b770:·6465·0a3c·2f63·6f64·653e·3c2f·7072·653e··de.</code></pre> 
0003b780:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003b790:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003b7a0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003b7b0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003b7c0:·6765·743d·2223·6964·6d37·3331·3122·2074··get="#idm7311"·t 
Max diff block lines reached; 11210464/11247890 bytes (99.67%) of diff not shown.
1.25 MB
html2text {}
    
Offset 103, 52 lines modifiedOffset 103, 48 lines modified
103 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)103 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
104 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3104 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
105 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5105 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
106 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199106 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
107 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79107 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
108 ·············_\x8c_\x8i_\x8s············6.1.1108 ·············_\x8c_\x8i_\x8s············6.1.1
109 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2109 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
110 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8110 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
111 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low111 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
112 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low112 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
113 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false113 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
114 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable114 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
115 package·--add=aide115 dnf·install·aide
116 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8116 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
117 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low117 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
118 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low118 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
119 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false119 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
120 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable120 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
121 include·install_aide121 include·install_aide
  
122 class·install_aide·{122 class·install_aide·{
123 ··package·{·'aide':123 ··package·{·'aide':
124 ····ensure·=>·'installed',124 ····ensure·=>·'installed',
125 ··}125 ··}
126 }126 }
127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
128 [[packages]] 
129 name·=·"aide" 
130 version·=·"*" 
131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low128 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low129 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false130 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable131 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 132 #·Remediation·is·applicable·only·in·certain·platforms
 133 if·rpm·--quiet·-q·kernel;·then
  
 134 if·!·rpm·-q·--quiet·"aide"·;·then
 135 ····dnf·install·-y·"aide"
 136 fi
136 package·install·aide 
137 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
138 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
139 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
140 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
141 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
142 dnf·install·aide137 else
 138 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 139 fi
143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
148 -·name:·Gather·the·package·facts145 -·name:·Gather·the·package·facts
149 ··package_facts:146 ··package_facts:
Offset 179, 29 lines modifiedOffset 175, 33 lines modified
179 ··-·PCI-DSSv4-11.5.2175 ··-·PCI-DSSv4-11.5.2
180 ··-·enable_strategy176 ··-·enable_strategy
181 ··-·low_complexity177 ··-·low_complexity
182 ··-·low_disruption178 ··-·low_disruption
183 ··-·medium_severity179 ··-·medium_severity
184 ··-·no_reboot_needed180 ··-·no_reboot_needed
185 ··-·package_aide_installed181 ··-·package_aide_installed
 182 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 183 [[packages]]
 184 name·=·"aide"
 185 version·=·"*"
186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
187 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low187 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
188 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low188 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
189 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false189 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
190 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable190 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
191 #·Remediation·is·applicable·only·in·certain·platforms 
192 if·rpm·--quiet·-q·kernel;·then 
  
193 if·!·rpm·-q·--quiet·"aide"·;·then 
194 ····dnf·install·-y·"aide" 
195 fi191 package·install·aide
 192 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 193 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 194 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 195 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 196 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 197 package·--add=aide
196 else 
197 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
198 fi 
199 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*198 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
200 Run·the·following·command·to·generate·a·new·database:199 Run·the·following·command·to·generate·a·new·database:
201 $·sudo·/usr/sbin/aide·--init200 $·sudo·/usr/sbin/aide·--init
202 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:201 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
203 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz202 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
204 To·initiate·a·manual·check,·run·the·following·command:203 To·initiate·a·manual·check,·run·the·following·command:
205 $·sudo·/usr/sbin/aide·--check204 $·sudo·/usr/sbin/aide·--check
Offset 220, 14 lines modifiedOffset 220, 28 lines modified
220 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)220 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
221 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3221 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
222 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5222 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
223 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199223 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
224 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79224 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
225 ·············_\x8c_\x8i_\x8s············6.1.1225 ·············_\x8c_\x8i_\x8s············6.1.1
226 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2226 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 227 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 228 #·Remediation·is·applicable·only·in·certain·platforms
 229 if·rpm·--quiet·-q·kernel;·then
  
 230 if·!·rpm·-q·--quiet·"aide"·;·then
 231 ····dnf·install·-y·"aide"
 232 fi
  
 233 /usr/sbin/aide·--init
 234 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 235 else
 236 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 237 fi
227 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8238 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
228 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low239 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
229 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low240 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
230 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false241 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
231 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict242 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1302230/1307569 bytes (99.59%) of diff not shown.
11.6 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-cis_workstation_l1.html
    
Offset 15094, 281 lines modifiedOffset 15094, 281 lines modified
0003af50:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003af50:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003af60:·6964·6d37·3330·3722·2074·6162·696e·6465··idm7307"·tabinde0003af60:·6964·6d37·3330·3722·2074·6162·696e·6465··idm7307"·tabinde
0003af70:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003af70:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003af80:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003af80:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003af90:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003af90:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003afa0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003afa0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003afb0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003afb0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003afc0:·656d·6564·6961·7469·6f6e·2041·6e61·636f··emediation·Anaco0003afc0:·656d·6564·6961·7469·6f6e·2073·6372·6970··emediation·scrip
0003afd0:·6e64·6120·736e·6970·7065·7420·e287·b23c··nda·snippet·...< 
0003afe0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003aff0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b000:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b010:·6964·6d37·3330·3722·3e3c·7461·626c·6520··idm7307"><table· 
0003b020:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003b030:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003b040:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003b050:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003b060:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003b070:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b080:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003b090:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003b0a0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b0b0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003b0c0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003b0d0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003b0e0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003b0f0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003b100:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b110:·3e0a·7061·636b·6167·6520·2d2d·6164·643d··>.package·--add= 
0003b120:·6169·6465·0a3c·2f63·6f64·653e·3c2f·7072··aide.</code></pr 
0003b130:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003b140:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003b150:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003b160:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003b170:·6172·6765·743d·2223·6964·6d37·3330·3822··arget="#idm7308" 
0003b180:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003b190:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003b1a0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003b1b0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003b1c0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003b1d0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003b1e0:·6f6e·2050·7570·7065·7420·736e·6970·7065··on·Puppet·snippe 
0003b1f0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di0003afd0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003b200:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c0003afe0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003b210:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse0003aff0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003b220:·2220·6964·3d22·6964·6d37·3330·3822·3e3c··"·id="idm7308"><0003b000:·2220·6964·3d22·6964·6d37·3330·3722·3e3c··"·id="idm7307"><
0003b230:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab0003b010:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
0003b240:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped0003b020:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
0003b250:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·0003b030:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
0003b260:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"0003b040:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
0003b270:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex0003b050:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
0003b280:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low0003b060:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
0003b290:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b2a0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b2b0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b2c0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b2d0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b2e0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b2f0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b300:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b310:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b320:·3e3c·636f·6465·3e69·6e63·6c75·6465·2069··><code>include·i 
0003b330:·6e73·7461·6c6c·5f61·6964·650a·0a63·6c61··nstall_aide..cla 
0003b340:·7373·2069·6e73·7461·6c6c·5f61·6964·6520··ss·install_aide· 
0003b350:·7b0a·2020·7061·636b·6167·6520·7b20·2761··{.··package·{·'a 
0003b360:·6964·6527·3a0a·2020·2020·656e·7375·7265··ide':.····ensure 
0003b370:·203d·2667·743b·2027·696e·7374·616c·6c65···=&gt;·'installe 
0003b380:·6427·2c0a·2020·7d0a·7d0a·3c2f·636f·6465··d',.··}.}.</code 
0003b390:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b3a0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b3b0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b3c0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b3d0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b3e0:·3733·3039·2220·7461·6269·6e64·6578·3d22··7309"·tabindex=" 
0003b3f0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b400:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b410:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b420:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b430:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b440:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild· 
0003b450:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003b460:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b470:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b480:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b490:·2220·6964·3d22·6964·6d37·3330·3922·3e3c··"·id="idm7309">< 
0003b4a0:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac 
0003b4b0:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·" 
0003b4c0:·6169·6465·220a·7665·7273·696f·6e20·3d20··aide".version·=· 
0003b4d0:·222a·220a·3c2f·636f·6465·3e3c·2f70·7265··"*".</code></pre 
0003b4e0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b4f0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b500:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b510:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b520:·7267·6574·3d22·2369·646d·3733·3130·2220··rget="#idm7310"· 
0003b530:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003b540:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003b550:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003b560:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003b570:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003b580:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003b590:·6e20·7363·7269·7074·20e2·87b2·3c2f·613e··n·script·...</a> 
0003b5a0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b5b0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b5c0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b5d0:·3733·3130·223e·3c74·6162·6c65·2063·6c61··7310"><table·cla 
0003b5e0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003b5f0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003b600:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003b610:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003b620:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003b630:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b640:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003b650:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003b660:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b670:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b680:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b690:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b6a0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b6b0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003b6c0:·6c65·3e3c·7072·653e·3c63·6f64·653e·0a70··le><pre><code>.p 
0003b6d0:·6163·6b61·6765·2069·6e73·7461·6c6c·2061··ackage·install·a 
0003b6e0:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre 
0003b6f0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b700:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b710:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b720:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b730:·7267·6574·3d22·2369·646d·3733·3131·2220··rget="#idm7311"· 
Max diff block lines reached; 10823755/10861181 bytes (99.66%) of diff not shown.
1.2 MB
html2text {}
    
Offset 101, 52 lines modifiedOffset 101, 48 lines modified
101 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)101 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
102 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3102 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
103 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5103 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
104 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199104 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
105 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79105 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
106 ·············_\x8c_\x8i_\x8s············6.1.1106 ·············_\x8c_\x8i_\x8s············6.1.1
107 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2107 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
113 package·--add=aide113 dnf·install·aide
114 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8114 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
115 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low115 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
116 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low116 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
117 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false117 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
118 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable118 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
119 include·install_aide119 include·install_aide
  
120 class·install_aide·{120 class·install_aide·{
121 ··package·{·'aide':121 ··package·{·'aide':
122 ····ensure·=>·'installed',122 ····ensure·=>·'installed',
123 ··}123 ··}
124 }124 }
125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
126 [[packages]] 
127 name·=·"aide" 
128 version·=·"*" 
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8125 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low126 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low127 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false128 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable129 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 130 #·Remediation·is·applicable·only·in·certain·platforms
 131 if·rpm·--quiet·-q·kernel;·then
  
 132 if·!·rpm·-q·--quiet·"aide"·;·then
 133 ····dnf·install·-y·"aide"
 134 fi
134 package·install·aide 
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
140 dnf·install·aide135 else
 136 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 137 fi
141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8138 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
142 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low139 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
143 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low140 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
144 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false141 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
145 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable142 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
146 -·name:·Gather·the·package·facts143 -·name:·Gather·the·package·facts
147 ··package_facts:144 ··package_facts:
Offset 177, 29 lines modifiedOffset 173, 33 lines modified
177 ··-·PCI-DSSv4-11.5.2173 ··-·PCI-DSSv4-11.5.2
178 ··-·enable_strategy174 ··-·enable_strategy
179 ··-·low_complexity175 ··-·low_complexity
180 ··-·low_disruption176 ··-·low_disruption
181 ··-·medium_severity177 ··-·medium_severity
182 ··-·no_reboot_needed178 ··-·no_reboot_needed
183 ··-·package_aide_installed179 ··-·package_aide_installed
 180 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 181 [[packages]]
 182 name·=·"aide"
 183 version·=·"*"
184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
185 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low185 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
186 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low186 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
187 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false187 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
188 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable188 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
189 #·Remediation·is·applicable·only·in·certain·platforms 
190 if·rpm·--quiet·-q·kernel;·then 
  
191 if·!·rpm·-q·--quiet·"aide"·;·then 
192 ····dnf·install·-y·"aide" 
193 fi189 package·install·aide
 190 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 191 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 192 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 193 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 194 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 195 package·--add=aide
194 else 
195 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
196 fi 
197 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*196 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
198 Run·the·following·command·to·generate·a·new·database:197 Run·the·following·command·to·generate·a·new·database:
199 $·sudo·/usr/sbin/aide·--init198 $·sudo·/usr/sbin/aide·--init
200 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:199 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
201 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz200 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
202 To·initiate·a·manual·check,·run·the·following·command:201 To·initiate·a·manual·check,·run·the·following·command:
203 $·sudo·/usr/sbin/aide·--check202 $·sudo·/usr/sbin/aide·--check
Offset 218, 14 lines modifiedOffset 218, 28 lines modified
218 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)218 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
219 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3219 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
220 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5220 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
221 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199221 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
222 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79222 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
223 ·············_\x8c_\x8i_\x8s············6.1.1223 ·············_\x8c_\x8i_\x8s············6.1.1
224 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2224 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 225 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 226 #·Remediation·is·applicable·only·in·certain·platforms
 227 if·rpm·--quiet·-q·kernel;·then
  
 228 if·!·rpm·-q·--quiet·"aide"·;·then
 229 ····dnf·install·-y·"aide"
 230 fi
  
 231 /usr/sbin/aide·--init
 232 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 233 else
 234 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 235 fi
225 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
226 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low237 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
227 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low238 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
228 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false239 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
229 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict240 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1250611/1255950 bytes (99.57%) of diff not shown.
25.3 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-cis_workstation_l2.html
    
Offset 15133, 281 lines modifiedOffset 15133, 281 lines modified
0003b1c0:·7461·7267·6574·3d22·2369·646d·3733·3037··target="#idm73070003b1c0:·7461·7267·6574·3d22·2369·646d·3733·3037··target="#idm7307
0003b1d0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003b1d0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003b1e0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003b1e0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003b1f0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003b1f0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003b200:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003b200:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003b210:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003b210:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003b220:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003b220:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
 0003b230:·696f·6e20·7363·7269·7074·20e2·87b2·3c2f··ion·script·...</
0003b230:·696f·6e20·416e·6163·6f6e·6461·2073·6e69··ion·Anaconda·sni 
0003b240:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b250:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b260:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b270:·7073·6522·2069·643d·2269·646d·3733·3037··pse"·id="idm7307 
0003b280:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003b290:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003b2a0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003b2b0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003b2c0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003b2d0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003b2e0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b2f0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003b300:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b310:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003b320:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003b330:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003b340:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003b350:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003b360:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003b370:·7072·653e·3c63·6f64·653e·0a70·6163·6b61··pre><code>.packa 
0003b380:·6765·202d·2d61·6464·3d61·6964·650a·3c2f··ge·--add=aide.</ 
0003b390:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003b3a0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003b3b0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003b3c0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003b3d0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003b3e0:·2369·646d·3733·3038·2220·7461·6269·6e64··#idm7308"·tabind 
0003b3f0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003b400:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003b410:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003b420:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003b430:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003b440:·5265·6d65·6469·6174·696f·6e20·5075·7070··Remediation·Pupp 
0003b450:·6574·2073·6e69·7070·6574·20e2·87b2·3c2f··et·snippet·...</ 
0003b460:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0003b240:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0003b470:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0003b250:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0003b480:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b490:·646d·3733·3038·223e·3c74·6162·6c65·2063··dm7308"><table·c 
0003b4a0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003b4b0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003b4c0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003b4d0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003b4e0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003b4f0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b500:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003b510:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003b520:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b530:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003b540:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003b550:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b560:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003b570:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003b580:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003b590:·696e·636c·7564·6520·696e·7374·616c·6c5f··include·install_ 
0003b5a0:·6169·6465·0a0a·636c·6173·7320·696e·7374··aide..class·inst 
0003b5b0:·616c·6c5f·6169·6465·207b·0a20·2070·6163··all_aide·{.··pac 
0003b5c0:·6b61·6765·207b·2027·6169·6465·273a·0a20··kage·{·'aide':.· 
0003b5d0:·2020·2065·6e73·7572·6520·3d26·6774·3b20·····ensure·=&gt;· 
0003b5e0:·2769·6e73·7461·6c6c·6564·272c·0a20·207d··'installed',.··} 
0003b5f0:·0a7d·0a3c·2f63·6f64·653e·3c2f·7072·653e··.}.</code></pre> 
0003b600:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003b610:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003b620:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003b630:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003b640:·6765·743d·2223·6964·6d37·3330·3922·2074··get="#idm7309"·t 
0003b650:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003b660:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003b670:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003b680:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003b690:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003b6a0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003b6b0:·204f·5342·7569·6c64·2042·6c75·6570·7269···OSBuild·Bluepri 
0003b6c0:·6e74·2073·6e69·7070·6574·20e2·87b2·3c2f··nt·snippet·...</ 
0003b6d0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b6e0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b6f0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0003b260:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
 0003b270:·646d·3733·3037·223e·3c74·6162·6c65·2063··dm7307"><table·c
 0003b280:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
 0003b290:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
 0003b2a0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
 0003b2b0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
 0003b2c0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
0003b700:·646d·3733·3039·223e·3c70·7265·3e3c·636f··dm7309"><pre><co 
0003b710:·6465·3e0a·5b5b·7061·636b·6167·6573·5d5d··de>.[[packages]] 
0003b720:·0a6e·616d·6520·3d20·2261·6964·6522·0a76··.name·=·"aide".v 
0003b730:·6572·7369·6f6e·203d·2022·2a22·0a3c·2f63··ersion·=·"*".</c 
0003b740:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b750:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b760:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b770:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b780:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b790:·6964·6d37·3331·3022·2074·6162·696e·6465··idm7310"·tabinde 
0003b7a0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b7b0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b7c0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b7d0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b7e0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b7f0:·656d·6564·6961·7469·6f6e·2073·6372·6970··emediation·scrip 
0003b800:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b810:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b820:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b830:·2220·6964·3d22·6964·6d37·3331·3022·3e3c··"·id="idm7310">< 
0003b840:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003b850:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003b860:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003b870:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003b880:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003b890:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003b8a0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b8b0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b8c0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b8d0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b8e0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b8f0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b900:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b910:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b920:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b930:·3e3c·636f·6465·3e0a·7061·636b·6167·6520··><code>.package· 
Max diff block lines reached; 24215267/24252693 bytes (99.85%) of diff not shown.
2.2 MB
html2text {}
Max HTML report size reached
6.78 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-e8.html
    
Offset 15182, 414 lines modifiedOffset 15182, 414 lines modified
0003b4d0:·7461·2d74·6172·6765·743d·2223·6964·6d36··ta-target="#idm60003b4d0:·7461·2d74·6172·6765·743d·2223·6964·6d36··ta-target="#idm6
0003b4e0:·3936·3622·2074·6162·696e·6465·783d·2230··966"·tabindex="00003b4e0:·3936·3622·2074·6162·696e·6465·783d·2230··966"·tabindex="0
0003b4f0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·0003b4f0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003b500:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f0003b500:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003b510:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act0003b510:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003b520:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"0003b520:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
Diff chunk too large, falling back to line-by-line diff (400 lines added, 400 lines removed)
0003b530:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed0003b530:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
0003b540:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s0003b540:·6961·7469·6f6e·2053·6865·6c6c·2073·6372··iation·Shell·scr
0003b550:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b0003b550:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br><
0003b560:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa0003b560:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003b570:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col0003b570:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003b580:·6c61·7073·6522·2069·643d·2269·646d·3639··lapse"·id="idm690003b580:·7365·2220·6964·3d22·6964·6d36·3936·3622··se"·id="idm6966"
0003b590:·3636·223e·3c74·6162·6c65·2063·6c61·7373··66"><table·class0003b590:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
0003b5a0:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st0003b5a0:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
0003b5b0:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord0003b5b0:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
0003b5c0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde0003b5c0:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
0003b5d0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co0003b5d0:·730a·6966·2021·2028·207b·2072·706d·202d··s.if·!·(·{·rpm·-
0003b5e0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t0003b5e0:·2d71·7569·6574·202d·7120·6b65·726e·656c··-quiet·-q·kernel
0003b5f0:·643e·6869·6768·3c2f·7464·3e3c·2f74·723e··d>high</td></tr>0003b5f0:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003b600:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti0003b600:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b610:·6f6e·3a3c·2f74·683e·3c74·643e·6d65·6469··on:</th><td>medi0003b610:·7270·6d2d·6f73·7472·6565·203b·7d20·2661··rpm-ostree·;}·&a
0003b620:·756d·3c2f·7464·3e3c·2f74·723e·3c74·723e··um</td></tr><tr>0003b620:·6d70·3b26·616d·703b·207b·2072·706d·202d··mp;&amp;·{·rpm·-
0003b630:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>0003b630:·2d71·7569·6574·202d·7120·626f·6f74·6320··-quiet·-q·bootc·
0003b640:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></0003b640:·3b7d·2026·616d·703b·2661·6d70·3b20·7b20··;}·&amp;&amp;·{·
0003b650:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat0003b650:·2120·7270·6d20·2d2d·7175·6965·7420·2d71··!·rpm·--quiet·-q
0003b660:·6567·793a·3c2f·7468·3e3c·7464·3e72·6573··egy:</th><td>res0003b660:·206f·7065·6e73·6869·6674·2d6b·7562·656c···openshift-kubel
0003b670:·7472·6963·743c·2f74·643e·3c2f·7472·3e3c··trict</td></tr><0003b670:·6574·203b·7d20·293b·2074·6865·6e0a·0a23··et·;}·);·then..#
0003b680:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod0003b680:·2046·696e·6420·7768·6963·6820·6669·6c65···Find·which·file
0003b690:·653e·2d20·6e61·6d65·3a20·4761·7468·6572··e>-·name:·Gather0003b690:·7320·6861·7665·2069·6e63·6f72·7265·6374··s·have·incorrect
0003b6a0:·2074·6865·2070·6163·6b61·6765·2066·6163···the·package·fac0003b6a0:·2068·6173·6820·286e·6f74·2069·6e20·2f65···hash·(not·in·/e
0003b6b0:·7473·0a20·2070·6163·6b61·6765·5f66·6163··ts.··package_fac0003b6b0:·7463·2c20·6265·6361·7573·6520·6f66·2074··tc,·because·of·t
0003b6c0:·7473·3a0a·2020·2020·6d61·6e61·6765·723a··ts:.····manager:0003b6c0:·6865·2073·7973·7465·6d20·7265·6c61·7465··he·system·relate
0003b6d0:·2061·7574·6f0a·2020·7461·6773·3a0a·2020···auto.··tags:.··0003b6d0:·6420·636f·6e66·6967·2066·696c·6573·2920··d·config·files)·
0003b6e0:·2d20·4343·452d·3839·3934·342d·330a·2020··-·CCE-89944-3.··0003b6e0:·616e·6420·7468·656e·2067·6574·2066·696c··and·then·get·fil
0003b6f0:·2d20·434a·4953·2d35·2e31·302e·342e·310a··-·CJIS-5.10.4.1.0003b6f0:·6573·206e·616d·6573·0a66·696c·6573·5f77··es·names.files_w
0003b700:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003b700:·6974·685f·696e·636f·7272·6563·745f·6861··ith_incorrect_ha
0003b710:·2d33·2e33·2e38·0a20·202d·204e·4953·542d··-3.3.8.··-·NIST-0003b710:·7368·3d22·2428·7270·6d20·2d56·6120·2d2d··sh="$(rpm·-Va·--
0003b720:·3830·302d·3137·312d·332e·342e·310a·2020··800-171-3.4.1.··0003b720:·6e6f·636f·6e66·6967·207c·2067·7265·7020··noconfig·|·grep·
0003b730:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU0003b730:·2d45·2027·5e2e·2e35·2720·7c20·6177·6b20··-E·'^..5'·|·awk·
0003b740:·2d39·2833·290a·2020·2d20·4e49·5354·2d38··-9(3).··-·NIST-80003b740:·277b·7072·696e·7420·244e·467d·2720·2922··'{print·$NF}'·)"
0003b750:·3030·2d35·332d·434d·2d36·2863·290a·2020··00-53-CM-6(c).··0003b750:·0a0a·6966·205b·202d·6e20·2224·6669·6c65··..if·[·-n·"$file
0003b760:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003b760:·735f·7769·7468·5f69·6e63·6f72·7265·6374··s_with_incorrect
0003b770:·2d36·2864·290a·2020·2d20·4e49·5354·2d38··-6(d).··-·NIST-80003b770:·5f68·6173·6822·205d·3b20·7468·656e·0a20··_hash"·];·then.·
0003b780:·3030·2d35·332d·5349·2d37·0a20·202d·204e··00-53-SI-7.··-·N0003b780:·2020·2023·2046·726f·6d20·6669·6c65·7320·····#·From·files·
0003b790:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003b790:·6e61·6d65·7320·6765·7420·7061·636b·6167··names·get·packag
0003b7a0:·3129·0a20·202d·204e·4953·542d·3830·302d··1).··-·NIST-800-0003b7a0:·6520·6e61·6d65·7320·616e·6420·6368·616e··e·names·and·chan
0003b7b0:·3533·2d53·492d·3728·3629·0a20·202d·2050··53-SI-7(6).··-·P0003b7b0:·6765·206e·6577·6c69·6e65·2074·6f20·7370··ge·newline·to·sp
0003b7c0:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.0003b7c0:·6163·652c·2062·6563·6175·7365·2072·706d··ace,·because·rpm
0003b7d0:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-110003b7d0:·2077·7269·7465·7320·6561·6368·2070·6163···writes·each·pac
0003b7e0:·2e35·2e32·0a20·202d·2068·6967·685f·636f··.5.2.··-·high_co0003b7e0:·6b61·6765·2074·6f20·6e65·7720·6c69·6e65··kage·to·new·line
0003b7f0:·6d70·6c65·7869·7479·0a20·202d·2068·6967··mplexity.··-·hig0003b7f0:·0a20·2020·2070·6163·6b61·6765·735f·746f··.····packages_to
0003b800:·685f·7365·7665·7269·7479·0a20·202d·206d··h_severity.··-·m0003b800:·5f72·6569·6e73·7461·6c6c·3d22·2428·7270··_reinstall="$(rp
0003b810:·6564·6975·6d5f·6469·7372·7570·7469·6f6e··edium_disruption0003b810:·6d20·2d71·6620·2466·696c·6573·5f77·6974··m·-qf·$files_wit
0003b820:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n0003b820:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003b830:·6565·6465·640a·2020·2d20·7265·7374·7269··eeded.··-·restri0003b830:·207c·2074·7220·275c·6e27·2027·2027·2922···|·tr·'\n'·'·')"
0003b840:·6374·5f73·7472·6174·6567·790a·2020·2d20··ct_strategy.··-·0003b840:·0a0a·2020·2020·0a20·2020·2064·6e66·2072··..····.····dnf·r
0003b850:·7270·6d5f·7665·7269·6679·5f68·6173·6865··rpm_verify_hashe0003b850:·6569·6e73·7461·6c6c·202d·7920·2470·6163··einstall·-y·$pac
0003b860:·730a·0a2d·206e·616d·653a·2027·5365·7420··s..-·name:·'Set·0003b860:·6b61·6765·735f·746f·5f72·6569·6e73·7461··kages_to_reinsta
0003b870:·6661·6374·3a20·5061·636b·6167·6520·6d61··fact:·Package·ma0003b870:·6c6c·0a20·2020·200a·6669·0a0a·656c·7365··ll.····.fi..else
0003b880:·6e61·6765·7220·7265·696e·7374·616c·6c20··nager·reinstall·0003b880:·0a20·2020·2026·6774·3b26·616d·703b·3220··.····&gt;&amp;2·
0003b890:·636f·6d6d·616e·6427·0a20·2073·6574·5f66··command'.··set_f0003b890:·6563·686f·2027·5265·6d65·6469·6174·696f··echo·'Remediatio
0003b8a0:·6163·743a·0a20·2020·2070·6163·6b61·6765··act:.····package0003b8a0:·6e20·6973·206e·6f74·2061·7070·6c69·6361··n·is·not·applica
0003b8b0:·5f6d·616e·6167·6572·5f72·6569·6e73·7461··_manager_reinsta0003b8b0:·626c·652c·206e·6f74·6869·6e67·2077·6173··ble,·nothing·was
0003b8c0:·6c6c·5f63·6d64·3a20·646e·6620·7265·696e··ll_cmd:·dnf·rein0003b8c0:·2064·6f6e·6527·0a66·690a·3c2f·636f·6465···done'.fi.</code
0003b8d0:·7374·616c·6c20·2d79·0a20·2077·6865·6e3a··stall·-y.··when:0003b8d0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
0003b8e0:·0a20·202d·206e·6f74·2028·2022·6b65·726e··.··-·not·(·"kern0003b8e0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
0003b8f0:·656c·2220·696e·2061·6e73·6962·6c65·5f66··el"·in·ansible_f0003b8f0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
0003b900:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003b900:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
0003b910:·6420·2272·706d·2d6f·7374·7265·6522·2069··d·"rpm-ostree"·i0003b910:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b920:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b920:·3639·3637·2220·7461·6269·6e64·6578·3d22··6967"·tabindex="
0003b930:·7061·636b·6167·6573·0a20·2020·2061·6e64··packages.····and0003b930:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b940:·2022·626f·6f74·6322·2069·6e20·616e·7369···"bootc"·in·ansi0003b940:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b950:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003b950:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b960:·6573·2061·6e64·206e·6f74·2022·6f70·656e··es·and·not·"open0003b960:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003b970:·7368·6966·742d·6b75·6265·6c65·7422·2069··shift-kubelet"·i0003b970:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003b980:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b980:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·
0003b990:·7061·636b·6167·6573·0a20·2020·2029·0a20··packages.····).·0003b990:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
0003b9a0:·202d·2061·6e73·6962·6c65·5f64·6973·7472···-·ansible_distr0003b9a0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003b9b0:·6962·7574·696f·6e20·696e·205b·2022·4665··ibution·in·[·"Fe0003b9b0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003b9c0:·646f·7261·222c·2022·5265·6448·6174·222c··dora",·"RedHat",0003b9c0:·6c6c·6170·7365·2220·6964·3d22·6964·6d36··llapse"·id="idm6
0003b9d0:·2022·4365·6e74·4f53·222c·2022·4f72·6163···"CentOS",·"Orac0003b9d0:·3936·3722·3e3c·7461·626c·6520·636c·6173··967"><table·clas
0003b9e0:·6c65·4c69·6e75·7822·205d·0a20·2074·6167··leLinux"·].··tag0003b9e0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003b9f0:·733a·0a20·202d·2043·4345·2d38·3939·3434··s:.··-·CCE-899440003b9f0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003ba00:·2d33·0a20·202d·2043·4a49·532d·352e·3130··-3.··-·CJIS-5.100003ba00:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003ba10:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-800003ba10:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003ba20:·302d·3137·312d·332e·332e·380a·2020·2d20··0-171-3.3.8.··-·0003ba20:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003ba30:·4e49·5354·2d38·3030·2d31·3731·2d33·2e34··NIST-800-171-3.40003ba30:·7464·3e68·6967·683c·2f74·643e·3c2f·7472··td>high</td></tr
0003ba40:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-0003ba40:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
0003ba50:·3533·2d41·552d·3928·3329·0a20·202d·204e··53-AU-9(3).··-·N0003ba50:·696f·6e3a·3c2f·7468·3e3c·7464·3e6d·6564··ion:</th><td>med
0003ba60:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003ba60:·6975·6d3c·2f74·643e·3c2f·7472·3e3c·7472··ium</td></tr><tr
0003ba70:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-0003ba70:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
0003ba80:·3533·2d43·4d2d·3628·6429·0a20·202d·204e··53-CM-6(d).··-·N0003ba80:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
0003ba90:·4953·542d·3830·302d·3533·2d53·492d·370a··IST-800-53-SI-7.0003ba90:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
0003baa0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003baa0:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re
0003bab0:·5349·2d37·2831·290a·2020·2d20·4e49·5354··SI-7(1).··-·NIST0003bab0:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>
0003bac0:·2d38·3030·2d35·332d·5349·2d37·2836·290a··-800-53-SI-7(6).0003bac0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
0003bad0:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-0003bad0:·6465·3e2d·206e·616d·653a·2047·6174·6865··de>-·name:·Gathe
0003bae0:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS0003bae0:·7220·7468·6520·7061·636b·6167·6520·6661··r·the·package·fa
0003baf0:·7634·2d31·312e·352e·320a·2020·2d20·6869··v4-11.5.2.··-·hi0003baf0:·6374·730a·2020·7061·636b·6167·655f·6661··cts.··package_fa
0003bb00:·6768·5f63·6f6d·706c·6578·6974·790a·2020··gh_complexity.··0003bb00:·6374·733a·0a20·2020·206d·616e·6167·6572··cts:.····manager
0003bb10:·2d20·6869·6768·5f73·6576·6572·6974·790a··-·high_severity.0003bb10:·3a20·6175·746f·0a20·2074·6167·733a·0a20··:·auto.··tags:.·
0003bb20:·2020·2d20·6d65·6469·756d·5f64·6973·7275····-·medium_disru0003bb20:·202d·2043·4345·2d38·3939·3434·2d33·0a20···-·CCE-89944-3.·
0003bb30:·7074·696f·6e0a·2020·2d20·6e6f·5f72·6562··ption.··-·no_reb0003bb30:·202d·2043·4a49·532d·352e·3130·2e34·2e31···-·CJIS-5.10.4.1
0003bb40:·6f6f·745f·6e65·6564·6564·0a20·202d·2072··oot_needed.··-·r0003bb40:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0003bb50:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy0003bb50:·312d·332e·332e·380a·2020·2d20·4e49·5354··1-3.3.8.··-·NIST
0003bb60:·0a20·202d·2072·706d·5f76·6572·6966·795f··.··-·rpm_verify_0003bb60:·2d38·3030·2d31·3731·2d33·2e34·2e31·0a20··-800-171-3.4.1.·
0003bb70:·6861·7368·6573·0a0a·2d20·6e61·6d65·3a20··hashes..-·name:·0003bb70:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
0003bb80:·2753·6574·2066·6163·743a·2050·6163·6b61··'Set·fact:·Packa0003bb80:·552d·3928·3329·0a20·202d·204e·4953·542d··U-9(3).··-·NIST-
0003bb90:·6765·206d·616e·6167·6572·2072·6569·6e73··ge·manager·reins0003bb90:·3830·302d·3533·2d43·4d2d·3628·6329·0a20··800-53-CM-6(c).·
0003bba0:·7461·6c6c·2063·6f6d·6d61·6e64·2028·7a79··tall·command·(zy0003bba0:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C
0003bbb0:·7070·6572·2927·0a20·2073·6574·5f66·6163··pper)'.··set_fac0003bbb0:·4d2d·3628·6429·0a20·202d·204e·4953·542d··M-6(d).··-·NIST-
0003bbc0:·743a·0a20·2020·2070·6163·6b61·6765·5f6d··t:.····package_m0003bbc0:·3830·302d·3533·2d53·492d·370a·2020·2d20··800-53-SI-7.··-·
0003bbd0:·616e·6167·6572·5f72·6569·6e73·7461·6c6c··anager_reinstall0003bbd0:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-7
0003bbe0:·5f63·6d64·3a20·7a79·7070·6572·2069·6e20··_cmd:·zypper·in·0003bbe0:·2831·290a·2020·2d20·4e49·5354·2d38·3030··(1).··-·NIST-800
0003bbf0:·2d66·202d·790a·2020·7768·656e·3a0a·2020··-f·-y.··when:.··0003bbf0:·2d35·332d·5349·2d37·2836·290a·2020·2d20··-53-SI-7(6).··-·
0003bc00:·2d20·6e6f·7420·2820·226b·6572·6e65·6c22··-·not·(·"kernel"0003bc00:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.5
0003bc10:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003bc10:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1
0003bc20:·732e·7061·636b·6167·6573·2061·6e64·2022··s.packages·and·"0003bc20:·312e·352e·320a·2020·2d20·6869·6768·5f63··1.5.2.··-·high_c
0003bc30:·7270·6d2d·6f73·7472·6565·2220·696e·2061··rpm-ostree"·in·a0003bc30:·6f6d·706c·6578·6974·790a·2020·2d20·6869··omplexity.··-·hi
0003bc40:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003bc40:·6768·5f73·6576·6572·6974·790a·2020·2d20··gh_severity.··-·
0003bc50:·6b61·6765·730a·2020·2020·616e·6420·2262··kages.····and·"b0003bc50:·6d65·6469·756d·5f64·6973·7275·7074·696f··medium_disruptio
0003bc60:·6f6f·7463·2220·696e·2061·6e73·6962·6c65··ootc"·in·ansible0003bc60:·6e0a·2020·2d20·6e6f·5f72·6562·6f6f·745f··n.··-·no_reboot_
0003bc70:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003bc70:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr
0003bc80:·616e·6420·6e6f·7420·226f·7065·6e73·6869··and·not·"openshi0003bc80:·6963·745f·7374·7261·7465·6779·0a20·202d··ict_strategy.··-
0003bc90:·6674·2d6b·7562·656c·6574·2220·696e·2061··ft-kubelet"·in·a0003bc90:·2072·706d·5f76·6572·6966·795f·6861·7368···rpm_verify_hash
0003bca0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003bca0:·6573·0a0a·2d20·6e61·6d65·3a20·2753·6574··es..-·name:·'Set
Max diff block lines reached; 6366496/6422276 bytes (99.13%) of diff not shown.
670 KB
html2text {}
    
Offset 103, 14 lines modifiedOffset 103, 33 lines modified
103 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6103 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
104 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4104 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
105 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)105 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
106 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1106 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
107 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5107 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
108 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227108 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
109 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2109 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 110 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 111 #·Remediation·is·applicable·only·in·certain·platforms
 112 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 113 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 114 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 115 if·[·-n·"$files_with_incorrect_hash"·];·then
 116 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 117 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 118 ····dnf·reinstall·-y·$packages_to_reinstall
  
 119 fi
  
 120 else
 121 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 122 fi
110 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8123 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
111 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high124 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
112 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium125 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
113 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false126 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
114 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict127 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
115 -·name:·Gather·the·package·facts128 -·name:·Gather·the·package·facts
116 ··package_facts:129 ··package_facts:
Offset 283, 33 lines modifiedOffset 302, 14 lines modified
283 ··-·PCI-DSSv4-11.5.2302 ··-·PCI-DSSv4-11.5.2
284 ··-·high_complexity303 ··-·high_complexity
285 ··-·high_severity304 ··-·high_severity
286 ··-·medium_disruption305 ··-·medium_disruption
287 ··-·no_reboot_needed306 ··-·no_reboot_needed
288 ··-·restrict_strategy307 ··-·restrict_strategy
289 ··-·rpm_verify_hashes308 ··-·rpm_verify_hashes
290 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
291 #·Remediation·is·applicable·only·in·certain·platforms 
292 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
293 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
294 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
295 if·[·-n·"$files_with_incorrect_hash"·];·then 
296 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
297 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
298 ····dnf·reinstall·-y·$packages_to_reinstall 
  
299 fi 
  
300 else 
301 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
302 fi 
303 Group  ·System·Cryptographic·Policies·  Group·contains·2·rules309 Group  ·System·Cryptographic·Policies·  Group·contains·2·rules
304 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:310 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:
305 ····*·GnuTLS·library311 ····*·GnuTLS·library
306 ····*·OpenSSL·library312 ····*·OpenSSL·library
307 ····*·NSS·library313 ····*·NSS·library
308 ····*·OpenJDK314 ····*·OpenJDK
309 ····*·Libkrb5315 ····*·Libkrb5
Offset 331, 39 lines modifiedOffset 331, 33 lines modified
331 ·············_\x8i_\x8s_\x8m······1446331 ·············_\x8i_\x8s_\x8m······1446
332 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1332 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1,·CIP-007-3·R7.1
333 References:··_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)333 References:··_\x8n_\x8i_\x8s_\x8t·····AC-17(a),·AC-17(2),·CM-6(a),·MA-4(6),·SC-13,·SC-12(2),·SC-12(3)
334 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1334 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
335 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174335 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
336 ·············_\x8c_\x8i_\x8s······1.6.1336 ·············_\x8c_\x8i_\x8s······1.6.1
337 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2337 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
338 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8338 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
  
 339 var_system_crypto_policy='DEFAULT'
  
  
 340 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 341 rc=$?
  
 342 if·test·"$rc"·=·127;·then
 343 »       echo·"$stderr_of_call"·>&2
 344 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 345 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 346 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 347 »       false··#·end·with·an·error·code
 348 elif·test·"$rc"·!=·0;·then
 349 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 350 »       false··#·end·with·an·error·code
 351 fi
339 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
340 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
341 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true 
342 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
343 --- 
344 apiVersion:·machineconfiguration.openshift.io/v1 
345 kind:·MachineConfig 
346 spec: 
347 ··config: 
348 ····ignition: 
349 ······version:·3.1.0 
350 ····systemd: 
351 ······units: 
352 ········-·name:·configure-crypto-policy.service 
353 ··········enabled:·true 
354 ··········contents:·| 
355 ············[Unit] 
356 ············Before=kubelet.service 
357 ············[Service] 
358 ············Type=oneshot 
359 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}} 
360 ············RemainAfterExit=yes 
361 ············[Install] 
362 ············WantedBy=multi-user.target 
363 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8352 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
364 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low353 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
365 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low354 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
366 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false355 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
367 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict356 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
368 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable357 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
369 ··set_fact:358 ··set_fact:
Offset 410, 33 lines modifiedOffset 404, 39 lines modified
410 ··-·PCI-DSSv4-2.2.7404 ··-·PCI-DSSv4-2.2.7
Max diff block lines reached; 679836/685849 bytes (99.12%) of diff not shown.
20.1 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-hipaa.html
    
Offset 15208, 414 lines modifiedOffset 15208, 414 lines modified
0003b670:·2d74·6172·6765·743d·2223·6964·6d36·3936··-target="#idm6960003b670:·2d74·6172·6765·743d·2223·6964·6d36·3936··-target="#idm696
0003b680:·3622·2074·6162·696e·6465·783d·2230·2220··6"·tabindex="0"·0003b680:·3622·2074·6162·696e·6465·783d·2230·2220··6"·tabindex="0"·
0003b690:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003b690:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003b6a0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003b6a0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003b6b0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003b6b0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003b6c0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003b6c0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
Diff chunk too large, falling back to line-by-line diff (400 lines added, 400 lines removed)
0003b6d0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003b6d0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003b6e0:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni0003b6e0:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
0003b6f0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003b6f0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003b700:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003b700:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003b710:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003b710:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003b720:·7073·6522·2069·643d·2269·646d·3639·3636··pse"·id="idm69660003b720:·2220·6964·3d22·6964·6d36·3936·3622·3e3c··"·id="idm6966"><
0003b730:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="0003b730:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
0003b740:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri0003b740:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
0003b750:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border0003b750:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
0003b760:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens0003b760:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
0003b770:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp0003b770:·6966·2021·2028·207b·2072·706d·202d·2d71··if·!·(·{·rpm·--q
0003b780:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>0003b780:·7569·6574·202d·7120·6b65·726e·656c·203b··uiet·-q·kernel·;
0003b790:·6869·6768·3c2f·7464·3e3c·2f74·723e·3c74··high</td></tr><t0003b790:·7d20·2661·6d70·3b26·616d·703b·207b·2072··}·&amp;&amp;·{·r
0003b7a0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption0003b7a0:·706d·202d·2d71·7569·6574·202d·7120·7270··pm·--quiet·-q·rp
0003b7b0:·3a3c·2f74·683e·3c74·643e·6d65·6469·756d··:</th><td>medium0003b7b0:·6d2d·6f73·7472·6565·203b·7d20·2661·6d70··m-ostree·;}·&amp
0003b7c0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003b7c0:·3b26·616d·703b·207b·2072·706d·202d·2d71··;&amp;·{·rpm·--q
0003b7d0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t0003b7d0:·7569·6574·202d·7120·626f·6f74·6320·3b7d··uiet·-q·bootc·;}
0003b7e0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr0003b7e0:·2026·616d·703b·2661·6d70·3b20·7b20·2120···&amp;&amp;·{·!·
0003b7f0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg0003b7f0:·7270·6d20·2d2d·7175·6965·7420·2d71·206f··rpm·--quiet·-q·o
0003b800:·793a·3c2f·7468·3e3c·7464·3e72·6573·7472··y:</th><td>restr0003b800:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet
0003b810:·6963·743c·2f74·643e·3c2f·7472·3e3c·2f74··ict</td></tr></t0003b810:·203b·7d20·293b·2074·6865·6e0a·0a23·2046···;}·);·then..#·F
0003b820:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>0003b820:·696e·6420·7768·6963·6820·6669·6c65·7320··ind·which·files·
0003b830:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t0003b830:·6861·7665·2069·6e63·6f72·7265·6374·2068··have·incorrect·h
0003b840:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts0003b840:·6173·6820·286e·6f74·2069·6e20·2f65·7463··ash·(not·in·/etc
0003b850:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts0003b850:·2c20·6265·6361·7573·6520·6f66·2074·6865··,·because·of·the
0003b860:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a0003b860:·2073·7973·7465·6d20·7265·6c61·7465·6420···system·related·
0003b870:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-·0003b870:·636f·6e66·6967·2066·696c·6573·2920·616e··config·files)·an
0003b880:·4343·452d·3839·3934·342d·330a·2020·2d20··CCE-89944-3.··-·0003b880:·6420·7468·656e·2067·6574·2066·696c·6573··d·then·get·files
0003b890:·434a·4953·2d35·2e31·302e·342e·310a·2020··CJIS-5.10.4.1.··0003b890:·206e·616d·6573·0a66·696c·6573·5f77·6974···names.files_wit
0003b8a0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003b8a0:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003b8b0:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-800003b8b0:·3d22·2428·7270·6d20·2d56·6120·2d2d·6e6f··="$(rpm·-Va·--no
0003b8c0:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·0003b8c0:·636f·6e66·6967·207c·2067·7265·7020·2d45··config·|·grep·-E
0003b8d0:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-90003b8d0:·2027·5e2e·2e35·2720·7c20·6177·6b20·277b···'^..5'·|·awk·'{
0003b8e0:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-8000003b8e0:·7072·696e·7420·244e·467d·2720·2922·0a0a··print·$NF}'·)"..
0003b8f0:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·0003b8f0:·6966·205b·202d·6e20·2224·6669·6c65·735f··if·[·-n·"$files_
0003b900:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003b900:·7769·7468·5f69·6e63·6f72·7265·6374·5f68··with_incorrect_h
0003b910:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-8000003b910:·6173·6822·205d·3b20·7468·656e·0a20·2020··ash"·];·then.···
0003b920:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS0003b920:·2023·2046·726f·6d20·6669·6c65·7320·6e61···#·From·files·na
0003b930:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)0003b930:·6d65·7320·6765·7420·7061·636b·6167·6520··mes·get·package·
0003b940:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b940:·6e61·6d65·7320·616e·6420·6368·616e·6765··names·and·change
0003b950:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI0003b950:·206e·6577·6c69·6e65·2074·6f20·7370·6163···newline·to·spac
0003b960:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··0003b960:·652c·2062·6563·6175·7365·2072·706d·2077··e,·because·rpm·w
0003b970:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.50003b970:·7269·7465·7320·6561·6368·2070·6163·6b61··rites·each·packa
0003b980:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp0003b980:·6765·2074·6f20·6e65·7720·6c69·6e65·0a20··ge·to·new·line.·
0003b990:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_0003b990:·2020·2070·6163·6b61·6765·735f·746f·5f72·····packages_to_r
0003b9a0:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med0003b9a0:·6569·6e73·7461·6c6c·3d22·2428·7270·6d20··einstall="$(rpm·
0003b9b0:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·0003b9b0:·2d71·6620·2466·696c·6573·5f77·6974·685f··-qf·$files_with_
0003b9c0:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee0003b9c0:·696e·636f·7272·6563·745f·6861·7368·207c··incorrect_hash·|
0003b9d0:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict0003b9d0:·2074·7220·275c·6e27·2027·2027·2922·0a0a···tr·'\n'·'·')"..
0003b9e0:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp0003b9e0:·2020·2020·0a20·2020·2064·6e66·2072·6569······.····dnf·rei
0003b9f0:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.0003b9f0:·6e73·7461·6c6c·202d·7920·2470·6163·6b61··nstall·-y·$packa
0003ba00:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa0003ba00:·6765·735f·746f·5f72·6569·6e73·7461·6c6c··ges_to_reinstall
0003ba10:·6374·3a20·5061·636b·6167·6520·6d61·6e61··ct:·Package·mana0003ba10:·0a20·2020·200a·6669·0a0a·656c·7365·0a20··.····.fi..else.·
0003ba20:·6765·7220·7265·696e·7374·616c·6c20·636f··ger·reinstall·co0003ba20:·2020·2026·6774·3b26·616d·703b·3220·6563·····&gt;&amp;2·ec
0003ba30:·6d6d·616e·6427·0a20·2073·6574·5f66·6163··mmand'.··set_fac0003ba30:·686f·2027·5265·6d65·6469·6174·696f·6e20··ho·'Remediation·
0003ba40:·743a·0a20·2020·2070·6163·6b61·6765·5f6d··t:.····package_m0003ba40:·6973·206e·6f74·2061·7070·6c69·6361·626c··is·not·applicabl
0003ba50:·616e·6167·6572·5f72·6569·6e73·7461·6c6c··anager_reinstall0003ba50:·652c·206e·6f74·6869·6e67·2077·6173·2064··e,·nothing·was·d
0003ba60:·5f63·6d64·3a20·646e·6620·7265·696e·7374··_cmd:·dnf·reinst0003ba60:·6f6e·6527·0a66·690a·3c2f·636f·6465·3e3c··one'.fi.</code><
0003ba70:·616c·6c20·2d79·0a20·2077·6865·6e3a·0a20··all·-y.··when:.·0003ba70:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl
0003ba80:·202d·206e·6f74·2028·2022·6b65·726e·656c···-·not·(·"kernel0003ba80:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc
0003ba90:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003ba90:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl
0003baa0:·7473·2e70·6163·6b61·6765·7320·616e·6420··ts.packages·and·0003baa0:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat
0003bab0:·2272·706d·2d6f·7374·7265·6522·2069·6e20··"rpm-ostree"·in·0003bab0:·612d·7461·7267·6574·3d22·2369·646d·3639··a-target="#idm69
0003bac0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003bac0:·3637·2220·7461·6269·6e64·6578·3d22·3022··67"·tabindex="0"
0003bad0:·636b·6167·6573·0a20·2020·2061·6e64·2022··ckages.····and·"0003bad0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003bae0:·626f·6f74·6322·2069·6e20·616e·7369·626c··bootc"·in·ansibl0003bae0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003baf0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003baf0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003bb00:·2061·6e64·206e·6f74·2022·6f70·656e·7368···and·not·"opensh0003bb00:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003bb10:·6966·742d·6b75·6265·6c65·7422·2069·6e20··ift-kubelet"·in·0003bb10:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
0003bb20:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003bb20:·6174·696f·6e20·416e·7369·626c·6520·736e··ation·Ansible·sn
0003bb30:·636b·6167·6573·0a20·2020·2029·0a20·202d··ckages.····).··-0003bb30:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br
0003bb40:·2061·6e73·6962·6c65·5f64·6973·7472·6962···ansible_distrib0003bb40:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003bb50:·7574·696f·6e20·696e·205b·2022·4665·646f··ution·in·[·"Fedo0003bb50:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003bb60:·7261·222c·2022·5265·6448·6174·222c·2022··ra",·"RedHat",·"0003bb60:·6170·7365·2220·6964·3d22·6964·6d36·3936··apse"·id="idm696
0003bb70:·4365·6e74·4f53·222c·2022·4f72·6163·6c65··CentOS",·"Oracle0003bb70:·3722·3e3c·7461·626c·6520·636c·6173·733d··7"><table·class=
0003bb80:·4c69·6e75·7822·205d·0a20·2074·6167·733a··Linux"·].··tags:0003bb80:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
0003bb90:·0a20·202d·2043·4345·2d38·3939·3434·2d33··.··-·CCE-89944-30003bb90:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
0003bba0:·0a20·202d·2043·4a49·532d·352e·3130·2e34··.··-·CJIS-5.10.40003bba0:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
0003bbb0:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-0003bbb0:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
0003bbc0:·3137·312d·332e·332e·380a·2020·2d20·4e49··171-3.3.8.··-·NI0003bbc0:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
0003bbd0:·5354·2d38·3030·2d31·3731·2d33·2e34·2e31··ST-800-171-3.4.10003bbd0:·3e68·6967·683c·2f74·643e·3c2f·7472·3e3c··>high</td></tr><
0003bbe0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bbe0:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio
0003bbf0:·2d41·552d·3928·3329·0a20·202d·204e·4953··-AU-9(3).··-·NIS0003bbf0:·6e3a·3c2f·7468·3e3c·7464·3e6d·6564·6975··n:</th><td>mediu
0003bc00:·542d·3830·302d·3533·2d43·4d2d·3628·6329··T-800-53-CM-6(c)0003bc00:·6d3c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··m</td></tr><tr><
0003bc10:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bc10:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
0003bc20:·2d43·4d2d·3628·6429·0a20·202d·204e·4953··-CM-6(d).··-·NIS0003bc20:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
0003bc30:·542d·3830·302d·3533·2d53·492d·370a·2020··T-800-53-SI-7.··0003bc30:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
0003bc40:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003bc40:·6779·3a3c·2f74·683e·3c74·643e·7265·7374··gy:</th><td>rest
0003bc50:·2d37·2831·290a·2020·2d20·4e49·5354·2d38··-7(1).··-·NIST-80003bc50:·7269·6374·3c2f·7464·3e3c·2f74·723e·3c2f··rict</td></tr></
0003bc60:·3030·2d35·332d·5349·2d37·2836·290a·2020··00-53-SI-7(6).··0003bc60:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
0003bc70:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-110003bc70:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather·
0003bc80:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv40003bc80:·7468·6520·7061·636b·6167·6520·6661·6374··the·package·fact
0003bc90:·2d31·312e·352e·320a·2020·2d20·6869·6768··-11.5.2.··-·high0003bc90:·730a·2020·7061·636b·6167·655f·6661·6374··s.··package_fact
0003bca0:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·0003bca0:·733a·0a20·2020·206d·616e·6167·6572·3a20··s:.····manager:·
0003bcb0:·6869·6768·5f73·6576·6572·6974·790a·2020··high_severity.··0003bcb0:·6175·746f·0a20·2074·6167·733a·0a20·202d··auto.··tags:.··-
0003bcc0:·2d20·6d65·6469·756d·5f64·6973·7275·7074··-·medium_disrupt0003bcc0:·2043·4345·2d38·3939·3434·2d33·0a20·202d···CCE-89944-3.··-
0003bcd0:·696f·6e0a·2020·2d20·6e6f·5f72·6562·6f6f··ion.··-·no_reboo0003bcd0:·2043·4a49·532d·352e·3130·2e34·2e31·0a20···CJIS-5.10.4.1.·
0003bce0:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res0003bce0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
0003bcf0:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.·0003bcf0:·332e·332e·380a·2020·2d20·4e49·5354·2d38··3.3.8.··-·NIST-8
0003bd00:·202d·2072·706d·5f76·6572·6966·795f·6861···-·rpm_verify_ha0003bd00:·3030·2d31·3731·2d33·2e34·2e31·0a20·202d··00-171-3.4.1.··-
0003bd10:·7368·6573·0a0a·2d20·6e61·6d65·3a20·2753··shes..-·name:·'S0003bd10:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-
0003bd20:·6574·2066·6163·743a·2050·6163·6b61·6765··et·fact:·Package0003bd20:·3928·3329·0a20·202d·204e·4953·542d·3830··9(3).··-·NIST-80
0003bd30:·206d·616e·6167·6572·2072·6569·6e73·7461···manager·reinsta0003bd30:·302d·3533·2d43·4d2d·3628·6329·0a20·202d··0-53-CM-6(c).··-
0003bd40:·6c6c·2063·6f6d·6d61·6e64·2028·7a79·7070··ll·command·(zypp0003bd40:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
0003bd50:·6572·2927·0a20·2073·6574·5f66·6163·743a··er)'.··set_fact:0003bd50:·3628·6429·0a20·202d·204e·4953·542d·3830··6(d).··-·NIST-80
0003bd60:·0a20·2020·2070·6163·6b61·6765·5f6d·616e··.····package_man0003bd60:·302d·3533·2d53·492d·370a·2020·2d20·4e49··0-53-SI-7.··-·NI
0003bd70:·6167·6572·5f72·6569·6e73·7461·6c6c·5f63··ager_reinstall_c0003bd70:·5354·2d38·3030·2d35·332d·5349·2d37·2831··ST-800-53-SI-7(1
0003bd80:·6d64·3a20·7a79·7070·6572·2069·6e20·2d66··md:·zypper·in·-f0003bd80:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003bd90:·202d·790a·2020·7768·656e·3a0a·2020·2d20···-y.··when:.··-·0003bd90:·332d·5349·2d37·2836·290a·2020·2d20·5043··3-SI-7(6).··-·PC
0003bda0:·6e6f·7420·2820·226b·6572·6e65·6c22·2069··not·(·"kernel"·i0003bda0:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.·
0003bdb0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003bdb0:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11.
0003bdc0:·7061·636b·6167·6573·2061·6e64·2022·7270··packages·and·"rp0003bdc0:·352e·320a·2020·2d20·6869·6768·5f63·6f6d··5.2.··-·high_com
0003bdd0:·6d2d·6f73·7472·6565·2220·696e·2061·6e73··m-ostree"·in·ans0003bdd0:·706c·6578·6974·790a·2020·2d20·6869·6768··plexity.··-·high
0003bde0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003bde0:·5f73·6576·6572·6974·790a·2020·2d20·6d65··_severity.··-·me
0003bdf0:·6765·730a·2020·2020·616e·6420·2262·6f6f··ges.····and·"boo0003bdf0:·6469·756d·5f64·6973·7275·7074·696f·6e0a··dium_disruption.
0003be00:·7463·2220·696e·2061·6e73·6962·6c65·5f66··tc"·in·ansible_f0003be00:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne
0003be10:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003be10:·6564·6564·0a20·202d·2072·6573·7472·6963··eded.··-·restric
0003be20:·6420·6e6f·7420·226f·7065·6e73·6869·6674··d·not·"openshift0003be20:·745f·7374·7261·7465·6779·0a20·202d·2072··t_strategy.··-·r
0003be30:·2d6b·7562·656c·6574·2220·696e·2061·6e73··-kubelet"·in·ans0003be30:·706d·5f76·6572·6966·795f·6861·7368·6573··pm_verify_hashes
0003be40:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003be40:·0a0a·2d20·6e61·6d65·3a20·2753·6574·2066··..-·name:·'Set·f
Max diff block lines reached; 19445293/19501073 bytes (99.71%) of diff not shown.
1.54 MB
html2text {}
    
Offset 110, 14 lines modifiedOffset 110, 33 lines modified
110 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6110 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
111 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4111 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
112 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)112 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
113 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1113 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
114 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5114 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
115 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227115 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
116 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2116 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 117 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 118 #·Remediation·is·applicable·only·in·certain·platforms
 119 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 120 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 121 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 122 if·[·-n·"$files_with_incorrect_hash"·];·then
 123 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 124 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 125 ····dnf·reinstall·-y·$packages_to_reinstall
  
 126 fi
  
 127 else
 128 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 129 fi
117 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
118 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high131 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
119 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium132 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
120 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false133 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
121 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict134 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
122 -·name:·Gather·the·package·facts135 -·name:·Gather·the·package·facts
123 ··package_facts:136 ··package_facts:
Offset 290, 33 lines modifiedOffset 309, 14 lines modified
290 ··-·PCI-DSSv4-11.5.2309 ··-·PCI-DSSv4-11.5.2
291 ··-·high_complexity310 ··-·high_complexity
292 ··-·high_severity311 ··-·high_severity
293 ··-·medium_disruption312 ··-·medium_disruption
294 ··-·no_reboot_needed313 ··-·no_reboot_needed
295 ··-·restrict_strategy314 ··-·restrict_strategy
296 ··-·rpm_verify_hashes315 ··-·rpm_verify_hashes
297 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
298 #·Remediation·is·applicable·only·in·certain·platforms 
299 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
300 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
301 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
302 if·[·-n·"$files_with_incorrect_hash"·];·then 
303 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
304 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
305 ····dnf·reinstall·-y·$packages_to_reinstall 
  
306 fi 
  
307 else 
308 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
309 fi 
310 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*316 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
311 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:317 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
312 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'318 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
313 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:319 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
314 $·rpm·-qf·FILENAME320 $·rpm·-qf·FILENAME
  
315 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:321 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 338, 14 lines modifiedOffset 338, 50 lines modified
338 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5338 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
339 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2339 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
340 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)340 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
341 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1341 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
342 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5342 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
343 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108343 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
344 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2344 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 345 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 346 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 347 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 348 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 349 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 350 #·Remediation·is·applicable·only·in·certain·platforms
 351 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 352 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 353 declare·-A·SETPERMS_RPM_DICT
  
 354 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 355 #·is·expected·by·the·RPM·database
 356 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 357 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 358 do
 359 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 360 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 361 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 362 ········do
 363 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 364 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 365 ········done
 366 done
  
 367 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 368 #·correct·values
 369 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 370 do
 371 »       rpm·--restore·"${RPM_PACKAGE}"
 372 done
  
 373 else
 374 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 375 fi
345 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8376 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
346 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high377 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
347 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium378 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
348 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false379 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
349 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict380 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
350 -·name:·Gather·the·package·facts381 -·name:·Gather·the·package·facts
351 ··package_facts:382 ··package_facts:
Offset 461, 50 lines modifiedOffset 497, 14 lines modified
461 ··-·PCI-DSSv4-11.5.2497 ··-·PCI-DSSv4-11.5.2
462 ··-·high_complexity498 ··-·high_complexity
463 ··-·high_severity499 ··-·high_severity
464 ··-·medium_disruption500 ··-·medium_disruption
465 ··-·no_reboot_needed501 ··-·no_reboot_needed
466 ··-·restrict_strategy502 ··-·restrict_strategy
467 ··-·rpm_verify_permissions503 ··-·rpm_verify_permissions
468 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 1604374/1612472 bytes (99.50%) of diff not shown.
11.5 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-ism_o.html
    
Offset 15120, 281 lines modifiedOffset 15120, 281 lines modified
0003b0f0:·6172·6765·743d·2223·6964·6d37·3330·3722··arget="#idm7307"0003b0f0:·6172·6765·743d·2223·6964·6d37·3330·3722··arget="#idm7307"
0003b100:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003b100:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003b110:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003b110:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003b120:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003b120:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003b130:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003b130:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003b140:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003b140:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003b150:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003b150:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003b160:·6f6e·2041·6e61·636f·6e64·6120·736e·6970··on·Anaconda·snip 
0003b170:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003b180:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003b190:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003b1a0:·7365·2220·6964·3d22·6964·6d37·3330·3722··se"·id="idm7307" 
0003b1b0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t 
0003b1c0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip 
0003b1d0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere 
0003b1e0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003b1f0:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl 
0003b200:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l 
0003b210:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b220:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:< 
0003b230:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003b240:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb 
0003b250:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal 
0003b260:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr> 
0003b270:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t 
0003b280:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td 
0003b290:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p 
0003b2a0:·7265·3e3c·636f·6465·3e0a·7061·636b·6167··re><code>.packag 
0003b2b0:·6520·2d2d·6164·643d·6169·6465·0a3c·2f63··e·--add=aide.</c 
0003b2c0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b2d0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b2e0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b2f0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b300:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b310:·6964·6d37·3330·3822·2074·6162·696e·6465··idm7308"·tabinde 
0003b320:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b330:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b340:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b350:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b360:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b370:·656d·6564·6961·7469·6f6e·2050·7570·7065··emediation·Puppe 
0003b380:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a0003b160:·6f6e·2073·6372·6970·7420·e287·b23c·2f61··on·script·...</a
0003b390:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=0003b170:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003b3a0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b3b0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b3c0:·6d37·3330·3822·3e3c·7461·626c·6520·636c··m7308"><table·cl 
0003b3d0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003b3e0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003b3f0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003b400:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003b410:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003b420:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b430:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003b440:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003b450:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b460:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003b470:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003b480:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003b490:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003b4a0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
0003b4b0:·626c·653e·3c70·7265·3e3c·636f·6465·3e69··ble><pre><code>i 
0003b4c0:·6e63·6c75·6465·2069·6e73·7461·6c6c·5f61··nclude·install_a 
0003b4d0:·6964·650a·0a63·6c61·7373·2069·6e73·7461··ide..class·insta 
0003b4e0:·6c6c·5f61·6964·6520·7b0a·2020·7061·636b··ll_aide·{.··pack 
0003b4f0:·6167·6520·7b20·2761·6964·6527·3a0a·2020··age·{·'aide':.·· 
0003b500:·2020·656e·7375·7265·203d·2667·743b·2027····ensure·=&gt;·' 
0003b510:·696e·7374·616c·6c65·6427·2c0a·2020·7d0a··installed',.··}. 
0003b520:·7d0a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··}.</code></pre>< 
0003b530:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003b540:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003b550:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003b560:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003b570:·6574·3d22·2369·646d·3733·3039·2220·7461··et="#idm7309"·ta 
0003b580:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003b590:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003b5a0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003b5b0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003b5c0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003b5d0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003b5e0:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
0003b5f0:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003b600:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b610:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·0003b180:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003b620:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id0003b190:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003b1a0:·6d37·3330·3722·3e3c·7461·626c·6520·636c··m7307"><table·cl
 0003b1b0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
 0003b1c0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
 0003b1d0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
 0003b1e0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
 0003b1f0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003b630:·6d37·3330·3922·3e3c·7072·653e·3c63·6f64··m7309"><pre><cod 
0003b640:·653e·0a5b·5b70·6163·6b61·6765·735d·5d0a··e>.[[packages]]. 
0003b650:·6e61·6d65·203d·2022·6169·6465·220a·7665··name·=·"aide".ve 
0003b660:·7273·696f·6e20·3d20·222a·220a·3c2f·636f··rsion·=·"*".</co 
0003b670:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003b680:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003b690:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003b6a0:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003b6b0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003b6c0:·646d·3733·3130·2220·7461·6269·6e64·6578··dm7310"·tabindex 
0003b6d0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003b6e0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003b6f0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003b700:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003b710:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003b720:·6d65·6469·6174·696f·6e20·7363·7269·7074··mediation·script 
0003b730:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003b740:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003b750:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003b760:·2069·643d·2269·646d·3733·3130·223e·3c74···id="idm7310"><t 
0003b770:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003b780:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003b790:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003b7a0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003b7b0:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003b7c0:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003b7d0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b7e0:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003b7f0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b800:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003b810:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003b820:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b830:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003b840:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003b850:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003b860:·3c63·6f64·653e·0a70·6163·6b61·6765·2069··<code>.package·i 
0003b870:·6e73·7461·6c6c·2061·6964·650a·3c2f·636f··nstall·aide.</co 
Max diff block lines reached; 10852212/10889638 bytes (99.66%) of diff not shown.
1.08 MB
html2text {}
    
Offset 105, 52 lines modifiedOffset 105, 48 lines modified
105 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)105 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
106 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3106 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
107 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5107 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
108 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199108 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
109 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79109 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
110 ·············_\x8c_\x8i_\x8s············6.1.1110 ·············_\x8c_\x8i_\x8s············6.1.1
111 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2111 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
113 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low113 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
114 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low114 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
115 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false115 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
116 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable116 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
117 package·--add=aide117 dnf·install·aide
118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
123 include·install_aide123 include·install_aide
  
124 class·install_aide·{124 class·install_aide·{
125 ··package·{·'aide':125 ··package·{·'aide':
126 ····ensure·=>·'installed',126 ····ensure·=>·'installed',
127 ··}127 ··}
128 }128 }
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
130 [[packages]] 
131 name·=·"aide" 
132 version·=·"*" 
133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 134 #·Remediation·is·applicable·only·in·certain·platforms
 135 if·rpm·--quiet·-q·kernel;·then
  
 136 if·!·rpm·-q·--quiet·"aide"·;·then
 137 ····dnf·install·-y·"aide"
 138 fi
138 package·install·aide 
139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
140 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
141 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
142 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
143 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
144 dnf·install·aide139 else
 140 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 141 fi
145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
150 -·name:·Gather·the·package·facts147 -·name:·Gather·the·package·facts
151 ··package_facts:148 ··package_facts:
Offset 181, 29 lines modifiedOffset 177, 33 lines modified
181 ··-·PCI-DSSv4-11.5.2177 ··-·PCI-DSSv4-11.5.2
182 ··-·enable_strategy178 ··-·enable_strategy
183 ··-·low_complexity179 ··-·low_complexity
184 ··-·low_disruption180 ··-·low_disruption
185 ··-·medium_severity181 ··-·medium_severity
186 ··-·no_reboot_needed182 ··-·no_reboot_needed
187 ··-·package_aide_installed183 ··-·package_aide_installed
 184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 185 [[packages]]
 186 name·=·"aide"
 187 version·=·"*"
188 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8188 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
189 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low189 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
190 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low190 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
191 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false191 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
192 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable192 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
193 #·Remediation·is·applicable·only·in·certain·platforms 
194 if·rpm·--quiet·-q·kernel;·then 
  
195 if·!·rpm·-q·--quiet·"aide"·;·then 
196 ····dnf·install·-y·"aide" 
197 fi193 package·install·aide
 194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 195 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 196 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 197 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 198 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 199 package·--add=aide
198 else 
199 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
200 fi 
201 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules200 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules
202 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.201 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.
  
203 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·10.202 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·10.
  
204 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.203 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.
205 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*204 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
Offset 220, 31 lines modifiedOffset 220, 31 lines modified
220 Identifiers:·CCE-86982-6220 Identifiers:·CCE-86982-6
221 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877221 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
222 ·············_\x8i_\x8s_\x8m······1446222 ·············_\x8i_\x8s_\x8m······1446
223 References:··_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1223 References:··_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
224 ·············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12224 ·············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
225 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1225 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
226 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176226 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
227 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
228 [customizations] 
229 fips·=·true 
230 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8227 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
231 #·Remediation·is·applicable·only·in·certain·platforms228 #·Remediation·is·applicable·only·in·certain·platforms
232 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then229 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
233 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then230 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
234 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF231 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
235 kargs·=·["fips=1"]232 kargs·=·["fips=1"]
236 EOF233 EOF
237 fi234 fi
  
238 else235 else
239 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'236 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
240 fi237 fi
 238 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
Max diff block lines reached; 1130376/1136479 bytes (99.46%) of diff not shown.
11.5 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-ism_o_secret.html
    
Offset 15124, 281 lines modifiedOffset 15124, 281 lines modified
0003b130:·7267·6574·3d22·2369·646d·3733·3037·2220··rget="#idm7307"·0003b130:·7267·6574·3d22·2369·646d·3733·3037·2220··rget="#idm7307"·
0003b140:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003b140:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003b150:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003b150:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003b160:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003b160:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003b170:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003b170:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003b180:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003b180:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003b190:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003b190:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003b1a0:·6e20·416e·6163·6f6e·6461·2073·6e69·7070··n·Anaconda·snipp 
0003b1b0:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d 
0003b1c0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003b1d0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003b1e0:·6522·2069·643d·2269·646d·3733·3037·223e··e"·id="idm7307"> 
0003b1f0:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta 
0003b200:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe 
0003b210:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered 
0003b220:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed 
0003b230:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple 
0003b240:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo 
0003b250:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b260:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</ 
0003b270:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b280:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo 
0003b290:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals 
0003b2a0:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr>< 
0003b2b0:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th 
0003b2c0:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td> 
0003b2d0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
0003b2e0:·653e·3c63·6f64·653e·0a70·6163·6b61·6765··e><code>.package 
0003b2f0:·202d·2d61·6464·3d61·6964·650a·3c2f·636f···--add=aide.</co 
0003b300:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003b310:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003b320:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003b330:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003b340:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003b350:·646d·3733·3038·2220·7461·6269·6e64·6578··dm7308"·tabindex 
0003b360:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003b370:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003b380:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003b390:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003b3a0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003b3b0:·6d65·6469·6174·696f·6e20·5075·7070·6574··mediation·Puppet 
0003b3c0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>0003b1a0:·6e20·7363·7269·7074·20e2·87b2·3c2f·613e··n·script·...</a>
0003b3d0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="0003b1b0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003b3e0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c0003b1c0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003b3f0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm0003b1d0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003b400:·3733·3038·223e·3c74·6162·6c65·2063·6c61··7308"><table·cla0003b1e0:·3733·3037·223e·3c74·6162·6c65·2063·6c61··7307"><table·cla
0003b410:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-0003b1f0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
0003b420:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo0003b200:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
0003b430:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con0003b210:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
0003b440:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>0003b220:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
0003b450:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>0003b230:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003b460:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr0003b240:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
0003b470:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt0003b250:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
0003b480:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low0003b260:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low
0003b490:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003b270:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003b4a0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t0003b280:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
0003b4b0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr0003b290:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
0003b4c0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg0003b2a0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
0003b4d0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl0003b2b0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl
0003b4e0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab0003b2c0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
0003b4f0:·6c65·3e3c·7072·653e·3c63·6f64·653e·696e··le><pre><code>in0003b2d0:·6c65·3e3c·7072·653e·3c63·6f64·653e·0a64··le><pre><code>.d
 0003b2e0:·6e66·2069·6e73·7461·6c6c·2061·6964·650a··nf·install·aide.
 0003b2f0:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
 0003b300:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
 0003b310:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
 0003b320:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
 0003b330:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
 0003b340:·3d22·2369·646d·3733·3038·2220·7461·6269··="#idm7308"·tabi
 0003b350:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
 0003b360:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
 0003b370:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
 0003b380:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
 0003b390:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
 0003b3a0:·223e·5265·6d65·6469·6174·696f·6e20·5075··">Remediation·Pu
 0003b3b0:·7070·6574·2073·6e69·7070·6574·20e2·87b2··ppet·snippet·...
 0003b3c0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
 0003b3d0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
 0003b3e0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
 0003b3f0:·2269·646d·3733·3038·223e·3c74·6162·6c65··"idm7308"><table
 0003b400:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
 0003b410:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
 0003b420:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
 0003b430:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
 0003b440:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
 0003b450:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003b460:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
 0003b470:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
 0003b480:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003b490:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
 0003b4a0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
 0003b4b0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
 0003b4c0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e
 0003b4d0:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><
 0003b4e0:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
0003b500:·636c·7564·6520·696e·7374·616c·6c5f·6169··clude·install_ai0003b4f0:·653e·696e·636c·7564·6520·696e·7374·616c··e>include·instal
0003b510:·6465·0a0a·636c·6173·7320·696e·7374·616c··de..class·instal0003b500:·6c5f·6169·6465·0a0a·636c·6173·7320·696e··l_aide..class·in
0003b520:·6c5f·6169·6465·207b·0a20·2070·6163·6b61··l_aide·{.··packa0003b510:·7374·616c·6c5f·6169·6465·207b·0a20·2070··stall_aide·{.··p
0003b530:·6765·207b·2027·6169·6465·273a·0a20·2020··ge·{·'aide':.···0003b520:·6163·6b61·6765·207b·2027·6169·6465·273a··ackage·{·'aide':
0003b540:·2065·6e73·7572·6520·3d26·6774·3b20·2769···ensure·=&gt;·'i0003b530:·0a20·2020·2065·6e73·7572·6520·3d26·6774··.····ensure·=&gt
0003b550:·6e73·7461·6c6c·6564·272c·0a20·207d·0a7d··nstalled',.··}.}0003b540:·3b20·2769·6e73·7461·6c6c·6564·272c·0a20··;·'installed',.·
0003b560:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></0003b550:·207d·0a7d·0a3c·2f63·6f64·653e·3c2f·7072···}.}.</code></pr
0003b570:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt0003b560:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class
0003b580:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d0003b570:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes
0003b590:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll0003b580:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="
0003b5a0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe0003b590:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t
0003b5b0:·743d·2223·6964·6d37·3330·3922·2074·6162··t="#idm7309"·tab0003b5a0:·6172·6765·743d·2223·6964·6d37·3330·3922··arget="#idm7309"
0003b5c0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="0003b5b0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003b5d0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp0003b5c0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003b5e0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti0003b5d0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003b5f0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to0003b5e0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003b600:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#0003b5f0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003b610:·2122·3e52·656d·6564·6961·7469·6f6e·204f··!">Remediation·O0003b600:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
 0003b610:·6f6e·2053·6865·6c6c·2073·6372·6970·7420··on·Shell·script·
0003b620:·5342·7569·6c64·2042·6c75·6570·7269·6e74··SBuild·Blueprint 
0003b630:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b640:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b650:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b660:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b670:·3733·3039·223e·3c70·7265·3e3c·636f·6465··7309"><pre><code 
0003b680:·3e0a·5b5b·7061·636b·6167·6573·5d5d·0a6e··>.[[packages]].n 
0003b690:·616d·6520·3d20·2261·6964·6522·0a76·6572··ame·=·"aide".ver 
0003b6a0:·7369·6f6e·203d·2022·2a22·0a3c·2f63·6f64··sion·=·"*".</cod 
0003b6b0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003b6c0:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003b6d0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003b6e0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003b6f0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
Max diff block lines reached; 10852350/10889776 bytes (99.66%) of diff not shown.
1.08 MB
html2text {}
    
Offset 106, 52 lines modifiedOffset 106, 48 lines modified
106 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)106 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
107 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3107 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
108 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5108 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
109 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199109 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
110 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79110 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
111 ·············_\x8c_\x8i_\x8s············6.1.1111 ·············_\x8c_\x8i_\x8s············6.1.1
112 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2112 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
113 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8113 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
114 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low114 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
115 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low115 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
116 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false116 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
117 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable117 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
118 package·--add=aide118 dnf·install·aide
119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
124 include·install_aide124 include·install_aide
  
125 class·install_aide·{125 class·install_aide·{
126 ··package·{·'aide':126 ··package·{·'aide':
127 ····ensure·=>·'installed',127 ····ensure·=>·'installed',
128 ··}128 ··}
129 }129 }
130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
131 [[packages]] 
132 name·=·"aide" 
133 version·=·"*" 
134 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
135 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low131 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
136 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low132 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
137 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false133 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
138 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable134 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 135 #·Remediation·is·applicable·only·in·certain·platforms
 136 if·rpm·--quiet·-q·kernel;·then
  
 137 if·!·rpm·-q·--quiet·"aide"·;·then
 138 ····dnf·install·-y·"aide"
 139 fi
139 package·install·aide 
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
145 dnf·install·aide140 else
 141 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 142 fi
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
151 -·name:·Gather·the·package·facts148 -·name:·Gather·the·package·facts
152 ··package_facts:149 ··package_facts:
Offset 182, 29 lines modifiedOffset 178, 33 lines modified
182 ··-·PCI-DSSv4-11.5.2178 ··-·PCI-DSSv4-11.5.2
183 ··-·enable_strategy179 ··-·enable_strategy
184 ··-·low_complexity180 ··-·low_complexity
185 ··-·low_disruption181 ··-·low_disruption
186 ··-·medium_severity182 ··-·medium_severity
187 ··-·no_reboot_needed183 ··-·no_reboot_needed
188 ··-·package_aide_installed184 ··-·package_aide_installed
 185 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 186 [[packages]]
 187 name·=·"aide"
 188 version·=·"*"
189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
190 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low190 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
191 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low191 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
192 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false192 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
193 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable193 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
194 #·Remediation·is·applicable·only·in·certain·platforms 
195 if·rpm·--quiet·-q·kernel;·then 
  
196 if·!·rpm·-q·--quiet·"aide"·;·then 
197 ····dnf·install·-y·"aide" 
198 fi194 package·install·aide
 195 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 196 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 197 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 198 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 199 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 200 package·--add=aide
199 else 
200 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
201 fi 
202 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules201 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules
203 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.202 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.
  
204 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·10.203 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·10.
  
205 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.204 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.
206 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*205 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
Offset 221, 31 lines modifiedOffset 221, 31 lines modified
221 Identifiers:·CCE-86982-6221 Identifiers:·CCE-86982-6
222 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877222 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
223 ·············_\x8i_\x8s_\x8m······1446223 ·············_\x8i_\x8s_\x8m······1446
224 References:··_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1224 References:··_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
225 ·············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12225 ·············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
226 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1226 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
227 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176227 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
228 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
229 [customizations] 
230 fips·=·true 
231 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8228 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
232 #·Remediation·is·applicable·only·in·certain·platforms229 #·Remediation·is·applicable·only·in·certain·platforms
233 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then230 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
234 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then231 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
235 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF232 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
236 kargs·=·["fips=1"]233 kargs·=·["fips=1"]
237 EOF234 EOF
238 fi235 fi
  
239 else236 else
240 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'237 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
241 fi238 fi
 239 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
Max diff block lines reached; 1130376/1136479 bytes (99.46%) of diff not shown.
11.5 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-ism_o_top_secret.html
    
Offset 15121, 281 lines modifiedOffset 15121, 281 lines modified
0003b100:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003b100:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003b110:·646d·3733·3037·2220·7461·6269·6e64·6578··dm7307"·tabindex0003b110:·646d·3733·3037·2220·7461·6269·6e64·6578··dm7307"·tabindex
0003b120:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003b120:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003b130:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003b130:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003b140:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003b140:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003b150:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003b150:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003b160:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003b160:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003b170:·6d65·6469·6174·696f·6e20·416e·6163·6f6e··mediation·Anacon0003b170:·6d65·6469·6174·696f·6e20·7363·7269·7074··mediation·script
0003b180:·6461·2073·6e69·7070·6574·20e2·87b2·3c2f··da·snippet·...</ 
0003b190:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b1a0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b1b0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b1c0:·646d·3733·3037·223e·3c74·6162·6c65·2063··dm7307"><table·c 
0003b1d0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003b1e0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003b1f0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003b200:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003b210:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003b220:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b230:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003b240:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003b250:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b260:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003b270:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003b280:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b290:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003b2a0:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003b2b0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003b2c0:·0a70·6163·6b61·6765·202d·2d61·6464·3d61··.package·--add=a 
0003b2d0:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre 
0003b2e0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b2f0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b300:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b310:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b320:·7267·6574·3d22·2369·646d·3733·3038·2220··rget="#idm7308"· 
0003b330:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003b340:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003b350:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003b360:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003b370:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003b380:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003b390:·6e20·5075·7070·6574·2073·6e69·7070·6574··n·Puppet·snippet 
0003b3a0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003b3b0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003b3c0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003b3d0:·2069·643d·2269·646d·3733·3038·223e·3c74···id="idm7308"><t 
0003b3e0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003b3f0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003b400:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003b410:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003b420:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003b430:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003b440:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b450:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003b460:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b470:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003b480:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003b490:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b4a0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003b4b0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003b4c0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003b4d0:·3c63·6f64·653e·696e·636c·7564·6520·696e··<code>include·in 
0003b4e0:·7374·616c·6c5f·6169·6465·0a0a·636c·6173··stall_aide..clas 
0003b4f0:·7320·696e·7374·616c·6c5f·6169·6465·207b··s·install_aide·{ 
0003b500:·0a20·2070·6163·6b61·6765·207b·2027·6169··.··package·{·'ai 
0003b510:·6465·273a·0a20·2020·2065·6e73·7572·6520··de':.····ensure· 
0003b520:·3d26·6774·3b20·2769·6e73·7461·6c6c·6564··=&gt;·'installed 
0003b530:·272c·0a20·207d·0a7d·0a3c·2f63·6f64·653e··',.··}.}.</code> 
0003b540:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003b550:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003b560:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003b570:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003b580:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm7 
0003b590:·3330·3922·2074·6162·696e·6465·783d·2230··309"·tabindex="0 
0003b5a0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003b5b0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003b5c0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003b5d0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003b5e0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003b5f0:·6961·7469·6f6e·204f·5342·7569·6c64·2042··iation·OSBuild·B 
0003b600:·6c75·6570·7269·6e74·2073·6e69·7070·6574··lueprint·snippet 
0003b610:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div0003b180:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003b620:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0003b190:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003b630:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"0003b1a0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003b640:·2069·643d·2269·646d·3733·3039·223e·3c70···id="idm7309"><p0003b1b0:·2069·643d·2269·646d·3733·3037·223e·3c74···id="idm7307"><t
 0003b1c0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
 0003b1d0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
 0003b1e0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
 0003b1f0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
 0003b200:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
0003b650:·7265·3e3c·636f·6465·3e0a·5b5b·7061·636b··re><code>.[[pack 
0003b660:·6167·6573·5d5d·0a6e·616d·6520·3d20·2261··ages]].name·=·"a 
0003b670:·6964·6522·0a76·6572·7369·6f6e·203d·2022··ide".version·=·" 
0003b680:·2a22·0a3c·2f63·6f64·653e·3c2f·7072·653e··*".</code></pre> 
0003b690:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003b6a0:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003b6b0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003b6c0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003b6d0:·6765·743d·2223·6964·6d37·3331·3022·2074··get="#idm7310"·t 
0003b6e0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003b6f0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003b700:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003b710:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003b720:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003b730:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003b740:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a>< 
0003b750:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b760:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b770:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm7 
0003b780:·3331·3022·3e3c·7461·626c·6520·636c·6173··310"><table·clas 
0003b790:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003b7a0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003b7b0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003b7c0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003b7d0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003b7e0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b7f0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b800:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b810:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b820:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b830:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b840:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b850:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b860:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b870:·653e·3c70·7265·3e3c·636f·6465·3e0a·7061··e><pre><code>.pa 
0003b880:·636b·6167·6520·696e·7374·616c·6c20·6169··ckage·install·ai 
0003b890:·6465·0a3c·2f63·6f64·653e·3c2f·7072·653e··de.</code></pre> 
Max diff block lines reached; 10851798/10889224 bytes (99.66%) of diff not shown.
1.08 MB
html2text {}
    
Offset 105, 52 lines modifiedOffset 105, 48 lines modified
105 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)105 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a)
106 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3106 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,·PR.IP-1,·PR.IP-3
107 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5107 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
108 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199108 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
109 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79109 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
110 ·············_\x8c_\x8i_\x8s············6.1.1110 ·············_\x8c_\x8i_\x8s············6.1.1
111 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2111 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
113 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low113 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
114 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low114 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
115 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false115 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
116 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable116 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
117 package·--add=aide117 dnf·install·aide
118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
123 include·install_aide123 include·install_aide
  
124 class·install_aide·{124 class·install_aide·{
125 ··package·{·'aide':125 ··package·{·'aide':
126 ····ensure·=>·'installed',126 ····ensure·=>·'installed',
127 ··}127 ··}
128 }128 }
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
130 [[packages]] 
131 name·=·"aide" 
132 version·=·"*" 
133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 134 #·Remediation·is·applicable·only·in·certain·platforms
 135 if·rpm·--quiet·-q·kernel;·then
  
 136 if·!·rpm·-q·--quiet·"aide"·;·then
 137 ····dnf·install·-y·"aide"
 138 fi
138 package·install·aide 
139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
140 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
141 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
142 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
143 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
144 dnf·install·aide139 else
 140 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 141 fi
145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
150 -·name:·Gather·the·package·facts147 -·name:·Gather·the·package·facts
151 ··package_facts:148 ··package_facts:
Offset 181, 29 lines modifiedOffset 177, 33 lines modified
181 ··-·PCI-DSSv4-11.5.2177 ··-·PCI-DSSv4-11.5.2
182 ··-·enable_strategy178 ··-·enable_strategy
183 ··-·low_complexity179 ··-·low_complexity
184 ··-·low_disruption180 ··-·low_disruption
185 ··-·medium_severity181 ··-·medium_severity
186 ··-·no_reboot_needed182 ··-·no_reboot_needed
187 ··-·package_aide_installed183 ··-·package_aide_installed
 184 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 185 [[packages]]
 186 name·=·"aide"
 187 version·=·"*"
188 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8188 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
189 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low189 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
190 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low190 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
191 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false191 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
192 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable192 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
193 #·Remediation·is·applicable·only·in·certain·platforms 
194 if·rpm·--quiet·-q·kernel;·then 
  
195 if·!·rpm·-q·--quiet·"aide"·;·then 
196 ····dnf·install·-y·"aide" 
197 fi193 package·install·aide
 194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 195 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 196 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 197 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 198 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 199 package·--add=aide
198 else 
199 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
200 fi 
201 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules200 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules
202 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.201 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.
  
203 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·10.202 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·10.
  
204 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.203 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.
205 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*204 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8de\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
Offset 220, 31 lines modifiedOffset 220, 31 lines modified
220 Identifiers:·CCE-86982-6220 Identifiers:·CCE-86982-6
221 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877221 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
222 ·············_\x8i_\x8s_\x8m······1446222 ·············_\x8i_\x8s_\x8m······1446
223 References:··_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1223 References:··_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
224 ·············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12224 ·············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
225 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1225 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
226 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176226 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
227 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
228 [customizations] 
229 fips·=·true 
230 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8227 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
231 #·Remediation·is·applicable·only·in·certain·platforms228 #·Remediation·is·applicable·only·in·certain·platforms
232 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then229 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
233 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then230 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
234 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF231 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
235 kargs·=·["fips=1"]232 kargs·=·["fips=1"]
236 EOF233 EOF
237 fi234 fi
  
238 else235 else
239 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'236 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
240 fi237 fi
 238 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
Max diff block lines reached; 1130376/1136479 bytes (99.46%) of diff not shown.
7.34 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-ospp.html
    
Offset 15073, 62 lines modifiedOffset 15073, 62 lines modified
0003ae00:·6172·6765·743d·2223·6964·6d37·3832·3622··arget="#idm7826"0003ae00:·6172·6765·743d·2223·6964·6d37·3832·3622··arget="#idm7826"
0003ae10:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003ae10:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003ae20:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003ae20:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003ae30:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003ae30:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003ae40:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003ae40:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003ae50:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003ae50:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003ae60:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003ae60:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003ae70:·6f6e·204f·5342·7569·6c64·2042·6c75·6570··on·OSBuild·Bluep 
0003ae80:·7269·6e74·2073·6e69·7070·6574·20e2·87b2··rint·snippet·... 
0003ae90:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003aea0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003aeb0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003aec0:·2269·646d·3738·3236·223e·3c70·7265·3e3c··"idm7826"><pre>< 
0003aed0:·636f·6465·3e0a·5b63·7573·746f·6d69·7a61··code>.[customiza 
0003aee0:·7469·6f6e·735d·0a66·6970·7320·3d20·7472··tions].fips·=·tr 
0003aef0:·7565·0a3c·2f63·6f64·653e·3c2f·7072·653e··ue.</code></pre> 
0003af00:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003af10:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003af20:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003af30:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003af40:·6765·743d·2223·6964·6d37·3832·3722·2074··get="#idm7827"·t 
0003af50:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003af60:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003af70:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003af80:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003af90:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003afa0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003afb0:·2053·6865·6c6c·2073·6372·6970·7420·e287···Shell·script·..0003ae70:·6f6e·2053·6865·6c6c·2073·6372·6970·7420··on·Shell·script·
0003afc0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl0003ae80:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
0003afd0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla0003ae90:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
0003afe0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id0003aea0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
0003aff0:·3d22·6964·6d37·3832·3722·3e3c·7072·653e··="idm7827"><pre>0003aeb0:·6964·3d22·6964·6d37·3832·3622·3e3c·7072··id="idm7826"><pr
0003b000:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat0003aec0:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
0003b010:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl0003aed0:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
0003b020:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai0003aee0:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
0003b030:·6e20·706c·6174·666f·726d·730a·6966·2028··n·platforms.if·(0003aef0:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
0003b040:·2021·2028·205b·2022·247b·636f·6e74·6169···!·(·[·"${contai0003af00:·2028·2021·2028·205b·2022·247b·636f·6e74···(·!·(·[·"${cont
0003b050:·6e65·723a·2d7d·2220·3d3d·2022·6277·7261··ner:-}"·==·"bwra0003af10:·6169·6e65·723a·2d7d·2220·3d3d·2022·6277··ainer:-}"·==·"bw
0003b060:·702d·6f73·6275·696c·6422·205d·2029·2026··p-osbuild"·]·)·&0003af20:·7261·702d·6f73·6275·696c·6422·205d·2029··rap-osbuild"·]·)
0003b070:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·--0003af30:·2026·616d·703b·2661·6d70·3b20·7270·6d20···&amp;&amp;·rpm·
0003b080:·7175·6965·7420·2d71·206b·6572·6e65·6c20··quiet·-q·kernel·0003af40:·2d2d·7175·6965·7420·2d71·206b·6572·6e65··--quiet·-q·kerne
0003b090:·293b·2074·6865·6e0a·0a69·6620·5b5b·2022··);·then..if·[[·"0003af50:·6c20·293b·2074·6865·6e0a·0a69·6620·5b5b··l·);·then..if·[[
0003b0a0:·244f·5343·4150·5f42·4f4f·5443·5f42·5549··$OSCAP_BOOTC_BUI0003af60:·2022·244f·5343·4150·5f42·4f4f·5443·5f42···"$OSCAP_BOOTC_B
0003b0b0:·4c44·2220·3d3d·2022·5945·5322·205d·5d3b··LD"·==·"YES"·]];0003af70:·5549·4c44·2220·3d3d·2022·5945·5322·205d··UILD"·==·"YES"·]
0003b0c0:·2074·6865·6e0a·0963·6174·2026·6774·3b20···then..cat·&gt;·0003af80:·5d3b·2074·6865·6e0a·0963·6174·2026·6774··];·then..cat·&gt
0003b0d0:·2f75·7372·2f6c·6962·2f62·6f6f·7463·2f6b··/usr/lib/bootc/k0003af90:·3b20·2f75·7372·2f6c·6962·2f62·6f6f·7463··;·/usr/lib/bootc
0003b0e0:·6172·6773·2e64·2f30·312d·6669·7073·2e74··args.d/01-fips.t0003afa0:·2f6b·6172·6773·2e64·2f30·312d·6669·7073··/kargs.d/01-fips
0003b0f0:·6f6d·6c20·266c·743b·266c·743b·2045·4f46··oml·&lt;&lt;·EOF0003afb0:·2e74·6f6d·6c20·266c·743b·266c·743b·2045··.toml·&lt;&lt;·E
0003b100:·0a6b·6172·6773·203d·205b·2266·6970·733d··.kargs·=·["fips=0003afc0:·4f46·0a6b·6172·6773·203d·205b·2266·6970··OF.kargs·=·["fip
0003b110:·3122·5d0a·454f·460a·6669·0a0a·656c·7365··1"].EOF.fi..else0003afd0:·733d·3122·5d0a·454f·460a·6669·0a0a·656c··s=1"].EOF.fi..el
0003b120:·0a20·2020·2026·6774·3b26·616d·703b·3220··.····&gt;&amp;2·0003afe0:·7365·0a20·2020·2026·6774·3b26·616d·703b··se.····&gt;&amp;
0003b130:·6563·686f·2027·5265·6d65·6469·6174·696f··echo·'Remediatio0003aff0:·3220·6563·686f·2027·5265·6d65·6469·6174··2·echo·'Remediat
0003b140:·6e20·6973·206e·6f74·2061·7070·6c69·6361··n·is·not·applica0003b000:·696f·6e20·6973·206e·6f74·2061·7070·6c69··ion·is·not·appli
0003b150:·626c·652c·206e·6f74·6869·6e67·2077·6173··ble,·nothing·was0003b010:·6361·626c·652c·206e·6f74·6869·6e67·2077··cable,·nothing·w
0003b160:·2064·6f6e·6527·0a66·690a·3c2f·636f·6465···done'.fi.</code0003b020:·6173·2064·6f6e·6527·0a66·690a·3c2f·636f··as·done'.fi.</co
 0003b030:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
 0003b040:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
 0003b050:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
 0003b060:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
 0003b070:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
 0003b080:·646d·3738·3237·2220·7461·6269·6e64·6578··dm7827"·tabindex
 0003b090:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
 0003b0a0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
 0003b0b0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
 0003b0c0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
 0003b0d0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
 0003b0e0:·6d65·6469·6174·696f·6e20·4f53·4275·696c··mediation·OSBuil
 0003b0f0:·6420·426c·7565·7072·696e·7420·736e·6970··d·Blueprint·snip
 0003b100:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><
 0003b110:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
 0003b120:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
 0003b130:·7365·2220·6964·3d22·6964·6d37·3832·3722··se"·id="idm7827"
 0003b140:·3e3c·7072·653e·3c63·6f64·653e·0a5b·6375··><pre><code>.[cu
 0003b150:·7374·6f6d·697a·6174·696f·6e73·5d0a·6669··stomizations].fi
 0003b160:·7073·203d·2074·7275·650a·3c2f·636f·6465··ps·=·true.</code
0003b170:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·2f64··></pre></div></d0003b170:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·2f64··></pre></div></d
0003b180:·6976·3e3c·2f74·643e·3c2f·7472·3e3c·2f74··iv></td></tr></t0003b180:·6976·3e3c·2f74·643e·3c2f·7472·3e3c·2f74··iv></td></tr></t
0003b190:·626f·6479·3e3c·2f74·6162·6c65·3e3c·2f74··body></table></t0003b190:·626f·6479·3e3c·2f74·6162·6c65·3e3c·2f74··body></table></t
0003b1a0:·643e·3c2f·7472·3e3c·7472·2064·6174·612d··d></tr><tr·data-0003b1a0:·643e·3c2f·7472·3e3c·7472·2064·6174·612d··d></tr><tr·data-
0003b1b0:·7474·2d69·643d·2263·6869·6c64·7265·6e2d··tt-id="children-0003b1b0:·7474·2d69·643d·2263·6869·6c64·7265·6e2d··tt-id="children-
0003b1c0:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro0003b1c0:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro
0003b1d0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro0003b1d0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro
Offset 15425, 252 lines modifiedOffset 15425, 252 lines modified
0003c400:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003c400:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003c410:·6d37·3934·3522·2074·6162·696e·6465·783d··m7945"·tabindex=0003c410:·6d37·3934·3522·2074·6162·696e·6465·783d··m7945"·tabindex=
0003c420:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003c420:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003c430:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003c430:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003c440:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003c440:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003c450:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003c450:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
0003c460:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003c460:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
0003c470:·6564·6961·7469·6f6e·2041·6e61·636f·6e64··ediation·Anacond 
0003c480:·6120·736e·6970·7065·7420·e287·b23c·2f61··a·snippet·...</a 
0003c490:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003c4a0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003c4b0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003c4c0:·6d37·3934·3522·3e3c·7461·626c·6520·636c··m7945"><table·cl 
0003c4d0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003c4e0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003c4f0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003c500:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003c510:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003c520:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003c530:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003c540:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003c550:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003c560:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003c570:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003c580:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003c590:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003c5a0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
0003c5b0:·626c·653e·3c70·7265·3e3c·636f·6465·3e0a··ble><pre><code>. 
0003c5c0:·7061·636b·6167·6520·2d2d·6164·643d·6372··package·--add=cr 
0003c5d0:·7970·746f·2d70·6f6c·6963·6965·730a·3c2f··ypto-policies.</ 
0003c5e0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003c5f0:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003c600:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003c610:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003c620:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003c630:·2369·646d·3739·3436·2220·7461·6269·6e64··#idm7946"·tabind 
0003c640:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003c650:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003c660:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003c670:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003c680:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003c690:·5265·6d65·6469·6174·696f·6e20·5075·7070··Remediation·Pupp 
0003c6a0:·6574·2073·6e69·7070·6574·20e2·87b2·3c2f··et·snippet·...</ 
0003c6b0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
Max diff block lines reached; 6749377/6790417 bytes (99.40%) of diff not shown.
884 KB
html2text {}
    
Offset 92, 31 lines modifiedOffset 92, 31 lines modified
92 Identifiers:·CCE-86982-692 Identifiers:·CCE-86982-6
93 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-00087793 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-002450,·CCI-000068,·CCI-002418,·CCI-000877
94 ·············_\x8i_\x8s_\x8m······144694 ·············_\x8i_\x8s_\x8m······1446
95 References:··_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.195 References:··_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
96 ·············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-1296 ·············_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
97 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.197 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
98 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-0017698 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
99 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
100 [customizations] 
101 fips·=·true 
102 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x899 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
103 #·Remediation·is·applicable·only·in·certain·platforms100 #·Remediation·is·applicable·only·in·certain·platforms
104 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then101 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
105 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then102 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
106 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF103 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
107 kargs·=·["fips=1"]104 kargs·=·["fips=1"]
108 EOF105 EOF
109 fi106 fi
  
110 else107 else
111 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'108 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
112 fi109 fi
 110 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 111 [customizations]
 112 fips·=·true
113 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules113 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules
114 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:114 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:
115 ····*·GnuTLS·library115 ····*·GnuTLS·library
116 ····*·OpenSSL·library116 ····*·OpenSSL·library
117 ····*·NSS·library117 ····*·NSS·library
118 ····*·OpenJDK118 ····*·OpenJDK
119 ····*·Libkrb5119 ····*·Libkrb5
Offset 129, 52 lines modifiedOffset 129, 42 lines modified
129 Rationale:···Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.129 Rationale:···Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.
130 Severity: ···medium130 Severity: ···medium
131 Rule·ID:·····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed131 Rule·ID:·····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed
132 Identifiers:·CCE-89668-8132 Identifiers:·CCE-89668-8
133 ·············_\x8d_\x8i_\x8s_\x8a···CCI-002890,·CCI-002450,·CCI-003123133 ·············_\x8d_\x8i_\x8s_\x8a···CCI-002890,·CCI-002450,·CCI-003123
134 References:··_\x8o_\x8s_\x8p_\x8p···FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1134 References:··_\x8o_\x8s_\x8p_\x8p···FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
135 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174135 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
141 package·--add=crypto-policies141 dnf·install·crypto-policies
142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
147 include·install_crypto-policies147 include·install_crypto-policies
  
148 class·install_crypto-policies·{148 class·install_crypto-policies·{
149 ··package·{·'crypto-policies':149 ··package·{·'crypto-policies':
150 ····ensure·=>·'installed',150 ····ensure·=>·'installed',
151 ··}151 ··}
152 }152 }
153 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
154 [[packages]] 
155 name·=·"crypto-policies" 
156 version·=·"*" 
157 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8153 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
158 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
159 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
160 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
161 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
162 package·install·crypto-policies 
163 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
164 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low154 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
165 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low155 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
166 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false156 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
167 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable157 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 158 if·!·rpm·-q·--quiet·"crypto-policies"·;·then
168 dnf·install·crypto-policies159 ····dnf·install·-y·"crypto-policies"
 160 fi
169 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8161 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
170 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low162 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
171 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low163 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
172 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false164 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
173 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable165 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
174 -·name:·Ensure·crypto-policies·is·installed166 -·name:·Ensure·crypto-policies·is·installed
175 ··package:167 ··package:
Offset 184, 23 lines modifiedOffset 174, 33 lines modified
184 ··-·CCE-89668-8174 ··-·CCE-89668-8
185 ··-·enable_strategy175 ··-·enable_strategy
186 ··-·low_complexity176 ··-·low_complexity
187 ··-·low_disruption177 ··-·low_disruption
188 ··-·medium_severity178 ··-·medium_severity
189 ··-·no_reboot_needed179 ··-·no_reboot_needed
190 ··-·package_crypto-policies_installed180 ··-·package_crypto-policies_installed
 181 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 182 [[packages]]
 183 name·=·"crypto-policies"
 184 version·=·"*"
191 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8185 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
192 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low186 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
193 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low187 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
194 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false188 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
195 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable189 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
196 if·!·rpm·-q·--quiet·"crypto-policies"·;·then 
197 ····dnf·install·-y·"crypto-policies" 
198 fi190 package·install·crypto-policies
 191 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 192 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 193 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 194 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 195 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 196 package·--add=crypto-policies
199 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*197 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
200 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·FIPS:OSPP·policy,·run·the·following·command:198 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·FIPS:OSPP·policy,·run·the·following·command:
201 $·sudo·update-crypto-policies·--set·FIPS:OSPP199 $·sudo·update-crypto-policies·--set·FIPS:OSPP
202 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.·Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to·correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case·crypto·policy·customizations·are·applied.·Crypto·policies·may·be·customized·by·crypto·policy·modules,·in·which·case·it·is·delimited·from·the·base·policy·using·a·colon.200 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.·Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to·correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case·crypto·policy·customizations·are·applied.·Crypto·policies·may·be·customized·by·crypto·policy·modules,·in·which·case·it·is·delimited·from·the·base·policy·using·a·colon.
203 Warning: ·The·system·needs·to·be·rebooted·for·these·changes·to·take·effect.201 Warning: ·The·system·needs·to·be·rebooted·for·these·changes·to·take·effect.
204 Warning: ·System·Crypto·Modules·must·be·provided·by·a·vendor·that·undergoes·FIPS-140·certifications.·FIPS-140·is·applicable·to·all·Federal·agencies·that·use·cryptographic-based·security·systems·to·protect·sensitive·information·in·computer·and·telecommunication·systems·(including·voice·systems)·as·defined·in·Section·5131·of·the·Information·Technology·Management·Reform·Act·of·1996,·Public·Law·104-106.·This·standard·shall·be·used·in·designing·and·implementing·cryptographic·modules·that·Federal·departments·and·agencies·operate·or·are·operated·for·them·under·contract.·See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8n\x8n_\x8v\x8v_\x8l\x8l_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8/\x8/_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8/\x8/_\x8N\x8N_\x8I\x8I_\x8S\x8S_\x8T\x8T_\x8.\x8._\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x81\x81_\x84\x84_\x80\x80_\x8-\x8-_\x82\x82_\x8.\x8._\x8p\x8p_\x8d\x8d_\x8f\x8f·To·meet·this,·the·system·has·to·have·cryptographic·software·provided·by·a·vendor·that·has·undergone·this·certification.·This·means·providing·documentation,·test·results,·design·information,·and·independent·third·party·review·by·an·accredited·lab.·While·open·source·software·is·capable·of·meeting·this,·it·does·not·meet·FIPS-140·unless·the·vendor·submits·to·this·process.202 Warning: ·System·Crypto·Modules·must·be·provided·by·a·vendor·that·undergoes·FIPS-140·certifications.·FIPS-140·is·applicable·to·all·Federal·agencies·that·use·cryptographic-based·security·systems·to·protect·sensitive·information·in·computer·and·telecommunication·systems·(including·voice·systems)·as·defined·in·Section·5131·of·the·Information·Technology·Management·Reform·Act·of·1996,·Public·Law·104-106.·This·standard·shall·be·used·in·designing·and·implementing·cryptographic·modules·that·Federal·departments·and·agencies·operate·or·are·operated·for·them·under·contract.·See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8n\x8n_\x8v\x8v_\x8l\x8l_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8/\x8/_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8/\x8/_\x8N\x8N_\x8I\x8I_\x8S\x8S_\x8T\x8T_\x8.\x8._\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x81\x81_\x84\x84_\x80\x80_\x8-\x8-_\x82\x82_\x8.\x8._\x8p\x8p_\x8d\x8d_\x8f\x8f·To·meet·this,·the·system·has·to·have·cryptographic·software·provided·by·a·vendor·that·has·undergone·this·certification.·This·means·providing·documentation,·test·results,·design·information,·and·independent·third·party·review·by·an·accredited·lab.·While·open·source·software·is·capable·of·meeting·this,·it·does·not·meet·FIPS-140·unless·the·vendor·submits·to·this·process.
205 Rationale:···Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.203 Rationale:···Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.
Offset 212, 39 lines modifiedOffset 212, 33 lines modified
Max diff block lines reached; 897528/905599 bytes (99.11%) of diff not shown.
17.4 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-pci-dss.html
    
Offset 15210, 414 lines modifiedOffset 15210, 414 lines modified
0003b690:·612d·7461·7267·6574·3d22·2369·646d·3639··a-target="#idm690003b690:·612d·7461·7267·6574·3d22·2369·646d·3639··a-target="#idm69
0003b6a0:·3636·2220·7461·6269·6e64·6578·3d22·3022··66"·tabindex="0"0003b6a0:·3636·2220·7461·6269·6e64·6578·3d22·3022··66"·tabindex="0"
0003b6b0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a0003b6b0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003b6c0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa0003b6c0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003b6d0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti0003b6d0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003b6e0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·0003b6e0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
Diff chunk too large, falling back to line-by-line diff (400 lines added, 400 lines removed)
0003b6f0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi0003b6f0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
0003b700:·6174·696f·6e20·416e·7369·626c·6520·736e··ation·Ansible·sn0003b700:·6174·696f·6e20·5368·656c·6c20·7363·7269··ation·Shell·scri
0003b710:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br0003b710:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
0003b720:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan0003b720:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0003b730:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll0003b730:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
0003b740:·6170·7365·2220·6964·3d22·6964·6d36·3936··apse"·id="idm6960003b740:·6522·2069·643d·2269·646d·3639·3636·223e··e"·id="idm6966">
0003b750:·3622·3e3c·7461·626c·6520·636c·6173·733d··6"><table·class=0003b750:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
0003b760:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str0003b760:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
0003b770:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde0003b770:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
0003b780:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden0003b780:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
0003b790:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com0003b790:·0a69·6620·2120·2820·7b20·7270·6d20·2d2d··.if·!·(·{·rpm·--
0003b7a0:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td0003b7a0:·7175·6965·7420·2d71·206b·6572·6e65·6c20··quiet·-q·kernel·
0003b7b0:·3e68·6967·683c·2f74·643e·3c2f·7472·3e3c··>high</td></tr><0003b7b0:·3b7d·2026·616d·703b·2661·6d70·3b20·7b20··;}·&amp;&amp;·{·
0003b7c0:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio0003b7c0:·7270·6d20·2d2d·7175·6965·7420·2d71·2072··rpm·--quiet·-q·r
0003b7d0:·6e3a·3c2f·7468·3e3c·7464·3e6d·6564·6975··n:</th><td>mediu0003b7d0:·706d·2d6f·7374·7265·6520·3b7d·2026·616d··pm-ostree·;}·&am
0003b7e0:·6d3c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··m</td></tr><tr><0003b7e0:·703b·2661·6d70·3b20·7b20·7270·6d20·2d2d··p;&amp;·{·rpm·--
0003b7f0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><0003b7f0:·7175·6965·7420·2d71·2062·6f6f·7463·203b··quiet·-q·bootc·;
0003b800:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t0003b800:·7d20·2661·6d70·3b26·616d·703b·207b·2021··}·&amp;&amp;·{·!
0003b810:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate0003b810:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b820:·6779·3a3c·2f74·683e·3c74·643e·7265·7374··gy:</th><td>rest0003b820:·6f70·656e·7368·6966·742d·6b75·6265·6c65··openshift-kubele
0003b830:·7269·6374·3c2f·7464·3e3c·2f74·723e·3c2f··rict</td></tr></0003b830:·7420·3b7d·2029·3b20·7468·656e·0a0a·2320··t·;}·);·then..#·
0003b840:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code0003b840:·4669·6e64·2077·6869·6368·2066·696c·6573··Find·which·files
0003b850:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather·0003b850:·2068·6176·6520·696e·636f·7272·6563·7420···have·incorrect·
0003b860:·7468·6520·7061·636b·6167·6520·6661·6374··the·package·fact0003b860:·6861·7368·2028·6e6f·7420·696e·202f·6574··hash·(not·in·/et
0003b870:·730a·2020·7061·636b·6167·655f·6661·6374··s.··package_fact0003b870:·632c·2062·6563·6175·7365·206f·6620·7468··c,·because·of·th
0003b880:·733a·0a20·2020·206d·616e·6167·6572·3a20··s:.····manager:·0003b880:·6520·7379·7374·656d·2072·656c·6174·6564··e·system·related
0003b890:·6175·746f·0a20·2074·6167·733a·0a20·202d··auto.··tags:.··-0003b890:·2063·6f6e·6669·6720·6669·6c65·7329·2061···config·files)·a
0003b8a0:·2043·4345·2d38·3939·3434·2d33·0a20·202d···CCE-89944-3.··-0003b8a0:·6e64·2074·6865·6e20·6765·7420·6669·6c65··nd·then·get·file
0003b8b0:·2043·4a49·532d·352e·3130·2e34·2e31·0a20···CJIS-5.10.4.1.·0003b8b0:·7320·6e61·6d65·730a·6669·6c65·735f·7769··s·names.files_wi
0003b8c0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-0003b8c0:·7468·5f69·6e63·6f72·7265·6374·5f68·6173··th_incorrect_has
0003b8d0:·332e·332e·380a·2020·2d20·4e49·5354·2d38··3.3.8.··-·NIST-80003b8d0:·683d·2224·2872·706d·202d·5661·202d·2d6e··h="$(rpm·-Va·--n
0003b8e0:·3030·2d31·3731·2d33·2e34·2e31·0a20·202d··00-171-3.4.1.··-0003b8e0:·6f63·6f6e·6669·6720·7c20·6772·6570·202d··oconfig·|·grep·-
0003b8f0:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-0003b8f0:·4520·275e·2e2e·3527·207c·2061·776b·2027··E·'^..5'·|·awk·'
0003b900:·3928·3329·0a20·202d·204e·4953·542d·3830··9(3).··-·NIST-800003b900:·7b70·7269·6e74·2024·4e46·7d27·2029·220a··{print·$NF}'·)".
0003b910:·302d·3533·2d43·4d2d·3628·6329·0a20·202d··0-53-CM-6(c).··-0003b910:·0a69·6620·5b20·2d6e·2022·2466·696c·6573··.if·[·-n·"$files
0003b920:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-0003b920:·5f77·6974·685f·696e·636f·7272·6563·745f··_with_incorrect_
0003b930:·3628·6429·0a20·202d·204e·4953·542d·3830··6(d).··-·NIST-800003b930:·6861·7368·2220·5d3b·2074·6865·6e0a·2020··hash"·];·then.··
0003b940:·302d·3533·2d53·492d·370a·2020·2d20·4e49··0-53-SI-7.··-·NI0003b940:·2020·2320·4672·6f6d·2066·696c·6573·206e····#·From·files·n
0003b950:·5354·2d38·3030·2d35·332d·5349·2d37·2831··ST-800-53-SI-7(10003b950:·616d·6573·2067·6574·2070·6163·6b61·6765··ames·get·package
0003b960:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003b960:·206e·616d·6573·2061·6e64·2063·6861·6e67···names·and·chang
0003b970:·332d·5349·2d37·2836·290a·2020·2d20·5043··3-SI-7(6).··-·PC0003b970:·6520·6e65·776c·696e·6520·746f·2073·7061··e·newline·to·spa
0003b980:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.·0003b980:·6365·2c20·6265·6361·7573·6520·7270·6d20··ce,·because·rpm·
0003b990:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11.0003b990:·7772·6974·6573·2065·6163·6820·7061·636b··writes·each·pack
0003b9a0:·352e·320a·2020·2d20·6869·6768·5f63·6f6d··5.2.··-·high_com0003b9a0:·6167·6520·746f·206e·6577·206c·696e·650a··age·to·new·line.
0003b9b0:·706c·6578·6974·790a·2020·2d20·6869·6768··plexity.··-·high0003b9b0:·2020·2020·7061·636b·6167·6573·5f74·6f5f······packages_to_
0003b9c0:·5f73·6576·6572·6974·790a·2020·2d20·6d65··_severity.··-·me0003b9c0:·7265·696e·7374·616c·6c3d·2224·2872·706d··reinstall="$(rpm
0003b9d0:·6469·756d·5f64·6973·7275·7074·696f·6e0a··dium_disruption.0003b9d0:·202d·7166·2024·6669·6c65·735f·7769·7468···-qf·$files_with
0003b9e0:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne0003b9e0:·5f69·6e63·6f72·7265·6374·5f68·6173·6820··_incorrect_hash·
0003b9f0:·6564·6564·0a20·202d·2072·6573·7472·6963··eded.··-·restric0003b9f0:·7c20·7472·2027·5c6e·2720·2720·2729·220a··|·tr·'\n'·'·')".
0003ba00:·745f·7374·7261·7465·6779·0a20·202d·2072··t_strategy.··-·r0003ba00:·0a20·2020·200a·2020·2020·646e·6620·7265··.····.····dnf·re
0003ba10:·706d·5f76·6572·6966·795f·6861·7368·6573··pm_verify_hashes0003ba10:·696e·7374·616c·6c20·2d79·2024·7061·636b··install·-y·$pack
0003ba20:·0a0a·2d20·6e61·6d65·3a20·2753·6574·2066··..-·name:·'Set·f0003ba20:·6167·6573·5f74·6f5f·7265·696e·7374·616c··ages_to_reinstal
0003ba30:·6163·743a·2050·6163·6b61·6765·206d·616e··act:·Package·man0003ba30:·6c0a·2020·2020·0a66·690a·0a65·6c73·650a··l.····.fi..else.
0003ba40:·6167·6572·2072·6569·6e73·7461·6c6c·2063··ager·reinstall·c0003ba40:·2020·2020·2667·743b·2661·6d70·3b32·2065······&gt;&amp;2·e
0003ba50:·6f6d·6d61·6e64·270a·2020·7365·745f·6661··ommand'.··set_fa0003ba50:·6368·6f20·2752·656d·6564·6961·7469·6f6e··cho·'Remediation
0003ba60:·6374·3a0a·2020·2020·7061·636b·6167·655f··ct:.····package_0003ba60:·2069·7320·6e6f·7420·6170·706c·6963·6162···is·not·applicab
0003ba70:·6d61·6e61·6765·725f·7265·696e·7374·616c··manager_reinstal0003ba70:·6c65·2c20·6e6f·7468·696e·6720·7761·7320··le,·nothing·was·
0003ba80:·6c5f·636d·643a·2064·6e66·2072·6569·6e73··l_cmd:·dnf·reins0003ba80:·646f·6e65·270a·6669·0a3c·2f63·6f64·653e··done'.fi.</code>
0003ba90:·7461·6c6c·202d·790a·2020·7768·656e·3a0a··tall·-y.··when:.0003ba90:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
0003baa0:·2020·2d20·6e6f·7420·2820·226b·6572·6e65····-·not·(·"kerne0003baa0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
0003bab0:·6c22·2069·6e20·616e·7369·626c·655f·6661··l"·in·ansible_fa0003bab0:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
0003bac0:·6374·732e·7061·636b·6167·6573·2061·6e64··cts.packages·and0003bac0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
0003bad0:·2022·7270·6d2d·6f73·7472·6565·2220·696e···"rpm-ostree"·in0003bad0:·7461·2d74·6172·6765·743d·2223·6964·6d36··ta-target="#idm6
0003bae0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003bae0:·3936·3722·2074·6162·696e·6465·783d·2230··967"·tabindex="0
0003baf0:·6163·6b61·6765·730a·2020·2020·616e·6420··ackages.····and·0003baf0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003bb00:·2262·6f6f·7463·2220·696e·2061·6e73·6962··"bootc"·in·ansib0003bb00:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003bb10:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003bb10:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003bb20:·7320·616e·6420·6e6f·7420·226f·7065·6e73··s·and·not·"opens0003bb20:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
0003bb30:·6869·6674·2d6b·7562·656c·6574·2220·696e··hift-kubelet"·in0003bb30:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
0003bb40:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003bb40:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s
0003bb50:·6163·6b61·6765·730a·2020·2020·290a·2020··ackages.····).··0003bb50:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b
0003bb60:·2d20·616e·7369·626c·655f·6469·7374·7269··-·ansible_distri0003bb60:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
0003bb70:·6275·7469·6f6e·2069·6e20·5b20·2246·6564··bution·in·[·"Fed0003bb70:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
0003bb80:·6f72·6122·2c20·2252·6564·4861·7422·2c20··ora",·"RedHat",·0003bb80:·6c61·7073·6522·2069·643d·2269·646d·3639··lapse"·id="idm69
0003bb90:·2243·656e·744f·5322·2c20·224f·7261·636c··"CentOS",·"Oracl0003bb90:·3637·223e·3c74·6162·6c65·2063·6c61·7373··67"><table·class
0003bba0:·654c·696e·7578·2220·5d0a·2020·7461·6773··eLinux"·].··tags0003bba0:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
0003bbb0:·3a0a·2020·2d20·4343·452d·3839·3934·342d··:.··-·CCE-89944-0003bbb0:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
0003bbc0:·330a·2020·2d20·434a·4953·2d35·2e31·302e··3.··-·CJIS-5.10.0003bbc0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
0003bbd0:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003bbd0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
0003bbe0:·2d31·3731·2d33·2e33·2e38·0a20·202d·204e··-171-3.3.8.··-·N0003bbe0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
0003bbf0:·4953·542d·3830·302d·3137·312d·332e·342e··IST-800-171-3.4.0003bbf0:·643e·6869·6768·3c2f·7464·3e3c·2f74·723e··d>high</td></tr>
0003bc00:·310a·2020·2d20·4e49·5354·2d38·3030·2d35··1.··-·NIST-800-50003bc00:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
0003bc10:·332d·4155·2d39·2833·290a·2020·2d20·4e49··3-AU-9(3).··-·NI0003bc10:·6f6e·3a3c·2f74·683e·3c74·643e·6d65·6469··on:</th><td>medi
0003bc20:·5354·2d38·3030·2d35·332d·434d·2d36·2863··ST-800-53-CM-6(c0003bc20:·756d·3c2f·7464·3e3c·2f74·723e·3c74·723e··um</td></tr><tr>
0003bc30:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003bc30:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>
0003bc40:·332d·434d·2d36·2864·290a·2020·2d20·4e49··3-CM-6(d).··-·NI0003bc40:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></
0003bc50:·5354·2d38·3030·2d35·332d·5349·2d37·0a20··ST-800-53-SI-7.·0003bc50:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
0003bc60:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003bc60:·6567·793a·3c2f·7468·3e3c·7464·3e72·6573··egy:</th><td>res
0003bc70:·492d·3728·3129·0a20·202d·204e·4953·542d··I-7(1).··-·NIST-0003bc70:·7472·6963·743c·2f74·643e·3c2f·7472·3e3c··trict</td></tr><
0003bc80:·3830·302d·3533·2d53·492d·3728·3629·0a20··800-53-SI-7(6).·0003bc80:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
0003bc90:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-10003bc90:·653e·2d20·6e61·6d65·3a20·4761·7468·6572··e>-·name:·Gather
0003bca0:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv0003bca0:·2074·6865·2070·6163·6b61·6765·2066·6163···the·package·fac
0003bcb0:·342d·3131·2e35·2e32·0a20·202d·2068·6967··4-11.5.2.··-·hig0003bcb0:·7473·0a20·2070·6163·6b61·6765·5f66·6163··ts.··package_fac
0003bcc0:·685f·636f·6d70·6c65·7869·7479·0a20·202d··h_complexity.··-0003bcc0:·7473·3a0a·2020·2020·6d61·6e61·6765·723a··ts:.····manager:
0003bcd0:·2068·6967·685f·7365·7665·7269·7479·0a20···high_severity.·0003bcd0:·2061·7574·6f0a·2020·7461·6773·3a0a·2020···auto.··tags:.··
0003bce0:·202d·206d·6564·6975·6d5f·6469·7372·7570···-·medium_disrup0003bce0:·2d20·4343·452d·3839·3934·342d·330a·2020··-·CCE-89944-3.··
0003bcf0:·7469·6f6e·0a20·202d·206e·6f5f·7265·626f··tion.··-·no_rebo0003bcf0:·2d20·434a·4953·2d35·2e31·302e·342e·310a··-·CJIS-5.10.4.1.
0003bd00:·6f74·5f6e·6565·6465·640a·2020·2d20·7265··ot_needed.··-·re0003bd00:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
0003bd10:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.0003bd10:·2d33·2e33·2e38·0a20·202d·204e·4953·542d··-3.3.8.··-·NIST-
0003bd20:·2020·2d20·7270·6d5f·7665·7269·6679·5f68····-·rpm_verify_h0003bd20:·3830·302d·3137·312d·332e·342e·310a·2020··800-171-3.4.1.··
0003bd30:·6173·6865·730a·0a2d·206e·616d·653a·2027··ashes..-·name:·'0003bd30:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU
0003bd40:·5365·7420·6661·6374·3a20·5061·636b·6167··Set·fact:·Packag0003bd40:·2d39·2833·290a·2020·2d20·4e49·5354·2d38··-9(3).··-·NIST-8
0003bd50:·6520·6d61·6e61·6765·7220·7265·696e·7374··e·manager·reinst0003bd50:·3030·2d35·332d·434d·2d36·2863·290a·2020··00-53-CM-6(c).··
0003bd60:·616c·6c20·636f·6d6d·616e·6420·287a·7970··all·command·(zyp0003bd60:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM
0003bd70:·7065·7229·270a·2020·7365·745f·6661·6374··per)'.··set_fact0003bd70:·2d36·2864·290a·2020·2d20·4e49·5354·2d38··-6(d).··-·NIST-8
0003bd80:·3a0a·2020·2020·7061·636b·6167·655f·6d61··:.····package_ma0003bd80:·3030·2d35·332d·5349·2d37·0a20·202d·204e··00-53-SI-7.··-·N
0003bd90:·6e61·6765·725f·7265·696e·7374·616c·6c5f··nager_reinstall_0003bd90:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(
0003bda0:·636d·643a·207a·7970·7065·7220·696e·202d··cmd:·zypper·in·-0003bda0:·3129·0a20·202d·204e·4953·542d·3830·302d··1).··-·NIST-800-
0003bdb0:·6620·2d79·0a20·2077·6865·6e3a·0a20·202d··f·-y.··when:.··-0003bdb0:·3533·2d53·492d·3728·3629·0a20·202d·2050··53-SI-7(6).··-·P
0003bdc0:·206e·6f74·2028·2022·6b65·726e·656c·2220···not·(·"kernel"·0003bdc0:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.
0003bdd0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003bdd0:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-11
0003bde0:·2e70·6163·6b61·6765·7320·616e·6420·2272··.packages·and·"r0003bde0:·2e35·2e32·0a20·202d·2068·6967·685f·636f··.5.2.··-·high_co
0003bdf0:·706d·2d6f·7374·7265·6522·2069·6e20·616e··pm-ostree"·in·an0003bdf0:·6d70·6c65·7869·7479·0a20·202d·2068·6967··mplexity.··-·hig
0003be00:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003be00:·685f·7365·7665·7269·7479·0a20·202d·206d··h_severity.··-·m
0003be10:·6167·6573·0a20·2020·2061·6e64·2022·626f··ages.····and·"bo0003be10:·6564·6975·6d5f·6469·7372·7570·7469·6f6e··edium_disruption
0003be20:·6f74·6322·2069·6e20·616e·7369·626c·655f··otc"·in·ansible_0003be20:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n
0003be30:·6661·6374·732e·7061·636b·6167·6573·2061··facts.packages·a0003be30:·6565·6465·640a·2020·2d20·7265·7374·7269··eeded.··-·restri
0003be40:·6e64·206e·6f74·2022·6f70·656e·7368·6966··nd·not·"openshif0003be40:·6374·5f73·7472·6174·6567·790a·2020·2d20··ct_strategy.··-·
0003be50:·742d·6b75·6265·6c65·7422·2069·6e20·616e··t-kubelet"·in·an0003be50:·7270·6d5f·7665·7269·6679·5f68·6173·6865··rpm_verify_hashe
0003be60:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003be60:·730a·0a2d·206e·616d·653a·2027·5365·7420··s..-·name:·'Set·
Max diff block lines reached; 16551789/16607569 bytes (99.66%) of diff not shown.
1.56 MB
html2text {}
Max HTML report size reached
34.8 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-stig.html
    
Offset 15128, 281 lines modifiedOffset 15128, 281 lines modified
0003b170:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b170:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b180:·3d22·2369·646d·3733·3037·2220·7461·6269··="#idm7307"·tabi0003b180:·3d22·2369·646d·3733·3037·2220·7461·6269··="#idm7307"·tabi
0003b190:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b190:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b1a0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b1a0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b1b0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b1b0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b1c0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b1c0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b1d0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b1d0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b1e0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003b1e0:·223e·5265·6d65·6469·6174·696f·6e20·7363··">Remediation·sc
0003b1f0:·6163·6f6e·6461·2073·6e69·7070·6574·20e2··aconda·snippet·. 
0003b200:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003b210:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003b220:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003b230:·643d·2269·646d·3733·3037·223e·3c74·6162··d="idm7307"><tab 
0003b240:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003b250:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003b260:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003b270:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003b280:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003b290:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b2a0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003b2b0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003b2c0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b2d0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003b2e0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003b2f0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003b300:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003b310:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003b320:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003b330:·6f64·653e·0a70·6163·6b61·6765·202d·2d61··ode>.package·--a 
0003b340:·6464·3d61·6964·650a·3c2f·636f·6465·3e3c··dd=aide.</code>< 
0003b350:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003b360:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003b370:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003b380:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003b390:·612d·7461·7267·6574·3d22·2369·646d·3733··a-target="#idm73 
0003b3a0:·3038·2220·7461·6269·6e64·6578·3d22·3022··08"·tabindex="0" 
0003b3b0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003b3c0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003b3d0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003b3e0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003b3f0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi 
0003b400:·6174·696f·6e20·5075·7070·6574·2073·6e69··ation·Puppet·sni 
0003b410:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003b1f0:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
0003b420:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003b200:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003b430:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003b210:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003b440:·7073·6522·2069·643d·2269·646d·3733·3038··pse"·id="idm73080003b220:·7073·6522·2069·643d·2269·646d·3733·3037··pse"·id="idm7307
0003b450:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="0003b230:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003b460:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri0003b240:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
0003b470:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border0003b250:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
0003b480:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens0003b260:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
0003b490:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp0003b270:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
0003b4a0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>0003b280:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
0003b4b0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b4c0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003b4d0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b4e0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003b4f0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003b500:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003b510:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003b520:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003b530:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003b540:·7072·653e·3c63·6f64·653e·696e·636c·7564··pre><code>includ 
0003b550:·6520·696e·7374·616c·6c5f·6169·6465·0a0a··e·install_aide.. 
0003b560:·636c·6173·7320·696e·7374·616c·6c5f·6169··class·install_ai 
0003b570:·6465·207b·0a20·2070·6163·6b61·6765·207b··de·{.··package·{ 
0003b580:·2027·6169·6465·273a·0a20·2020·2065·6e73···'aide':.····ens 
0003b590:·7572·6520·3d26·6774·3b20·2769·6e73·7461··ure·=&gt;·'insta 
0003b5a0:·6c6c·6564·272c·0a20·207d·0a7d·0a3c·2f63··lled',.··}.}.</c 
0003b5b0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b5c0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b5d0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b5e0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b5f0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b600:·6964·6d37·3330·3922·2074·6162·696e·6465··idm7309"·tabinde 
0003b610:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b620:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b630:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b640:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b650:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b660:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui 
0003b670:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
0003b680:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b690:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b6a0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b6b0:·7073·6522·2069·643d·2269·646d·3733·3039··pse"·id="idm7309 
0003b6c0:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[ 
0003b6d0:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name· 
0003b6e0:·3d20·2261·6964·6522·0a76·6572·7369·6f6e··=·"aide".version 
0003b6f0:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></ 
0003b700:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003b710:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003b720:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003b730:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003b740:·2d74·6172·6765·743d·2223·6964·6d37·3331··-target="#idm731 
0003b750:·3022·2074·6162·696e·6465·783d·2230·2220··0"·tabindex="0"· 
0003b760:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003b770:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003b780:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003b790:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003b7a0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003b7b0:·7469·6f6e·2073·6372·6970·7420·e287·b23c··tion·script·...< 
0003b7c0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b7d0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b7e0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b7f0:·6964·6d37·3331·3022·3e3c·7461·626c·6520··idm7310"><table· 
0003b800:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003b810:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003b820:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003b830:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003b840:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003b850:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b860:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003b870:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003b880:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b890:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003b8a0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003b8b0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003b8c0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003b8d0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003b8e0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b8f0:·3e0a·7061·636b·6167·6520·696e·7374·616c··>.package·instal 
0003b900:·6c20·6169·6465·0a3c·2f63·6f64·653e·3c2f··l·aide.</code></ 
0003b910:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003b920:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003b930:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003b940:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003b950:·2d74·6172·6765·743d·2223·6964·6d37·3331··-target="#idm731 
Max diff block lines reached; 33527355/33564781 bytes (99.89%) of diff not shown.
2.76 MB
html2text {}
Max HTML report size reached
34.6 MB
./usr/share/doc/ssg-nondebian/ssg-rhel10-guide-stig_gui.html
    
Offset 15124, 280 lines modifiedOffset 15124, 280 lines modified
0003b130:·6574·3d22·2369·646d·3733·3037·2220·7461··et="#idm7307"·ta0003b130:·6574·3d22·2369·646d·3733·3037·2220·7461··et="#idm7307"·ta
0003b140:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003b140:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b150:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003b150:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b160:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003b160:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b170:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003b170:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b180:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003b180:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003b190:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003b190:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b1a0:·416e·6163·6f6e·6461·2073·6e69·7070·6574··Anaconda·snippet 
0003b1b0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003b1c0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003b1d0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003b1e0:·2069·643d·2269·646d·3733·3037·223e·3c74···id="idm7307"><t 
0003b1f0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003b200:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003b210:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003b220:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003b230:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003b240:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003b250:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b260:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003b270:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b280:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003b290:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003b2a0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b2b0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003b2c0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003b2d0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003b2e0:·3c63·6f64·653e·0a70·6163·6b61·6765·202d··<code>.package·- 
0003b2f0:·2d61·6464·3d61·6964·650a·3c2f·636f·6465··-add=aide.</code 
0003b300:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b310:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b320:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b330:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b340:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b350:·3733·3038·2220·7461·6269·6e64·6578·3d22··7308"·tabindex=" 
0003b360:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b370:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b380:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b390:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b3a0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b3b0:·6469·6174·696f·6e20·5075·7070·6574·2073··diation·Puppet·s 
0003b3c0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b0003b1a0:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b
0003b3d0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa0003b1b0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
0003b3e0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col0003b1c0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
0003b3f0:·6c61·7073·6522·2069·643d·2269·646d·3733··lapse"·id="idm730003b1d0:·6c61·7073·6522·2069·643d·2269·646d·3733··lapse"·id="idm73
0003b400:·3038·223e·3c74·6162·6c65·2063·6c61·7373··08"><table·class0003b1e0:·3037·223e·3c74·6162·6c65·2063·6c61·7373··07"><table·class
0003b410:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st0003b1f0:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
0003b420:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord0003b200:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
0003b430:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde0003b210:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
0003b440:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co0003b220:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
0003b450:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t0003b230:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
0003b460:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><0003b240:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
0003b470:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio0003b250:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio
0003b480:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</0003b260:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</
0003b490:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>0003b270:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003b4a0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>0003b280:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>
0003b4b0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><0003b290:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><
0003b4c0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:0003b2a0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
0003b4d0:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable<0003b2b0:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable<
0003b4e0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table0003b2c0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
0003b4f0:·3e3c·7072·653e·3c63·6f64·653e·696e·636c··><pre><code>incl0003b2d0:·3e3c·7072·653e·3c63·6f64·653e·0a64·6e66··><pre><code>.dnf
 0003b2e0:·2069·6e73·7461·6c6c·2061·6964·650a·3c2f···install·aide.</
 0003b2f0:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div
 0003b300:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b
 0003b310:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data
 0003b320:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps
 0003b330:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
 0003b340:·2369·646d·3733·3038·2220·7461·6269·6e64··#idm7308"·tabind
 0003b350:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
 0003b360:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
 0003b370:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
 0003b380:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
 0003b390:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
 0003b3a0:·5265·6d65·6469·6174·696f·6e20·5075·7070··Remediation·Pupp
0003b500:·7564·6520·696e·7374·616c·6c5f·6169·6465··ude·install_aide 
0003b510:·0a0a·636c·6173·7320·696e·7374·616c·6c5f··..class·install_ 
0003b520:·6169·6465·207b·0a20·2070·6163·6b61·6765··aide·{.··package 
0003b530:·207b·2027·6169·6465·273a·0a20·2020·2065···{·'aide':.····e 
0003b540:·6e73·7572·6520·3d26·6774·3b20·2769·6e73··nsure·=&gt;·'ins 
0003b550:·7461·6c6c·6564·272c·0a20·207d·0a7d·0a3c··talled',.··}.}.< 
0003b560:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003b570:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003b580:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003b590:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003b5a0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003b5b0:·2223·6964·6d37·3330·3922·2074·6162·696e··"#idm7309"·tabin 
0003b5c0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003b5d0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003b5e0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003b5f0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003b600:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003b610:·3e52·656d·6564·6961·7469·6f6e·204f·5342··>Remediation·OSB 
0003b620:·7569·6c64·2042·6c75·6570·7269·6e74·2073··uild·Blueprint·s 
0003b630:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b0003b3b0:·6574·2073·6e69·7070·6574·20e2·87b2·3c2f··et·snippet·...</
0003b640:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa0003b3c0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0003b650:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col0003b3d0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0003b660:·6c61·7073·6522·2069·643d·2269·646d·3733··lapse"·id="idm730003b3e0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0003b670:·3039·223e·3c70·7265·3e3c·636f·6465·3e0a··09"><pre><code>. 
0003b680:·5b5b·7061·636b·6167·6573·5d5d·0a6e·616d··[[packages]].nam 
0003b690:·6520·3d20·2261·6964·6522·0a76·6572·7369··e·=·"aide".versi 
0003b6a0:·6f6e·203d·2022·2a22·0a3c·2f63·6f64·653e··on·=·"*".</code> 
0003b6b0:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003b6c0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003b6d0:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003b6e0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003b6f0:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm7 
0003b700:·3331·3022·2074·6162·696e·6465·783d·2230··310"·tabindex="0 
0003b710:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003b720:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003b730:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003b740:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003b750:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003b760:·6961·7469·6f6e·2073·6372·6970·7420·e287··iation·script·..0003b3f0:·646d·3733·3038·223e·3c74·6162·6c65·2063··dm7308"><table·c
 0003b400:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
 0003b410:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
 0003b420:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
 0003b430:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
 0003b440:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
 0003b450:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003b460:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
 0003b470:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l
 0003b480:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003b490:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>
 0003b4a0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></
 0003b4b0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
 0003b4c0:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena
 0003b4d0:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t
Max diff block lines reached; 33396342/33433630 bytes (99.89%) of diff not shown.
2.75 MB
html2text {}
Max HTML report size reached
24.0 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-anssi_bp28_enhanced.html
    
Offset 15247, 284 lines modifiedOffset 15247, 284 lines modified
0003b8e0:·6765·743d·2223·6964·6d37·3939·3022·2074··get="#idm7990"·t0003b8e0:·6765·743d·2223·6964·6d37·3939·3022·2074··get="#idm7990"·t
0003b8f0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003b8f0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003b900:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003b900:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003b910:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003b910:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003b920:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003b920:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003b930:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003b930:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003b940:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003b940:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003b950:·2041·6e61·636f·6e64·6120·736e·6970·7065···Anaconda·snippe 
0003b960:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b970:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b980:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b990:·2220·6964·3d22·6964·6d37·3939·3022·3e3c··"·id="idm7990">< 
0003b9a0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003b9b0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003b9c0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003b9d0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003b9e0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003b9f0:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003ba00:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003ba10:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003ba20:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003ba30:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003ba40:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003ba50:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003ba60:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003ba70:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003ba80:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003ba90:·3e3c·636f·6465·3e0a·7061·636b·6167·6520··><code>.package· 
0003baa0:·2d2d·6164·643d·6169·6465·0a3c·2f63·6f64··--add=aide.</cod 
0003bab0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003bac0:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003bad0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003bae0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003baf0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003bb00:·6d37·3939·3122·2074·6162·696e·6465·783d··m7991"·tabindex= 
0003bb10:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003bb20:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003bb30:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003bb40:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003bb50:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003bb60:·6564·6961·7469·6f6e·2050·7570·7065·7420··ediation·Puppet· 
0003bb70:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003b950:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
0003bb80:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003b960:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003bb90:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003b970:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003bba0:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm70003b980:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm7
0003bbb0:·3939·3122·3e3c·7461·626c·6520·636c·6173··991"><table·clas0003b990:·3939·3022·3e3c·7461·626c·6520·636c·6173··990"><table·clas
0003bbc0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s0003b9a0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003bbd0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor0003b9b0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003bbe0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond0003b9c0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003bbf0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C0003b9d0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003bc00:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><0003b9e0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003bc10:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003bc20:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003bc30:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003bc40:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003bc50:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003bc60:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003bc70:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003bc80:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003bc90:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003bca0:·653e·3c70·7265·3e3c·636f·6465·3e69·6e63··e><pre><code>inc 
0003bcb0:·6c75·6465·2069·6e73·7461·6c6c·5f61·6964··lude·install_aid 
0003bcc0:·650a·0a63·6c61·7373·2069·6e73·7461·6c6c··e..class·install 
0003bcd0:·5f61·6964·6520·7b0a·2020·7061·636b·6167··_aide·{.··packag 
0003bce0:·6520·7b20·2761·6964·6527·3a0a·2020·2020··e·{·'aide':.···· 
0003bcf0:·656e·7375·7265·203d·2667·743b·2027·696e··ensure·=&gt;·'in 
0003bd00:·7374·616c·6c65·6427·2c0a·2020·7d0a·7d0a··stalled',.··}.}. 
0003bd10:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003bd20:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003bd30:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003bd40:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003bd50:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003bd60:·3d22·2369·646d·3739·3932·2220·7461·6269··="#idm7992"·tabi 
0003bd70:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003bd80:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003bd90:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003bda0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003bdb0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003bdc0:·223e·5265·6d65·6469·6174·696f·6e20·4f53··">Remediation·OS 
0003bdd0:·4275·696c·6420·426c·7565·7072·696e·7420··Build·Blueprint· 
0003bde0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003bdf0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003be00:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003be10:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm7 
0003be20:·3939·3222·3e3c·7072·653e·3c63·6f64·653e··992"><pre><code> 
0003be30:·0a5b·5b70·6163·6b61·6765·735d·5d0a·6e61··.[[packages]].na 
0003be40:·6d65·203d·2022·6169·6465·220a·7665·7273··me·=·"aide".vers 
0003be50:·696f·6e20·3d20·222a·220a·3c2f·636f·6465··ion·=·"*".</code 
0003be60:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003be70:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003be80:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003be90:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003bea0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003beb0:·3739·3933·2220·7461·6269·6e64·6578·3d22··7993"·tabindex=" 
0003bec0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003bed0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003bee0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003bef0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003bf00:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003bf10:·6469·6174·696f·6e20·7363·7269·7074·20e2··diation·script·. 
0003bf20:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003bf30:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003bf40:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003bf50:·643d·2269·646d·3739·3933·223e·3c74·6162··d="idm7993"><tab 
0003bf60:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003bf70:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003bf80:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003bf90:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003bfa0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003bfb0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003bfc0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003bfd0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003bfe0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>0003b9f0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
0003bff0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003c000:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t0003ba00:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
 0003ba10:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
0003c010:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S0003ba20:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003c020:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003c030:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003c040:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003c050:·6f64·653e·0a70·6163·6b61·6765·2069·6e73··ode>.package·ins 
0003c060:·7461·6c6c·2061·6964·650a·3c2f·636f·6465··tall·aide.</code 
0003c070:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003c080:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003c090:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003c0a0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003c0b0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
Max diff block lines reached; 23000470/23038310 bytes (99.84%) of diff not shown.
2.0 MB
html2text {}
Max HTML report size reached
24.3 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-anssi_bp28_high.html
    
Offset 15252, 284 lines modifiedOffset 15252, 284 lines modified
0003b930:·7461·7267·6574·3d22·2369·646d·3739·3930··target="#idm79900003b930:·7461·7267·6574·3d22·2369·646d·3739·3930··target="#idm7990
0003b940:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003b940:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003b950:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003b950:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003b960:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003b960:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003b970:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003b970:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003b980:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003b980:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003b990:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003b990:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
 0003b9a0:·696f·6e20·7363·7269·7074·20e2·87b2·3c2f··ion·script·...</
0003b9a0:·696f·6e20·416e·6163·6f6e·6461·2073·6e69··ion·Anaconda·sni 
0003b9b0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003b9c0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003b9d0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003b9e0:·7073·6522·2069·643d·2269·646d·3739·3930··pse"·id="idm7990 
0003b9f0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003ba00:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003ba10:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003ba20:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003ba30:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003ba40:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003ba50:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003ba60:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003ba70:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003ba80:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003ba90:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003baa0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003bab0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003bac0:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003bad0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003bae0:·7072·653e·3c63·6f64·653e·0a70·6163·6b61··pre><code>.packa 
0003baf0:·6765·202d·2d61·6464·3d61·6964·650a·3c2f··ge·--add=aide.</ 
0003bb00:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003bb10:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003bb20:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003bb30:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003bb40:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003bb50:·2369·646d·3739·3931·2220·7461·6269·6e64··#idm7991"·tabind 
0003bb60:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003bb70:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003bb80:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003bb90:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003bba0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003bbb0:·5265·6d65·6469·6174·696f·6e20·5075·7070··Remediation·Pupp 
0003bbc0:·6574·2073·6e69·7070·6574·20e2·87b2·3c2f··et·snippet·...</ 
0003bbd0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0003b9b0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0003bbe0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0003b9c0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0003bbf0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0003b9d0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0003bc00:·646d·3739·3931·223e·3c74·6162·6c65·2063··dm7991"><table·c0003b9e0:·646d·3739·3930·223e·3c74·6162·6c65·2063··dm7990"><table·c
0003bc10:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl0003b9f0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
0003bc20:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-0003ba00:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
0003bc30:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c0003ba10:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
0003bc40:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t0003ba20:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
0003bc50:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t0003ba30:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
0003bc60:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></0003ba40:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
0003bc70:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru0003ba50:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
0003bc80:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l0003ba60:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l
0003bc90:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>0003ba70:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
0003bca0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>0003ba80:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>
0003bcb0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></0003ba90:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></
0003bcc0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat0003baa0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
0003bcd0:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena0003bab0:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena
0003bce0:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t0003bac0:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t
0003bcf0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>0003bad0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
 0003bae0:·0a64·6e66·2069·6e73·7461·6c6c·2061·6964··.dnf·install·aid
 0003baf0:·650a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··e.</code></pre><
 0003bb00:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b
 0003bb10:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"·
 0003bb20:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col
 0003bb30:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ
 0003bb40:·6574·3d22·2369·646d·3739·3931·2220·7461··et="#idm7991"·ta
 0003bb50:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
 0003bb60:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
 0003bb70:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
 0003bb80:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
 0003bb90:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
 0003bba0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
 0003bbb0:·5075·7070·6574·2073·6e69·7070·6574·20e2··Puppet·snippet·.
 0003bbc0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
 0003bbd0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
 0003bbe0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
 0003bbf0:·643d·2269·646d·3739·3931·223e·3c74·6162··d="idm7991"><tab
 0003bc00:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 0003bc10:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 0003bc20:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 0003bc30:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 0003bc40:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
 0003bc50:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003bc60:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003bc70:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
 0003bc80:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003bc90:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003bca0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
 0003bcb0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 0003bcc0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003bcd0:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr
 0003bce0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
0003bd00:·696e·636c·7564·6520·696e·7374·616c·6c5f··include·install_0003bcf0:·6f64·653e·696e·636c·7564·6520·696e·7374··ode>include·inst
0003bd10:·6169·6465·0a0a·636c·6173·7320·696e·7374··aide..class·inst0003bd00:·616c·6c5f·6169·6465·0a0a·636c·6173·7320··all_aide..class·
0003bd20:·616c·6c5f·6169·6465·207b·0a20·2070·6163··all_aide·{.··pac0003bd10:·696e·7374·616c·6c5f·6169·6465·207b·0a20··install_aide·{.·
0003bd30:·6b61·6765·207b·2027·6169·6465·273a·0a20··kage·{·'aide':.·0003bd20:·2070·6163·6b61·6765·207b·2027·6169·6465···package·{·'aide
0003bd40:·2020·2065·6e73·7572·6520·3d26·6774·3b20·····ensure·=&gt;·0003bd30:·273a·0a20·2020·2065·6e73·7572·6520·3d26··':.····ensure·=&
0003bd50:·2769·6e73·7461·6c6c·6564·272c·0a20·207d··'installed',.··}0003bd40:·6774·3b20·2769·6e73·7461·6c6c·6564·272c··gt;·'installed',
0003bd60:·0a7d·0a3c·2f63·6f64·653e·3c2f·7072·653e··.}.</code></pre>0003bd50:·0a20·207d·0a7d·0a3c·2f63·6f64·653e·3c2f··.··}.}.</code></
0003bd70:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="0003bd60:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
0003bd80:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"0003bd70:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
0003bd90:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co0003bd80:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
0003bda0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar0003bd90:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
0003bdb0:·6765·743d·2223·6964·6d37·3939·3222·2074··get="#idm7992"·t0003bda0:·2d74·6172·6765·743d·2223·6964·6d37·3939··-target="#idm799
0003bdc0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003bdb0:·3222·2074·6162·696e·6465·783d·2230·2220··2"·tabindex="0"·
0003bdd0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003bdc0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003bde0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003bdd0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003bdf0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003bde0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003be00:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003bdf0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003be10:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003be00:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
 0003be10:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
0003be20:·204f·5342·7569·6c64·2042·6c75·6570·7269···OSBuild·Bluepri 
0003be30:·6e74·2073·6e69·7070·6574·20e2·87b2·3c2f··nt·snippet·...</ 
0003be40:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003be50:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003be60:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003be70:·646d·3739·3932·223e·3c70·7265·3e3c·636f··dm7992"><pre><co 
0003be80:·6465·3e0a·5b5b·7061·636b·6167·6573·5d5d··de>.[[packages]] 
0003be90:·0a6e·616d·6520·3d20·2261·6964·6522·0a76··.name·=·"aide".v 
0003bea0:·6572·7369·6f6e·203d·2022·2a22·0a3c·2f63··ersion·=·"*".</c 
0003beb0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003bec0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003bed0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003bee0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
Max diff block lines reached; 23296680/23334520 bytes (99.84%) of diff not shown.
2.04 MB
html2text {}
Max HTML report size reached
10.6 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-anssi_bp28_intermediary.html
    
Offset 15242, 285 lines modifiedOffset 15242, 285 lines modified
0003b890:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b890:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b8a0:·3d22·2369·646d·3739·3930·2220·7461·6269··="#idm7990"·tabi0003b8a0:·3d22·2369·646d·3739·3930·2220·7461·6269··="#idm7990"·tabi
0003b8b0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b8b0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b8c0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b8c0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b8d0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b8d0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b8e0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b8e0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b8f0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b8f0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b900:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003b900:·223e·5265·6d65·6469·6174·696f·6e20·7363··">Remediation·sc
0003b910:·6163·6f6e·6461·2073·6e69·7070·6574·20e2··aconda·snippet·. 
0003b920:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003b930:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003b940:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003b950:·643d·2269·646d·3739·3930·223e·3c74·6162··d="idm7990"><tab 
0003b960:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003b970:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003b980:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003b990:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003b9a0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003b9b0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b9c0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003b9d0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003b9e0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b9f0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003ba00:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003ba10:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003ba20:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003ba30:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003ba40:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003ba50:·6f64·653e·0a70·6163·6b61·6765·202d·2d61··ode>.package·--a 
0003ba60:·6464·3d61·6964·650a·3c2f·636f·6465·3e3c··dd=aide.</code>< 
0003ba70:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003ba80:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003ba90:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003baa0:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003bab0:·612d·7461·7267·6574·3d22·2369·646d·3739··a-target="#idm79 
0003bac0:·3931·2220·7461·6269·6e64·6578·3d22·3022··91"·tabindex="0" 
0003bad0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003bae0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003baf0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003bb00:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003bb10:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi 
0003bb20:·6174·696f·6e20·5075·7070·6574·2073·6e69··ation·Puppet·sni 
0003bb30:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003b910:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
0003bb40:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003b920:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003bb50:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003b930:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003bb60:·7073·6522·2069·643d·2269·646d·3739·3931··pse"·id="idm79910003b940:·7073·6522·2069·643d·2269·646d·3739·3930··pse"·id="idm7990
0003bb70:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="0003b950:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003bb80:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri0003b960:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
0003bb90:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border0003b970:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
0003bba0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens0003b980:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
0003bbb0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp0003b990:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
0003bbc0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>0003b9a0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
0003bbd0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr0003b9b0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
0003bbe0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:0003b9c0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
0003bbf0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td0003b9d0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
0003bc00:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re0003b9e0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
0003bc10:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa0003b9f0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
0003bc20:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr0003ba00:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
0003bc30:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</0003ba10:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
0003bc40:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t0003ba20:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t
0003bc50:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><0003ba30:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
 0003ba40:·7072·653e·3c63·6f64·653e·0a64·6e66·2069··pre><code>.dnf·i
 0003ba50:·6e73·7461·6c6c·2061·6964·650a·3c2f·636f··nstall·aide.</co
 0003ba60:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
 0003ba70:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
 0003ba80:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
 0003ba90:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
 0003baa0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
 0003bab0:·646d·3739·3931·2220·7461·6269·6e64·6578··dm7991"·tabindex
 0003bac0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
 0003bad0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
 0003bae0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
 0003baf0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
 0003bb00:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
 0003bb10:·6d65·6469·6174·696f·6e20·5075·7070·6574··mediation·Puppet
 0003bb20:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>
 0003bb30:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
 0003bb40:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
 0003bb50:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
 0003bb60:·3739·3931·223e·3c74·6162·6c65·2063·6c61··7991"><table·cla
 0003bb70:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
 0003bb80:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
 0003bb90:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
 0003bba0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
 0003bbb0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
 0003bbc0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
 0003bbd0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
 0003bbe0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low
 0003bbf0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003bc00:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
 0003bc10:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
 0003bc20:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
 0003bc30:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl
 0003bc40:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
0003bc60:·7072·653e·3c63·6f64·653e·696e·636c·7564··pre><code>includ0003bc50:·6c65·3e3c·7072·653e·3c63·6f64·653e·696e··le><pre><code>in
0003bc70:·6520·696e·7374·616c·6c5f·6169·6465·0a0a··e·install_aide.. 
0003bc80:·636c·6173·7320·696e·7374·616c·6c5f·6169··class·install_ai0003bc60:·636c·7564·6520·696e·7374·616c·6c5f·6169··clude·install_ai
 0003bc70:·6465·0a0a·636c·6173·7320·696e·7374·616c··de..class·instal
0003bc90:·6465·207b·0a20·2070·6163·6b61·6765·207b··de·{.··package·{0003bc80:·6c5f·6169·6465·207b·0a20·2070·6163·6b61··l_aide·{.··packa
0003bca0:·2027·6169·6465·273a·0a20·2020·2065·6e73···'aide':.····ens0003bc90:·6765·207b·2027·6169·6465·273a·0a20·2020··ge·{·'aide':.···
0003bcb0:·7572·6520·3d26·6774·3b20·2769·6e73·7461··ure·=&gt;·'insta0003bca0:·2065·6e73·7572·6520·3d26·6774·3b20·2769···ensure·=&gt;·'i
0003bcc0:·6c6c·6564·272c·0a20·207d·0a7d·0a3c·2f63··lled',.··}.}.</c0003bcb0:·6e73·7461·6c6c·6564·272c·0a20·207d·0a7d··nstalled',.··}.}
0003bcd0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div>0003bcc0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
0003bce0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt0003bcd0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
0003bcf0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data-0003bce0:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
0003bd00:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse0003bcf0:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
0003bd10:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003bd00:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003bd20:·6964·6d37·3939·3222·2074·6162·696e·6465··idm7992"·tabinde0003bd10:·743d·2223·6964·6d37·3939·3222·2074·6162··t="#idm7992"·tab
0003bd30:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003bd20:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003bd40:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003bd30:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003bd50:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003bd40:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003bd60:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003bd50:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003bd70:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003bd60:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003bd80:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui0003bd70:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
0003bd90:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
0003bda0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003bdb0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003bdc0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003bdd0:·7073·6522·2069·643d·2269·646d·3739·3932··pse"·id="idm7992 
0003bde0:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[ 
0003bdf0:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name· 
0003be00:·3d20·2261·6964·6522·0a76·6572·7369·6f6e··=·"aide".version 
0003be10:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></ 
0003be20:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003be30:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003be40:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003be50:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
Max diff block lines reached; 9941200/9979178 bytes (99.62%) of diff not shown.
1.07 MB
html2text {}
    
Offset 131, 52 lines modifiedOffset 131, 48 lines modified
131 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5131 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
132 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199132 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
133 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359133 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359
134 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79134 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
135 ·············_\x8c_\x8i_\x8s············5.3.1135 ·············_\x8c_\x8i_\x8s············5.3.1
136 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2136 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
137 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule137 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
138 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8138 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
139 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low139 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
140 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low140 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
141 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false141 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
142 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable142 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
143 package·--add=aide143 dnf·install·aide
144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
145 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low145 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
146 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low146 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
147 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false147 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
148 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable148 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
149 include·install_aide149 include·install_aide
  
150 class·install_aide·{150 class·install_aide·{
151 ··package·{·'aide':151 ··package·{·'aide':
152 ····ensure·=>·'installed',152 ····ensure·=>·'installed',
153 ··}153 ··}
154 }154 }
155 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
156 [[packages]] 
157 name·=·"aide" 
158 version·=·"*" 
159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8155 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
160 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low156 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
161 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low157 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
162 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false158 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
163 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable159 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 160 #·Remediation·is·applicable·only·in·certain·platforms
 161 if·rpm·--quiet·-q·kernel;·then
  
 162 if·!·rpm·-q·--quiet·"aide"·;·then
 163 ····yum·install·-y·"aide"
 164 fi
164 package·install·aide 
165 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
166 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
167 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
168 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
169 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
170 dnf·install·aide165 else
 166 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 167 fi
171 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8168 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
172 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low169 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
173 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low170 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
174 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false171 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
175 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable172 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
176 -·name:·Gather·the·package·facts173 -·name:·Gather·the·package·facts
177 ··package_facts:174 ··package_facts:
Offset 209, 29 lines modifiedOffset 205, 33 lines modified
209 ··-·PCI-DSSv4-11.5.2205 ··-·PCI-DSSv4-11.5.2
210 ··-·enable_strategy206 ··-·enable_strategy
211 ··-·low_complexity207 ··-·low_complexity
212 ··-·low_disruption208 ··-·low_disruption
213 ··-·medium_severity209 ··-·medium_severity
214 ··-·no_reboot_needed210 ··-·no_reboot_needed
215 ··-·package_aide_installed211 ··-·package_aide_installed
 212 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 213 [[packages]]
 214 name·=·"aide"
 215 version·=·"*"
216 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8216 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
217 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low217 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
218 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low218 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
219 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false219 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
220 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable220 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
221 #·Remediation·is·applicable·only·in·certain·platforms 
222 if·rpm·--quiet·-q·kernel;·then 
  
223 if·!·rpm·-q·--quiet·"aide"·;·then 
224 ····yum·install·-y·"aide" 
225 fi221 package·install·aide
 222 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 223 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 224 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 225 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 226 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 227 package·--add=aide
226 else 
227 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
228 fi 
229 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*228 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
230 Run·the·following·command·to·generate·a·new·database:229 Run·the·following·command·to·generate·a·new·database:
231 $·sudo·/usr/sbin/aide·--init230 $·sudo·/usr/sbin/aide·--init
232 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the231 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the
233 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these232 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these
234 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their233 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
235 integrity.·The·newly-generated·database·can·be·installed·as·follows:234 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 259, 14 lines modifiedOffset 259, 28 lines modified
259 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5259 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
260 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199260 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
261 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359261 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359
262 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79262 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
263 ·············_\x8c_\x8i_\x8s············5.3.1263 ·············_\x8c_\x8i_\x8s············5.3.1
264 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2264 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
265 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule265 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
 266 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 267 #·Remediation·is·applicable·only·in·certain·platforms
 268 if·rpm·--quiet·-q·kernel;·then
  
 269 if·!·rpm·-q·--quiet·"aide"·;·then
 270 ····yum·install·-y·"aide"
 271 fi
  
 272 /usr/sbin/aide·--init
 273 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 274 else
 275 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 276 fi
266 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8277 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
267 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low278 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
268 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low279 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
269 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false280 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
270 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict281 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1120835/1125963 bytes (99.54%) of diff not shown.
3.51 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-anssi_bp28_minimal.html
    
Offset 14908, 296 lines modifiedOffset 14908, 296 lines modified
0003a3b0:·7461·7267·6574·3d22·2369·646d·3133·3432··target="#idm13420003a3b0:·7461·7267·6574·3d22·2369·646d·3133·3432··target="#idm1342
0003a3c0:·3122·2074·6162·696e·6465·783d·2230·2220··1"·tabindex="0"·0003a3c0:·3122·2074·6162·696e·6465·783d·2230·2220··1"·tabindex="0"·
0003a3d0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003a3d0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003a3e0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003a3e0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003a3f0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003a3f0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003a400:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003a400:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003a410:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003a410:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003a420:·7469·6f6e·2041·6e61·636f·6e64·6120·736e··tion·Anaconda·sn 
0003a430:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br 
0003a440:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003a450:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003a460:·6170·7365·2220·6964·3d22·6964·6d31·3334··apse"·id="idm134 
0003a470:·3231·223e·3c74·6162·6c65·2063·6c61·7373··21"><table·class 
0003a480:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
0003a490:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord 
0003a4a0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
0003a4b0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
0003a4c0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
0003a4d0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003a4e0:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003a4f0:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003a500:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003a510:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>0003a420:·7469·6f6e·2073·6372·6970·7420·e287·b23c··tion·script·...<
 0003a430:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003a440:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003a450:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003a460:·6964·6d31·3334·3231·223e·3c74·6162·6c65··idm13421"><table
 0003a470:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
 0003a480:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
 0003a490:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
 0003a4a0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
 0003a4b0:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
 0003a4c0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003a4d0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
 0003a4e0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
 0003a4f0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003a500:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
 0003a510:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
 0003a520:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
 0003a530:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e
0003a520:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><0003a540:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><
 0003a550:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
 0003a560:·653e·0a64·6e66·2069·6e73·7461·6c6c·2064··e>.dnf·install·d
0003a530:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003a540:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003a550:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003a560:·3e3c·7072·653e·3c63·6f64·653e·0a70·6163··><pre><code>.pac 
0003a570:·6b61·6765·202d·2d61·6464·3d64·6e66·2d61··kage·--add=dnf-a 
0003a580:·7574·6f6d·6174·6963·0a3c·2f63·6f64·653e··utomatic.</code> 
0003a590:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003a5a0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003a5b0:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003a5c0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003a5d0:·7461·2d74·6172·6765·743d·2223·6964·6d31··ta-target="#idm1 
0003a5e0:·3334·3232·2220·7461·6269·6e64·6578·3d22··3422"·tabindex=" 
0003a5f0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003a600:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003a610:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003a620:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003a630:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003a640:·6469·6174·696f·6e20·5075·7070·6574·2073··diation·Puppet·s 
0003a650:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003a660:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003a670:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003a680:·6c61·7073·6522·2069·643d·2269·646d·3133··lapse"·id="idm13 
0003a690:·3432·3222·3e3c·7461·626c·6520·636c·6173··422"><table·clas 
0003a6a0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003a6b0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003a6c0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003a6d0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003a6e0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003a6f0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003a700:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003a710:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003a720:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003a730:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003a740:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003a750:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003a760:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003a770:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003a780:·653e·3c70·7265·3e3c·636f·6465·3e69·6e63··e><pre><code>inc 
0003a790:·6c75·6465·2069·6e73·7461·6c6c·5f64·6e66··lude·install_dnf 
0003a7a0:·2d61·7574·6f6d·6174·6963·0a0a·636c·6173··-automatic..clas0003a570:·6e66·2d61·7574·6f6d·6174·6963·0a3c·2f63··nf-automatic.</c
0003a7b0:·7320·696e·7374·616c·6c5f·646e·662d·6175··s·install_dnf-au 
0003a7c0:·746f·6d61·7469·6320·7b0a·2020·7061·636b··tomatic·{.··pack 
0003a7d0:·6167·6520·7b20·2764·6e66·2d61·7574·6f6d··age·{·'dnf-autom 
0003a7e0:·6174·6963·273a·0a20·2020·2065·6e73·7572··atic':.····ensur 
0003a7f0:·6520·3d26·6774·3b20·2769·6e73·7461·6c6c··e·=&gt;·'install 
0003a800:·6564·272c·0a20·207d·0a7d·0a3c·2f63·6f64··ed',.··}.}.</cod 
0003a810:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a0003a580:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div>
0003a820:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-0003a590:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt
0003a830:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to0003a5a0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data-
0003a840:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·0003a5b0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse
0003a850:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003a5c0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003a860:·6d31·3334·3233·2220·7461·6269·6e64·6578··m13423"·tabindex0003a5d0:·6964·6d31·3334·3232·2220·7461·6269·6e64··idm13422"·tabind
0003a870:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003a5e0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003a880:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003a5f0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003a890:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003a600:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003a8a0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003a610:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
0003a8b0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003a620:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003a8c0:·6d65·6469·6174·696f·6e20·4f53·4275·696c··mediation·OSBuil 
0003a8d0:·6420·426c·7565·7072·696e·7420·736e·6970··d·Blueprint·snip 
0003a8e0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003a8f0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003a900:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003a910:·7365·2220·6964·3d22·6964·6d31·3334·3233··se"·id="idm13423 
0003a920:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[ 
0003a930:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name·0003a630:·5265·6d65·6469·6174·696f·6e20·5075·7070··Remediation·Pupp
 0003a640:·6574·2073·6e69·7070·6574·20e2·87b2·3c2f··et·snippet·...</
 0003a650:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
 0003a660:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
 0003a670:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
 0003a680:·646d·3133·3432·3222·3e3c·7461·626c·6520··dm13422"><table·
 0003a690:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 0003a6a0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 0003a6b0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 0003a6c0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 0003a6d0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
 0003a6e0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003a6f0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 0003a700:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
 0003a710:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003a720:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 0003a730:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 0003a740:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 0003a750:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
 0003a760:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
Max diff block lines reached; 3397732/3437228 bytes (98.85%) of diff not shown.
239 KB
html2text {}
    
Offset 95, 52 lines modifiedOffset 95, 49 lines modified
95 ·············suitable·for·automatic,·regular·execution.95 ·············suitable·for·automatic,·regular·execution.
96 Severity: ···medium96 Severity: ···medium
97 Rule·ID:·····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed97 Rule·ID:·····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed
98 Identifiers:·CCE-82985-398 Identifiers:·CCE-82985-3
99 ·············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.299 ·············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.2
100 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-00080100 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-00080
101 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61101 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
102 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8102 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
103 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low103 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
104 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low104 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
105 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false105 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
106 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable106 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
107 package·--add=dnf-automatic107 dnf·install·dnf-automatic
108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
113 include·install_dnf-automatic113 include·install_dnf-automatic
  
114 class·install_dnf-automatic·{114 class·install_dnf-automatic·{
115 ··package·{·'dnf-automatic':115 ··package·{·'dnf-automatic':
116 ····ensure·=>·'installed',116 ····ensure·=>·'installed',
117 ··}117 ··}
118 }118 }
119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
120 [[packages]] 
121 name·=·"dnf-automatic" 
122 version·=·"*" 
123 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
124 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
125 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
126 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
127 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 124 #·Remediation·is·applicable·only·in·certain·platforms
 125 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc
 126 ;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 127 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then
 128 ····yum·install·-y·"dnf-automatic"
 129 fi
128 package·install·dnf-automatic 
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
134 dnf·install·dnf-automatic130 else
 131 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 132 fi
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
140 -·name:·Gather·the·package·facts138 -·name:·Gather·the·package·facts
141 ··package_facts:139 ··package_facts:
Offset 166, 30 lines modifiedOffset 163, 33 lines modified
166 ··-·CCE-82985-3163 ··-·CCE-82985-3
167 ··-·enable_strategy164 ··-·enable_strategy
168 ··-·low_complexity165 ··-·low_complexity
169 ··-·low_disruption166 ··-·low_disruption
170 ··-·medium_severity167 ··-·medium_severity
171 ··-·no_reboot_needed168 ··-·no_reboot_needed
172 ··-·package_dnf-automatic_installed169 ··-·package_dnf-automatic_installed
 170 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 171 [[packages]]
 172 name·=·"dnf-automatic"
 173 version·=·"*"
173 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8174 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
174 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low175 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
175 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low176 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
176 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false177 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
177 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable178 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
178 #·Remediation·is·applicable·only·in·certain·platforms 
179 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc 
180 ;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
181 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then 
182 ····yum·install·-y·"dnf-automatic" 
183 fi179 package·install·dnf-automatic
 180 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 181 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 182 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 183 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 184 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 185 package·--add=dnf-automatic
184 else 
185 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
186 fi 
187 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*186 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
188 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed187 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed
189 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/188 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/
190 automatic.conf.189 automatic.conf.
191 ·············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation190 ·············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation
192 ·············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and191 ·············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and
193 Rationale:···updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in192 Rationale:···updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in
Offset 200, 14 lines modifiedOffset 200, 56 lines modified
200 Rule·ID:·····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates200 Rule·ID:·····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates
201 Identifiers:·CCE-82494-6201 Identifiers:·CCE-82494-6
202 ·············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495202 ·············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495
203 ·············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)203 ·············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)
204 References:··_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1204 References:··_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1
205 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260205 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260
206 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61206 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
 207 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 208 #·Remediation·is·applicable·only·in·certain·platforms
 209 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc
 210 ;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 211 found=false
  
 212 #·set·value·in·all·files·if·they·contain·section·or·key
 213 for·f·in·$(echo·-n·"/etc/dnf/automatic.conf");·do
 214 ····if·[·!·-e·"$f"·];·then
 215 ········continue
 216 ····fi
  
 217 ····#·find·key·in·section·and·change·value
 218 ····if·grep·-qzosP·"[[:space:]]*\[commands\]([^\n\[]*\n+)+?[[:space:]]*apply_updates"·"$f";
 219 then
  
Max diff block lines reached; 237941/244217 bytes (97.43%) of diff not shown.
27.4 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cis.html
    
Offset 15299, 285 lines modifiedOffset 15299, 285 lines modified
0003bc20:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003bc20:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003bc30:·2223·6964·6d37·3939·3022·2074·6162·696e··"#idm7990"·tabin0003bc30:·2223·6964·6d37·3939·3022·2074·6162·696e··"#idm7990"·tabin
0003bc40:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003bc40:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003bc50:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003bc50:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003bc60:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003bc60:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003bc70:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003bc70:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003bc80:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003bc80:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003bc90:·3e52·656d·6564·6961·7469·6f6e·2041·6e61··>Remediation·Ana0003bc90:·3e52·656d·6564·6961·7469·6f6e·2073·6372··>Remediation·scr
0003bca0:·636f·6e64·6120·736e·6970·7065·7420·e287··conda·snippet·.. 
0003bcb0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003bcc0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003bcd0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003bce0:·3d22·6964·6d37·3939·3022·3e3c·7461·626c··="idm7990"><tabl 
0003bcf0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003bd00:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003bd10:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003bd20:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003bd30:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003bd40:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003bd50:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003bd60:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003bd70:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003bd80:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003bd90:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003bda0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003bdb0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003bdc0:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003bdd0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003bde0:·6465·3e0a·7061·636b·6167·6520·2d2d·6164··de>.package·--ad 
0003bdf0:·643d·6169·6465·0a3c·2f63·6f64·653e·3c2f··d=aide.</code></ 
0003be00:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003be10:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003be20:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003be30:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003be40:·2d74·6172·6765·743d·2223·6964·6d37·3939··-target="#idm799 
0003be50:·3122·2074·6162·696e·6465·783d·2230·2220··1"·tabindex="0"· 
0003be60:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003be70:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003be80:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003be90:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003bea0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003beb0:·7469·6f6e·2050·7570·7065·7420·736e·6970··tion·Puppet·snip 
0003bec0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><0003bca0:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br><
0003bed0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel0003bcb0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003bee0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap0003bcc0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003bef0:·7365·2220·6964·3d22·6964·6d37·3939·3122··se"·id="idm7991"0003bcd0:·7365·2220·6964·3d22·6964·6d37·3939·3022··se"·id="idm7990"
0003bf00:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t0003bce0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
0003bf10:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip0003bcf0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
0003bf20:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere0003bd00:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
0003bf30:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense0003bd10:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
0003bf40:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl0003bd20:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
0003bf50:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l0003bd30:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
0003bf60:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>0003bd40:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
0003bf70:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<0003bd50:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
0003bf80:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>0003bd60:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
0003bf90:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb0003bd70:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
0003bfa0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal0003bd80:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
0003bfb0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>0003bd90:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
0003bfc0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t0003bda0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
0003bfd0:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td0003bdb0:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td
0003bfe0:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p0003bdc0:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
 0003bdd0:·7265·3e3c·636f·6465·3e0a·646e·6620·696e··re><code>.dnf·in
 0003bde0:·7374·616c·6c20·6169·6465·0a3c·2f63·6f64··stall·aide.</cod
 0003bdf0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a
 0003be00:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-
 0003be10:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to
 0003be20:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·
 0003be30:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
 0003be40:·6d37·3939·3122·2074·6162·696e·6465·783d··m7991"·tabindex=
 0003be50:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
 0003be60:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
 0003be70:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
 0003be80:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
 0003be90:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
 0003bea0:·6564·6961·7469·6f6e·2050·7570·7065·7420··ediation·Puppet·
 0003beb0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
 0003bec0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
 0003bed0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
 0003bee0:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm7
 0003bef0:·3939·3122·3e3c·7461·626c·6520·636c·6173··991"><table·clas
 0003bf00:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
 0003bf10:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
 0003bf20:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
 0003bf30:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
 0003bf40:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
 0003bf50:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003bf60:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
 0003bf70:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
 0003bf80:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003bf90:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
 0003bfa0:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
 0003bfb0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
 0003bfc0:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable
 0003bfd0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
0003bff0:·7265·3e3c·636f·6465·3e69·6e63·6c75·6465··re><code>include0003bfe0:·653e·3c70·7265·3e3c·636f·6465·3e69·6e63··e><pre><code>inc
0003c000:·2069·6e73·7461·6c6c·5f61·6964·650a·0a63···install_aide..c 
0003c010:·6c61·7373·2069·6e73·7461·6c6c·5f61·6964··lass·install_aid0003bff0:·6c75·6465·2069·6e73·7461·6c6c·5f61·6964··lude·install_aid
 0003c000:·650a·0a63·6c61·7373·2069·6e73·7461·6c6c··e..class·install
0003c020:·6520·7b0a·2020·7061·636b·6167·6520·7b20··e·{.··package·{·0003c010:·5f61·6964·6520·7b0a·2020·7061·636b·6167··_aide·{.··packag
0003c030:·2761·6964·6527·3a0a·2020·2020·656e·7375··'aide':.····ensu0003c020:·6520·7b20·2761·6964·6527·3a0a·2020·2020··e·{·'aide':.····
0003c040:·7265·203d·2667·743b·2027·696e·7374·616c··re·=&gt;·'instal0003c030:·656e·7375·7265·203d·2667·743b·2027·696e··ensure·=&gt;·'in
0003c050:·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f·636f··led',.··}.}.</co0003c040:·7374·616c·6c65·6427·2c0a·2020·7d0a·7d0a··stalled',.··}.}.
0003c060:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><0003c050:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
0003c070:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn0003c060:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
0003c080:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t0003c070:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
0003c090:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"0003c080:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
0003c0a0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003c090:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003c0b0:·646d·3739·3932·2220·7461·6269·6e64·6578··dm7992"·tabindex0003c0a0:·3d22·2369·646d·3739·3932·2220·7461·6269··="#idm7992"·tabi
0003c0c0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003c0b0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003c0d0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003c0c0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003c0e0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003c0d0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003c0f0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003c0e0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003c100:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003c0f0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
 0003c100:·223e·5265·6d65·6469·6174·696f·6e20·5368··">Remediation·Sh
0003c110:·6d65·6469·6174·696f·6e20·4f53·4275·696c··mediation·OSBuil 
0003c120:·6420·426c·7565·7072·696e·7420·736e·6970··d·Blueprint·snip 
0003c130:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003c140:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003c150:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003c160:·7365·2220·6964·3d22·6964·6d37·3939·3222··se"·id="idm7992" 
0003c170:·3e3c·7072·653e·3c63·6f64·653e·0a5b·5b70··><pre><code>.[[p 
0003c180:·6163·6b61·6765·735d·5d0a·6e61·6d65·203d··ackages]].name·= 
0003c190:·2022·6169·6465·220a·7665·7273·696f·6e20···"aide".version· 
0003c1a0:·3d20·222a·220a·3c2f·636f·6465·3e3c·2f70··=·"*".</code></p 
0003c1b0:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003c1c0:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
0003c1d0:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
Max diff block lines reached; 26307019/26344997 bytes (99.86%) of diff not shown.
2.32 MB
html2text {}
Max HTML report size reached
12.4 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cis_server_l1.html
    
Offset 15261, 285 lines modifiedOffset 15261, 285 lines modified
0003b9c0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003b9c0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b9d0:·3739·3930·2220·7461·6269·6e64·6578·3d22··7990"·tabindex="0003b9d0:·3739·3930·2220·7461·6269·6e64·6578·3d22··7990"·tabindex="
0003b9e0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003b9e0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b9f0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003b9f0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003ba00:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003ba00:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003ba10:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003ba10:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003ba20:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003ba20:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
 0003ba30:·6469·6174·696f·6e20·7363·7269·7074·20e2··diation·script·.
0003ba30:·6469·6174·696f·6e20·416e·6163·6f6e·6461··diation·Anaconda 
0003ba40:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003ba50:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003ba60:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003ba70:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003ba80:·3739·3930·223e·3c74·6162·6c65·2063·6c61··7990"><table·cla 
0003ba90:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003baa0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003bab0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003bac0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003bad0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003bae0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003baf0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003bb00:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003bb10:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003bb20:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003bb30:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003bb40:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003bb50:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003bb60:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003bb70:·6c65·3e3c·7072·653e·3c63·6f64·653e·0a70··le><pre><code>.p 
0003bb80:·6163·6b61·6765·202d·2d61·6464·3d61·6964··ackage·--add=aid 
0003bb90:·650a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··e.</code></pre>< 
0003bba0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003bbb0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003bbc0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003bbd0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003bbe0:·6574·3d22·2369·646d·3739·3931·2220·7461··et="#idm7991"·ta 
0003bbf0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003bc00:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003bc10:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003bc20:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003bc30:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003bc40:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003bc50:·5075·7070·6574·2073·6e69·7070·6574·20e2··Puppet·snippet·. 
0003bc60:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c0003ba40:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
0003bc70:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll0003ba50:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0003bc80:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i0003ba60:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0003bc90:·643d·2269·646d·3739·3931·223e·3c74·6162··d="idm7991"><tab0003ba70:·643d·2269·646d·3739·3930·223e·3c74·6162··d="idm7990"><tab
0003bca0:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·0003ba80:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
0003bcb0:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta0003ba90:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
0003bcc0:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab0003baa0:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
0003bcd0:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t0003bab0:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
0003bce0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity0003bac0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
 0003bad0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003bae0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003baf0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
 0003bb00:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003bb10:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003bb20:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
 0003bb30:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 0003bb40:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003bb50:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr
 0003bb60:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
 0003bb70:·6f64·653e·0a64·6e66·2069·6e73·7461·6c6c··ode>.dnf·install
 0003bb80:·2061·6964·650a·3c2f·636f·6465·3e3c·2f70···aide.</code></p
 0003bb90:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas
 0003bba0:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe
 0003bbb0:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle=
 0003bbc0:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data-
 0003bbd0:·7461·7267·6574·3d22·2369·646d·3739·3931··target="#idm7991
 0003bbe0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
 0003bbf0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
 0003bc00:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
 0003bc10:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
 0003bc20:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
 0003bc30:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
 0003bc40:·696f·6e20·5075·7070·6574·2073·6e69·7070··ion·Puppet·snipp
 0003bc50:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d
 0003bc60:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
 0003bc70:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
 0003bc80:·6522·2069·643d·2269·646d·3739·3931·223e··e"·id="idm7991">
 0003bc90:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
 0003bca0:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
 0003bcb0:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
 0003bcc0:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
 0003bcd0:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
 0003bce0:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo
 0003bcf0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003bd00:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
 0003bd10:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003bd20:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo
 0003bd30:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals
 0003bd40:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><
 0003bd50:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
 0003bd60:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td>
 0003bd70:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
 0003bd80:·653e·3c63·6f64·653e·696e·636c·7564·6520··e><code>include·
 0003bd90:·696e·7374·616c·6c5f·6169·6465·0a0a·636c··install_aide..cl
 0003bda0:·6173·7320·696e·7374·616c·6c5f·6169·6465··ass·install_aide
 0003bdb0:·207b·0a20·2070·6163·6b61·6765·207b·2027···{.··package·{·'
 0003bdc0:·6169·6465·273a·0a20·2020·2065·6e73·7572··aide':.····ensur
 0003bdd0:·6520·3d26·6774·3b20·2769·6e73·7461·6c6c··e·=&gt;·'install
 0003bde0:·6564·272c·0a20·207d·0a7d·0a3c·2f63·6f64··ed',.··}.}.</cod
 0003bdf0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a
 0003be00:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-
 0003be10:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to
 0003be20:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·
 0003be30:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
 0003be40:·6d37·3939·3222·2074·6162·696e·6465·783d··m7992"·tabindex=
 0003be50:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
 0003be60:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
 0003be70:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
 0003be80:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
 0003be90:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
 0003bea0:·6564·6961·7469·6f6e·2053·6865·6c6c·2073··ediation·Shell·s
 0003beb0:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br
 0003bec0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
 0003bed0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
 0003bee0:·6170·7365·2220·6964·3d22·6964·6d37·3939··apse"·id="idm799
 0003bef0:·3222·3e3c·7461·626c·6520·636c·6173·733d··2"><table·class=
 0003bf00:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
 0003bf10:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
 0003bf20:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
 0003bf30:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
 0003bf40:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
 0003bf50:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003bf60:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003bcf0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t0003bf70:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
Max diff block lines reached; 11615653/11653631 bytes (99.67%) of diff not shown.
1.28 MB
html2text {}
    
Offset 117, 52 lines modifiedOffset 117, 48 lines modified
117 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5117 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
118 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199118 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
119 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359119 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359
120 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79120 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
121 ·············_\x8c_\x8i_\x8s············5.3.1121 ·············_\x8c_\x8i_\x8s············5.3.1
122 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2122 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
123 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule123 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
124 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8124 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
125 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low125 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
126 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low126 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
127 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false127 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
128 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable128 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
129 package·--add=aide129 dnf·install·aide
130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
131 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low131 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
132 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low132 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
133 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false133 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
134 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable134 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
135 include·install_aide135 include·install_aide
  
136 class·install_aide·{136 class·install_aide·{
137 ··package·{·'aide':137 ··package·{·'aide':
138 ····ensure·=>·'installed',138 ····ensure·=>·'installed',
139 ··}139 ··}
140 }140 }
141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
142 [[packages]] 
143 name·=·"aide" 
144 version·=·"*" 
145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low142 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low143 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false144 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable145 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 146 #·Remediation·is·applicable·only·in·certain·platforms
 147 if·rpm·--quiet·-q·kernel;·then
  
 148 if·!·rpm·-q·--quiet·"aide"·;·then
 149 ····yum·install·-y·"aide"
 150 fi
150 package·install·aide 
151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
152 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
153 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
154 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
155 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
156 dnf·install·aide151 else
 152 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 153 fi
157 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8154 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
158 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low155 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
159 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low156 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
160 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false157 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
161 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable158 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
162 -·name:·Gather·the·package·facts159 -·name:·Gather·the·package·facts
163 ··package_facts:160 ··package_facts:
Offset 195, 29 lines modifiedOffset 191, 33 lines modified
195 ··-·PCI-DSSv4-11.5.2191 ··-·PCI-DSSv4-11.5.2
196 ··-·enable_strategy192 ··-·enable_strategy
197 ··-·low_complexity193 ··-·low_complexity
198 ··-·low_disruption194 ··-·low_disruption
199 ··-·medium_severity195 ··-·medium_severity
200 ··-·no_reboot_needed196 ··-·no_reboot_needed
201 ··-·package_aide_installed197 ··-·package_aide_installed
 198 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 199 [[packages]]
 200 name·=·"aide"
 201 version·=·"*"
202 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8202 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
203 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low203 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
204 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low204 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
205 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false205 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
206 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable206 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
207 #·Remediation·is·applicable·only·in·certain·platforms 
208 if·rpm·--quiet·-q·kernel;·then 
  
209 if·!·rpm·-q·--quiet·"aide"·;·then 
210 ····yum·install·-y·"aide" 
211 fi207 package·install·aide
 208 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 209 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 210 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 211 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 212 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 213 package·--add=aide
212 else 
213 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
214 fi 
215 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*214 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
216 Run·the·following·command·to·generate·a·new·database:215 Run·the·following·command·to·generate·a·new·database:
217 $·sudo·/usr/sbin/aide·--init216 $·sudo·/usr/sbin/aide·--init
218 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:217 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
219 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz218 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
220 To·initiate·a·manual·check,·run·the·following·command:219 To·initiate·a·manual·check,·run·the·following·command:
221 $·sudo·/usr/sbin/aide·--check220 $·sudo·/usr/sbin/aide·--check
Offset 238, 14 lines modifiedOffset 238, 28 lines modified
238 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5238 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
239 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199239 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
240 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359240 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359
241 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79241 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
242 ·············_\x8c_\x8i_\x8s············5.3.1242 ·············_\x8c_\x8i_\x8s············5.3.1
243 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2243 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
244 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule244 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
 245 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 246 #·Remediation·is·applicable·only·in·certain·platforms
 247 if·rpm·--quiet·-q·kernel;·then
  
 248 if·!·rpm·-q·--quiet·"aide"·;·then
 249 ····yum·install·-y·"aide"
 250 fi
  
 251 /usr/sbin/aide·--init
 252 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 253 else
 254 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 255 fi
245 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8256 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
246 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low257 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
247 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low258 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
248 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false259 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
249 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict260 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1340457/1345734 bytes (99.61%) of diff not shown.
12.1 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cis_workstation_l1.html
    
Offset 15252, 285 lines modifiedOffset 15252, 285 lines modified
0003b930:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b930:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b940:·3d22·2369·646d·3739·3930·2220·7461·6269··="#idm7990"·tabi0003b940:·3d22·2369·646d·3739·3930·2220·7461·6269··="#idm7990"·tabi
0003b950:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b950:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b960:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b960:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b970:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b970:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b980:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b980:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b990:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b990:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b9a0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003b9a0:·223e·5265·6d65·6469·6174·696f·6e20·7363··">Remediation·sc
0003b9b0:·6163·6f6e·6461·2073·6e69·7070·6574·20e2··aconda·snippet·. 
0003b9c0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003b9d0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003b9e0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003b9f0:·643d·2269·646d·3739·3930·223e·3c74·6162··d="idm7990"><tab 
0003ba00:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003ba10:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003ba20:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003ba30:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003ba40:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003ba50:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003ba60:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003ba70:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003ba80:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003ba90:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003baa0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003bab0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003bac0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003bad0:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003bae0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003baf0:·6f64·653e·0a70·6163·6b61·6765·202d·2d61··ode>.package·--a 
0003bb00:·6464·3d61·6964·650a·3c2f·636f·6465·3e3c··dd=aide.</code>< 
0003bb10:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003bb20:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003bb30:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003bb40:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003bb50:·612d·7461·7267·6574·3d22·2369·646d·3739··a-target="#idm79 
0003bb60:·3931·2220·7461·6269·6e64·6578·3d22·3022··91"·tabindex="0" 
0003bb70:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003bb80:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003bb90:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003bba0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003bbb0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi 
0003bbc0:·6174·696f·6e20·5075·7070·6574·2073·6e69··ation·Puppet·sni 
0003bbd0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003b9b0:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
0003bbe0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003b9c0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003bbf0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003b9d0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003bc00:·7073·6522·2069·643d·2269·646d·3739·3931··pse"·id="idm79910003b9e0:·7073·6522·2069·643d·2269·646d·3739·3930··pse"·id="idm7990
0003bc10:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="0003b9f0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003bc20:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri0003ba00:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
0003bc30:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border0003ba10:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
0003bc40:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens0003ba20:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
0003bc50:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp0003ba30:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
0003bc60:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>0003ba40:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
0003bc70:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr0003ba50:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
0003bc80:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:0003ba60:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
0003bc90:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td0003ba70:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
0003bca0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re0003ba80:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
0003bcb0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa0003ba90:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
0003bcc0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr0003baa0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
0003bcd0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</0003bab0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
0003bce0:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t0003bac0:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t
0003bcf0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><0003bad0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
 0003bae0:·7072·653e·3c63·6f64·653e·0a64·6e66·2069··pre><code>.dnf·i
 0003baf0:·6e73·7461·6c6c·2061·6964·650a·3c2f·636f··nstall·aide.</co
 0003bb00:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
 0003bb10:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
 0003bb20:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
 0003bb30:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
 0003bb40:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
 0003bb50:·646d·3739·3931·2220·7461·6269·6e64·6578··dm7991"·tabindex
 0003bb60:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
 0003bb70:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
 0003bb80:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
 0003bb90:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
 0003bba0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
 0003bbb0:·6d65·6469·6174·696f·6e20·5075·7070·6574··mediation·Puppet
 0003bbc0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>
 0003bbd0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
 0003bbe0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
 0003bbf0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
 0003bc00:·3739·3931·223e·3c74·6162·6c65·2063·6c61··7991"><table·cla
 0003bc10:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
 0003bc20:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
 0003bc30:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
 0003bc40:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
 0003bc50:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
 0003bc60:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
 0003bc70:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
 0003bc80:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low
 0003bc90:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
 0003bca0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
 0003bcb0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
 0003bcc0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
 0003bcd0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl
 0003bce0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
0003bd00:·7072·653e·3c63·6f64·653e·696e·636c·7564··pre><code>includ0003bcf0:·6c65·3e3c·7072·653e·3c63·6f64·653e·696e··le><pre><code>in
0003bd10:·6520·696e·7374·616c·6c5f·6169·6465·0a0a··e·install_aide.. 
0003bd20:·636c·6173·7320·696e·7374·616c·6c5f·6169··class·install_ai0003bd00:·636c·7564·6520·696e·7374·616c·6c5f·6169··clude·install_ai
 0003bd10:·6465·0a0a·636c·6173·7320·696e·7374·616c··de..class·instal
0003bd30:·6465·207b·0a20·2070·6163·6b61·6765·207b··de·{.··package·{0003bd20:·6c5f·6169·6465·207b·0a20·2070·6163·6b61··l_aide·{.··packa
0003bd40:·2027·6169·6465·273a·0a20·2020·2065·6e73···'aide':.····ens0003bd30:·6765·207b·2027·6169·6465·273a·0a20·2020··ge·{·'aide':.···
0003bd50:·7572·6520·3d26·6774·3b20·2769·6e73·7461··ure·=&gt;·'insta0003bd40:·2065·6e73·7572·6520·3d26·6774·3b20·2769···ensure·=&gt;·'i
0003bd60:·6c6c·6564·272c·0a20·207d·0a7d·0a3c·2f63··lled',.··}.}.</c0003bd50:·6e73·7461·6c6c·6564·272c·0a20·207d·0a7d··nstalled',.··}.}
0003bd70:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div>0003bd60:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
0003bd80:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt0003bd70:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
0003bd90:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data-0003bd80:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
0003bda0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse0003bd90:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll
0003bdb0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003bda0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003bdc0:·6964·6d37·3939·3222·2074·6162·696e·6465··idm7992"·tabinde0003bdb0:·743d·2223·6964·6d37·3939·3222·2074·6162··t="#idm7992"·tab
0003bdd0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003bdc0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003bde0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003bdd0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003bdf0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003bde0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003be00:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003bdf0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003be10:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003be00:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003be20:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui0003be10:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
0003be30:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
0003be40:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003be50:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003be60:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003be70:·7073·6522·2069·643d·2269·646d·3739·3932··pse"·id="idm7992 
0003be80:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b5b··"><pre><code>.[[ 
0003be90:·7061·636b·6167·6573·5d5d·0a6e·616d·6520··packages]].name· 
0003bea0:·3d20·2261·6964·6522·0a76·6572·7369·6f6e··=·"aide".version 
0003beb0:·203d·2022·2a22·0a3c·2f63·6f64·653e·3c2f···=·"*".</code></ 
0003bec0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003bed0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003bee0:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003bef0:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
Max diff block lines reached; 11304904/11342882 bytes (99.67%) of diff not shown.
1.25 MB
html2text {}
    
Offset 116, 52 lines modifiedOffset 116, 48 lines modified
116 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5116 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
117 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199117 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
118 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359118 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359
119 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79119 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
120 ·············_\x8c_\x8i_\x8s············5.3.1120 ·············_\x8c_\x8i_\x8s············5.3.1
121 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2121 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
122 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule122 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
123 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8123 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
124 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low124 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
125 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low125 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
126 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false126 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
127 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable127 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
128 package·--add=aide128 dnf·install·aide
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
134 include·install_aide134 include·install_aide
  
135 class·install_aide·{135 class·install_aide·{
136 ··package·{·'aide':136 ··package·{·'aide':
137 ····ensure·=>·'installed',137 ····ensure·=>·'installed',
138 ··}138 ··}
139 }139 }
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
141 [[packages]] 
142 name·=·"aide" 
143 version·=·"*" 
144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
145 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
146 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
147 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
148 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 145 #·Remediation·is·applicable·only·in·certain·platforms
 146 if·rpm·--quiet·-q·kernel;·then
  
 147 if·!·rpm·-q·--quiet·"aide"·;·then
 148 ····yum·install·-y·"aide"
 149 fi
149 package·install·aide 
150 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
151 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
152 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
153 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
154 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
155 dnf·install·aide150 else
 151 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 152 fi
156 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8153 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
157 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low154 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
158 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low155 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
159 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false156 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
160 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable157 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
161 -·name:·Gather·the·package·facts158 -·name:·Gather·the·package·facts
162 ··package_facts:159 ··package_facts:
Offset 194, 29 lines modifiedOffset 190, 33 lines modified
194 ··-·PCI-DSSv4-11.5.2190 ··-·PCI-DSSv4-11.5.2
195 ··-·enable_strategy191 ··-·enable_strategy
196 ··-·low_complexity192 ··-·low_complexity
197 ··-·low_disruption193 ··-·low_disruption
198 ··-·medium_severity194 ··-·medium_severity
199 ··-·no_reboot_needed195 ··-·no_reboot_needed
200 ··-·package_aide_installed196 ··-·package_aide_installed
 197 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 198 [[packages]]
 199 name·=·"aide"
 200 version·=·"*"
201 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8201 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
202 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low202 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
203 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low203 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
204 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false204 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
205 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable205 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
206 #·Remediation·is·applicable·only·in·certain·platforms 
207 if·rpm·--quiet·-q·kernel;·then 
  
208 if·!·rpm·-q·--quiet·"aide"·;·then 
209 ····yum·install·-y·"aide" 
210 fi206 package·install·aide
 207 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 208 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 209 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 210 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 211 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 212 package·--add=aide
211 else 
212 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
213 fi 
214 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*213 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
215 Run·the·following·command·to·generate·a·new·database:214 Run·the·following·command·to·generate·a·new·database:
216 $·sudo·/usr/sbin/aide·--init215 $·sudo·/usr/sbin/aide·--init
217 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:216 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
218 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz217 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
219 To·initiate·a·manual·check,·run·the·following·command:218 To·initiate·a·manual·check,·run·the·following·command:
220 $·sudo·/usr/sbin/aide·--check219 $·sudo·/usr/sbin/aide·--check
Offset 237, 14 lines modifiedOffset 237, 28 lines modified
237 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5237 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
238 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199238 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
239 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359239 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359
240 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79240 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
241 ·············_\x8c_\x8i_\x8s············5.3.1241 ·············_\x8c_\x8i_\x8s············5.3.1
242 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2242 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
243 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule243 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
 244 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 245 #·Remediation·is·applicable·only·in·certain·platforms
 246 if·rpm·--quiet·-q·kernel;·then
  
 247 if·!·rpm·-q·--quiet·"aide"·;·then
 248 ····yum·install·-y·"aide"
 249 fi
  
 250 /usr/sbin/aide·--init
 251 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 252 else
 253 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 254 fi
244 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8255 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
245 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low256 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
246 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low257 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
247 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false258 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
248 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict259 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1304389/1309666 bytes (99.60%) of diff not shown.
27.2 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cis_workstation_l2.html
    
Offset 15291, 284 lines modifiedOffset 15291, 284 lines modified
0003bba0:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm70003bba0:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm7
0003bbb0:·3939·3022·2074·6162·696e·6465·783d·2230··990"·tabindex="00003bbb0:·3939·3022·2074·6162·696e·6465·783d·2230··990"·tabindex="0
0003bbc0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·0003bbc0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003bbd0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f0003bbd0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003bbe0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act0003bbe0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003bbf0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"0003bbf0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
0003bc00:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed0003bc00:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003bc10:·6961·7469·6f6e·2073·6372·6970·7420·e287··iation·script·..
0003bc10:·6961·7469·6f6e·2041·6e61·636f·6e64·6120··iation·Anaconda· 
0003bc20:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003bc30:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003bc40:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003bc50:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm7 
0003bc60:·3939·3022·3e3c·7461·626c·6520·636c·6173··990"><table·clas 
0003bc70:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003bc80:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003bc90:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003bca0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003bcb0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003bcc0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003bcd0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003bce0:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003bcf0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003bd00:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003bd10:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003bd20:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003bd30:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003bd40:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003bd50:·653e·3c70·7265·3e3c·636f·6465·3e0a·7061··e><pre><code>.pa 
0003bd60:·636b·6167·6520·2d2d·6164·643d·6169·6465··ckage·--add=aide 
0003bd70:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></ 
0003bd80:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt 
0003bd90:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d 
0003bda0:·6174·612d·746f·6767·6c65·3d22·636f·6c6c··ata-toggle="coll 
0003bdb0:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe 
0003bdc0:·743d·2223·6964·6d37·3939·3122·2074·6162··t="#idm7991"·tab 
0003bdd0:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role=" 
0003bde0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp 
0003bdf0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti 
0003be00:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to 
0003be10:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="# 
0003be20:·2122·3e52·656d·6564·6961·7469·6f6e·2050··!">Remediation·P 
0003be30:·7570·7065·7420·736e·6970·7065·7420·e287··uppet·snippet·.. 
0003be40:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl0003bc20:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003be50:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla0003bc30:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003be60:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id0003bc40:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003be70:·3d22·6964·6d37·3939·3122·3e3c·7461·626c··="idm7991"><tabl0003bc50:·3d22·6964·6d37·3939·3022·3e3c·7461·626c··="idm7990"><tabl
0003be80:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t0003bc60:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
0003be90:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab0003bc70:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
0003bea0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl0003bc80:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
0003beb0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr0003bc90:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
0003bec0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:0003bca0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
0003bed0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003bee0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003bef0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003bf00:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003bf10:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003bf20:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003bf30:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003bf40:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003bf50:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003bf60:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003bf70:·6465·3e69·6e63·6c75·6465·2069·6e73·7461··de>include·insta 
0003bf80:·6c6c·5f61·6964·650a·0a63·6c61·7373·2069··ll_aide..class·i 
0003bf90:·6e73·7461·6c6c·5f61·6964·6520·7b0a·2020··nstall_aide·{.·· 
0003bfa0:·7061·636b·6167·6520·7b20·2761·6964·6527··package·{·'aide' 
0003bfb0:·3a0a·2020·2020·656e·7375·7265·203d·2667··:.····ensure·=&g 
0003bfc0:·743b·2027·696e·7374·616c·6c65·6427·2c0a··t;·'installed',. 
0003bfd0:·2020·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70····}.}.</code></p 
0003bfe0:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003bff0:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
0003c000:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
0003c010:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
0003c020:·7461·7267·6574·3d22·2369·646d·3739·3932··target="#idm7992 
0003c030:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
0003c040:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
0003c050:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
0003c060:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
0003c070:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
0003c080:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat 
0003c090:·696f·6e20·4f53·4275·696c·6420·426c·7565··ion·OSBuild·Blue 
0003c0a0:·7072·696e·7420·736e·6970·7065·7420·e287··print·snippet·.. 
0003c0b0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003c0c0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003c0d0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003c0e0:·3d22·6964·6d37·3939·3222·3e3c·7072·653e··="idm7992"><pre> 
0003c0f0:·3c63·6f64·653e·0a5b·5b70·6163·6b61·6765··<code>.[[package 
0003c100:·735d·5d0a·6e61·6d65·203d·2022·6169·6465··s]].name·=·"aide 
0003c110:·220a·7665·7273·696f·6e20·3d20·222a·220a··".version·=·"*". 
0003c120:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003c130:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003c140:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003c150:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003c160:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003c170:·3d22·2369·646d·3739·3933·2220·7461·6269··="#idm7993"·tabi 
0003c180:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003c190:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003c1a0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003c1b0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003c1c0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003c1d0:·223e·5265·6d65·6469·6174·696f·6e20·7363··">Remediation·sc 
0003c1e0:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br> 
0003c1f0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003c200:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003c210:·7073·6522·2069·643d·2269·646d·3739·3933··pse"·id="idm7993 
0003c220:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class=" 
0003c230:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri 
0003c240:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border 
0003c250:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens 
0003c260:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp 
0003c270:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td> 
0003c280:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003c290:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption: 
0003c2a0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003c2b0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re 
0003c2c0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa 
0003c2d0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr 
0003c2e0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</ 
0003c2f0:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t 
0003c300:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003c310:·7072·653e·3c63·6f64·653e·0a70·6163·6b61··pre><code>.packa 
0003c320:·6765·2069·6e73·7461·6c6c·2061·6964·650a··ge·install·aide. 
0003c330:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003c340:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003c350:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003c360:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003c370:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
Max diff block lines reached; 26097840/26135680 bytes (99.86%) of diff not shown.
2.31 MB
html2text {}
Max HTML report size reached
10.9 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cui.html
    
Offset 15283, 285 lines modifiedOffset 15283, 285 lines modified
0003bb20:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003bb20:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003bb30:·6d37·3939·3022·2074·6162·696e·6465·783d··m7990"·tabindex=0003bb30:·6d37·3939·3022·2074·6162·696e·6465·783d··m7990"·tabindex=
0003bb40:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003bb40:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003bb50:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003bb50:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003bb60:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003bb60:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003bb70:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003bb70:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
0003bb80:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003bb80:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
 0003bb90:·6564·6961·7469·6f6e·2073·6372·6970·7420··ediation·script·
0003bb90:·6564·6961·7469·6f6e·2041·6e61·636f·6e64··ediation·Anacond 
0003bba0:·6120·736e·6970·7065·7420·e287·b23c·2f61··a·snippet·...</a 
0003bbb0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003bbc0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003bbd0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003bbe0:·6d37·3939·3022·3e3c·7461·626c·6520·636c··m7990"><table·cl 
0003bbf0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003bc00:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003bc10:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003bc20:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003bc30:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003bc40:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003bc50:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003bc60:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003bc70:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003bc80:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003bc90:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003bca0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003bcb0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003bcc0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
0003bcd0:·626c·653e·3c70·7265·3e3c·636f·6465·3e0a··ble><pre><code>. 
0003bce0:·7061·636b·6167·6520·2d2d·6164·643d·6169··package·--add=ai 
0003bcf0:·6465·0a3c·2f63·6f64·653e·3c2f·7072·653e··de.</code></pre> 
0003bd00:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003bd10:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003bd20:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003bd30:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003bd40:·6765·743d·2223·6964·6d37·3939·3122·2074··get="#idm7991"·t 
0003bd50:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003bd60:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003bd70:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003bd80:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003bd90:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003bda0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003bdb0:·2050·7570·7065·7420·736e·6970·7065·7420···Puppet·snippet· 
0003bdc0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·0003bba0:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
0003bdd0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col0003bbb0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
0003bde0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·0003bbc0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
0003bdf0:·6964·3d22·6964·6d37·3939·3122·3e3c·7461··id="idm7991"><ta0003bbd0:·6964·3d22·6964·6d37·3939·3022·3e3c·7461··id="idm7990"><ta
0003be00:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table0003bbe0:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
0003be10:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t0003bbf0:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
0003be20:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta0003bc00:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
0003be30:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><0003bc10:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
0003be40:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit0003bc20:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
0003be50:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</0003bc30:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</
0003be60:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003be70:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
0003be80:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003be90:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003bea0:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</ 
0003beb0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003bec0:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t 
0003bed0:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t 
0003bee0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003bef0:·636f·6465·3e69·6e63·6c75·6465·2069·6e73··code>include·ins 
0003bf00:·7461·6c6c·5f61·6964·650a·0a63·6c61·7373··tall_aide..class 
0003bf10:·2069·6e73·7461·6c6c·5f61·6964·6520·7b0a···install_aide·{. 
0003bf20:·2020·7061·636b·6167·6520·7b20·2761·6964····package·{·'aid 
0003bf30:·6527·3a0a·2020·2020·656e·7375·7265·203d··e':.····ensure·= 
0003bf40:·2667·743b·2027·696e·7374·616c·6c65·6427··&gt;·'installed' 
0003bf50:·2c0a·2020·7d0a·7d0a·3c2f·636f·6465·3e3c··,.··}.}.</code>< 
0003bf60:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl 
0003bf70:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc 
0003bf80:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl 
0003bf90:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat 
0003bfa0:·612d·7461·7267·6574·3d22·2369·646d·3739··a-target="#idm79 
0003bfb0:·3932·2220·7461·6269·6e64·6578·3d22·3022··92"·tabindex="0" 
0003bfc0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a 
0003bfd0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa 
0003bfe0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti 
0003bff0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"· 
0003c000:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi 
0003c010:·6174·696f·6e20·4f53·4275·696c·6420·426c··ation·OSBuild·Bl 
0003c020:·7565·7072·696e·7420·736e·6970·7065·7420··ueprint·snippet· 
0003c030:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003c040:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003c050:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003c060:·6964·3d22·6964·6d37·3939·3222·3e3c·7072··id="idm7992"><pr 
0003c070:·653e·3c63·6f64·653e·0a5b·5b70·6163·6b61··e><code>.[[packa 
0003c080:·6765·735d·5d0a·6e61·6d65·203d·2022·6169··ges]].name·=·"ai 
0003c090:·6465·220a·7665·7273·696f·6e20·3d20·222a··de".version·=·"* 
0003c0a0:·220a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··".</code></pre>< 
0003c0b0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003c0c0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003c0d0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003c0e0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003c0f0:·6574·3d22·2369·646d·3739·3933·2220·7461··et="#idm7993"·ta 
0003c100:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003c110:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003c120:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003c130:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003c140:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003c150:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003c160:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b 
0003c170:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003c180:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003c190:·6c61·7073·6522·2069·643d·2269·646d·3739··lapse"·id="idm79 
0003c1a0:·3933·223e·3c74·6162·6c65·2063·6c61·7373··93"><table·class 
0003c1b0:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
0003c1c0:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord 
0003c1d0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
0003c1e0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
0003c1f0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
0003c200:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003c210:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003c220:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003c230:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003c240:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
0003c250:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003c260:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003c270:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003c280:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003c290:·3e3c·7072·653e·3c63·6f64·653e·0a70·6163··><pre><code>.pac 
0003c2a0:·6b61·6765·2069·6e73·7461·6c6c·2061·6964··kage·install·aid 
0003c2b0:·650a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··e.</code></pre>< 
0003c2c0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003c2d0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003c2e0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003c2f0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
Max diff block lines reached; 10098420/10136398 bytes (99.63%) of diff not shown.
1.25 MB
html2text {}
    
Offset 122, 52 lines modifiedOffset 122, 48 lines modified
122 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5122 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
123 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199123 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
124 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359124 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359
125 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79125 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
126 ·············_\x8c_\x8i_\x8s············5.3.1126 ·············_\x8c_\x8i_\x8s············5.3.1
127 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2127 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
128 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule128 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
134 package·--add=aide134 dnf·install·aide
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
140 include·install_aide140 include·install_aide
  
141 class·install_aide·{141 class·install_aide·{
142 ··package·{·'aide':142 ··package·{·'aide':
143 ····ensure·=>·'installed',143 ····ensure·=>·'installed',
144 ··}144 ··}
145 }145 }
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
147 [[packages]] 
148 name·=·"aide" 
149 version·=·"*" 
150 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
151 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
152 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
153 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
154 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 151 #·Remediation·is·applicable·only·in·certain·platforms
 152 if·rpm·--quiet·-q·kernel;·then
  
 153 if·!·rpm·-q·--quiet·"aide"·;·then
 154 ····yum·install·-y·"aide"
 155 fi
155 package·install·aide 
156 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
157 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
158 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
159 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
160 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
161 dnf·install·aide156 else
 157 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 158 fi
162 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
163 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low160 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
164 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low161 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
165 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false162 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
166 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable163 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
167 -·name:·Gather·the·package·facts164 -·name:·Gather·the·package·facts
168 ··package_facts:165 ··package_facts:
Offset 200, 29 lines modifiedOffset 196, 33 lines modified
200 ··-·PCI-DSSv4-11.5.2196 ··-·PCI-DSSv4-11.5.2
201 ··-·enable_strategy197 ··-·enable_strategy
202 ··-·low_complexity198 ··-·low_complexity
203 ··-·low_disruption199 ··-·low_disruption
204 ··-·medium_severity200 ··-·medium_severity
205 ··-·no_reboot_needed201 ··-·no_reboot_needed
206 ··-·package_aide_installed202 ··-·package_aide_installed
 203 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 204 [[packages]]
 205 name·=·"aide"
 206 version·=·"*"
207 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8207 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
208 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low208 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
209 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low209 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
210 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false210 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
211 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable211 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
212 #·Remediation·is·applicable·only·in·certain·platforms 
213 if·rpm·--quiet·-q·kernel;·then 
  
214 if·!·rpm·-q·--quiet·"aide"·;·then 
215 ····yum·install·-y·"aide" 
216 fi212 package·install·aide
 213 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 214 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 215 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 216 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 217 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 218 package·--add=aide
217 else 
218 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
219 fi 
220 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules219 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules
221 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.220 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.
  
222 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·8.221 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·8.
  
223 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.222 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.
224 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·D\x8Dr\x8ra\x8ac\x8cu\x8ut\x8t·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8du\x8ul\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*223 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·D\x8Dr\x8ra\x8ac\x8cu\x8ut\x8t·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8du\x8ul\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
Offset 253, 31 lines modifiedOffset 253, 31 lines modified
253 ·············_\x8i_\x8s_\x8m······1446253 ·············_\x8i_\x8s_\x8m······1446
254 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1254 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
255 References:··_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12255 References:··_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
256 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1256 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
257 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176257 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
258 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-08-010020258 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-08-010020
259 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-230223r1017042_rule259 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-230223r1017042_rule
260 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
261 [customizations] 
262 fips·=·true 
263 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8260 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
264 #·Remediation·is·applicable·only·in·certain·platforms261 #·Remediation·is·applicable·only·in·certain·platforms
265 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then262 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
266 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then263 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
267 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF264 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
268 kargs·=·["fips=1"]265 kargs·=·["fips=1"]
269 EOF266 EOF
270 fi267 fi
  
271 else268 else
272 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'269 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
273 fi270 fi
 271 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
Max diff block lines reached; 1309776/1315748 bytes (99.55%) of diff not shown.
7.21 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-e8.html
    
Offset 15318, 414 lines modifiedOffset 15318, 414 lines modified
0003bd50:·7267·6574·3d22·2369·646d·3736·3437·2220··rget="#idm7647"·0003bd50:·7267·6574·3d22·2369·646d·3736·3437·2220··rget="#idm7647"·
0003bd60:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003bd60:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003bd70:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003bd70:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003bd80:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003bd80:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003bd90:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003bd90:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003bda0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003bda0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
Diff chunk too large, falling back to line-by-line diff (400 lines added, 400 lines removed)
0003bdb0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003bdb0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003bdc0:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe0003bdc0:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
0003bdd0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di0003bdd0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
0003bde0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c0003bde0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0003bdf0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse0003bdf0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0003be00:·2220·6964·3d22·6964·6d37·3634·3722·3e3c··"·id="idm7647"><0003be00:·643d·2269·646d·3736·3437·223e·3c70·7265··d="idm7647"><pre
0003be10:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab0003be10:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
0003be20:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped0003be20:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
0003be30:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·0003be30:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
0003be40:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"0003be40:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
0003be50:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex0003be50:·2120·2820·7b20·7270·6d20·2d2d·7175·6965··!·(·{·rpm·--quie
0003be60:·6974·793a·3c2f·7468·3e3c·7464·3e68·6967··ity:</th><td>hig0003be60:·7420·2d71·206b·6572·6e65·6c20·3b7d·2026··t·-q·kernel·;}·&
0003be70:·683c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··h</td></tr><tr><0003be70:·616d·703b·2661·6d70·3b20·7b20·7270·6d20··amp;&amp;·{·rpm·
0003be80:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</0003be80:·2d2d·7175·6965·7420·2d71·2072·706d·2d6f··--quiet·-q·rpm-o
0003be90:·7468·3e3c·7464·3e6d·6564·6975·6d3c·2f74··th><td>medium</t0003be90:·7374·7265·6520·3b7d·2026·616d·703b·2661··stree·;}·&amp;&a
0003bea0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R0003bea0:·6d70·3b20·7b20·7270·6d20·2d2d·7175·6965··mp;·{·rpm·--quie
0003beb0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f0003beb0:·7420·2d71·2062·6f6f·7463·203b·7d20·2661··t·-q·bootc·;}·&a
0003bec0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t0003bec0:·6d70·3b26·616d·703b·207b·2021·2072·706d··mp;&amp;·{·!·rpm
0003bed0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0003bed0:·202d·2d71·7569·6574·202d·7120·6f70·656e···--quiet·-q·open
0003bee0:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict0003bee0:·7368·6966·742d·6b75·6265·6c65·7420·3b7d··shift-kubelet·;}
0003bef0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl0003bef0:·2029·3b20·7468·656e·0a0a·2320·4669·6e64···);·then..#·Find
0003bf00:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n0003bf00:·2077·6869·6368·2066·696c·6573·2068·6176···which·files·hav
0003bf10:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the·0003bf10:·6520·696e·636f·7272·6563·7420·6861·7368··e·incorrect·hash
0003bf20:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.··0003bf20:·2028·6e6f·7420·696e·202f·6574·632c·2062···(not·in·/etc,·b
0003bf30:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.·0003bf30:·6563·6175·7365·206f·6620·7468·6520·7379··ecause·of·the·sy
0003bf40:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto0003bf40:·7374·656d·2072·656c·6174·6564·2063·6f6e··stem·related·con
0003bf50:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE0003bf50:·6669·6720·6669·6c65·7329·2061·6e64·2074··fig·files)·and·t
0003bf60:·2d38·3038·3537·2d36·0a20·202d·2043·4a49··-80857-6.··-·CJI0003bf60:·6865·6e20·6765·7420·6669·6c65·7320·6e61··hen·get·files·na
0003bf70:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N0003bf70:·6d65·730a·6669·6c65·735f·7769·7468·5f69··mes.files_with_i
0003bf80:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.0003bf80:·6e63·6f72·7265·6374·5f68·6173·683d·2224··ncorrect_hash="$
0003bf90:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-10003bf90:·2872·706d·202d·5661·202d·2d6e·6f63·6f6e··(rpm·-Va·--nocon
0003bfa0:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS0003bfa0:·6669·6720·7c20·6772·6570·202d·4520·275e··fig·|·grep·-E·'^
0003bfb0:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)0003bfb0:·2e2e·3527·207c·2061·776b·2027·7b70·7269··..5'·|·awk·'{pri
0003bfc0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bfc0:·6e74·2024·4e46·7d27·2029·220a·0a69·6620··nt·$NF}'·)"..if·
0003bfd0:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS0003bfd0:·5b20·2d6e·2022·2466·696c·6573·5f77·6974··[·-n·"$files_wit
0003bfe0:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)0003bfe0:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003bff0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bff0:·2220·5d3b·2074·6865·6e0a·2020·2020·2320··"·];·then.····#·
0003c000:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-80003c000:·4672·6f6d·2066·696c·6573·206e·616d·6573··From·files·names
0003c010:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··0003c010:·2067·6574·2070·6163·6b61·6765·206e·616d···get·package·nam
0003c020:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003c020:·6573·2061·6e64·2063·6861·6e67·6520·6e65··es·and·change·ne
0003c030:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS0003c030:·776c·696e·6520·746f·2073·7061·6365·2c20··wline·to·space,·
0003c040:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003c040:·6265·6361·7573·6520·7270·6d20·7772·6974··because·rpm·writ
0003c050:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003c050:·6573·2065·6163·6820·7061·636b·6167·6520··es·each·package·
0003c060:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex0003c060:·746f·206e·6577·206c·696e·650a·2020·2020··to·new·line.····
0003c070:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev0003c070:·7061·636b·6167·6573·5f74·6f5f·7265·696e··packages_to_rein
0003c080:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium0003c080:·7374·616c·6c3d·2224·2872·706d·202d·7166··stall="$(rpm·-qf
0003c090:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·0003c090:·2024·6669·6c65·735f·7769·7468·5f69·6e63···$files_with_inc
0003c0a0:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed0003c0a0:·6f72·7265·6374·5f68·6173·6820·7c20·7472··orrect_hash·|·tr
0003c0b0:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st0003c0b0:·2027·5c6e·2720·2720·2729·220a·0a20·2020···'\n'·'·')"..···
0003c0c0:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v0003c0c0:·200a·2020·2020·7975·6d20·7265·696e·7374···.····yum·reinst
0003c0d0:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·0003c0d0:·616c·6c20·2d79·2024·7061·636b·6167·6573··all·-y·$packages
0003c0e0:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:0003c0e0:·5f74·6f5f·7265·696e·7374·616c·6c0a·2020··_to_reinstall.··
0003c0f0:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager0003c0f0:·2020·0a66·690a·0a65·6c73·650a·2020·2020····.fi..else.····
0003c100:·2072·6569·6e73·7461·6c6c·2063·6f6d·6d61···reinstall·comma0003c100:·2667·743b·2661·6d70·3b32·2065·6368·6f20··&gt;&amp;2·echo·
0003c110:·6e64·270a·2020·7365·745f·6661·6374·3a0a··nd'.··set_fact:.0003c110:·2752·656d·6564·6961·7469·6f6e·2069·7320··'Remediation·is·
0003c120:·2020·2020·7061·636b·6167·655f·6d61·6e61······package_mana0003c120:·6e6f·7420·6170·706c·6963·6162·6c65·2c20··not·applicable,·
0003c130:·6765·725f·7265·696e·7374·616c·6c5f·636d··ger_reinstall_cm0003c130:·6e6f·7468·696e·6720·7761·7320·646f·6e65··nothing·was·done
0003c140:·643a·2079·756d·2072·6569·6e73·7461·6c6c··d:·yum·reinstall0003c140:·270a·6669·0a3c·2f63·6f64·653e·3c2f·7072··'.fi.</code></pr
0003c150:·202d·790a·2020·7768·656e·3a0a·2020·2d20···-y.··when:.··-·0003c150:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class
0003c160:·6e6f·7420·2820·226b·6572·6e65·6c22·2069··not·(·"kernel"·i0003c160:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes
0003c170:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003c170:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="
0003c180:·7061·636b·6167·6573·2061·6e64·2022·7270··packages·and·"rp0003c180:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t
0003c190:·6d2d·6f73·7472·6565·2220·696e·2061·6e73··m-ostree"·in·ans0003c190:·6172·6765·743d·2223·6964·6d37·3634·3822··arget="#idm7648"
0003c1a0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003c1a0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003c1b0:·6765·730a·2020·2020·616e·6420·2262·6f6f··ges.····and·"boo0003c1b0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003c1c0:·7463·2220·696e·2061·6e73·6962·6c65·5f66··tc"·in·ansible_f0003c1c0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003c1d0:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003c1d0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003c1e0:·6420·6e6f·7420·226f·7065·6e73·6869·6674··d·not·"openshift0003c1e0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003c1f0:·2d6b·7562·656c·6574·2220·696e·2061·6e73··-kubelet"·in·ans0003c1f0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003c200:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003c200:·6f6e·2041·6e73·6962·6c65·2073·6e69·7070··on·Ansible·snipp
0003c210:·6765·730a·2020·2020·290a·2020·2d20·616e··ges.····).··-·an0003c210:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d
0003c220:·7369·626c·655f·6469·7374·7269·6275·7469··sible_distributi0003c220:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0003c230:·6f6e·2069·6e20·5b20·2246·6564·6f72·6122··on·in·[·"Fedora"0003c230:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
0003c240:·2c20·2252·6564·4861·7422·2c20·2243·656e··,·"RedHat",·"Cen0003c240:·6522·2069·643d·2269·646d·3736·3438·223e··e"·id="idm7648">
0003c250:·744f·5322·2c20·224f·7261·636c·654c·696e··tOS",·"OracleLin0003c250:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
0003c260:·7578·2220·5d0a·2020·7461·6773·3a0a·2020··ux"·].··tags:.··0003c260:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
0003c270:·2d20·4343·452d·3830·3835·372d·360a·2020··-·CCE-80857-6.··0003c270:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
0003c280:·2d20·434a·4953·2d35·2e31·302e·342e·310a··-·CJIS-5.10.4.1.0003c280:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
0003c290:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003c290:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
0003c2a0:·2d33·2e33·2e38·0a20·202d·204e·4953·542d··-3.3.8.··-·NIST-0003c2a0:·7869·7479·3a3c·2f74·683e·3c74·643e·6869··xity:</th><td>hi
0003c2b0:·3830·302d·3137·312d·332e·342e·310a·2020··800-171-3.4.1.··0003c2b0:·6768·3c2f·7464·3e3c·2f74·723e·3c74·723e··gh</td></tr><tr>
0003c2c0:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU0003c2c0:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
0003c2d0:·2d39·2833·290a·2020·2d20·4e49·5354·2d38··-9(3).··-·NIST-80003c2d0:·2f74·683e·3c74·643e·6d65·6469·756d·3c2f··/th><td>medium</
0003c2e0:·3030·2d35·332d·434d·2d36·2863·290a·2020··00-53-CM-6(c).··0003c2e0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003c2f0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003c2f0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>
0003c300:·2d36·2864·290a·2020·2d20·4e49·5354·2d38··-6(d).··-·NIST-80003c300:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><
0003c310:·3030·2d35·332d·5349·2d37·0a20·202d·204e··00-53-SI-7.··-·N0003c310:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
0003c320:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003c320:·3c2f·7468·3e3c·7464·3e72·6573·7472·6963··</th><td>restric
0003c330:·3129·0a20·202d·204e·4953·542d·3830·302d··1).··-·NIST-800-0003c330:·743c·2f74·643e·3c2f·7472·3e3c·2f74·6162··t</td></tr></tab
0003c340:·3533·2d53·492d·3728·3629·0a20·202d·2050··53-SI-7(6).··-·P0003c340:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-·
0003c350:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.0003c350:·6e61·6d65·3a20·4761·7468·6572·2074·6865··name:·Gather·the
0003c360:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-110003c360:·2070·6163·6b61·6765·2066·6163·7473·0a20···package·facts.·
0003c370:·2e35·2e32·0a20·202d·2068·6967·685f·636f··.5.2.··-·high_co0003c370:·2070·6163·6b61·6765·5f66·6163·7473·3a0a···package_facts:.
0003c380:·6d70·6c65·7869·7479·0a20·202d·2068·6967··mplexity.··-·hig0003c380:·2020·2020·6d61·6e61·6765·723a·2061·7574······manager:·aut
0003c390:·685f·7365·7665·7269·7479·0a20·202d·206d··h_severity.··-·m0003c390:·6f0a·2020·7461·6773·3a0a·2020·2d20·4343··o.··tags:.··-·CC
0003c3a0:·6564·6975·6d5f·6469·7372·7570·7469·6f6e··edium_disruption0003c3a0:·452d·3830·3835·372d·360a·2020·2d20·434a··E-80857-6.··-·CJ
0003c3b0:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n0003c3b0:·4953·2d35·2e31·302e·342e·310a·2020·2d20··IS-5.10.4.1.··-·
0003c3c0:·6565·6465·640a·2020·2d20·7265·7374·7269··eeded.··-·restri0003c3c0:·4e49·5354·2d38·3030·2d31·3731·2d33·2e33··NIST-800-171-3.3
0003c3d0:·6374·5f73·7472·6174·6567·790a·2020·2d20··ct_strategy.··-·0003c3d0:·2e38·0a20·202d·204e·4953·542d·3830·302d··.8.··-·NIST-800-
0003c3e0:·7270·6d5f·7665·7269·6679·5f68·6173·6865··rpm_verify_hashe0003c3e0:·3137·312d·332e·342e·310a·2020·2d20·4e49··171-3.4.1.··-·NI
0003c3f0:·730a·0a2d·206e·616d·653a·2027·5365·7420··s..-·name:·'Set·0003c3f0:·5354·2d38·3030·2d35·332d·4155·2d39·2833··ST-800-53-AU-9(3
0003c400:·6661·6374·3a20·5061·636b·6167·6520·6d61··fact:·Package·ma0003c400:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003c410:·6e61·6765·7220·7265·696e·7374·616c·6c20··nager·reinstall·0003c410:·332d·434d·2d36·2863·290a·2020·2d20·4e49··3-CM-6(c).··-·NI
0003c420:·636f·6d6d·616e·6420·287a·7970·7065·7229··command·(zypper)0003c420:·5354·2d38·3030·2d35·332d·434d·2d36·2864··ST-800-53-CM-6(d
0003c430:·270a·2020·7365·745f·6661·6374·3a0a·2020··'.··set_fact:.··0003c430:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003c440:·2020·7061·636b·6167·655f·6d61·6e61·6765····package_manage0003c440:·332d·5349·2d37·0a20·202d·204e·4953·542d··3-SI-7.··-·NIST-
0003c450:·725f·7265·696e·7374·616c·6c5f·636d·643a··r_reinstall_cmd:0003c450:·3830·302d·3533·2d53·492d·3728·3129·0a20··800-53-SI-7(1).·
0003c460:·207a·7970·7065·7220·696e·202d·6620·2d79···zypper·in·-f·-y0003c460:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S
0003c470:·0a20·2077·6865·6e3a·0a20·202d·206e·6f74··.··when:.··-·not0003c470:·492d·3728·3629·0a20·202d·2050·4349·2d44··I-7(6).··-·PCI-D
0003c480:·2028·2022·6b65·726e·656c·2220·696e·2061···(·"kernel"·in·a0003c480:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·
0003c490:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003c490:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.2
0003c4a0:·6b61·6765·7320·616e·6420·2272·706d·2d6f··kages·and·"rpm-o0003c4a0:·0a20·202d·2068·6967·685f·636f·6d70·6c65··.··-·high_comple
0003c4b0:·7374·7265·6522·2069·6e20·616e·7369·626c··stree"·in·ansibl0003c4b0:·7869·7479·0a20·202d·2068·6967·685f·7365··xity.··-·high_se
0003c4c0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003c4c0:·7665·7269·7479·0a20·202d·206d·6564·6975··verity.··-·mediu
0003c4d0:·0a20·2020·2061·6e64·2022·626f·6f74·6322··.····and·"bootc"0003c4d0:·6d5f·6469·7372·7570·7469·6f6e·0a20·202d··m_disruption.··-
0003c4e0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003c4e0:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede
0003c4f0:·732e·7061·636b·6167·6573·2061·6e64·206e··s.packages·and·n0003c4f0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
0003c500:·6f74·2022·6f70·656e·7368·6966·742d·6b75··ot·"openshift-ku0003c500:·7472·6174·6567·790a·2020·2d20·7270·6d5f··trategy.··-·rpm_
0003c510:·6265·6c65·7422·2069·6e20·616e·7369·626c··belet"·in·ansibl0003c510:·7665·7269·6679·5f68·6173·6865·730a·0a2d··verify_hashes..-
0003c520:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003c520:·206e·616d·653a·2027·5365·7420·6661·6374···name:·'Set·fact
Max diff block lines reached; 6770037/6825817 bytes (99.18%) of diff not shown.
714 KB
html2text {}
    
Offset 115, 14 lines modifiedOffset 115, 33 lines modified
115 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6115 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
116 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4116 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
117 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)117 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
118 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1118 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
119 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5119 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
120 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227120 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
121 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2121 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 122 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 123 #·Remediation·is·applicable·only·in·certain·platforms
 124 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 125 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 126 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 127 if·[·-n·"$files_with_incorrect_hash"·];·then
 128 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 129 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 130 ····yum·reinstall·-y·$packages_to_reinstall
  
 131 fi
  
 132 else
 133 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 134 fi
122 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
123 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
124 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
125 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
126 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
127 -·name:·Gather·the·package·facts140 -·name:·Gather·the·package·facts
128 ··package_facts:141 ··package_facts:
Offset 295, 33 lines modifiedOffset 314, 14 lines modified
295 ··-·PCI-DSSv4-11.5.2314 ··-·PCI-DSSv4-11.5.2
296 ··-·high_complexity315 ··-·high_complexity
297 ··-·high_severity316 ··-·high_severity
298 ··-·medium_disruption317 ··-·medium_disruption
299 ··-·no_reboot_needed318 ··-·no_reboot_needed
300 ··-·restrict_strategy319 ··-·restrict_strategy
301 ··-·rpm_verify_hashes320 ··-·rpm_verify_hashes
302 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
303 #·Remediation·is·applicable·only·in·certain·platforms 
304 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
305 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
306 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
307 if·[·-n·"$files_with_incorrect_hash"·];·then 
308 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
309 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
310 ····yum·reinstall·-y·$packages_to_reinstall 
  
311 fi 
  
312 else 
313 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
314 fi 
315 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*321 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
316 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:322 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
317 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'323 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
318 run·the·following·command·to·determine·which·package·owns·it:324 run·the·following·command·to·determine·which·package·owns·it:
319 $·rpm·-qf·FILENAME325 $·rpm·-qf·FILENAME
320 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:326 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
321 $·sudo·rpm·--restore·PACKAGENAME327 $·sudo·rpm·--restore·PACKAGENAME
Offset 341, 14 lines modifiedOffset 341, 46 lines modified
341 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5341 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
342 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2342 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
343 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)343 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
344 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1344 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
345 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5345 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
346 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108346 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
347 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2347 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 348 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 349 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 350 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 351 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 352 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 353 #·Remediation·is·applicable·only·in·certain·platforms
 354 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 355 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 356 declare·-A·SETPERMS_RPM_DICT
  
 357 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 358 #·is·expected·by·the·RPM·database
 359 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 360 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 361 do
 362 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 363 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 364 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 365 done
  
 366 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 367 #·correct·values
 368 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 369 do
 370 ········rpm·--restore·"${RPM_PACKAGE}"
 371 done
  
 372 else
 373 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 374 fi
348 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8375 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
349 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high376 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
350 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium377 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
351 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false378 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
352 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict379 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
353 -·name:·Gather·the·package·facts380 -·name:·Gather·the·package·facts
354 ··package_facts:381 ··package_facts:
Offset 460, 46 lines modifiedOffset 492, 14 lines modified
460 ··-·PCI-DSSv4-11.5.2492 ··-·PCI-DSSv4-11.5.2
461 ··-·high_complexity493 ··-·high_complexity
462 ··-·high_severity494 ··-·high_severity
463 ··-·medium_disruption495 ··-·medium_disruption
464 ··-·no_reboot_needed496 ··-·no_reboot_needed
465 ··-·restrict_strategy497 ··-·restrict_strategy
466 ··-·rpm_verify_ownership498 ··-·rpm_verify_ownership
467 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
468 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
469 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
470 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
471 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 722961/730686 bytes (98.94%) of diff not shown.
18.0 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-hipaa.html
    
Offset 15344, 414 lines modifiedOffset 15344, 414 lines modified
0003bef0:·7461·7267·6574·3d22·2369·646d·3736·3437··target="#idm76470003bef0:·7461·7267·6574·3d22·2369·646d·3736·3437··target="#idm7647
0003bf00:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003bf00:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003bf10:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003bf10:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003bf20:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003bf20:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003bf30:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003bf30:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003bf40:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003bf40:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
Diff chunk too large, falling back to line-by-line diff (400 lines added, 400 lines removed)
0003bf50:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003bf50:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
0003bf60:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip0003bf60:·696f·6e20·5368·656c·6c20·7363·7269·7074··ion·Shell·script
0003bf70:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><0003bf70:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003bf80:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel0003bf80:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003bf90:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap0003bf90:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003bfa0:·7365·2220·6964·3d22·6964·6d37·3634·3722··se"·id="idm7647"0003bfa0:·2069·643d·2269·646d·3736·3437·223e·3c70···id="idm7647"><p
0003bfb0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t0003bfb0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
0003bfc0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip0003bfc0:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
0003bfd0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere0003bfd0:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
0003bfe0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense0003bfe0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
0003bff0:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl0003bff0:·6620·2120·2820·7b20·7270·6d20·2d2d·7175··f·!·(·{·rpm·--qu
0003c000:·6578·6974·793a·3c2f·7468·3e3c·7464·3e68··exity:</th><td>h0003c000:·6965·7420·2d71·206b·6572·6e65·6c20·3b7d··iet·-q·kernel·;}
0003c010:·6967·683c·2f74·643e·3c2f·7472·3e3c·7472··igh</td></tr><tr0003c010:·2026·616d·703b·2661·6d70·3b20·7b20·7270···&amp;&amp;·{·rp
0003c020:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:0003c020:·6d20·2d2d·7175·6965·7420·2d71·2072·706d··m·--quiet·-q·rpm
0003c030:·3c2f·7468·3e3c·7464·3e6d·6564·6975·6d3c··</th><td>medium<0003c030:·2d6f·7374·7265·6520·3b7d·2026·616d·703b··-ostree·;}·&amp;
0003c040:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003c040:·2661·6d70·3b20·7b20·7270·6d20·2d2d·7175··&amp;·{·rpm·--qu
0003c050:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td0003c050:·6965·7420·2d71·2062·6f6f·7463·203b·7d20··iet·-q·bootc·;}·
0003c060:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>0003c060:·2661·6d70·3b26·616d·703b·207b·2021·2072··&amp;&amp;·{·!·r
0003c070:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy0003c070:·706d·202d·2d71·7569·6574·202d·7120·6f70··pm·--quiet·-q·op
0003c080:·3a3c·2f74·683e·3c74·643e·7265·7374·7269··:</th><td>restri0003c080:·656e·7368·6966·742d·6b75·6265·6c65·7420··enshift-kubelet·
0003c090:·6374·3c2f·7464·3e3c·2f74·723e·3c2f·7461··ct</td></tr></ta0003c090:·3b7d·2029·3b20·7468·656e·0a0a·2320·4669··;}·);·then..#·Fi
0003c0a0:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-0003c0a0:·6e64·2077·6869·6368·2066·696c·6573·2068··nd·which·files·h
0003c0b0:·206e·616d·653a·2047·6174·6865·7220·7468···name:·Gather·th0003c0b0:·6176·6520·696e·636f·7272·6563·7420·6861··ave·incorrect·ha
0003c0c0:·6520·7061·636b·6167·6520·6661·6374·730a··e·package·facts.0003c0c0:·7368·2028·6e6f·7420·696e·202f·6574·632c··sh·(not·in·/etc,
0003c0d0:·2020·7061·636b·6167·655f·6661·6374·733a····package_facts:0003c0d0:·2062·6563·6175·7365·206f·6620·7468·6520···because·of·the·
0003c0e0:·0a20·2020·206d·616e·6167·6572·3a20·6175··.····manager:·au0003c0e0:·7379·7374·656d·2072·656c·6174·6564·2063··system·related·c
0003c0f0:·746f·0a20·2074·6167·733a·0a20·202d·2043··to.··tags:.··-·C0003c0f0:·6f6e·6669·6720·6669·6c65·7329·2061·6e64··onfig·files)·and
0003c100:·4345·2d38·3038·3537·2d36·0a20·202d·2043··CE-80857-6.··-·C0003c100:·2074·6865·6e20·6765·7420·6669·6c65·7320···then·get·files·
0003c110:·4a49·532d·352e·3130·2e34·2e31·0a20·202d··JIS-5.10.4.1.··-0003c110:·6e61·6d65·730a·6669·6c65·735f·7769·7468··names.files_with
0003c120:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003c120:·5f69·6e63·6f72·7265·6374·5f68·6173·683d··_incorrect_hash=
0003c130:·332e·380a·2020·2d20·4e49·5354·2d38·3030··3.8.··-·NIST-8000003c130:·2224·2872·706d·202d·5661·202d·2d6e·6f63··"$(rpm·-Va·--noc
0003c140:·2d31·3731·2d33·2e34·2e31·0a20·202d·204e··-171-3.4.1.··-·N0003c140:·6f6e·6669·6720·7c20·6772·6570·202d·4520··onfig·|·grep·-E·
0003c150:·4953·542d·3830·302d·3533·2d41·552d·3928··IST-800-53-AU-9(0003c150:·275e·2e2e·3527·207c·2061·776b·2027·7b70··'^..5'·|·awk·'{p
0003c160:·3329·0a20·202d·204e·4953·542d·3830·302d··3).··-·NIST-800-0003c160:·7269·6e74·2024·4e46·7d27·2029·220a·0a69··rint·$NF}'·)"..i
0003c170:·3533·2d43·4d2d·3628·6329·0a20·202d·204e··53-CM-6(c).··-·N0003c170:·6620·5b20·2d6e·2022·2466·696c·6573·5f77··f·[·-n·"$files_w
0003c180:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003c180:·6974·685f·696e·636f·7272·6563·745f·6861··ith_incorrect_ha
0003c190:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-0003c190:·7368·2220·5d3b·2074·6865·6e0a·2020·2020··sh"·];·then.····
0003c1a0:·3533·2d53·492d·370a·2020·2d20·4e49·5354··53-SI-7.··-·NIST0003c1a0:·2320·4672·6f6d·2066·696c·6573·206e·616d··#·From·files·nam
0003c1b0:·2d38·3030·2d35·332d·5349·2d37·2831·290a··-800-53-SI-7(1).0003c1b0:·6573·2067·6574·2070·6163·6b61·6765·206e··es·get·package·n
0003c1c0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003c1c0:·616d·6573·2061·6e64·2063·6861·6e67·6520··ames·and·change·
0003c1d0:·5349·2d37·2836·290a·2020·2d20·5043·492d··SI-7(6).··-·PCI-0003c1d0:·6e65·776c·696e·6520·746f·2073·7061·6365··newline·to·space
0003c1e0:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··-0003c1e0:·2c20·6265·6361·7573·6520·7270·6d20·7772··,·because·rpm·wr
0003c1f0:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5.0003c1f0:·6974·6573·2065·6163·6820·7061·636b·6167··ites·each·packag
0003c200:·320a·2020·2d20·6869·6768·5f63·6f6d·706c··2.··-·high_compl0003c200:·6520·746f·206e·6577·206c·696e·650a·2020··e·to·new·line.··
0003c210:·6578·6974·790a·2020·2d20·6869·6768·5f73··exity.··-·high_s0003c210:·2020·7061·636b·6167·6573·5f74·6f5f·7265····packages_to_re
0003c220:·6576·6572·6974·790a·2020·2d20·6d65·6469··everity.··-·medi0003c220:·696e·7374·616c·6c3d·2224·2872·706d·202d··install="$(rpm·-
0003c230:·756d·5f64·6973·7275·7074·696f·6e0a·2020··um_disruption.··0003c230:·7166·2024·6669·6c65·735f·7769·7468·5f69··qf·$files_with_i
0003c240:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need0003c240:·6e63·6f72·7265·6374·5f68·6173·6820·7c20··ncorrect_hash·|·
0003c250:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_0003c250:·7472·2027·5c6e·2720·2720·2729·220a·0a20··tr·'\n'·'·')"..·
0003c260:·7374·7261·7465·6779·0a20·202d·2072·706d··strategy.··-·rpm0003c260:·2020·200a·2020·2020·7975·6d20·7265·696e·····.····yum·rein
0003c270:·5f76·6572·6966·795f·6861·7368·6573·0a0a··_verify_hashes..0003c270:·7374·616c·6c20·2d79·2024·7061·636b·6167··stall·-y·$packag
0003c280:·2d20·6e61·6d65·3a20·2753·6574·2066·6163··-·name:·'Set·fac0003c280:·6573·5f74·6f5f·7265·696e·7374·616c·6c0a··es_to_reinstall.
0003c290:·743a·2050·6163·6b61·6765·206d·616e·6167··t:·Package·manag0003c290:·2020·2020·0a66·690a·0a65·6c73·650a·2020······.fi..else.··
0003c2a0:·6572·2072·6569·6e73·7461·6c6c·2063·6f6d··er·reinstall·com0003c2a0:·2020·2667·743b·2661·6d70·3b32·2065·6368····&gt;&amp;2·ech
0003c2b0:·6d61·6e64·270a·2020·7365·745f·6661·6374··mand'.··set_fact0003c2b0:·6f20·2752·656d·6564·6961·7469·6f6e·2069··o·'Remediation·i
0003c2c0:·3a0a·2020·2020·7061·636b·6167·655f·6d61··:.····package_ma0003c2c0:·7320·6e6f·7420·6170·706c·6963·6162·6c65··s·not·applicable
0003c2d0:·6e61·6765·725f·7265·696e·7374·616c·6c5f··nager_reinstall_0003c2d0:·2c20·6e6f·7468·696e·6720·7761·7320·646f··,·nothing·was·do
0003c2e0:·636d·643a·2079·756d·2072·6569·6e73·7461··cmd:·yum·reinsta0003c2e0:·6e65·270a·6669·0a3c·2f63·6f64·653e·3c2f··ne'.fi.</code></
0003c2f0:·6c6c·202d·790a·2020·7768·656e·3a0a·2020··ll·-y.··when:.··0003c2f0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
0003c300:·2d20·6e6f·7420·2820·226b·6572·6e65·6c22··-·not·(·"kernel"0003c300:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
0003c310:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003c310:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
0003c320:·732e·7061·636b·6167·6573·2061·6e64·2022··s.packages·and·"0003c320:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
0003c330:·7270·6d2d·6f73·7472·6565·2220·696e·2061··rpm-ostree"·in·a0003c330:·2d74·6172·6765·743d·2223·6964·6d37·3634··-target="#idm764
0003c340:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003c340:·3822·2074·6162·696e·6465·783d·2230·2220··8"·tabindex="0"·
0003c350:·6b61·6765·730a·2020·2020·616e·6420·2262··kages.····and·"b0003c350:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003c360:·6f6f·7463·2220·696e·2061·6e73·6962·6c65··ootc"·in·ansible0003c360:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003c370:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003c370:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003c380:·616e·6420·6e6f·7420·226f·7065·6e73·6869··and·not·"openshi0003c380:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003c390:·6674·2d6b·7562·656c·6574·2220·696e·2061··ft-kubelet"·in·a0003c390:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003c3a0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003c3a0:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni
0003c3b0:·6b61·6765·730a·2020·2020·290a·2020·2d20··kages.····).··-·0003c3b0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>
0003c3c0:·616e·7369·626c·655f·6469·7374·7269·6275··ansible_distribu0003c3c0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003c3d0:·7469·6f6e·2069·6e20·5b20·2246·6564·6f72··tion·in·[·"Fedor0003c3d0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003c3e0:·6122·2c20·2252·6564·4861·7422·2c20·2243··a",·"RedHat",·"C0003c3e0:·7073·6522·2069·643d·2269·646d·3736·3438··pse"·id="idm7648
0003c3f0:·656e·744f·5322·2c20·224f·7261·636c·654c··entOS",·"OracleL0003c3f0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003c400:·696e·7578·2220·5d0a·2020·7461·6773·3a0a··inux"·].··tags:.0003c400:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
0003c410:·2020·2d20·4343·452d·3830·3835·372d·360a····-·CCE-80857-6.0003c410:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
0003c420:·2020·2d20·434a·4953·2d35·2e31·302e·342e····-·CJIS-5.10.4.0003c420:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
0003c430:·310a·2020·2d20·4e49·5354·2d38·3030·2d31··1.··-·NIST-800-10003c430:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
0003c440:·3731·2d33·2e33·2e38·0a20·202d·204e·4953··71-3.3.8.··-·NIS0003c440:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
0003c450:·542d·3830·302d·3137·312d·332e·342e·310a··T-800-171-3.4.1.0003c450:·6869·6768·3c2f·7464·3e3c·2f74·723e·3c74··high</td></tr><t
0003c460:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003c460:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003c470:·4155·2d39·2833·290a·2020·2d20·4e49·5354··AU-9(3).··-·NIST0003c470:·3a3c·2f74·683e·3c74·643e·6d65·6469·756d··:</th><td>medium
0003c480:·2d38·3030·2d35·332d·434d·2d36·2863·290a··-800-53-CM-6(c).0003c480:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003c490:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003c490:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
0003c4a0:·434d·2d36·2864·290a·2020·2d20·4e49·5354··CM-6(d).··-·NIST0003c4a0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
0003c4b0:·2d38·3030·2d35·332d·5349·2d37·0a20·202d··-800-53-SI-7.··-0003c4b0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
0003c4c0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003c4c0:·793a·3c2f·7468·3e3c·7464·3e72·6573·7472··y:</th><td>restr
0003c4d0:·3728·3129·0a20·202d·204e·4953·542d·3830··7(1).··-·NIST-800003c4d0:·6963·743c·2f74·643e·3c2f·7472·3e3c·2f74··ict</td></tr></t
0003c4e0:·302d·3533·2d53·492d·3728·3629·0a20·202d··0-53-SI-7(6).··-0003c4e0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
0003c4f0:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.0003c4f0:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t
0003c500:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-0003c500:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts
0003c510:·3131·2e35·2e32·0a20·202d·2068·6967·685f··11.5.2.··-·high_0003c510:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts
0003c520:·636f·6d70·6c65·7869·7479·0a20·202d·2068··complexity.··-·h0003c520:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a
0003c530:·6967·685f·7365·7665·7269·7479·0a20·202d··igh_severity.··-0003c530:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-·
0003c540:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti0003c540:·4343·452d·3830·3835·372d·360a·2020·2d20··CCE-80857-6.··-·
0003c550:·6f6e·0a20·202d·206e·6f5f·7265·626f·6f74··on.··-·no_reboot0003c550:·434a·4953·2d35·2e31·302e·342e·310a·2020··CJIS-5.10.4.1.··
0003c560:·5f6e·6565·6465·640a·2020·2d20·7265·7374··_needed.··-·rest0003c560:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003c570:·7269·6374·5f73·7472·6174·6567·790a·2020··rict_strategy.··0003c570:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-80
0003c580:·2d20·7270·6d5f·7665·7269·6679·5f68·6173··-·rpm_verify_has0003c580:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·
0003c590:·6865·730a·0a2d·206e·616d·653a·2027·5365··hes..-·name:·'Se0003c590:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-9
0003c5a0:·7420·6661·6374·3a20·5061·636b·6167·6520··t·fact:·Package·0003c5a0:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-800
0003c5b0:·6d61·6e61·6765·7220·7265·696e·7374·616c··manager·reinstal0003c5b0:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·
0003c5c0:·6c20·636f·6d6d·616e·6420·287a·7970·7065··l·command·(zyppe0003c5c0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
0003c5d0:·7229·270a·2020·7365·745f·6661·6374·3a0a··r)'.··set_fact:.0003c5d0:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-800
0003c5e0:·2020·2020·7061·636b·6167·655f·6d61·6e61······package_mana0003c5e0:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS
0003c5f0:·6765·725f·7265·696e·7374·616c·6c5f·636d··ger_reinstall_cm0003c5f0:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)
0003c600:·643a·207a·7970·7065·7220·696e·202d·6620··d:·zypper·in·-f·0003c600:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003c610:·2d79·0a20·2077·6865·6e3a·0a20·202d·206e··-y.··when:.··-·n0003c610:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI
0003c620:·6f74·2028·2022·6b65·726e·656c·2220·696e··ot·(·"kernel"·in0003c620:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··
0003c630:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003c630:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.5
0003c640:·6163·6b61·6765·7320·616e·6420·2272·706d··ackages·and·"rpm0003c640:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp
0003c650:·2d6f·7374·7265·6522·2069·6e20·616e·7369··-ostree"·in·ansi0003c650:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_
0003c660:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003c660:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med
0003c670:·6573·0a20·2020·2061·6e64·2022·626f·6f74··es.····and·"boot0003c670:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·
0003c680:·6322·2069·6e20·616e·7369·626c·655f·6661··c"·in·ansible_fa0003c680:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee
0003c690:·6374·732e·7061·636b·6167·6573·2061·6e64··cts.packages·and0003c690:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict
0003c6a0:·206e·6f74·2022·6f70·656e·7368·6966·742d···not·"openshift-0003c6a0:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp
0003c6b0:·6b75·6265·6c65·7422·2069·6e20·616e·7369··kubelet"·in·ansi0003c6b0:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.
0003c6c0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003c6c0:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa
Max diff block lines reached; 17459287/17515067 bytes (99.68%) of diff not shown.
1.3 MB
html2text {}
    
Offset 121, 14 lines modifiedOffset 121, 33 lines modified
121 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6121 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
122 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4122 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
123 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)123 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
124 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1124 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
125 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5125 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
126 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227126 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
127 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2127 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 128 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 129 #·Remediation·is·applicable·only·in·certain·platforms
 130 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 131 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 132 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 133 if·[·-n·"$files_with_incorrect_hash"·];·then
 134 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 135 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 136 ····yum·reinstall·-y·$packages_to_reinstall
  
 137 fi
  
 138 else
 139 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 140 fi
128 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
129 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high142 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
130 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium143 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
131 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false144 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
132 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict145 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
133 -·name:·Gather·the·package·facts146 -·name:·Gather·the·package·facts
134 ··package_facts:147 ··package_facts:
Offset 301, 33 lines modifiedOffset 320, 14 lines modified
301 ··-·PCI-DSSv4-11.5.2320 ··-·PCI-DSSv4-11.5.2
302 ··-·high_complexity321 ··-·high_complexity
303 ··-·high_severity322 ··-·high_severity
304 ··-·medium_disruption323 ··-·medium_disruption
305 ··-·no_reboot_needed324 ··-·no_reboot_needed
306 ··-·restrict_strategy325 ··-·restrict_strategy
307 ··-·rpm_verify_hashes326 ··-·rpm_verify_hashes
308 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
309 #·Remediation·is·applicable·only·in·certain·platforms 
310 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
311 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
312 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
313 if·[·-n·"$files_with_incorrect_hash"·];·then 
314 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
315 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
316 ····yum·reinstall·-y·$packages_to_reinstall 
  
317 fi 
  
318 else 
319 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
320 fi 
321 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*327 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
322 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:328 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
323 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'329 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
324 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:330 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
325 $·rpm·-qf·FILENAME331 $·rpm·-qf·FILENAME
  
326 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:332 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 349, 14 lines modifiedOffset 349, 50 lines modified
349 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5349 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
350 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2350 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
351 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)351 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
352 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1352 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
353 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5353 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
354 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108354 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
355 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2355 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 356 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 357 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 358 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 359 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 360 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 361 #·Remediation·is·applicable·only·in·certain·platforms
 362 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 363 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 364 declare·-A·SETPERMS_RPM_DICT
  
 365 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 366 #·is·expected·by·the·RPM·database
 367 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 368 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 369 do
 370 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 371 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 372 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 373 ········do
 374 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 375 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 376 ········done
 377 done
  
 378 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 379 #·correct·values
 380 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 381 do
 382 »       rpm·--restore·"${RPM_PACKAGE}"
 383 done
  
 384 else
 385 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 386 fi
356 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8387 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
357 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high388 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
358 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium389 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
359 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false390 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
360 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict391 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
361 -·name:·Gather·the·package·facts392 -·name:·Gather·the·package·facts
362 ··package_facts:393 ··package_facts:
Offset 472, 50 lines modifiedOffset 508, 14 lines modified
472 ··-·PCI-DSSv4-11.5.2508 ··-·PCI-DSSv4-11.5.2
473 ··-·high_complexity509 ··-·high_complexity
474 ··-·high_severity510 ··-·high_severity
475 ··-·medium_disruption511 ··-·medium_disruption
476 ··-·no_reboot_needed512 ··-·no_reboot_needed
477 ··-·restrict_strategy513 ··-·restrict_strategy
478 ··-·rpm_verify_permissions514 ··-·rpm_verify_permissions
479 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 1360028/1368126 bytes (99.41%) of diff not shown.
10.7 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-ism_o.html
    
Offset 15352, 414 lines modifiedOffset 15352, 414 lines modified
0003bf70:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm70003bf70:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm7
0003bf80:·3634·3722·2074·6162·696e·6465·783d·2230··647"·tabindex="00003bf80:·3634·3722·2074·6162·696e·6465·783d·2230··647"·tabindex="0
0003bf90:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·0003bf90:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003bfa0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f0003bfa0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003bfb0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act0003bfb0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003bfc0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"0003bfc0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
Diff chunk too large, falling back to line-by-line diff (400 lines added, 400 lines removed)
0003bfd0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed0003bfd0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
0003bfe0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s0003bfe0:·6961·7469·6f6e·2053·6865·6c6c·2073·6372··iation·Shell·scr
0003bff0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b0003bff0:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br><
0003c000:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa0003c000:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003c010:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col0003c010:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003c020:·6c61·7073·6522·2069·643d·2269·646d·3736··lapse"·id="idm760003c020:·7365·2220·6964·3d22·6964·6d37·3634·3722··se"·id="idm7647"
0003c030:·3437·223e·3c74·6162·6c65·2063·6c61·7373··47"><table·class0003c030:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
0003c040:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st0003c040:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
0003c050:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord0003c050:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
0003c060:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde0003c060:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
0003c070:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co0003c070:·730a·6966·2021·2028·207b·2072·706d·202d··s.if·!·(·{·rpm·-
0003c080:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t0003c080:·2d71·7569·6574·202d·7120·6b65·726e·656c··-quiet·-q·kernel
0003c090:·643e·6869·6768·3c2f·7464·3e3c·2f74·723e··d>high</td></tr>0003c090:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003c0a0:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti0003c0a0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003c0b0:·6f6e·3a3c·2f74·683e·3c74·643e·6d65·6469··on:</th><td>medi0003c0b0:·7270·6d2d·6f73·7472·6565·203b·7d20·2661··rpm-ostree·;}·&a
0003c0c0:·756d·3c2f·7464·3e3c·2f74·723e·3c74·723e··um</td></tr><tr>0003c0c0:·6d70·3b26·616d·703b·207b·2072·706d·202d··mp;&amp;·{·rpm·-
0003c0d0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>0003c0d0:·2d71·7569·6574·202d·7120·626f·6f74·6320··-quiet·-q·bootc·
0003c0e0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></0003c0e0:·3b7d·2026·616d·703b·2661·6d70·3b20·7b20··;}·&amp;&amp;·{·
0003c0f0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat0003c0f0:·2120·7270·6d20·2d2d·7175·6965·7420·2d71··!·rpm·--quiet·-q
0003c100:·6567·793a·3c2f·7468·3e3c·7464·3e72·6573··egy:</th><td>res0003c100:·206f·7065·6e73·6869·6674·2d6b·7562·656c···openshift-kubel
0003c110:·7472·6963·743c·2f74·643e·3c2f·7472·3e3c··trict</td></tr><0003c110:·6574·203b·7d20·293b·2074·6865·6e0a·0a23··et·;}·);·then..#
0003c120:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod0003c120:·2046·696e·6420·7768·6963·6820·6669·6c65···Find·which·file
0003c130:·653e·2d20·6e61·6d65·3a20·4761·7468·6572··e>-·name:·Gather0003c130:·7320·6861·7665·2069·6e63·6f72·7265·6374··s·have·incorrect
0003c140:·2074·6865·2070·6163·6b61·6765·2066·6163···the·package·fac0003c140:·2068·6173·6820·286e·6f74·2069·6e20·2f65···hash·(not·in·/e
0003c150:·7473·0a20·2070·6163·6b61·6765·5f66·6163··ts.··package_fac0003c150:·7463·2c20·6265·6361·7573·6520·6f66·2074··tc,·because·of·t
0003c160:·7473·3a0a·2020·2020·6d61·6e61·6765·723a··ts:.····manager:0003c160:·6865·2073·7973·7465·6d20·7265·6c61·7465··he·system·relate
0003c170:·2061·7574·6f0a·2020·7461·6773·3a0a·2020···auto.··tags:.··0003c170:·6420·636f·6e66·6967·2066·696c·6573·2920··d·config·files)·
0003c180:·2d20·4343·452d·3830·3835·372d·360a·2020··-·CCE-80857-6.··0003c180:·616e·6420·7468·656e·2067·6574·2066·696c··and·then·get·fil
0003c190:·2d20·434a·4953·2d35·2e31·302e·342e·310a··-·CJIS-5.10.4.1.0003c190:·6573·206e·616d·6573·0a66·696c·6573·5f77··es·names.files_w
0003c1a0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-1710003c1a0:·6974·685f·696e·636f·7272·6563·745f·6861··ith_incorrect_ha
0003c1b0:·2d33·2e33·2e38·0a20·202d·204e·4953·542d··-3.3.8.··-·NIST-0003c1b0:·7368·3d22·2428·7270·6d20·2d56·6120·2d2d··sh="$(rpm·-Va·--
0003c1c0:·3830·302d·3137·312d·332e·342e·310a·2020··800-171-3.4.1.··0003c1c0:·6e6f·636f·6e66·6967·207c·2067·7265·7020··noconfig·|·grep·
0003c1d0:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU0003c1d0:·2d45·2027·5e2e·2e35·2720·7c20·6177·6b20··-E·'^..5'·|·awk·
0003c1e0:·2d39·2833·290a·2020·2d20·4e49·5354·2d38··-9(3).··-·NIST-80003c1e0:·277b·7072·696e·7420·244e·467d·2720·2922··'{print·$NF}'·)"
0003c1f0:·3030·2d35·332d·434d·2d36·2863·290a·2020··00-53-CM-6(c).··0003c1f0:·0a0a·6966·205b·202d·6e20·2224·6669·6c65··..if·[·-n·"$file
0003c200:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003c200:·735f·7769·7468·5f69·6e63·6f72·7265·6374··s_with_incorrect
0003c210:·2d36·2864·290a·2020·2d20·4e49·5354·2d38··-6(d).··-·NIST-80003c210:·5f68·6173·6822·205d·3b20·7468·656e·0a20··_hash"·];·then.·
0003c220:·3030·2d35·332d·5349·2d37·0a20·202d·204e··00-53-SI-7.··-·N0003c220:·2020·2023·2046·726f·6d20·6669·6c65·7320·····#·From·files·
0003c230:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003c230:·6e61·6d65·7320·6765·7420·7061·636b·6167··names·get·packag
0003c240:·3129·0a20·202d·204e·4953·542d·3830·302d··1).··-·NIST-800-0003c240:·6520·6e61·6d65·7320·616e·6420·6368·616e··e·names·and·chan
0003c250:·3533·2d53·492d·3728·3629·0a20·202d·2050··53-SI-7(6).··-·P0003c250:·6765·206e·6577·6c69·6e65·2074·6f20·7370··ge·newline·to·sp
0003c260:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.0003c260:·6163·652c·2062·6563·6175·7365·2072·706d··ace,·because·rpm
0003c270:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-110003c270:·2077·7269·7465·7320·6561·6368·2070·6163···writes·each·pac
0003c280:·2e35·2e32·0a20·202d·2068·6967·685f·636f··.5.2.··-·high_co0003c280:·6b61·6765·2074·6f20·6e65·7720·6c69·6e65··kage·to·new·line
0003c290:·6d70·6c65·7869·7479·0a20·202d·2068·6967··mplexity.··-·hig0003c290:·0a20·2020·2070·6163·6b61·6765·735f·746f··.····packages_to
0003c2a0:·685f·7365·7665·7269·7479·0a20·202d·206d··h_severity.··-·m0003c2a0:·5f72·6569·6e73·7461·6c6c·3d22·2428·7270··_reinstall="$(rp
0003c2b0:·6564·6975·6d5f·6469·7372·7570·7469·6f6e··edium_disruption0003c2b0:·6d20·2d71·6620·2466·696c·6573·5f77·6974··m·-qf·$files_wit
0003c2c0:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n0003c2c0:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003c2d0:·6565·6465·640a·2020·2d20·7265·7374·7269··eeded.··-·restri0003c2d0:·207c·2074·7220·275c·6e27·2027·2027·2922···|·tr·'\n'·'·')"
0003c2e0:·6374·5f73·7472·6174·6567·790a·2020·2d20··ct_strategy.··-·0003c2e0:·0a0a·2020·2020·0a20·2020·2079·756d·2072··..····.····yum·r
0003c2f0:·7270·6d5f·7665·7269·6679·5f68·6173·6865··rpm_verify_hashe0003c2f0:·6569·6e73·7461·6c6c·202d·7920·2470·6163··einstall·-y·$pac
0003c300:·730a·0a2d·206e·616d·653a·2027·5365·7420··s..-·name:·'Set·0003c300:·6b61·6765·735f·746f·5f72·6569·6e73·7461··kages_to_reinsta
0003c310:·6661·6374·3a20·5061·636b·6167·6520·6d61··fact:·Package·ma0003c310:·6c6c·0a20·2020·200a·6669·0a0a·656c·7365··ll.····.fi..else
0003c320:·6e61·6765·7220·7265·696e·7374·616c·6c20··nager·reinstall·0003c320:·0a20·2020·2026·6774·3b26·616d·703b·3220··.····&gt;&amp;2·
0003c330:·636f·6d6d·616e·6427·0a20·2073·6574·5f66··command'.··set_f0003c330:·6563·686f·2027·5265·6d65·6469·6174·696f··echo·'Remediatio
0003c340:·6163·743a·0a20·2020·2070·6163·6b61·6765··act:.····package0003c340:·6e20·6973·206e·6f74·2061·7070·6c69·6361··n·is·not·applica
0003c350:·5f6d·616e·6167·6572·5f72·6569·6e73·7461··_manager_reinsta0003c350:·626c·652c·206e·6f74·6869·6e67·2077·6173··ble,·nothing·was
0003c360:·6c6c·5f63·6d64·3a20·7975·6d20·7265·696e··ll_cmd:·yum·rein0003c360:·2064·6f6e·6527·0a66·690a·3c2f·636f·6465···done'.fi.</code
0003c370:·7374·616c·6c20·2d79·0a20·2077·6865·6e3a··stall·-y.··when:0003c370:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
0003c380:·0a20·202d·206e·6f74·2028·2022·6b65·726e··.··-·not·(·"kern0003c380:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
0003c390:·656c·2220·696e·2061·6e73·6962·6c65·5f66··el"·in·ansible_f0003c390:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
0003c3a0:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003c3a0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
0003c3b0:·6420·2272·706d·2d6f·7374·7265·6522·2069··d·"rpm-ostree"·i0003c3b0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003c3c0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003c3c0:·3736·3438·2220·7461·6269·6e64·6578·3d22··7648"·tabindex="
0003c3d0:·7061·636b·6167·6573·0a20·2020·2061·6e64··packages.····and0003c3d0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003c3e0:·2022·626f·6f74·6322·2069·6e20·616e·7369···"bootc"·in·ansi0003c3e0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003c3f0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003c3f0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003c400:·6573·2061·6e64·206e·6f74·2022·6f70·656e··es·and·not·"open0003c400:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003c410:·7368·6966·742d·6b75·6265·6c65·7422·2069··shift-kubelet"·i0003c410:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003c420:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003c420:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·
0003c430:·7061·636b·6167·6573·0a20·2020·2029·0a20··packages.····).·0003c430:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
0003c440:·202d·2061·6e73·6962·6c65·5f64·6973·7472···-·ansible_distr0003c440:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003c450:·6962·7574·696f·6e20·696e·205b·2022·4665··ibution·in·[·"Fe0003c450:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003c460:·646f·7261·222c·2022·5265·6448·6174·222c··dora",·"RedHat",0003c460:·6c6c·6170·7365·2220·6964·3d22·6964·6d37··llapse"·id="idm7
0003c470:·2022·4365·6e74·4f53·222c·2022·4f72·6163···"CentOS",·"Orac0003c470:·3634·3822·3e3c·7461·626c·6520·636c·6173··648"><table·clas
0003c480:·6c65·4c69·6e75·7822·205d·0a20·2074·6167··leLinux"·].··tag0003c480:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003c490:·733a·0a20·202d·2043·4345·2d38·3038·3537··s:.··-·CCE-808570003c490:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003c4a0:·2d36·0a20·202d·2043·4a49·532d·352e·3130··-6.··-·CJIS-5.100003c4a0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003c4b0:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-800003c4b0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003c4c0:·302d·3137·312d·332e·332e·380a·2020·2d20··0-171-3.3.8.··-·0003c4c0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003c4d0:·4e49·5354·2d38·3030·2d31·3731·2d33·2e34··NIST-800-171-3.40003c4d0:·7464·3e68·6967·683c·2f74·643e·3c2f·7472··td>high</td></tr
0003c4e0:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-0003c4e0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
0003c4f0:·3533·2d41·552d·3928·3329·0a20·202d·204e··53-AU-9(3).··-·N0003c4f0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6d·6564··ion:</th><td>med
0003c500:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003c500:·6975·6d3c·2f74·643e·3c2f·7472·3e3c·7472··ium</td></tr><tr
0003c510:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-0003c510:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
0003c520:·3533·2d43·4d2d·3628·6429·0a20·202d·204e··53-CM-6(d).··-·N0003c520:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
0003c530:·4953·542d·3830·302d·3533·2d53·492d·370a··IST-800-53-SI-7.0003c530:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
0003c540:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003c540:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re
0003c550:·5349·2d37·2831·290a·2020·2d20·4e49·5354··SI-7(1).··-·NIST0003c550:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>
0003c560:·2d38·3030·2d35·332d·5349·2d37·2836·290a··-800-53-SI-7(6).0003c560:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
0003c570:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-0003c570:·6465·3e2d·206e·616d·653a·2047·6174·6865··de>-·name:·Gathe
0003c580:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS0003c580:·7220·7468·6520·7061·636b·6167·6520·6661··r·the·package·fa
0003c590:·7634·2d31·312e·352e·320a·2020·2d20·6869··v4-11.5.2.··-·hi0003c590:·6374·730a·2020·7061·636b·6167·655f·6661··cts.··package_fa
0003c5a0:·6768·5f63·6f6d·706c·6578·6974·790a·2020··gh_complexity.··0003c5a0:·6374·733a·0a20·2020·206d·616e·6167·6572··cts:.····manager
0003c5b0:·2d20·6869·6768·5f73·6576·6572·6974·790a··-·high_severity.0003c5b0:·3a20·6175·746f·0a20·2074·6167·733a·0a20··:·auto.··tags:.·
0003c5c0:·2020·2d20·6d65·6469·756d·5f64·6973·7275····-·medium_disru0003c5c0:·202d·2043·4345·2d38·3038·3537·2d36·0a20···-·CCE-80857-6.·
0003c5d0:·7074·696f·6e0a·2020·2d20·6e6f·5f72·6562··ption.··-·no_reb0003c5d0:·202d·2043·4a49·532d·352e·3130·2e34·2e31···-·CJIS-5.10.4.1
0003c5e0:·6f6f·745f·6e65·6564·6564·0a20·202d·2072··oot_needed.··-·r0003c5e0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0003c5f0:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy0003c5f0:·312d·332e·332e·380a·2020·2d20·4e49·5354··1-3.3.8.··-·NIST
0003c600:·0a20·202d·2072·706d·5f76·6572·6966·795f··.··-·rpm_verify_0003c600:·2d38·3030·2d31·3731·2d33·2e34·2e31·0a20··-800-171-3.4.1.·
0003c610:·6861·7368·6573·0a0a·2d20·6e61·6d65·3a20··hashes..-·name:·0003c610:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
0003c620:·2753·6574·2066·6163·743a·2050·6163·6b61··'Set·fact:·Packa0003c620:·552d·3928·3329·0a20·202d·204e·4953·542d··U-9(3).··-·NIST-
0003c630:·6765·206d·616e·6167·6572·2072·6569·6e73··ge·manager·reins0003c630:·3830·302d·3533·2d43·4d2d·3628·6329·0a20··800-53-CM-6(c).·
0003c640:·7461·6c6c·2063·6f6d·6d61·6e64·2028·7a79··tall·command·(zy0003c640:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C
0003c650:·7070·6572·2927·0a20·2073·6574·5f66·6163··pper)'.··set_fac0003c650:·4d2d·3628·6429·0a20·202d·204e·4953·542d··M-6(d).··-·NIST-
0003c660:·743a·0a20·2020·2070·6163·6b61·6765·5f6d··t:.····package_m0003c660:·3830·302d·3533·2d53·492d·370a·2020·2d20··800-53-SI-7.··-·
0003c670:·616e·6167·6572·5f72·6569·6e73·7461·6c6c··anager_reinstall0003c670:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-7
0003c680:·5f63·6d64·3a20·7a79·7070·6572·2069·6e20··_cmd:·zypper·in·0003c680:·2831·290a·2020·2d20·4e49·5354·2d38·3030··(1).··-·NIST-800
0003c690:·2d66·202d·790a·2020·7768·656e·3a0a·2020··-f·-y.··when:.··0003c690:·2d35·332d·5349·2d37·2836·290a·2020·2d20··-53-SI-7(6).··-·
0003c6a0:·2d20·6e6f·7420·2820·226b·6572·6e65·6c22··-·not·(·"kernel"0003c6a0:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.5
0003c6b0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003c6b0:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1
0003c6c0:·732e·7061·636b·6167·6573·2061·6e64·2022··s.packages·and·"0003c6c0:·312e·352e·320a·2020·2d20·6869·6768·5f63··1.5.2.··-·high_c
0003c6d0:·7270·6d2d·6f73·7472·6565·2220·696e·2061··rpm-ostree"·in·a0003c6d0:·6f6d·706c·6578·6974·790a·2020·2d20·6869··omplexity.··-·hi
0003c6e0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003c6e0:·6768·5f73·6576·6572·6974·790a·2020·2d20··gh_severity.··-·
0003c6f0:·6b61·6765·730a·2020·2020·616e·6420·2262··kages.····and·"b0003c6f0:·6d65·6469·756d·5f64·6973·7275·7074·696f··medium_disruptio
0003c700:·6f6f·7463·2220·696e·2061·6e73·6962·6c65··ootc"·in·ansible0003c700:·6e0a·2020·2d20·6e6f·5f72·6562·6f6f·745f··n.··-·no_reboot_
0003c710:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003c710:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr
0003c720:·616e·6420·6e6f·7420·226f·7065·6e73·6869··and·not·"openshi0003c720:·6963·745f·7374·7261·7465·6779·0a20·202d··ict_strategy.··-
0003c730:·6674·2d6b·7562·656c·6574·2220·696e·2061··ft-kubelet"·in·a0003c730:·2072·706d·5f76·6572·6966·795f·6861·7368···rpm_verify_hash
0003c740:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003c740:·6573·0a0a·2d20·6e61·6d65·3a20·2753·6574··es..-·name:·'Set
Max diff block lines reached; 10162039/10217819 bytes (99.45%) of diff not shown.
1.0 MB
html2text {}
    
Offset 122, 14 lines modifiedOffset 122, 33 lines modified
122 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6122 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
123 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4123 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
124 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)124 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
125 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1125 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
126 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5126 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
127 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227127 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
128 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2128 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 130 #·Remediation·is·applicable·only·in·certain·platforms
 131 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 132 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 133 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 134 if·[·-n·"$files_with_incorrect_hash"·];·then
 135 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 136 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 137 ····yum·reinstall·-y·$packages_to_reinstall
  
 138 fi
  
 139 else
 140 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 141 fi
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
134 -·name:·Gather·the·package·facts147 -·name:·Gather·the·package·facts
135 ··package_facts:148 ··package_facts:
Offset 302, 33 lines modifiedOffset 321, 14 lines modified
302 ··-·PCI-DSSv4-11.5.2321 ··-·PCI-DSSv4-11.5.2
303 ··-·high_complexity322 ··-·high_complexity
304 ··-·high_severity323 ··-·high_severity
305 ··-·medium_disruption324 ··-·medium_disruption
306 ··-·no_reboot_needed325 ··-·no_reboot_needed
307 ··-·restrict_strategy326 ··-·restrict_strategy
308 ··-·rpm_verify_hashes327 ··-·rpm_verify_hashes
309 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
310 #·Remediation·is·applicable·only·in·certain·platforms 
311 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
312 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
313 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
314 if·[·-n·"$files_with_incorrect_hash"·];·then 
315 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
316 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
317 ····yum·reinstall·-y·$packages_to_reinstall 
  
318 fi 
  
319 else 
320 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
321 fi 
322 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*328 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
323 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:329 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
324 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'330 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
325 run·the·following·command·to·determine·which·package·owns·it:331 run·the·following·command·to·determine·which·package·owns·it:
326 $·rpm·-qf·FILENAME332 $·rpm·-qf·FILENAME
327 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:333 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
328 $·sudo·rpm·--restore·PACKAGENAME334 $·sudo·rpm·--restore·PACKAGENAME
Offset 348, 14 lines modifiedOffset 348, 46 lines modified
348 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5348 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
349 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2349 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
350 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)350 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
351 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1351 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
352 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5352 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
353 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108353 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
354 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2354 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 355 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 356 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 357 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 358 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 359 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 360 #·Remediation·is·applicable·only·in·certain·platforms
 361 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 362 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 363 declare·-A·SETPERMS_RPM_DICT
  
 364 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 365 #·is·expected·by·the·RPM·database
 366 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 367 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 368 do
 369 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 370 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 371 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 372 done
  
 373 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 374 #·correct·values
 375 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 376 do
 377 ········rpm·--restore·"${RPM_PACKAGE}"
 378 done
  
 379 else
 380 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 381 fi
355 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8382 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
356 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high383 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
357 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium384 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
358 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false385 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
359 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict386 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
360 -·name:·Gather·the·package·facts387 -·name:·Gather·the·package·facts
361 ··package_facts:388 ··package_facts:
Offset 467, 46 lines modifiedOffset 499, 14 lines modified
467 ··-·PCI-DSSv4-11.5.2499 ··-·PCI-DSSv4-11.5.2
468 ··-·high_complexity500 ··-·high_complexity
469 ··-·high_severity501 ··-·high_severity
470 ··-·medium_disruption502 ··-·medium_disruption
471 ··-·no_reboot_needed503 ··-·no_reboot_needed
472 ··-·restrict_strategy504 ··-·restrict_strategy
473 ··-·rpm_verify_ownership505 ··-·rpm_verify_ownership
474 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
475 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
476 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
477 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
478 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 1042818/1050543 bytes (99.26%) of diff not shown.
10.9 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-ospp.html
    
Offset 15256, 285 lines modifiedOffset 15256, 285 lines modified
0003b970:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003b970:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b980:·2223·6964·6d37·3939·3022·2074·6162·696e··"#idm7990"·tabin0003b980:·2223·6964·6d37·3939·3022·2074·6162·696e··"#idm7990"·tabin
0003b990:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003b990:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b9a0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b9a0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b9b0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b9b0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b9c0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b9c0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003b9d0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b9d0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b9e0:·3e52·656d·6564·6961·7469·6f6e·2041·6e61··>Remediation·Ana0003b9e0:·3e52·656d·6564·6961·7469·6f6e·2073·6372··>Remediation·scr
0003b9f0:·636f·6e64·6120·736e·6970·7065·7420·e287··conda·snippet·.. 
0003ba00:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003ba10:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003ba20:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003ba30:·3d22·6964·6d37·3939·3022·3e3c·7461·626c··="idm7990"><tabl 
0003ba40:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003ba50:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003ba60:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003ba70:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003ba80:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003ba90:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003baa0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003bab0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003bac0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003bad0:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003bae0:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003baf0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003bb00:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003bb10:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003bb20:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003bb30:·6465·3e0a·7061·636b·6167·6520·2d2d·6164··de>.package·--ad 
0003bb40:·643d·6169·6465·0a3c·2f63·6f64·653e·3c2f··d=aide.</code></ 
0003bb50:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003bb60:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003bb70:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003bb80:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003bb90:·2d74·6172·6765·743d·2223·6964·6d37·3939··-target="#idm799 
0003bba0:·3122·2074·6162·696e·6465·783d·2230·2220··1"·tabindex="0"· 
0003bbb0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003bbc0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003bbd0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003bbe0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003bbf0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003bc00:·7469·6f6e·2050·7570·7065·7420·736e·6970··tion·Puppet·snip 
0003bc10:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><0003b9f0:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br><
0003bc20:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel0003ba00:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003bc30:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003bc40:·7365·2220·6964·3d22·6964·6d37·3939·3122··se"·id="idm7991" 
0003bc50:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t 
0003bc60:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip 
0003bc70:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere 
0003bc80:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003bc90:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl 
0003bca0:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l 
0003bcb0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003bcc0:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:< 
0003bcd0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003bce0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb 
0003bcf0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal 
0003bd00:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr> 
0003bd10:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t 
0003bd20:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td 
0003bd30:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p 
0003bd40:·7265·3e3c·636f·6465·3e69·6e63·6c75·6465··re><code>include 
0003bd50:·2069·6e73·7461·6c6c·5f61·6964·650a·0a63···install_aide..c 
0003bd60:·6c61·7373·2069·6e73·7461·6c6c·5f61·6964··lass·install_aid 
0003bd70:·6520·7b0a·2020·7061·636b·6167·6520·7b20··e·{.··package·{· 
0003bd80:·2761·6964·6527·3a0a·2020·2020·656e·7375··'aide':.····ensu 
0003bd90:·7265·203d·2667·743b·2027·696e·7374·616c··re·=&gt;·'instal 
0003bda0:·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f·636f··led',.··}.}.</co 
0003bdb0:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003bdc0:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003bdd0:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003bde0:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003bdf0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003be00:·646d·3739·3932·2220·7461·6269·6e64·6578··dm7992"·tabindex 
0003be10:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003be20:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003be30:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003be40:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003be50:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003be60:·6d65·6469·6174·696f·6e20·4f53·4275·696c··mediation·OSBuil 
0003be70:·6420·426c·7565·7072·696e·7420·736e·6970··d·Blueprint·snip 
0003be80:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003be90:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003bea0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap0003ba10:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003beb0:·7365·2220·6964·3d22·6964·6d37·3939·3222··se"·id="idm7992"0003ba20:·7365·2220·6964·3d22·6964·6d37·3939·3022··se"·id="idm7990"
0003bec0:·3e3c·7072·653e·3c63·6f64·653e·0a5b·5b70··><pre><code>.[[p 
0003bed0:·6163·6b61·6765·735d·5d0a·6e61·6d65·203d··ackages]].name·= 
0003bee0:·2022·6169·6465·220a·7665·7273·696f·6e20···"aide".version· 
0003bef0:·3d20·222a·220a·3c2f·636f·6465·3e3c·2f70··=·"*".</code></p 
0003bf00:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003bf10:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
0003bf20:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
0003bf30:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
0003bf40:·7461·7267·6574·3d22·2369·646d·3739·3933··target="#idm7993 
0003bf50:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
0003bf60:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
0003bf70:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
0003bf80:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
0003bf90:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
0003bfa0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003ba30:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
 0003ba40:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
 0003ba50:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
 0003ba60:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
 0003ba70:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
 0003ba80:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
 0003ba90:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003baa0:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
 0003bab0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003bac0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
 0003bad0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
 0003bae0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
 0003baf0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
 0003bb00:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td
 0003bb10:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
 0003bb20:·7265·3e3c·636f·6465·3e0a·646e·6620·696e··re><code>.dnf·in
 0003bb30:·7374·616c·6c20·6169·6465·0a3c·2f63·6f64··stall·aide.</cod
 0003bb40:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a
 0003bb50:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-
 0003bb60:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to
 0003bb70:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·
 0003bb80:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
 0003bb90:·6d37·3939·3122·2074·6162·696e·6465·783d··m7991"·tabindex=
 0003bba0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
 0003bbb0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
 0003bbc0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
 0003bbd0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
 0003bbe0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
Max diff block lines reached; 10100214/10138192 bytes (99.63%) of diff not shown.
1.25 MB
html2text {}
    
Offset 114, 52 lines modifiedOffset 114, 48 lines modified
114 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5114 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
115 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199115 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
116 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359116 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-08-010359
117 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79117 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
118 ·············_\x8c_\x8i_\x8s············5.3.1118 ·············_\x8c_\x8i_\x8s············5.3.1
119 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2119 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
120 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule120 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-251710r958944_rule
121 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8121 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
122 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low122 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
123 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low123 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
124 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false124 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
125 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable125 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
126 package·--add=aide126 dnf·install·aide
127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8127 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
128 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low128 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
129 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low129 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
130 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false130 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
131 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable131 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
132 include·install_aide132 include·install_aide
  
133 class·install_aide·{133 class·install_aide·{
134 ··package·{·'aide':134 ··package·{·'aide':
135 ····ensure·=>·'installed',135 ····ensure·=>·'installed',
136 ··}136 ··}
137 }137 }
138 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
139 [[packages]] 
140 name·=·"aide" 
141 version·=·"*" 
142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8138 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low139 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low140 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false141 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable142 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 143 #·Remediation·is·applicable·only·in·certain·platforms
 144 if·rpm·--quiet·-q·kernel;·then
  
 145 if·!·rpm·-q·--quiet·"aide"·;·then
 146 ····yum·install·-y·"aide"
 147 fi
147 package·install·aide 
148 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
149 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
150 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
151 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
152 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
153 dnf·install·aide148 else
 149 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 150 fi
154 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
155 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low152 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
156 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low153 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
157 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false154 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
158 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable155 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
159 -·name:·Gather·the·package·facts156 -·name:·Gather·the·package·facts
160 ··package_facts:157 ··package_facts:
Offset 192, 29 lines modifiedOffset 188, 33 lines modified
192 ··-·PCI-DSSv4-11.5.2188 ··-·PCI-DSSv4-11.5.2
193 ··-·enable_strategy189 ··-·enable_strategy
194 ··-·low_complexity190 ··-·low_complexity
195 ··-·low_disruption191 ··-·low_disruption
196 ··-·medium_severity192 ··-·medium_severity
197 ··-·no_reboot_needed193 ··-·no_reboot_needed
198 ··-·package_aide_installed194 ··-·package_aide_installed
 195 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 196 [[packages]]
 197 name·=·"aide"
 198 version·=·"*"
199 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8199 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
200 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low200 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
201 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low201 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
202 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false202 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
203 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable203 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
204 #·Remediation·is·applicable·only·in·certain·platforms 
205 if·rpm·--quiet·-q·kernel;·then 
  
206 if·!·rpm·-q·--quiet·"aide"·;·then 
207 ····yum·install·-y·"aide" 
208 fi204 package·install·aide
 205 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 206 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 207 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 208 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 209 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 210 package·--add=aide
209 else 
210 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
211 fi 
212 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules211 Group  ·Federal·Information·Processing·Standard·(FIPS)·  Group·contains·2·rules
213 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.212 _\x8[_\x8r_\x8e_\x8f_\x8]  ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is·developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic·modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different·industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.
  
214 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·8.213 FIPS·140-2·is·the·current·standard·for·validating·that·mechanisms·used·to·access·cryptographic·modules·utilize·authentication·that·meets·industry·and·government·requirements.·For·government·systems,·this·allows·Security·Levels·1,·2,·3,·or·4·for·use·on·Red·Hat·Enterprise·Linux·8.
  
215 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.214 See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8c\x8c_\x8s\x8s_\x8r\x8r_\x8c\x8c_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8l\x8l_\x8i\x8i_\x8c\x8c_\x8a\x8a_\x8t\x8t_\x8i\x8i_\x8o\x8o_\x8n\x8n_\x8s\x8s_\x8/\x8/_\x8P\x8P_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x8h\x8h_\x8t\x8t_\x8m\x8m_\x8l\x8l·for·more·information.
216 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·D\x8Dr\x8ra\x8ac\x8cu\x8ut\x8t·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8du\x8ul\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*215 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·E\x8En\x8na\x8ab\x8bl\x8le\x8e·D\x8Dr\x8ra\x8ac\x8cu\x8ut\x8t·F\x8FI\x8IP\x8PS\x8S·M\x8Mo\x8od\x8du\x8ul\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
Offset 245, 31 lines modifiedOffset 245, 31 lines modified
245 ·············_\x8i_\x8s_\x8m······1446245 ·············_\x8i_\x8s_\x8m······1446
246 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1246 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
247 References:··_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12247 References:··_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
248 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1248 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
249 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176249 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
250 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-08-010020250 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-08-010020
251 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-230223r1017042_rule251 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-230223r1017042_rule
252 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
253 [customizations] 
254 fips·=·true 
255 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8252 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
256 #·Remediation·is·applicable·only·in·certain·platforms253 #·Remediation·is·applicable·only·in·certain·platforms
257 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then254 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
258 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then255 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
259 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF256 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
260 kargs·=·["fips=1"]257 kargs·=·["fips=1"]
261 EOF258 EOF
262 fi259 fi
  
263 else260 else
264 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'261 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
265 fi262 fi
 263 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
Max diff block lines reached; 1309795/1315767 bytes (99.55%) of diff not shown.
18.7 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-pci-dss.html
    
Offset 15345, 414 lines modifiedOffset 15345, 414 lines modified
0003bf00:·6765·743d·2223·6964·6d37·3634·3722·2074··get="#idm7647"·t0003bf00:·6765·743d·2223·6964·6d37·3634·3722·2074··get="#idm7647"·t
0003bf10:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003bf10:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003bf20:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003bf20:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003bf30:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003bf30:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003bf40:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003bf40:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003bf50:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003bf50:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
Diff chunk too large, falling back to line-by-line diff (400 lines added, 400 lines removed)
0003bf60:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003bf60:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003bf70:·2041·6e73·6962·6c65·2073·6e69·7070·6574···Ansible·snippet0003bf70:·2053·6865·6c6c·2073·6372·6970·7420·e287···Shell·script·..
0003bf80:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div0003bf80:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003bf90:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0003bf90:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003bfa0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"0003bfa0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003bfb0:·2069·643d·2269·646d·3736·3437·223e·3c74···id="idm7647"><t0003bfb0:·3d22·6964·6d37·3634·3722·3e3c·7072·653e··="idm7647"><pre>
0003bfc0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl0003bfc0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
0003bfd0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·0003bfd0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
0003bfe0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t0003bfe0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
0003bff0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">0003bff0:·6e20·706c·6174·666f·726d·730a·6966·2021··n·platforms.if·!
0003c000:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi0003c000:·2028·207b·2072·706d·202d·2d71·7569·6574···(·{·rpm·--quiet
0003c010:·7479·3a3c·2f74·683e·3c74·643e·6869·6768··ty:</th><td>high0003c010:·202d·7120·6b65·726e·656c·203b·7d20·2661···-q·kernel·;}·&a
0003c020:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003c020:·6d70·3b26·616d·703b·207b·2072·706d·202d··mp;&amp;·{·rpm·-
0003c030:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t0003c030:·2d71·7569·6574·202d·7120·7270·6d2d·6f73··-quiet·-q·rpm-os
0003c040:·683e·3c74·643e·6d65·6469·756d·3c2f·7464··h><td>medium</td0003c040:·7472·6565·203b·7d20·2661·6d70·3b26·616d··tree·;}·&amp;&am
0003c050:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re0003c050:·703b·207b·2072·706d·202d·2d71·7569·6574··p;·{·rpm·--quiet
0003c060:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa0003c060:·202d·7120·626f·6f74·6320·3b7d·2026·616d···-q·bootc·;}·&am
0003c070:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr0003c070:·703b·2661·6d70·3b20·7b20·2120·7270·6d20··p;&amp;·{·!·rpm·
0003c080:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</0003c080:·2d2d·7175·6965·7420·2d71·206f·7065·6e73··--quiet·-q·opens
0003c090:·7468·3e3c·7464·3e72·6573·7472·6963·743c··th><td>restrict<0003c090:·6869·6674·2d6b·7562·656c·6574·203b·7d20··hift-kubelet·;}·
0003c0a0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table0003c0a0:·293b·2074·6865·6e0a·0a23·2046·696e·6420··);·then..#·Find·
0003c0b0:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na0003c0b0:·7768·6963·6820·6669·6c65·7320·6861·7665··which·files·have
0003c0c0:·6d65·3a20·4761·7468·6572·2074·6865·2070··me:·Gather·the·p0003c0c0:·2069·6e63·6f72·7265·6374·2068·6173·6820···incorrect·hash·
0003c0d0:·6163·6b61·6765·2066·6163·7473·0a20·2070··ackage·facts.··p0003c0d0:·286e·6f74·2069·6e20·2f65·7463·2c20·6265··(not·in·/etc,·be
0003c0e0:·6163·6b61·6765·5f66·6163·7473·3a0a·2020··ackage_facts:.··0003c0e0:·6361·7573·6520·6f66·2074·6865·2073·7973··cause·of·the·sys
0003c0f0:·2020·6d61·6e61·6765·723a·2061·7574·6f0a····manager:·auto.0003c0f0:·7465·6d20·7265·6c61·7465·6420·636f·6e66··tem·related·conf
0003c100:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-0003c100:·6967·2066·696c·6573·2920·616e·6420·7468··ig·files)·and·th
0003c110:·3830·3835·372d·360a·2020·2d20·434a·4953··80857-6.··-·CJIS0003c110:·656e·2067·6574·2066·696c·6573·206e·616d··en·get·files·nam
0003c120:·2d35·2e31·302e·342e·310a·2020·2d20·4e49··-5.10.4.1.··-·NI0003c120:·6573·0a66·696c·6573·5f77·6974·685f·696e··es.files_with_in
0003c130:·5354·2d38·3030·2d31·3731·2d33·2e33·2e38··ST-800-171-3.3.80003c130:·636f·7272·6563·745f·6861·7368·3d22·2428··correct_hash="$(
0003c140:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170003c140:·7270·6d20·2d56·6120·2d2d·6e6f·636f·6e66··rpm·-Va·--noconf
0003c150:·312d·332e·342e·310a·2020·2d20·4e49·5354··1-3.4.1.··-·NIST0003c150:·6967·207c·2067·7265·7020·2d45·2027·5e2e··ig·|·grep·-E·'^.
0003c160:·2d38·3030·2d35·332d·4155·2d39·2833·290a··-800-53-AU-9(3).0003c160:·2e35·2720·7c20·6177·6b20·277b·7072·696e··.5'·|·awk·'{prin
0003c170:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003c170:·7420·244e·467d·2720·2922·0a0a·6966·205b··t·$NF}'·)"..if·[
0003c180:·434d·2d36·2863·290a·2020·2d20·4e49·5354··CM-6(c).··-·NIST0003c180:·202d·6e20·2224·6669·6c65·735f·7769·7468···-n·"$files_with
0003c190:·2d38·3030·2d35·332d·434d·2d36·2864·290a··-800-53-CM-6(d).0003c190:·5f69·6e63·6f72·7265·6374·5f68·6173·6822··_incorrect_hash"
0003c1a0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003c1a0:·205d·3b20·7468·656e·0a20·2020·2023·2046···];·then.····#·F
0003c1b0:·5349·2d37·0a20·202d·204e·4953·542d·3830··SI-7.··-·NIST-800003c1b0:·726f·6d20·6669·6c65·7320·6e61·6d65·7320··rom·files·names·
0003c1c0:·302d·3533·2d53·492d·3728·3129·0a20·202d··0-53-SI-7(1).··-0003c1c0:·6765·7420·7061·636b·6167·6520·6e61·6d65··get·package·name
0003c1d0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003c1d0:·7320·616e·6420·6368·616e·6765·206e·6577··s·and·change·new
0003c1e0:·3728·3629·0a20·202d·2050·4349·2d44·5353··7(6).··-·PCI-DSS0003c1e0:·6c69·6e65·2074·6f20·7370·6163·652c·2062··line·to·space,·b
0003c1f0:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC0003c1f0:·6563·6175·7365·2072·706d·2077·7269·7465··ecause·rpm·write
0003c200:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·0003c200:·7320·6561·6368·2070·6163·6b61·6765·2074··s·each·package·t
0003c210:·202d·2068·6967·685f·636f·6d70·6c65·7869···-·high_complexi0003c210:·6f20·6e65·7720·6c69·6e65·0a20·2020·2070··o·new·line.····p
0003c220:·7479·0a20·202d·2068·6967·685f·7365·7665··ty.··-·high_seve0003c220:·6163·6b61·6765·735f·746f·5f72·6569·6e73··ackages_to_reins
0003c230:·7269·7479·0a20·202d·206d·6564·6975·6d5f··rity.··-·medium_0003c230:·7461·6c6c·3d22·2428·7270·6d20·2d71·6620··tall="$(rpm·-qf·
0003c240:·6469·7372·7570·7469·6f6e·0a20·202d·206e··disruption.··-·n0003c240:·2466·696c·6573·5f77·6974·685f·696e·636f··$files_with_inco
0003c250:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003c250:·7272·6563·745f·6861·7368·207c·2074·7220··rrect_hash·|·tr·
0003c260:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str0003c260:·275c·6e27·2027·2027·2922·0a0a·2020·2020··'\n'·'·')"..····
0003c270:·6174·6567·790a·2020·2d20·7270·6d5f·7665··ategy.··-·rpm_ve0003c270:·0a20·2020·2079·756d·2072·6569·6e73·7461··.····yum·reinsta
0003c280:·7269·6679·5f68·6173·6865·730a·0a2d·206e··rify_hashes..-·n0003c280:·6c6c·202d·7920·2470·6163·6b61·6765·735f··ll·-y·$packages_
0003c290:·616d·653a·2027·5365·7420·6661·6374·3a20··ame:·'Set·fact:·0003c290:·746f·5f72·6569·6e73·7461·6c6c·0a20·2020··to_reinstall.···
0003c2a0:·5061·636b·6167·6520·6d61·6e61·6765·7220··Package·manager·0003c2a0:·200a·6669·0a0a·656c·7365·0a20·2020·2026···.fi..else.····&
0003c2b0:·7265·696e·7374·616c·6c20·636f·6d6d·616e··reinstall·comman0003c2b0:·6774·3b26·616d·703b·3220·6563·686f·2027··gt;&amp;2·echo·'
0003c2c0:·6427·0a20·2073·6574·5f66·6163·743a·0a20··d'.··set_fact:.·0003c2c0:·5265·6d65·6469·6174·696f·6e20·6973·206e··Remediation·is·n
0003c2d0:·2020·2070·6163·6b61·6765·5f6d·616e·6167·····package_manag0003c2d0:·6f74·2061·7070·6c69·6361·626c·652c·206e··ot·applicable,·n
0003c2e0:·6572·5f72·6569·6e73·7461·6c6c·5f63·6d64··er_reinstall_cmd0003c2e0:·6f74·6869·6e67·2077·6173·2064·6f6e·6527··othing·was·done'
0003c2f0:·3a20·7975·6d20·7265·696e·7374·616c·6c20··:·yum·reinstall·0003c2f0:·0a66·690a·3c2f·636f·6465·3e3c·2f70·7265··.fi.</code></pre
0003c300:·2d79·0a20·2077·6865·6e3a·0a20·202d·206e··-y.··when:.··-·n0003c300:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class=
0003c310:·6f74·2028·2022·6b65·726e·656c·2220·696e··ot·(·"kernel"·in0003c310:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success
0003c320:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003c320:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c
0003c330:·6163·6b61·6765·7320·616e·6420·2272·706d··ackages·and·"rpm0003c330:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta
0003c340:·2d6f·7374·7265·6522·2069·6e20·616e·7369··-ostree"·in·ansi0003c340:·7267·6574·3d22·2369·646d·3736·3438·2220··rget="#idm7648"·
0003c350:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003c350:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003c360:·6573·0a20·2020·2061·6e64·2022·626f·6f74··es.····and·"boot0003c360:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003c370:·6322·2069·6e20·616e·7369·626c·655f·6661··c"·in·ansible_fa0003c370:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003c380:·6374·732e·7061·636b·6167·6573·2061·6e64··cts.packages·and0003c380:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003c390:·206e·6f74·2022·6f70·656e·7368·6966·742d···not·"openshift-0003c390:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003c3a0:·6b75·6265·6c65·7422·2069·6e20·616e·7369··kubelet"·in·ansi0003c3a0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003c3b0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003c3b0:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe
0003c3c0:·6573·0a20·2020·2029·0a20·202d·2061·6e73··es.····).··-·ans0003c3c0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003c3d0:·6962·6c65·5f64·6973·7472·6962·7574·696f··ible_distributio0003c3d0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003c3e0:·6e20·696e·205b·2022·4665·646f·7261·222c··n·in·[·"Fedora",0003c3e0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003c3f0:·2022·5265·6448·6174·222c·2022·4365·6e74···"RedHat",·"Cent0003c3f0:·2220·6964·3d22·6964·6d37·3634·3822·3e3c··"·id="idm7648"><
0003c400:·4f53·222c·2022·4f72·6163·6c65·4c69·6e75··OS",·"OracleLinu0003c400:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
0003c410:·7822·205d·0a20·2074·6167·733a·0a20·202d··x"·].··tags:.··-0003c410:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
0003c420:·2043·4345·2d38·3038·3537·2d36·0a20·202d···CCE-80857-6.··-0003c420:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
0003c430:·2043·4a49·532d·352e·3130·2e34·2e31·0a20···CJIS-5.10.4.1.·0003c430:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
0003c440:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-0003c440:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
0003c450:·332e·332e·380a·2020·2d20·4e49·5354·2d38··3.3.8.··-·NIST-80003c450:·6974·793a·3c2f·7468·3e3c·7464·3e68·6967··ity:</th><td>hig
0003c460:·3030·2d31·3731·2d33·2e34·2e31·0a20·202d··00-171-3.4.1.··-0003c460:·683c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··h</td></tr><tr><
0003c470:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-0003c470:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
0003c480:·3928·3329·0a20·202d·204e·4953·542d·3830··9(3).··-·NIST-800003c480:·7468·3e3c·7464·3e6d·6564·6975·6d3c·2f74··th><td>medium</t
0003c490:·302d·3533·2d43·4d2d·3628·6329·0a20·202d··0-53-CM-6(c).··-0003c490:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
0003c4a0:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-0003c4a0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
0003c4b0:·3628·6429·0a20·202d·204e·4953·542d·3830··6(d).··-·NIST-800003c4b0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
0003c4c0:·302d·3533·2d53·492d·370a·2020·2d20·4e49··0-53-SI-7.··-·NI0003c4c0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0003c4d0:·5354·2d38·3030·2d35·332d·5349·2d37·2831··ST-800-53-SI-7(10003c4d0:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict
0003c4e0:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003c4e0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
0003c4f0:·332d·5349·2d37·2836·290a·2020·2d20·5043··3-SI-7(6).··-·PC0003c4f0:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n
0003c500:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.·0003c500:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the·
0003c510:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11.0003c510:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.··
0003c520:·352e·320a·2020·2d20·6869·6768·5f63·6f6d··5.2.··-·high_com0003c520:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.·
0003c530:·706c·6578·6974·790a·2020·2d20·6869·6768··plexity.··-·high0003c530:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto
0003c540:·5f73·6576·6572·6974·790a·2020·2d20·6d65··_severity.··-·me0003c540:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE
0003c550:·6469·756d·5f64·6973·7275·7074·696f·6e0a··dium_disruption.0003c550:·2d38·3038·3537·2d36·0a20·202d·2043·4a49··-80857-6.··-·CJI
0003c560:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne0003c560:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N
0003c570:·6564·6564·0a20·202d·2072·6573·7472·6963··eded.··-·restric0003c570:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.
0003c580:·745f·7374·7261·7465·6779·0a20·202d·2072··t_strategy.··-·r0003c580:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-1
0003c590:·706d·5f76·6572·6966·795f·6861·7368·6573··pm_verify_hashes0003c590:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS
0003c5a0:·0a0a·2d20·6e61·6d65·3a20·2753·6574·2066··..-·name:·'Set·f0003c5a0:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)
0003c5b0:·6163·743a·2050·6163·6b61·6765·206d·616e··act:·Package·man0003c5b0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003c5c0:·6167·6572·2072·6569·6e73·7461·6c6c·2063··ager·reinstall·c0003c5c0:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS
0003c5d0:·6f6d·6d61·6e64·2028·7a79·7070·6572·2927··ommand·(zypper)'0003c5d0:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)
0003c5e0:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···0003c5e0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003c5f0:·2070·6163·6b61·6765·5f6d·616e·6167·6572···package_manager0003c5f0:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-8
0003c600:·5f72·6569·6e73·7461·6c6c·5f63·6d64·3a20··_reinstall_cmd:·0003c600:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··
0003c610:·7a79·7070·6572·2069·6e20·2d66·202d·790a··zypper·in·-f·-y.0003c610:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI
0003c620:·2020·7768·656e·3a0a·2020·2d20·6e6f·7420····when:.··-·not·0003c620:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS
0003c630:·2820·226b·6572·6e65·6c22·2069·6e20·616e··(·"kernel"·in·an0003c630:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P
0003c640:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003c640:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.
0003c650:·6167·6573·2061·6e64·2022·7270·6d2d·6f73··ages·and·"rpm-os0003c650:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex
0003c660:·7472·6565·2220·696e·2061·6e73·6962·6c65··tree"·in·ansible0003c660:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev
0003c670:·5f66·6163·7473·2e70·6163·6b61·6765·730a··_facts.packages.0003c670:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium
0003c680:·2020·2020·616e·6420·2262·6f6f·7463·2220······and·"bootc"·0003c680:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·
0003c690:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003c690:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed
0003c6a0:·2e70·6163·6b61·6765·7320·616e·6420·6e6f··.packages·and·no0003c6a0:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st
0003c6b0:·7420·226f·7065·6e73·6869·6674·2d6b·7562··t·"openshift-kub0003c6b0:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v
0003c6c0:·656c·6574·2220·696e·2061·6e73·6962·6c65··elet"·in·ansible0003c6c0:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·
0003c6d0:·5f66·6163·7473·2e70·6163·6b61·6765·730a··_facts.packages.0003c6d0:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:
Max diff block lines reached; 17808150/17863930 bytes (99.69%) of diff not shown.
1.62 MB
html2text {}
Max HTML report size reached
30.0 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-stig.html
    
Offset 15289, 284 lines modifiedOffset 15289, 284 lines modified
0003bb80:·2d74·6172·6765·743d·2223·6964·6d37·3939··-target="#idm7990003bb80:·2d74·6172·6765·743d·2223·6964·6d37·3939··-target="#idm799
0003bb90:·3022·2074·6162·696e·6465·783d·2230·2220··0"·tabindex="0"·0003bb90:·3022·2074·6162·696e·6465·783d·2230·2220··0"·tabindex="0"·
0003bba0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003bba0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003bbb0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003bbb0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003bbc0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003bbc0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003bbd0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003bbd0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003bbe0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003bbe0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003bbf0:·7469·6f6e·2041·6e61·636f·6e64·6120·736e··tion·Anaconda·sn 
0003bc00:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br 
0003bc10:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003bc20:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003bc30:·6170·7365·2220·6964·3d22·6964·6d37·3939··apse"·id="idm799 
0003bc40:·3022·3e3c·7461·626c·6520·636c·6173·733d··0"><table·class= 
0003bc50:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str 
0003bc60:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde 
0003bc70:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden 
0003bc80:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com 
0003bc90:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td 
0003bca0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003bcb0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption 
0003bcc0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003bcd0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R 
0003bce0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f 
0003bcf0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t 
0003bd00:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:< 
0003bd10:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</ 
0003bd20:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table> 
0003bd30:·3c70·7265·3e3c·636f·6465·3e0a·7061·636b··<pre><code>.pack 
0003bd40:·6167·6520·2d2d·6164·643d·6169·6465·0a3c··age·--add=aide.< 
0003bd50:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003bd60:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003bd70:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003bd80:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003bd90:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003bda0:·2223·6964·6d37·3939·3122·2074·6162·696e··"#idm7991"·tabin 
0003bdb0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003bdc0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003bdd0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003bde0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003bdf0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003be00:·3e52·656d·6564·6961·7469·6f6e·2050·7570··>Remediation·Pup 
0003be10:·7065·7420·736e·6970·7065·7420·e287·b23c··pet·snippet·...< 
0003be20:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003be30:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003be40:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003be50:·6964·6d37·3939·3122·3e3c·7461·626c·6520··idm7991"><table· 
0003be60:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003be70:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003be80:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003be90:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003bea0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003beb0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003bec0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003bed0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003bee0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003bef0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003bf00:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003bf10:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003bf20:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003bf30:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003bf40:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003bf50:·3e69·6e63·6c75·6465·2069·6e73·7461·6c6c··>include·install 
0003bf60:·5f61·6964·650a·0a63·6c61·7373·2069·6e73··_aide..class·ins 
0003bf70:·7461·6c6c·5f61·6964·6520·7b0a·2020·7061··tall_aide·{.··pa 
0003bf80:·636b·6167·6520·7b20·2761·6964·6527·3a0a··ckage·{·'aide':. 
0003bf90:·2020·2020·656e·7375·7265·203d·2667·743b······ensure·=&gt; 
0003bfa0:·2027·696e·7374·616c·6c65·6427·2c0a·2020···'installed',.·· 
0003bfb0:·7d0a·7d0a·3c2f·636f·6465·3e3c·2f70·7265··}.}.</code></pre 
0003bfc0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003bfd0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003bfe0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003bff0:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003c000:·7267·6574·3d22·2369·646d·3739·3932·2220··rget="#idm7992"· 
0003c010:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003c020:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003c030:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003c040:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003c050:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003c060:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003c070:·6e20·4f53·4275·696c·6420·426c·7565·7072··n·OSBuild·Bluepr 
0003c080:·696e·7420·736e·6970·7065·7420·e287·b23c··int·snippet·...<0003bbf0:·7469·6f6e·2073·6372·6970·7420·e287·b23c··tion·script·...<
0003c090:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003bc00:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
0003c0a0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003bc10:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
0003c0b0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003bc20:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003bc30:·6964·6d37·3939·3022·3e3c·7461·626c·6520··idm7990"><table·
 0003bc40:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 0003bc50:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 0003bc60:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 0003bc70:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 0003bc80:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
0003c0c0:·6964·6d37·3939·3222·3e3c·7072·653e·3c63··idm7992"><pre><c 
0003c0d0:·6f64·653e·0a5b·5b70·6163·6b61·6765·735d··ode>.[[packages] 
0003c0e0:·5d0a·6e61·6d65·203d·2022·6169·6465·220a··].name·=·"aide". 
0003c0f0:·7665·7273·696f·6e20·3d20·222a·220a·3c2f··version·=·"*".</ 
0003c100:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
0003c110:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
0003c120:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
0003c130:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
0003c140:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
0003c150:·2369·646d·3739·3933·2220·7461·6269·6e64··#idm7993"·tabind 
0003c160:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003c170:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003c180:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003c190:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003c1a0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003c1b0:·5265·6d65·6469·6174·696f·6e20·7363·7269··Remediation·scri 
0003c1c0:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d 
0003c1d0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003c1e0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003c1f0:·6522·2069·643d·2269·646d·3739·3933·223e··e"·id="idm7993"> 
0003c200:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta 
0003c210:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe 
0003c220:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered 
0003c230:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed 
0003c240:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple 
0003c250:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo 
0003c260:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003c270:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</ 
0003c280:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003c290:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo 
0003c2a0:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals 
0003c2b0:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr>< 
0003c2c0:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th 
0003c2d0:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td> 
0003c2e0:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
0003c2f0:·653e·3c63·6f64·653e·0a70·6163·6b61·6765··e><code>.package 
0003c300:·2069·6e73·7461·6c6c·2061·6964·650a·3c2f···install·aide.</ 
Max diff block lines reached; 28914778/28952618 bytes (99.87%) of diff not shown.
2.37 MB
html2text {}
Max HTML report size reached
29.8 MB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-stig_gui.html
    
Offset 15308, 284 lines modifiedOffset 15308, 284 lines modified
0003bcb0:·612d·7461·7267·6574·3d22·2369·646d·3739··a-target="#idm790003bcb0:·612d·7461·7267·6574·3d22·2369·646d·3739··a-target="#idm79
0003bcc0:·3930·2220·7461·6269·6e64·6578·3d22·3022··90"·tabindex="0"0003bcc0:·3930·2220·7461·6269·6e64·6578·3d22·3022··90"·tabindex="0"
0003bcd0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a0003bcd0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003bce0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa0003bce0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003bcf0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti0003bcf0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003bd00:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·0003bd00:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003bd10:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi0003bd10:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
 0003bd20:·6174·696f·6e20·7363·7269·7074·20e2·87b2··ation·script·...
0003bd20:·6174·696f·6e20·416e·6163·6f6e·6461·2073··ation·Anaconda·s 
0003bd30:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003bd40:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003bd50:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003bd60:·6c61·7073·6522·2069·643d·2269·646d·3739··lapse"·id="idm79 
0003bd70:·3930·223e·3c74·6162·6c65·2063·6c61·7373··90"><table·class 
0003bd80:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
0003bd90:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord 
0003bda0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
0003bdb0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
0003bdc0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
0003bdd0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003bde0:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003bdf0:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003be00:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003be10:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
0003be20:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003be30:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003be40:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003be50:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003be60:·3e3c·7072·653e·3c63·6f64·653e·0a70·6163··><pre><code>.pac 
0003be70:·6b61·6765·202d·2d61·6464·3d61·6964·650a··kage·--add=aide. 
0003be80:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003be90:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003bea0:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003beb0:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003bec0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003bed0:·3d22·2369·646d·3739·3931·2220·7461·6269··="#idm7991"·tabi 
0003bee0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003bef0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003bf00:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003bf10:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003bf20:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003bf30:·223e·5265·6d65·6469·6174·696f·6e20·5075··">Remediation·Pu 
0003bf40:·7070·6574·2073·6e69·7070·6574·20e2·87b2··ppet·snippet·... 
0003bf50:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003bd30:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003bf60:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003bd40:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003bf70:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003bd50:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003bf80:·2269·646d·3739·3931·223e·3c74·6162·6c65··"idm7991"><table0003bd60:·2269·646d·3739·3930·223e·3c74·6162·6c65··"idm7990"><table
0003bf90:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003bd70:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
0003bfa0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003bd80:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
0003bfb0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003bd90:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
0003bfc0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003bda0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
0003bfd0:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003bdb0:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
0003bfe0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>0003bdc0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
0003bff0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis0003bdd0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
0003c000:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td0003bde0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
0003c010:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t0003bdf0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
0003c020:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t0003be00:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
0003c030:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>0003be10:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
0003c040:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str0003be20:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
0003c050:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e0003be30:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e
0003c060:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><0003be40:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><
0003c070:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod0003be50:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
 0003be60:·653e·0a64·6e66·2069·6e73·7461·6c6c·2061··e>.dnf·install·a
 0003be70:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre
 0003be80:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class=
 0003be90:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success
 0003bea0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c
 0003beb0:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta
 0003bec0:·7267·6574·3d22·2369·646d·3739·3931·2220··rget="#idm7991"·
 0003bed0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
 0003bee0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
 0003bef0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
 0003bf00:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
 0003bf10:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
 0003bf20:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
 0003bf30:·6e20·5075·7070·6574·2073·6e69·7070·6574··n·Puppet·snippet
 0003bf40:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
 0003bf50:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
 0003bf60:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
 0003bf70:·2069·643d·2269·646d·3739·3931·223e·3c74···id="idm7991"><t
 0003bf80:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
 0003bf90:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
 0003bfa0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
 0003bfb0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
 0003bfc0:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
 0003bfd0:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<
 0003bfe0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003bff0:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th
 0003c000:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003c010:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
 0003c020:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
 0003c030:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003c040:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
 0003c050:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></
 0003c060:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
0003c080:·653e·696e·636c·7564·6520·696e·7374·616c··e>include·instal0003c070:·3c63·6f64·653e·696e·636c·7564·6520·696e··<code>include·in
0003c090:·6c5f·6169·6465·0a0a·636c·6173·7320·696e··l_aide..class·in0003c080:·7374·616c·6c5f·6169·6465·0a0a·636c·6173··stall_aide..clas
0003c0a0:·7374·616c·6c5f·6169·6465·207b·0a20·2070··stall_aide·{.··p0003c090:·7320·696e·7374·616c·6c5f·6169·6465·207b··s·install_aide·{
0003c0b0:·6163·6b61·6765·207b·2027·6169·6465·273a··ackage·{·'aide':0003c0a0:·0a20·2070·6163·6b61·6765·207b·2027·6169··.··package·{·'ai
0003c0c0:·0a20·2020·2065·6e73·7572·6520·3d26·6774··.····ensure·=&gt0003c0b0:·6465·273a·0a20·2020·2065·6e73·7572·6520··de':.····ensure·
0003c0d0:·3b20·2769·6e73·7461·6c6c·6564·272c·0a20··;·'installed',.·0003c0c0:·3d26·6774·3b20·2769·6e73·7461·6c6c·6564··=&gt;·'installed
0003c0e0:·207d·0a7d·0a3c·2f63·6f64·653e·3c2f·7072···}.}.</code></pr0003c0d0:·272c·0a20·207d·0a7d·0a3c·2f63·6f64·653e··',.··}.}.</code>
0003c0f0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class0003c0e0:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
0003c100:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes0003c0f0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
0003c110:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="0003c100:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
0003c120:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t0003c110:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
0003c130:·6172·6765·743d·2223·6964·6d37·3939·3222··arget="#idm7992"0003c120:·7461·2d74·6172·6765·743d·2223·6964·6d37··ta-target="#idm7
0003c140:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003c130:·3939·3222·2074·6162·696e·6465·783d·2230··992"·tabindex="0
0003c150:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003c140:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003c160:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003c150:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003c170:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003c160:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003c180:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003c170:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
0003c190:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003c180:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003c190:·6961·7469·6f6e·2053·6865·6c6c·2073·6372··iation·Shell·scr
0003c1a0:·6f6e·204f·5342·7569·6c64·2042·6c75·6570··on·OSBuild·Bluep 
0003c1b0:·7269·6e74·2073·6e69·7070·6574·20e2·87b2··rint·snippet·... 
0003c1c0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003c1d0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003c1e0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003c1f0:·2269·646d·3739·3932·223e·3c70·7265·3e3c··"idm7992"><pre>< 
0003c200:·636f·6465·3e0a·5b5b·7061·636b·6167·6573··code>.[[packages 
0003c210:·5d5d·0a6e·616d·6520·3d20·2261·6964·6522··]].name·=·"aide" 
0003c220:·0a76·6572·7369·6f6e·203d·2022·2a22·0a3c··.version·=·"*".< 
0003c230:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003c240:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003c250:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003c260:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
Max diff block lines reached; 28754824/28792664 bytes (99.87%) of diff not shown.
2.35 MB
html2text {}
Max HTML report size reached
23.9 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-anssi_bp28_enhanced.html
    
Offset 15108, 284 lines modifiedOffset 15108, 284 lines modified
0003b030:·6574·3d22·2369·646d·3834·3538·2220·7461··et="#idm8458"·ta0003b030:·6574·3d22·2369·646d·3834·3538·2220·7461··et="#idm8458"·ta
0003b040:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003b040:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b050:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003b050:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b060:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003b060:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b070:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003b070:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b080:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003b080:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003b090:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003b090:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b0a0:·416e·6163·6f6e·6461·2073·6e69·7070·6574··Anaconda·snippet 
0003b0b0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003b0c0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003b0d0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003b0e0:·2069·643d·2269·646d·3834·3538·223e·3c74···id="idm8458"><t 
0003b0f0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003b100:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003b110:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003b120:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003b130:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003b140:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003b150:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b160:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003b170:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b180:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003b190:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003b1a0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b1b0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003b1c0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003b1d0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003b1e0:·3c63·6f64·653e·0a70·6163·6b61·6765·202d··<code>.package·- 
0003b1f0:·2d61·6464·3d61·6964·650a·3c2f·636f·6465··-add=aide.</code 
0003b200:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b210:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b220:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b230:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b240:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b250:·3834·3539·2220·7461·6269·6e64·6578·3d22··8459"·tabindex=" 
0003b260:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b270:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b280:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b290:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b2a0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b2b0:·6469·6174·696f·6e20·5075·7070·6574·2073··diation·Puppet·s 
0003b2c0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b0003b0a0:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b
0003b2d0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa0003b0b0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
0003b2e0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col0003b0c0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
0003b2f0:·6c61·7073·6522·2069·643d·2269·646d·3834··lapse"·id="idm840003b0d0:·6c61·7073·6522·2069·643d·2269·646d·3834··lapse"·id="idm84
0003b300:·3539·223e·3c74·6162·6c65·2063·6c61·7373··59"><table·class0003b0e0:·3538·223e·3c74·6162·6c65·2063·6c61·7373··58"><table·class
0003b310:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st0003b0f0:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
0003b320:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord0003b100:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
0003b330:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde0003b110:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
0003b340:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co0003b120:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
0003b350:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t0003b130:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
0003b360:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003b370:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003b380:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003b390:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b3a0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
0003b3b0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003b3c0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003b3d0:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003b3e0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003b3f0:·3e3c·7072·653e·3c63·6f64·653e·696e·636c··><pre><code>incl 
0003b400:·7564·6520·696e·7374·616c·6c5f·6169·6465··ude·install_aide 
0003b410:·0a0a·636c·6173·7320·696e·7374·616c·6c5f··..class·install_ 
0003b420:·6169·6465·207b·0a20·2070·6163·6b61·6765··aide·{.··package 
0003b430:·207b·2027·6169·6465·273a·0a20·2020·2065···{·'aide':.····e 
0003b440:·6e73·7572·6520·3d26·6774·3b20·2769·6e73··nsure·=&gt;·'ins 
0003b450:·7461·6c6c·6564·272c·0a20·207d·0a7d·0a3c··talled',.··}.}.< 
0003b460:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003b470:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003b480:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003b490:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003b4a0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003b4b0:·2223·6964·6d38·3436·3022·2074·6162·696e··"#idm8460"·tabin 
0003b4c0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003b4d0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003b4e0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003b4f0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003b500:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003b510:·3e52·656d·6564·6961·7469·6f6e·204f·5342··>Remediation·OSB 
0003b520:·7569·6c64·2042·6c75·6570·7269·6e74·2073··uild·Blueprint·s 
0003b530:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003b540:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003b550:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003b560:·6c61·7073·6522·2069·643d·2269·646d·3834··lapse"·id="idm84 
0003b570:·3630·223e·3c70·7265·3e3c·636f·6465·3e0a··60"><pre><code>. 
0003b580:·5b5b·7061·636b·6167·6573·5d5d·0a6e·616d··[[packages]].nam 
0003b590:·6520·3d20·2261·6964·6522·0a76·6572·7369··e·=·"aide".versi 
0003b5a0:·6f6e·203d·2022·2a22·0a3c·2f63·6f64·653e··on·=·"*".</code> 
0003b5b0:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003b5c0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003b5d0:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003b5e0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003b5f0:·7461·2d74·6172·6765·743d·2223·6964·6d38··ta-target="#idm8 
0003b600:·3436·3122·2074·6162·696e·6465·783d·2230··461"·tabindex="0 
0003b610:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003b620:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003b630:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003b640:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003b650:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003b660:·6961·7469·6f6e·2073·6372·6970·7420·e287··iation·script·.. 
0003b670:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003b680:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003b690:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003b6a0:·3d22·6964·6d38·3436·3122·3e3c·7461·626c··="idm8461"><tabl 
0003b6b0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003b6c0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003b6d0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003b6e0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003b6f0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003b700:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b710:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003b720:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003b730:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003b740:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003b750:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003b760:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003b770:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003b780:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003b790:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003b7a0:·6465·3e0a·7061·636b·6167·6520·696e·7374··de>.package·inst 
0003b7b0:·616c·6c20·6169·6465·0a3c·2f63·6f64·653e··all·aide.</code> 
0003b7c0:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003b7d0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003b7e0:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003b7f0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003b800:·7461·2d74·6172·6765·743d·2223·6964·6d38··ta-target="#idm8 
0003b810:·3436·3222·2074·6162·696e·6465·783d·2230··462"·tabindex="0 
Max diff block lines reached; 22908588/22946428 bytes (99.84%) of diff not shown.
1.99 MB
html2text {}
Max HTML report size reached
24.3 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-anssi_bp28_high.html
    
Offset 15113, 284 lines modifiedOffset 15113, 284 lines modified
0003b080:·6172·6765·743d·2223·6964·6d38·3435·3822··arget="#idm8458"0003b080:·6172·6765·743d·2223·6964·6d38·3435·3822··arget="#idm8458"
0003b090:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003b090:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003b0a0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003b0a0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003b0b0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003b0b0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003b0c0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003b0c0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003b0d0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003b0d0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003b0e0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003b0e0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003b0f0:·6f6e·2041·6e61·636f·6e64·6120·736e·6970··on·Anaconda·snip 
0003b100:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003b110:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003b120:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003b130:·7365·2220·6964·3d22·6964·6d38·3435·3822··se"·id="idm8458" 
0003b140:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t 
0003b150:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip 
0003b160:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere 
0003b170:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003b180:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl 
0003b190:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l 
0003b1a0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b1b0:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:< 
0003b1c0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003b1d0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb 
0003b1e0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal 
0003b1f0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr> 
0003b200:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t 
0003b210:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td 
0003b220:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p 
0003b230:·7265·3e3c·636f·6465·3e0a·7061·636b·6167··re><code>.packag 
0003b240:·6520·2d2d·6164·643d·6169·6465·0a3c·2f63··e·--add=aide.</c 
0003b250:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b260:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b270:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b280:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b290:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b2a0:·6964·6d38·3435·3922·2074·6162·696e·6465··idm8459"·tabinde 
0003b2b0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b2c0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b2d0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b2e0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b2f0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b300:·656d·6564·6961·7469·6f6e·2050·7570·7065··emediation·Puppe 
0003b310:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a0003b0f0:·6f6e·2073·6372·6970·7420·e287·b23c·2f61··on·script·...</a
0003b320:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=0003b100:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003b330:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·0003b110:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003b340:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id0003b120:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003b350:·6d38·3435·3922·3e3c·7461·626c·6520·636c··m8459"><table·cl0003b130:·6d38·3435·3822·3e3c·7461·626c·6520·636c··m8458"><table·cl
0003b360:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table0003b140:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
0003b370:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b0003b150:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003b380:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co0003b160:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
0003b390:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th0003b170:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
0003b3a0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th0003b180:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003b3b0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b3c0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003b3d0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003b3e0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b3f0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003b400:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003b410:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003b420:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003b430:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
0003b440:·626c·653e·3c70·7265·3e3c·636f·6465·3e69··ble><pre><code>i 
0003b450:·6e63·6c75·6465·2069·6e73·7461·6c6c·5f61··nclude·install_a 
0003b460:·6964·650a·0a63·6c61·7373·2069·6e73·7461··ide..class·insta 
0003b470:·6c6c·5f61·6964·6520·7b0a·2020·7061·636b··ll_aide·{.··pack 
0003b480:·6167·6520·7b20·2761·6964·6527·3a0a·2020··age·{·'aide':.·· 
0003b490:·2020·656e·7375·7265·203d·2667·743b·2027····ensure·=&gt;·' 
0003b4a0:·696e·7374·616c·6c65·6427·2c0a·2020·7d0a··installed',.··}. 
0003b4b0:·7d0a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··}.</code></pre>< 
0003b4c0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003b4d0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003b4e0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003b4f0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003b500:·6574·3d22·2369·646d·3834·3630·2220·7461··et="#idm8460"·ta 
0003b510:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003b520:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003b530:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003b540:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003b550:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003b560:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003b570:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
0003b580:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003b590:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b5a0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b5b0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b5c0:·6d38·3436·3022·3e3c·7072·653e·3c63·6f64··m8460"><pre><cod 
0003b5d0:·653e·0a5b·5b70·6163·6b61·6765·735d·5d0a··e>.[[packages]]. 
0003b5e0:·6e61·6d65·203d·2022·6169·6465·220a·7665··name·=·"aide".ve 
0003b5f0:·7273·696f·6e20·3d20·222a·220a·3c2f·636f··rsion·=·"*".</co 
0003b600:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003b610:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003b620:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003b630:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003b640:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003b650:·646d·3834·3631·2220·7461·6269·6e64·6578··dm8461"·tabindex 
0003b660:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003b670:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003b680:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003b690:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003b6a0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003b6b0:·6d65·6469·6174·696f·6e20·7363·7269·7074··mediation·script 
0003b6c0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003b6d0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003b6e0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003b6f0:·2069·643d·2269·646d·3834·3631·223e·3c74···id="idm8461"><t 
0003b700:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003b710:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003b720:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003b730:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003b740:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003b750:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003b760:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b770:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003b780:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b790:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003b7a0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003b7b0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b7c0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003b7d0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003b7e0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003b7f0:·3c63·6f64·653e·0a70·6163·6b61·6765·2069··<code>.package·i 
0003b800:·6e73·7461·6c6c·2061·6964·650a·3c2f·636f··nstall·aide.</co 
0003b810:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003b820:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003b830:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003b840:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003b850:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003b860:·646d·3834·3632·2220·7461·6269·6e64·6578··dm8462"·tabindex 
Max diff block lines reached; 23346493/23384333 bytes (99.84%) of diff not shown.
2.03 MB
html2text {}
Max HTML report size reached
10.7 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-anssi_bp28_intermediary.html
    
Offset 15103, 285 lines modifiedOffset 15103, 285 lines modified
0003afe0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003afe0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003aff0:·2223·6964·6d38·3435·3822·2074·6162·696e··"#idm8458"·tabin0003aff0:·2223·6964·6d38·3435·3822·2074·6162·696e··"#idm8458"·tabin
0003b000:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003b000:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b010:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b010:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b020:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b020:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b030:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b030:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003b040:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b040:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b050:·3e52·656d·6564·6961·7469·6f6e·2041·6e61··>Remediation·Ana0003b050:·3e52·656d·6564·6961·7469·6f6e·2073·6372··>Remediation·scr
0003b060:·636f·6e64·6120·736e·6970·7065·7420·e287··conda·snippet·.. 
0003b070:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003b080:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003b090:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003b0a0:·3d22·6964·6d38·3435·3822·3e3c·7461·626c··="idm8458"><tabl 
0003b0b0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003b0c0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003b0d0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003b0e0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003b0f0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003b100:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003b110:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003b120:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003b130:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003b140:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003b150:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003b160:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003b170:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003b180:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003b190:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003b1a0:·6465·3e0a·7061·636b·6167·6520·2d2d·6164··de>.package·--ad 
0003b1b0:·643d·6169·6465·0a3c·2f63·6f64·653e·3c2f··d=aide.</code></ 
0003b1c0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla 
0003b1d0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ 
0003b1e0:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle 
0003b1f0:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data 
0003b200:·2d74·6172·6765·743d·2223·6964·6d38·3435··-target="#idm845 
0003b210:·3922·2074·6162·696e·6465·783d·2230·2220··9"·tabindex="0"· 
0003b220:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar 
0003b230:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal 
0003b240:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ 
0003b250:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h 
0003b260:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia 
0003b270:·7469·6f6e·2050·7570·7065·7420·736e·6970··tion·Puppet·snip 
0003b280:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><0003b060:·6970·7420·e287·b23c·2f61·3e3c·6272·3e3c··ipt·...</a><br><
0003b290:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003b2a0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003b2b0:·7365·2220·6964·3d22·6964·6d38·3435·3922··se"·id="idm8459" 
0003b2c0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t 
0003b2d0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip 
0003b2e0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere 
0003b2f0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003b300:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl 
0003b310:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l 
0003b320:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b330:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:< 
0003b340:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003b350:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb 
0003b360:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal 
0003b370:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr> 
0003b380:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t 
0003b390:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td 
0003b3a0:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p 
0003b3b0:·7265·3e3c·636f·6465·3e69·6e63·6c75·6465··re><code>include 
0003b3c0:·2069·6e73·7461·6c6c·5f61·6964·650a·0a63···install_aide..c 
0003b3d0:·6c61·7373·2069·6e73·7461·6c6c·5f61·6964··lass·install_aid 
0003b3e0:·6520·7b0a·2020·7061·636b·6167·6520·7b20··e·{.··package·{· 
0003b3f0:·2761·6964·6527·3a0a·2020·2020·656e·7375··'aide':.····ensu 
0003b400:·7265·203d·2667·743b·2027·696e·7374·616c··re·=&gt;·'instal 
0003b410:·6c65·6427·2c0a·2020·7d0a·7d0a·3c2f·636f··led',.··}.}.</co 
0003b420:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003b430:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003b440:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003b450:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003b460:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003b470:·646d·3834·3630·2220·7461·6269·6e64·6578··dm8460"·tabindex 
0003b480:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003b490:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003b4a0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003b4b0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003b4c0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003b4d0:·6d65·6469·6174·696f·6e20·4f53·4275·696c··mediation·OSBuil 
0003b4e0:·6420·426c·7565·7072·696e·7420·736e·6970··d·Blueprint·snip 
0003b4f0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003b500:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel0003b070:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003b510:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap0003b080:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003b520:·7365·2220·6964·3d22·6964·6d38·3436·3022··se"·id="idm8460"0003b090:·7365·2220·6964·3d22·6964·6d38·3435·3822··se"·id="idm8458"
 0003b0a0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
 0003b0b0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
 0003b0c0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
 0003b0d0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
 0003b0e0:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
0003b530:·3e3c·7072·653e·3c63·6f64·653e·0a5b·5b70··><pre><code>.[[p 
0003b540:·6163·6b61·6765·735d·5d0a·6e61·6d65·203d··ackages]].name·= 
0003b550:·2022·6169·6465·220a·7665·7273·696f·6e20···"aide".version· 
0003b560:·3d20·222a·220a·3c2f·636f·6465·3e3c·2f70··=·"*".</code></p 
0003b570:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003b580:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
0003b590:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
0003b5a0:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
0003b5b0:·7461·7267·6574·3d22·2369·646d·3834·3631··target="#idm8461 
0003b5c0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
0003b5d0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
0003b5e0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
0003b5f0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
0003b600:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
0003b610:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat 
0003b620:·696f·6e20·7363·7269·7074·20e2·87b2·3c2f··ion·script·...</ 
0003b630:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b640:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b650:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b660:·646d·3834·3631·223e·3c74·6162·6c65·2063··dm8461"><table·c 
0003b670:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003b680:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003b690:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003b6a0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003b6b0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003b6c0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b6d0:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003b6e0:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003b6f0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b700:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003b710:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003b720:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b730:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena0003b0f0:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
0003b740:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003b750:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003b760:·0a70·6163·6b61·6765·2069·6e73·7461·6c6c··.package·install 
0003b770:·2061·6964·650a·3c2f·636f·6465·3e3c·2f70···aide.</code></p 
Max diff block lines reached; 10007778/10045756 bytes (99.62%) of diff not shown.
1.08 MB
html2text {}
    
Offset 119, 52 lines modifiedOffset 119, 48 lines modified
119 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5119 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
120 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199120 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
121 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79121 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
122 ·············_\x8c_\x8i_\x8s············6.1.1122 ·············_\x8c_\x8i_\x8s············6.1.1
123 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2123 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
124 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-09-651010124 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-09-651010
125 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule125 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule
126 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8126 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
127 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low127 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
128 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low128 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
129 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false129 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
130 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable130 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
131 package·--add=aide131 dnf·install·aide
132 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8132 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
133 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low133 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
134 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low134 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
135 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false135 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
136 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable136 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
137 include·install_aide137 include·install_aide
  
138 class·install_aide·{138 class·install_aide·{
139 ··package·{·'aide':139 ··package·{·'aide':
140 ····ensure·=>·'installed',140 ····ensure·=>·'installed',
141 ··}141 ··}
142 }142 }
143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
144 [[packages]] 
145 name·=·"aide" 
146 version·=·"*" 
147 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
148 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
149 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
150 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
151 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 148 #·Remediation·is·applicable·only·in·certain·platforms
 149 if·rpm·--quiet·-q·kernel;·then
  
 150 if·!·rpm·-q·--quiet·"aide"·;·then
 151 ····dnf·install·-y·"aide"
 152 fi
152 package·install·aide 
153 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
154 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
155 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
156 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
157 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
158 dnf·install·aide153 else
 154 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 155 fi
159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8156 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
160 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low157 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
161 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low158 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
162 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false159 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
163 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable160 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
164 -·name:·Gather·the·package·facts161 -·name:·Gather·the·package·facts
165 ··package_facts:162 ··package_facts:
Offset 197, 29 lines modifiedOffset 193, 33 lines modified
197 ··-·PCI-DSSv4-11.5.2193 ··-·PCI-DSSv4-11.5.2
198 ··-·enable_strategy194 ··-·enable_strategy
199 ··-·low_complexity195 ··-·low_complexity
200 ··-·low_disruption196 ··-·low_disruption
201 ··-·medium_severity197 ··-·medium_severity
202 ··-·no_reboot_needed198 ··-·no_reboot_needed
203 ··-·package_aide_installed199 ··-·package_aide_installed
 200 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 201 [[packages]]
 202 name·=·"aide"
 203 version·=·"*"
204 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8204 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
205 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low205 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
206 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low206 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
207 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false207 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
208 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable208 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
209 #·Remediation·is·applicable·only·in·certain·platforms 
210 if·rpm·--quiet·-q·kernel;·then 
  
211 if·!·rpm·-q·--quiet·"aide"·;·then 
212 ····dnf·install·-y·"aide" 
213 fi209 package·install·aide
 210 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 211 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 212 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 213 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 214 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 215 package·--add=aide
214 else 
215 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
216 fi 
217 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*216 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
218 Run·the·following·command·to·generate·a·new·database:217 Run·the·following·command·to·generate·a·new·database:
219 $·sudo·/usr/sbin/aide·--init218 $·sudo·/usr/sbin/aide·--init
220 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the219 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the
221 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these220 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these
222 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their221 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
223 integrity.·The·newly-generated·database·can·be·installed·as·follows:222 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 247, 14 lines modifiedOffset 247, 28 lines modified
247 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5247 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
248 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199248 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
249 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79249 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
250 ·············_\x8c_\x8i_\x8s············6.1.1250 ·············_\x8c_\x8i_\x8s············6.1.1
251 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2251 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
252 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-09-651010252 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-09-651010
253 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule253 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule
 254 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 255 #·Remediation·is·applicable·only·in·certain·platforms
 256 if·rpm·--quiet·-q·kernel;·then
  
 257 if·!·rpm·-q·--quiet·"aide"·;·then
 258 ····dnf·install·-y·"aide"
 259 fi
  
 260 /usr/sbin/aide·--init
 261 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 262 else
 263 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 264 fi
254 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8265 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
255 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low266 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
256 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low267 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
257 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false268 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
258 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict269 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1127662/1132792 bytes (99.55%) of diff not shown.
3.51 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-anssi_bp28_minimal.html
    
Offset 14773, 297 lines modifiedOffset 14773, 297 lines modified
00039b40:·612d·7461·7267·6574·3d22·2369·646d·3132··a-target="#idm1200039b40:·612d·7461·7267·6574·3d22·2369·646d·3132··a-target="#idm12
00039b50:·3833·3922·2074·6162·696e·6465·783d·2230··839"·tabindex="000039b50:·3833·3922·2074·6162·696e·6465·783d·2230··839"·tabindex="0
00039b60:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·00039b60:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
00039b70:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f00039b70:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
00039b80:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act00039b80:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
00039b90:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"00039b90:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
00039ba0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed00039ba0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 00039bb0:·6961·7469·6f6e·2073·6372·6970·7420·e287··iation·script·..
 00039bc0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
 00039bd0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
00039bb0:·6961·7469·6f6e·2041·6e61·636f·6e64·6120··iation·Anaconda· 
00039bc0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
00039bd0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
00039be0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
00039bf0:·6c6c·6170·7365·2220·6964·3d22·6964·6d31··llapse"·id="idm1 
00039c00:·3238·3339·223e·3c74·6162·6c65·2063·6c61··2839"><table·cla 
00039c10:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
00039c20:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
00039c30:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
00039c40:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
00039c50:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
00039c60:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
00039c70:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
00039c80:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
00039c90:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
00039ca0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
00039cb0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
00039cc0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
00039cd0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
00039ce0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
00039cf0:·6c65·3e3c·7072·653e·3c63·6f64·653e·0a70··le><pre><code>.p 
00039d00:·6163·6b61·6765·202d·2d61·6464·3d64·6e66··ackage·--add=dnf 
00039d10:·2d61·7574·6f6d·6174·6963·0a3c·2f63·6f64··-automatic.</cod 
00039d20:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
00039d30:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
00039d40:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
00039d50:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·00039be0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
 00039bf0:·3d22·6964·6d31·3238·3339·223e·3c74·6162··="idm12839"><tab
 00039c00:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 00039c10:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 00039c20:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 00039c30:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 00039c40:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
 00039c50:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 00039c60:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 00039c70:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
00039d60:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
00039d70:·6d31·3238·3430·2220·7461·6269·6e64·6578··m12840"·tabindex 
00039d80:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
00039d90:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
00039da0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
00039db0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
00039dc0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
00039dd0:·6d65·6469·6174·696f·6e20·5075·7070·6574··mediation·Puppet 
00039de0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
00039df0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
00039e00:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
00039e10:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
00039e20:·3132·3834·3022·3e3c·7461·626c·6520·636c··12840"><table·cl 
00039e30:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
00039e40:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
00039e50:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
00039e60:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
00039e70:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
00039e80:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t00039c80:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
00039e90:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
00039ea0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo00039c90:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 00039ca0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
00039eb0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><00039cb0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 00039cc0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
00039ec0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
00039ed0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
00039ee0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
00039ef0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
00039f00:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
00039f10:·626c·653e·3c70·7265·3e3c·636f·6465·3e69··ble><pre><code>i 
00039f20:·6e63·6c75·6465·2069·6e73·7461·6c6c·5f64··nclude·install_d 
00039f30:·6e66·2d61·7574·6f6d·6174·6963·0a0a·636c··nf-automatic..cl 
00039f40:·6173·7320·696e·7374·616c·6c5f·646e·662d··ass·install_dnf- 
00039f50:·6175·746f·6d61·7469·6320·7b0a·2020·7061··automatic·{.··pa 
00039f60:·636b·6167·6520·7b20·2764·6e66·2d61·7574··ckage·{·'dnf-aut 
00039f70:·6f6d·6174·6963·273a·0a20·2020·2065·6e73··omatic':.····ens 
00039f80:·7572·6520·3d26·6774·3b20·2769·6e73·7461··ure·=&gt;·'insta 
00039f90:·6c6c·6564·272c·0a20·207d·0a7d·0a3c·2f63··lled',.··}.}.</c 
00039fa0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
00039fb0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
00039fc0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
00039fd0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
00039fe0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
00039ff0:·6964·6d31·3238·3431·2220·7461·6269·6e64··idm12841"·tabind 
0003a000:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
0003a010:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
0003a020:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
0003a030:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
0003a040:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
0003a050:·5265·6d65·6469·6174·696f·6e20·4f53·4275··Remediation·OSBu 
0003a060:·696c·6420·426c·7565·7072·696e·7420·736e··ild·Blueprint·sn 
0003a070:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br 
0003a080:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003a090:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003a0a0:·6170·7365·2220·6964·3d22·6964·6d31·3238··apse"·id="idm128 
0003a0b0:·3431·223e·3c70·7265·3e3c·636f·6465·3e0a··41"><pre><code>. 
0003a0c0:·5b5b·7061·636b·6167·6573·5d5d·0a6e·616d··[[packages]].nam 
0003a0d0:·6520·3d20·2264·6e66·2d61·7574·6f6d·6174··e·=·"dnf-automat 
0003a0e0:·6963·220a·7665·7273·696f·6e20·3d20·222a··ic".version·=·"* 
0003a0f0:·220a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··".</code></pre>< 
0003a100:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003a110:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003a120:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003a130:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003a140:·6574·3d22·2369·646d·3132·3834·3222·2074··et="#idm12842"·t 
0003a150:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003a160:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003a170:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003a180:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003a190:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003a1a0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003a1b0:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a>< 
0003a1c0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003a1d0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003a1e0:·6c6c·6170·7365·2220·6964·3d22·6964·6d31··llapse"·id="idm1 
0003a1f0:·3238·3432·223e·3c74·6162·6c65·2063·6c61··2842"><table·cla 
0003a200:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003a210:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003a220:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003a230:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003a240:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
Max diff block lines reached; 3395662/3435296 bytes (98.85%) of diff not shown.
239 KB
html2text {}
    
Offset 84, 52 lines modifiedOffset 84, 49 lines modified
84 ·············suitable·for·automatic,·regular·execution.84 ·············suitable·for·automatic,·regular·execution.
85 Severity: ···medium85 Severity: ···medium
86 Rule·ID:·····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed86 Rule·ID:·····xccdf_org.ssgproject.content_rule_package_dnf-automatic_installed
87 Identifiers:·CCE-83454-987 Identifiers:·CCE-83454-9
88 ·············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.288 ·············_\x8o_\x8s_\x8p_\x8p···FPT_TUD_EXT.1,·FPT_TUD_EXT.2
89 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-0008089 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000191-GPOS-00080
90 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R6190 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
91 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x891 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
92 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low92 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
93 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low93 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
94 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false94 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
95 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable95 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
96 package·--add=dnf-automatic96 dnf·install·dnf-automatic
97 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x897 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
98 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low98 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
99 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low99 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
100 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false100 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
101 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable101 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
102 include·install_dnf-automatic102 include·install_dnf-automatic
  
103 class·install_dnf-automatic·{103 class·install_dnf-automatic·{
104 ··package·{·'dnf-automatic':104 ··package·{·'dnf-automatic':
105 ····ensure·=>·'installed',105 ····ensure·=>·'installed',
106 ··}106 ··}
107 }107 }
108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
109 [[packages]] 
110 name·=·"dnf-automatic" 
111 version·=·"*" 
112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
113 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
114 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
115 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
116 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 113 #·Remediation·is·applicable·only·in·certain·platforms
 114 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc
 115 ;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 116 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then
 117 ····dnf·install·-y·"dnf-automatic"
 118 fi
117 package·install·dnf-automatic 
118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
123 dnf·install·dnf-automatic119 else
 120 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 121 fi
124 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8122 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
125 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low123 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
126 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low124 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
127 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false125 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
128 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable126 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
129 -·name:·Gather·the·package·facts127 -·name:·Gather·the·package·facts
130 ··package_facts:128 ··package_facts:
Offset 155, 30 lines modifiedOffset 152, 33 lines modified
155 ··-·CCE-83454-9152 ··-·CCE-83454-9
156 ··-·enable_strategy153 ··-·enable_strategy
157 ··-·low_complexity154 ··-·low_complexity
158 ··-·low_disruption155 ··-·low_disruption
159 ··-·medium_severity156 ··-·medium_severity
160 ··-·no_reboot_needed157 ··-·no_reboot_needed
161 ··-·package_dnf-automatic_installed158 ··-·package_dnf-automatic_installed
 159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 160 [[packages]]
 161 name·=·"dnf-automatic"
 162 version·=·"*"
162 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8163 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
163 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low164 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
164 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low165 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
165 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false166 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
166 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable167 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
167 #·Remediation·is·applicable·only·in·certain·platforms 
168 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc 
169 ;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
170 if·!·rpm·-q·--quiet·"dnf-automatic"·;·then 
171 ····dnf·install·-y·"dnf-automatic" 
172 fi168 package·install·dnf-automatic
 169 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 170 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 171 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 172 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 173 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 174 package·--add=dnf-automatic
173 else 
174 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
175 fi 
176 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*175 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
177 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed176 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically·installed
178 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/177 by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/
179 automatic.conf.178 automatic.conf.
180 ·············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation179 ·············Installing·software·updates·is·a·fundamental·mitigation·against·the·exploitation
181 ·············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and180 ·············of·publicly-known·vulnerabilities.·If·the·most·recent·security·patches·and
182 Rationale:···updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in181 Rationale:···updates·are·not·installed,·unauthorized·users·may·take·advantage·of·weaknesses·in
Offset 189, 14 lines modifiedOffset 189, 56 lines modified
189 Rule·ID:·····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates189 Rule·ID:·····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates
190 Identifiers:·CCE-83456-4190 Identifiers:·CCE-83456-4
191 ·············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495191 ·············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495
192 ·············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)192 ·············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)
193 References:··_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1193 References:··_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1
194 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260194 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260
195 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61195 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
 196 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 197 #·Remediation·is·applicable·only·in·certain·platforms
 198 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc
 199 ;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 200 found=false
  
 201 #·set·value·in·all·files·if·they·contain·section·or·key
 202 for·f·in·$(echo·-n·"/etc/dnf/automatic.conf");·do
 203 ····if·[·!·-e·"$f"·];·then
 204 ········continue
 205 ····fi
  
 206 ····#·find·key·in·section·and·change·value
 207 ····if·grep·-qzosP·"[[:space:]]*\[commands\]([^\n\[]*\n+)+?[[:space:]]*apply_updates"·"$f";
 208 then
  
Max diff block lines reached; 238775/245051 bytes (97.44%) of diff not shown.
13.7 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-ccn_advanced.html
    
Offset 15176, 254 lines modifiedOffset 15176, 254 lines modified
0003b470:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003b470:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003b480:·2369·646d·3932·3633·2220·7461·6269·6e64··#idm9263"·tabind0003b480:·2369·646d·3932·3633·2220·7461·6269·6e64··#idm9263"·tabind
0003b490:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003b490:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003b4a0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003b4a0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003b4b0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003b4b0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003b4c0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003b4c0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
0003b4d0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003b4d0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003b4e0:·5265·6d65·6469·6174·696f·6e20·4b75·6265··Remediation·Kube0003b4e0:·5265·6d65·6469·6174·696f·6e20·5368·656c··Remediation·Shel
 0003b4f0:·6c20·7363·7269·7074·20e2·87b2·3c2f·613e··l·script·...</a>
 0003b500:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
 0003b510:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
 0003b520:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
 0003b530:·3932·3633·223e·3c70·7265·3e3c·636f·6465··9263"><pre><code
 0003b540:·3e0a·7661·725f·7379·7374·656d·5f63·7279··>.var_system_cry
 0003b550:·7074·6f5f·706f·6c69·6379·3d27·3c61·6262··pto_policy='<abb
 0003b560:·7220·7469·746c·653d·2266·726f·6d20·5072··r·title="from·Pr
 0003b570:·6f66·696c·652f·7265·6669·6e65·2d76·616c··ofile/refine-val
 0003b580:·7565·3a20·7863·6364·665f·6f72·672e·7373··ue:·xccdf_org.ss
 0003b590:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
 0003b5a0:·5f76·616c·7565·5f76·6172·5f73·7973·7465··_value_var_syste
 0003b5b0:·6d5f·6372·7970·746f·5f70·6f6c·6963·7922··m_crypto_policy"
 0003b5c0:·3e44·4546·4155·4c54·3c2f·6162·6272·3e27··>DEFAULT</abbr>'
 0003b5d0:·0a0a·0a73·7464·6572·725f·6f66·5f63·616c··...stderr_of_cal
0003b4f0:·726e·6574·6573·2073·6e69·7070·6574·20e2··rnetes·snippet·. 
0003b500:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003b510:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003b520:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003b530:·643d·2269·646d·3932·3633·223e·3c74·6162··d="idm9263"><tab 
0003b540:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003b550:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003b560:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003b570:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003b580:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003b590:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b5a0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003b5b0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003b5c0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b5d0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003b5e0:·2f74·683e·3c74·643e·7472·7565·3c2f·7464··/th><td>true</td 
0003b5f0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003b600:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003b610:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t 
0003b620:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003b630:·636f·6465·3e2d·2d2d·0a61·7069·5665·7273··code>---.apiVers 
0003b640:·696f·6e3a·206d·6163·6869·6e65·636f·6e66··ion:·machineconf 
0003b650:·6967·7572·6174·696f·6e2e·6f70·656e·7368··iguration.opensh 
0003b660:·6966·742e·696f·2f76·310a·6b69·6e64·3a20··ift.io/v1.kind:· 
0003b670:·4d61·6368·696e·6543·6f6e·6669·670a·7370··MachineConfig.sp 
0003b680:·6563·3a0a·2020·636f·6e66·6967·3a0a·2020··ec:.··config:.·· 
0003b690:·2020·6967·6e69·7469·6f6e·3a0a·2020·2020····ignition:.···· 
0003b6a0:·2020·7665·7273·696f·6e3a·2033·2e31·2e30····version:·3.1.0 
0003b6b0:·0a20·2020·2073·7973·7465·6d64·3a0a·2020··.····systemd:.·· 
0003b6c0:·2020·2020·756e·6974·733a·0a20·2020·2020······units:.····· 
0003b6d0:·2020·202d·206e·616d·653a·2063·6f6e·6669·····-·name:·confi 
0003b6e0:·6775·7265·2d63·7279·7074·6f2d·706f·6c69··gure-crypto-poli 
0003b6f0:·6379·2e73·6572·7669·6365·0a20·2020·2020··cy.service.····· 
0003b700:·2020·2020·2065·6e61·626c·6564·3a20·7472·······enabled:·tr 
0003b710:·7565·0a20·2020·2020·2020·2020·2063·6f6e··ue.··········con 
0003b720:·7465·6e74·733a·207c·0a20·2020·2020·2020··tents:·|.······· 
0003b730:·2020·2020·205b·556e·6974·5d0a·2020·2020·······[Unit].···· 
0003b740:·2020·2020·2020·2020·4265·666f·7265·3d6b··········Before=k 
0003b750:·7562·656c·6574·2e73·6572·7669·6365·0a20··ubelet.service.· 
0003b760:·2020·2020·2020·2020·2020·205b·5365·7276·············[Serv 
0003b770:·6963·655d·0a20·2020·2020·2020·2020·2020··ice].··········· 
0003b780:·2054·7970·653d·6f6e·6573·686f·740a·2020···Type=oneshot.·· 
0003b790:·2020·2020·2020·2020·2020·4578·6563·5374············ExecSt 
0003b7a0:·6172·743d·7570·6461·7465·2d63·7279·7074··art=update-crypt0003b5e0:·6c3d·2428·7570·6461·7465·2d63·7279·7074··l=$(update-crypt
0003b7b0:·6f2d·706f·6c69·6369·6573·202d·2d73·6574··o-policies·--set0003b5f0:·6f2d·706f·6c69·6369·6573·202d·2d73·6574··o-policies·--set
0003b7c0:·207b·7b2e·7661·725f·7379·7374·656d·5f63···{{.var_system_c 
0003b7d0:·7279·7074·6f5f·706f·6c69·6379·7d7d·0a20··rypto_policy}}.· 
0003b7e0:·2020·2020·2020·2020·2020·2052·656d·6169·············Remai 
0003b7f0:·6e41·6674·6572·4578·6974·3d79·6573·0a20··nAfterExit=yes.· 
0003b800:·2020·2020·2020·2020·2020·205b·496e·7374·············[Inst 
0003b810:·616c·6c5d·0a20·2020·2020·2020·2020·2020··all].··········· 
0003b820:·2057·616e·7465·6442·793d·6d75·6c74·692d···WantedBy=multi- 
0003b830:·7573·6572·2e74·6172·6765·740a·3c2f·636f··user.target.</co 
0003b840:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003b850:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003b860:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003b870:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003b880:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003b890:·646d·3932·3634·2220·7461·6269·6e64·6578··dm9264"·tabindex 
0003b8a0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003b8b0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003b8c0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003b8d0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003b8e0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003b8f0:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl 
0003b900:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a 
0003b910:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b920:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b930:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b940:·6d39·3236·3422·3e3c·7461·626c·6520·636c··m9264"><table·cl 
0003b950:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003b960:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003b970:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003b980:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003b990:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003b9a0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b9b0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003b9c0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003b9d0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b9e0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003b9f0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003ba00:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003ba10:·6779·3a3c·2f74·683e·3c74·643e·7265·7374··gy:</th><td>rest 
0003ba20:·7269·6374·3c2f·7464·3e3c·2f74·723e·3c2f··rict</td></tr></ 
0003ba30:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003ba40:·3e2d·206e·616d·653a·2058·4343·4446·2056··>-·name:·XCCDF·V 
0003ba50:·616c·7565·2076·6172·5f73·7973·7465·6d5f··alue·var_system_0003b600:·2024·7b76·6172·5f73·7973·7465·6d5f·6372···${var_system_cr
0003ba60:·6372·7970·746f·5f70·6f6c·6963·7920·2320··crypto_policy·#·0003b610:·7970·746f·5f70·6f6c·6963·797d·2032·2667··ypto_policy}·2&g
 0003b620:·743b·2661·6d70·3b31·2026·6774·3b20·2f64··t;&amp;1·&gt;·/d
 0003b630:·6576·2f6e·756c·6c29·0a72·633d·243f·0a0a··ev/null).rc=$?..
 0003b640:·6966·2074·6573·7420·2224·7263·2220·3d20··if·test·"$rc"·=·
 0003b650:·3132·373b·2074·6865·6e0a·0965·6368·6f20··127;·then..echo·
 0003b660:·2224·7374·6465·7272·5f6f·665f·6361·6c6c··"$stderr_of_call
 0003b670:·2220·2667·743b·2661·6d70·3b32·0a09·6563··"·&gt;&amp;2..ec
 0003b680:·686f·2022·4d61·6b65·2073·7572·6520·7468··ho·"Make·sure·th
 0003b690:·6174·2074·6865·2073·6372·6970·7420·6973··at·the·script·is
 0003b6a0:·2069·6e73·7461·6c6c·6564·206f·6e20·7468···installed·on·th
 0003b6b0:·6520·7265·6d65·6469·6174·6564·2073·7973··e·remediated·sys
 0003b6c0:·7465·6d2e·2220·2667·743b·2661·6d70·3b32··tem."·&gt;&amp;2
 0003b6d0:·0a09·6563·686f·2022·5365·6520·6f75·7470··..echo·"See·outp
 0003b6e0:·7574·206f·6620·7468·6520·2764·6e66·2070··ut·of·the·'dnf·p
 0003b6f0:·726f·7669·6465·7320·7570·6461·7465·2d63··rovides·update-c
0003ba70:·7072·6f6d·6f74·6520·746f·2076·6172·6961··promote·to·varia 
0003ba80:·626c·650a·2020·7365·745f·6661·6374·3a0a··ble.··set_fact:. 
Max diff block lines reached; 13206956/13240656 bytes (99.75%) of diff not shown.
1.12 MB
html2text {}
    
Offset 105, 39 lines modifiedOffset 105, 33 lines modified
105 References:··_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1105 References:··_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
106 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174106 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
107 ·············_\x8c_\x8c_\x8n······A.5.SEC-RHEL4107 ·············_\x8c_\x8c_\x8n······A.5.SEC-RHEL4
108 ·············_\x8c_\x8i_\x8s······1.6.1108 ·············_\x8c_\x8i_\x8s······1.6.1
109 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2109 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
110 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-215105,·RHEL-09-671010,·RHEL-09-672030110 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-215105,·RHEL-09-671010,·RHEL-09-672030
111 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258241r1051259_rule,·SV-258230r958408_rule111 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258241r1051259_rule,·SV-258230r958408_rule
112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
  
 113 var_system_crypto_policy='DEFAULT'
  
  
 114 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 115 rc=$?
  
 116 if·test·"$rc"·=·127;·then
 117 »       echo·"$stderr_of_call"·>&2
 118 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 119 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 120 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 121 »       false··#·end·with·an·error·code
 122 elif·test·"$rc"·!=·0;·then
 123 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 124 »       false··#·end·with·an·error·code
 125 fi
113 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
114 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
115 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true 
116 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
117 --- 
118 apiVersion:·machineconfiguration.openshift.io/v1 
119 kind:·MachineConfig 
120 spec: 
121 ··config: 
122 ····ignition: 
123 ······version:·3.1.0 
124 ····systemd: 
125 ······units: 
126 ········-·name:·configure-crypto-policy.service 
127 ··········enabled:·true 
128 ··········contents:·| 
129 ············[Unit] 
130 ············Before=kubelet.service 
131 ············[Service] 
132 ············Type=oneshot 
133 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}} 
134 ············RemainAfterExit=yes 
135 ············[Install] 
136 ············WantedBy=multi-user.target 
137 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8126 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
138 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low127 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
139 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low128 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
140 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false129 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
141 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict130 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
142 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable131 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
143 ··set_fact:132 ··set_fact:
Offset 190, 33 lines modifiedOffset 184, 39 lines modified
190 ··-·PCI-DSSv4-2.2.7184 ··-·PCI-DSSv4-2.2.7
191 ··-·configure_crypto_policy185 ··-·configure_crypto_policy
192 ··-·high_severity186 ··-·high_severity
193 ··-·low_complexity187 ··-·low_complexity
194 ··-·low_disruption188 ··-·low_disruption
195 ··-·no_reboot_needed189 ··-·no_reboot_needed
196 ··-·restrict_strategy190 ··-·restrict_strategy
197 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8191 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
  
198 var_system_crypto_policy='DEFAULT' 
  
  
199 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
200 rc=$? 
  
201 if·test·"$rc"·=·127;·then 
202 »       echo·"$stderr_of_call"·>&2 
203 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
204 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
205 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
206 »       false··#·end·with·an·error·code 
207 elif·test·"$rc"·!=·0;·then 
208 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
209 »       false··#·end·with·an·error·code 
210 fi192 C.Co.om.mp.pl.le.ex.xi.it.ty.y:.:·low
 193 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 194 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
 195 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 196 ---
 197 apiVersion:·machineconfiguration.openshift.io/v1
 198 kind:·MachineConfig
 199 spec:
 200 ··config:
 201 ····ignition:
 202 ······version:·3.1.0
 203 ····systemd:
 204 ······units:
 205 ········-·name:·configure-crypto-policy.service
 206 ··········enabled:·true
 207 ··········contents:·|
 208 ············[Unit]
 209 ············Before=kubelet.service
 210 ············[Service]
 211 ············Type=oneshot
 212 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}}
 213 ············RemainAfterExit=yes
 214 ············[Install]
 215 ············WantedBy=multi-user.target
211 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*216 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
212 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is·supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.217 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is·supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.
213 Rationale:···Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,·and·makes·system·configuration·more·fragmented.218 Rationale:···Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,·and·makes·system·configuration·more·fragmented.
214 Severity: ···medium219 Severity: ···medium
215 Rule·ID:·····xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy220 Rule·ID:·····xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy
216 Identifiers:·CCE-83445-7221 Identifiers:·CCE-83445-7
217 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-001453222 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-001453
Offset 227, 14 lines modifiedOffset 227, 19 lines modified
227 References:··_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2227 References:··_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
229 ·············_\x8c_\x8c_\x8n······A.5.SEC-RHEL6229 ·············_\x8c_\x8c_\x8n······A.5.SEC-RHEL6
230 ·············_\x8c_\x8i_\x8s······1.6.2230 ·············_\x8c_\x8i_\x8s······1.6.2
231 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2231 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
232 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-255075232 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-255075
233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-257991r1051246_rule233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-257991r1051246_rule
 234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 235 SSH_CONF="/etc/sysconfig/sshd"
  
 236 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
Max diff block lines reached; 1166477/1171896 bytes (99.54%) of diff not shown.
9.48 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-ccn_basic.html
    
Offset 15136, 254 lines modifiedOffset 15136, 254 lines modified
0003b1f0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003b1f0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b200:·2223·6964·6d39·3236·3322·2074·6162·696e··"#idm9263"·tabin0003b200:·2223·6964·6d39·3236·3322·2074·6162·696e··"#idm9263"·tabin
0003b210:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003b210:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b220:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b220:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b230:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b230:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b240:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b240:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003b250:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b250:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b260:·3e52·656d·6564·6961·7469·6f6e·204b·7562··>Remediation·Kub0003b260:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
 0003b270:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
 0003b280:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003b290:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003b2a0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003b2b0:·6d39·3236·3322·3e3c·7072·653e·3c63·6f64··m9263"><pre><cod
 0003b2c0:·653e·0a76·6172·5f73·7973·7465·6d5f·6372··e>.var_system_cr
 0003b2d0:·7970·746f·5f70·6f6c·6963·793d·273c·6162··ypto_policy='<ab
 0003b2e0:·6272·2074·6974·6c65·3d22·6672·6f6d·2050··br·title="from·P
 0003b2f0:·726f·6669·6c65·2f72·6566·696e·652d·7661··rofile/refine-va
 0003b300:·6c75·653a·2078·6363·6466·5f6f·7267·2e73··lue:·xccdf_org.s
 0003b310:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
 0003b320:·745f·7661·6c75·655f·7661·725f·7379·7374··t_value_var_syst
 0003b330:·656d·5f63·7279·7074·6f5f·706f·6c69·6379··em_crypto_policy
 0003b340:·223e·4445·4641·554c·543c·2f61·6262·723e··">DEFAULT</abbr>
 0003b350:·270a·0a0a·7374·6465·7272·5f6f·665f·6361··'...stderr_of_ca
0003b270:·6572·6e65·7465·7320·736e·6970·7065·7420··ernetes·snippet· 
0003b280:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003b290:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003b2a0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003b2b0:·6964·3d22·6964·6d39·3236·3322·3e3c·7461··id="idm9263"><ta 
0003b2c0:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003b2d0:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003b2e0:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
0003b2f0:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
0003b300:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
0003b310:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</ 
0003b320:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b330:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
0003b340:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b350:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003b360:·3c2f·7468·3e3c·7464·3e74·7275·653c·2f74··</th><td>true</t 
0003b370:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003b380:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003b390:·3e72·6573·7472·6963·743c·2f74·643e·3c2f··>restrict</td></ 
0003b3a0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003b3b0:·3c63·6f64·653e·2d2d·2d0a·6170·6956·6572··<code>---.apiVer 
0003b3c0:·7369·6f6e·3a20·6d61·6368·696e·6563·6f6e··sion:·machinecon 
0003b3d0:·6669·6775·7261·7469·6f6e·2e6f·7065·6e73··figuration.opens 
0003b3e0:·6869·6674·2e69·6f2f·7631·0a6b·696e·643a··hift.io/v1.kind: 
0003b3f0:·204d·6163·6869·6e65·436f·6e66·6967·0a73···MachineConfig.s 
0003b400:·7065·633a·0a20·2063·6f6e·6669·673a·0a20··pec:.··config:.· 
0003b410:·2020·2069·676e·6974·696f·6e3a·0a20·2020·····ignition:.··· 
0003b420:·2020·2076·6572·7369·6f6e·3a20·332e·312e·····version:·3.1. 
0003b430:·300a·2020·2020·7379·7374·656d·643a·0a20··0.····systemd:.· 
0003b440:·2020·2020·2075·6e69·7473·3a0a·2020·2020·······units:.···· 
0003b450:·2020·2020·2d20·6e61·6d65·3a20·636f·6e66······-·name:·conf 
0003b460:·6967·7572·652d·6372·7970·746f·2d70·6f6c··igure-crypto-pol 
0003b470:·6963·792e·7365·7276·6963·650a·2020·2020··icy.service.···· 
0003b480:·2020·2020·2020·656e·6162·6c65·643a·2074········enabled:·t 
0003b490:·7275·650a·2020·2020·2020·2020·2020·636f··rue.··········co 
0003b4a0:·6e74·656e·7473·3a20·7c0a·2020·2020·2020··ntents:·|.······ 
0003b4b0:·2020·2020·2020·5b55·6e69·745d·0a20·2020········[Unit].··· 
0003b4c0:·2020·2020·2020·2020·2042·6566·6f72·653d···········Before= 
0003b4d0:·6b75·6265·6c65·742e·7365·7276·6963·650a··kubelet.service. 
0003b4e0:·2020·2020·2020·2020·2020·2020·5b53·6572··············[Ser 
0003b4f0:·7669·6365·5d0a·2020·2020·2020·2020·2020··vice].·········· 
0003b500:·2020·5479·7065·3d6f·6e65·7368·6f74·0a20····Type=oneshot.· 
0003b510:·2020·2020·2020·2020·2020·2045·7865·6353·············ExecS 
0003b520:·7461·7274·3d75·7064·6174·652d·6372·7970··tart=update-cryp0003b360:·6c6c·3d24·2875·7064·6174·652d·6372·7970··ll=$(update-cryp
0003b530:·746f·2d70·6f6c·6963·6965·7320·2d2d·7365··to-policies·--se0003b370:·746f·2d70·6f6c·6963·6965·7320·2d2d·7365··to-policies·--se
 0003b380:·7420·247b·7661·725f·7379·7374·656d·5f63··t·${var_system_c
0003b540:·7420·7b7b·2e76·6172·5f73·7973·7465·6d5f··t·{{.var_system_ 
0003b550:·6372·7970·746f·5f70·6f6c·6963·797d·7d0a··crypto_policy}}. 
0003b560:·2020·2020·2020·2020·2020·2020·5265·6d61··············Rema 
0003b570:·696e·4166·7465·7245·7869·743d·7965·730a··inAfterExit=yes. 
0003b580:·2020·2020·2020·2020·2020·2020·5b49·6e73··············[Ins 
0003b590:·7461·6c6c·5d0a·2020·2020·2020·2020·2020··tall].·········· 
0003b5a0:·2020·5761·6e74·6564·4279·3d6d·756c·7469····WantedBy=multi 
0003b5b0:·2d75·7365·722e·7461·7267·6574·0a3c·2f63··-user.target.</c 
0003b5c0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b5d0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b5e0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b5f0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b600:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b610:·6964·6d39·3236·3422·2074·6162·696e·6465··idm9264"·tabinde 
0003b620:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b630:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b640:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b650:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b660:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b670:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib 
0003b680:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</ 
0003b690:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b6a0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b6b0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b6c0:·646d·3932·3634·223e·3c74·6162·6c65·2063··dm9264"><table·c 
0003b6d0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003b6e0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003b6f0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003b700:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003b710:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003b720:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b730:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003b740:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003b750:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b760:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003b770:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003b780:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b790:·6567·793a·3c2f·7468·3e3c·7464·3e72·6573··egy:</th><td>res 
0003b7a0:·7472·6963·743c·2f74·643e·3c2f·7472·3e3c··trict</td></tr>< 
0003b7b0:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod 
0003b7c0:·653e·2d20·6e61·6d65·3a20·5843·4344·4620··e>-·name:·XCCDF· 
0003b7d0:·5661·6c75·6520·7661·725f·7379·7374·656d··Value·var_system 
0003b7e0:·5f63·7279·7074·6f5f·706f·6c69·6379·2023··_crypto_policy·#0003b390:·7279·7074·6f5f·706f·6c69·6379·7d20·3226··rypto_policy}·2&
 0003b3a0:·6774·3b26·616d·703b·3120·2667·743b·202f··gt;&amp;1·&gt;·/
 0003b3b0:·6465·762f·6e75·6c6c·290a·7263·3d24·3f0a··dev/null).rc=$?.
 0003b3c0:·0a69·6620·7465·7374·2022·2472·6322·203d··.if·test·"$rc"·=
 0003b3d0:·2031·3237·3b20·7468·656e·0a09·6563·686f···127;·then..echo
 0003b3e0:·2022·2473·7464·6572·725f·6f66·5f63·616c···"$stderr_of_cal
 0003b3f0:·6c22·2026·6774·3b26·616d·703b·320a·0965··l"·&gt;&amp;2..e
 0003b400:·6368·6f20·224d·616b·6520·7375·7265·2074··cho·"Make·sure·t
 0003b410:·6861·7420·7468·6520·7363·7269·7074·2069··hat·the·script·i
 0003b420:·7320·696e·7374·616c·6c65·6420·6f6e·2074··s·installed·on·t
 0003b430:·6865·2072·656d·6564·6961·7465·6420·7379··he·remediated·sy
 0003b440:·7374·656d·2e22·2026·6774·3b26·616d·703b··stem."·&gt;&amp;
 0003b450:·320a·0965·6368·6f20·2253·6565·206f·7574··2..echo·"See·out
 0003b460:·7075·7420·6f66·2074·6865·2027·646e·6620··put·of·the·'dnf·
 0003b470:·7072·6f76·6964·6573·2075·7064·6174·652d··provides·update-
0003b7f0:·2070·726f·6d6f·7465·2074·6f20·7661·7269···promote·to·vari 
Max diff block lines reached; 9022075/9055775 bytes (99.63%) of diff not shown.
861 KB
html2text {}
    
Offset 97, 39 lines modifiedOffset 97, 33 lines modified
97 References:··_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.197 References:··_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
98 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-0017498 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
99 ·············_\x8c_\x8c_\x8n······A.5.SEC-RHEL499 ·············_\x8c_\x8c_\x8n······A.5.SEC-RHEL4
100 ·············_\x8c_\x8i_\x8s······1.6.1100 ·············_\x8c_\x8i_\x8s······1.6.1
101 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2101 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
102 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-215105,·RHEL-09-671010,·RHEL-09-672030102 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-215105,·RHEL-09-671010,·RHEL-09-672030
103 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258241r1051259_rule,·SV-258230r958408_rule103 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258241r1051259_rule,·SV-258230r958408_rule
104 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8104 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
  
 105 var_system_crypto_policy='DEFAULT'
  
  
 106 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 107 rc=$?
  
 108 if·test·"$rc"·=·127;·then
 109 »       echo·"$stderr_of_call"·>&2
 110 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 111 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 112 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 113 »       false··#·end·with·an·error·code
 114 elif·test·"$rc"·!=·0;·then
 115 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 116 »       false··#·end·with·an·error·code
 117 fi
105 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
106 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
107 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true 
108 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
109 --- 
110 apiVersion:·machineconfiguration.openshift.io/v1 
111 kind:·MachineConfig 
112 spec: 
113 ··config: 
114 ····ignition: 
115 ······version:·3.1.0 
116 ····systemd: 
117 ······units: 
118 ········-·name:·configure-crypto-policy.service 
119 ··········enabled:·true 
120 ··········contents:·| 
121 ············[Unit] 
122 ············Before=kubelet.service 
123 ············[Service] 
124 ············Type=oneshot 
125 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}} 
126 ············RemainAfterExit=yes 
127 ············[Install] 
128 ············WantedBy=multi-user.target 
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
134 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable123 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
135 ··set_fact:124 ··set_fact:
Offset 182, 33 lines modifiedOffset 176, 39 lines modified
182 ··-·PCI-DSSv4-2.2.7176 ··-·PCI-DSSv4-2.2.7
183 ··-·configure_crypto_policy177 ··-·configure_crypto_policy
184 ··-·high_severity178 ··-·high_severity
185 ··-·low_complexity179 ··-·low_complexity
186 ··-·low_disruption180 ··-·low_disruption
187 ··-·no_reboot_needed181 ··-·no_reboot_needed
188 ··-·restrict_strategy182 ··-·restrict_strategy
189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8183 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
  
190 var_system_crypto_policy='DEFAULT' 
  
  
191 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
192 rc=$? 
  
193 if·test·"$rc"·=·127;·then 
194 »       echo·"$stderr_of_call"·>&2 
195 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
196 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
197 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
198 »       false··#·end·with·an·error·code 
199 elif·test·"$rc"·!=·0;·then 
200 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
201 »       false··#·end·with·an·error·code 
202 fi184 C.Co.om.mp.pl.le.ex.xi.it.ty.y:.:·low
 185 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 186 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
 187 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 188 ---
 189 apiVersion:·machineconfiguration.openshift.io/v1
 190 kind:·MachineConfig
 191 spec:
 192 ··config:
 193 ····ignition:
 194 ······version:·3.1.0
 195 ····systemd:
 196 ······units:
 197 ········-·name:·configure-crypto-policy.service
 198 ··········enabled:·true
 199 ··········contents:·|
 200 ············[Unit]
 201 ············Before=kubelet.service
 202 ············[Service]
 203 ············Type=oneshot
 204 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}}
 205 ············RemainAfterExit=yes
 206 ············[Install]
 207 ············WantedBy=multi-user.target
203 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*208 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
204 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is·supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.209 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is·supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.
205 Rationale:···Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,·and·makes·system·configuration·more·fragmented.210 Rationale:···Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,·and·makes·system·configuration·more·fragmented.
206 Severity: ···medium211 Severity: ···medium
207 Rule·ID:·····xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy212 Rule·ID:·····xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy
208 Identifiers:·CCE-83445-7213 Identifiers:·CCE-83445-7
209 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-001453214 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-001453
Offset 219, 14 lines modifiedOffset 219, 19 lines modified
219 References:··_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2219 References:··_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
220 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093220 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
221 ·············_\x8c_\x8c_\x8n······A.5.SEC-RHEL6221 ·············_\x8c_\x8c_\x8n······A.5.SEC-RHEL6
222 ·············_\x8c_\x8i_\x8s······1.6.2222 ·············_\x8c_\x8i_\x8s······1.6.2
223 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2223 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
224 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-255075224 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-255075
225 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-257991r1051246_rule225 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-257991r1051246_rule
 226 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 227 SSH_CONF="/etc/sysconfig/sshd"
  
 228 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
Max diff block lines reached; 876098/881515 bytes (99.39%) of diff not shown.
10.9 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-ccn_intermediate.html
    
Offset 15177, 254 lines modifiedOffset 15177, 254 lines modified
0003b480:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003b480:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003b490:·2369·646d·3932·3633·2220·7461·6269·6e64··#idm9263"·tabind0003b490:·2369·646d·3932·3633·2220·7461·6269·6e64··#idm9263"·tabind
0003b4a0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003b4a0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003b4b0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003b4b0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003b4c0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003b4c0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003b4d0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003b4d0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
0003b4e0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003b4e0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003b4f0:·5265·6d65·6469·6174·696f·6e20·4b75·6265··Remediation·Kube0003b4f0:·5265·6d65·6469·6174·696f·6e20·5368·656c··Remediation·Shel
 0003b500:·6c20·7363·7269·7074·20e2·87b2·3c2f·613e··l·script·...</a>
 0003b510:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
 0003b520:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
 0003b530:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
 0003b540:·3932·3633·223e·3c70·7265·3e3c·636f·6465··9263"><pre><code
 0003b550:·3e0a·7661·725f·7379·7374·656d·5f63·7279··>.var_system_cry
 0003b560:·7074·6f5f·706f·6c69·6379·3d27·3c61·6262··pto_policy='<abb
 0003b570:·7220·7469·746c·653d·2266·726f·6d20·5072··r·title="from·Pr
 0003b580:·6f66·696c·652f·7265·6669·6e65·2d76·616c··ofile/refine-val
 0003b590:·7565·3a20·7863·6364·665f·6f72·672e·7373··ue:·xccdf_org.ss
 0003b5a0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
 0003b5b0:·5f76·616c·7565·5f76·6172·5f73·7973·7465··_value_var_syste
 0003b5c0:·6d5f·6372·7970·746f·5f70·6f6c·6963·7922··m_crypto_policy"
 0003b5d0:·3e44·4546·4155·4c54·3c2f·6162·6272·3e27··>DEFAULT</abbr>'
 0003b5e0:·0a0a·0a73·7464·6572·725f·6f66·5f63·616c··...stderr_of_cal
0003b500:·726e·6574·6573·2073·6e69·7070·6574·20e2··rnetes·snippet·. 
0003b510:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003b520:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003b530:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003b540:·643d·2269·646d·3932·3633·223e·3c74·6162··d="idm9263"><tab 
0003b550:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003b560:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003b570:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003b580:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003b590:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003b5a0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b5b0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003b5c0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003b5d0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b5e0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003b5f0:·2f74·683e·3c74·643e·7472·7565·3c2f·7464··/th><td>true</td 
0003b600:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003b610:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003b620:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t 
0003b630:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003b640:·636f·6465·3e2d·2d2d·0a61·7069·5665·7273··code>---.apiVers 
0003b650:·696f·6e3a·206d·6163·6869·6e65·636f·6e66··ion:·machineconf 
0003b660:·6967·7572·6174·696f·6e2e·6f70·656e·7368··iguration.opensh 
0003b670:·6966·742e·696f·2f76·310a·6b69·6e64·3a20··ift.io/v1.kind:· 
0003b680:·4d61·6368·696e·6543·6f6e·6669·670a·7370··MachineConfig.sp 
0003b690:·6563·3a0a·2020·636f·6e66·6967·3a0a·2020··ec:.··config:.·· 
0003b6a0:·2020·6967·6e69·7469·6f6e·3a0a·2020·2020····ignition:.···· 
0003b6b0:·2020·7665·7273·696f·6e3a·2033·2e31·2e30····version:·3.1.0 
0003b6c0:·0a20·2020·2073·7973·7465·6d64·3a0a·2020··.····systemd:.·· 
0003b6d0:·2020·2020·756e·6974·733a·0a20·2020·2020······units:.····· 
0003b6e0:·2020·202d·206e·616d·653a·2063·6f6e·6669·····-·name:·confi 
0003b6f0:·6775·7265·2d63·7279·7074·6f2d·706f·6c69··gure-crypto-poli 
0003b700:·6379·2e73·6572·7669·6365·0a20·2020·2020··cy.service.····· 
0003b710:·2020·2020·2065·6e61·626c·6564·3a20·7472·······enabled:·tr 
0003b720:·7565·0a20·2020·2020·2020·2020·2063·6f6e··ue.··········con 
0003b730:·7465·6e74·733a·207c·0a20·2020·2020·2020··tents:·|.······· 
0003b740:·2020·2020·205b·556e·6974·5d0a·2020·2020·······[Unit].···· 
0003b750:·2020·2020·2020·2020·4265·666f·7265·3d6b··········Before=k 
0003b760:·7562·656c·6574·2e73·6572·7669·6365·0a20··ubelet.service.· 
0003b770:·2020·2020·2020·2020·2020·205b·5365·7276·············[Serv 
0003b780:·6963·655d·0a20·2020·2020·2020·2020·2020··ice].··········· 
0003b790:·2054·7970·653d·6f6e·6573·686f·740a·2020···Type=oneshot.·· 
0003b7a0:·2020·2020·2020·2020·2020·4578·6563·5374············ExecSt 
0003b7b0:·6172·743d·7570·6461·7465·2d63·7279·7074··art=update-crypt0003b5f0:·6c3d·2428·7570·6461·7465·2d63·7279·7074··l=$(update-crypt
0003b7c0:·6f2d·706f·6c69·6369·6573·202d·2d73·6574··o-policies·--set0003b600:·6f2d·706f·6c69·6369·6573·202d·2d73·6574··o-policies·--set
0003b7d0:·207b·7b2e·7661·725f·7379·7374·656d·5f63···{{.var_system_c 
0003b7e0:·7279·7074·6f5f·706f·6c69·6379·7d7d·0a20··rypto_policy}}.· 
0003b7f0:·2020·2020·2020·2020·2020·2052·656d·6169·············Remai 
0003b800:·6e41·6674·6572·4578·6974·3d79·6573·0a20··nAfterExit=yes.· 
0003b810:·2020·2020·2020·2020·2020·205b·496e·7374·············[Inst 
0003b820:·616c·6c5d·0a20·2020·2020·2020·2020·2020··all].··········· 
0003b830:·2057·616e·7465·6442·793d·6d75·6c74·692d···WantedBy=multi- 
0003b840:·7573·6572·2e74·6172·6765·740a·3c2f·636f··user.target.</co 
0003b850:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003b860:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003b870:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003b880:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003b890:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003b8a0:·646d·3932·3634·2220·7461·6269·6e64·6578··dm9264"·tabindex 
0003b8b0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003b8c0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003b8d0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003b8e0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003b8f0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003b900:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl 
0003b910:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a 
0003b920:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b930:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b940:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b950:·6d39·3236·3422·3e3c·7461·626c·6520·636c··m9264"><table·cl 
0003b960:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003b970:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003b980:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003b990:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003b9a0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003b9b0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b9c0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003b9d0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003b9e0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b9f0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003ba00:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003ba10:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003ba20:·6779·3a3c·2f74·683e·3c74·643e·7265·7374··gy:</th><td>rest 
0003ba30:·7269·6374·3c2f·7464·3e3c·2f74·723e·3c2f··rict</td></tr></ 
0003ba40:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003ba50:·3e2d·206e·616d·653a·2058·4343·4446·2056··>-·name:·XCCDF·V 
0003ba60:·616c·7565·2076·6172·5f73·7973·7465·6d5f··alue·var_system_ 
0003ba70:·6372·7970·746f·5f70·6f6c·6963·7920·2320··crypto_policy·#· 
0003ba80:·7072·6f6d·6f74·6520·746f·2076·6172·6961··promote·to·varia 
0003ba90:·626c·650a·2020·7365·745f·6661·6374·3a0a··ble.··set_fact:. 
0003baa0:·2020·2020·7661·725f·7379·7374·656d·5f63······var_system_c 
0003bab0:·7279·7074·6f5f·706f·6c69·6379·3a20·2121··rypto_policy:·!! 
0003bac0:·7374·7220·3c61·6262·7220·7469·746c·653d··str·<abbr·title= 
0003bad0:·2266·726f·6d20·5072·6f66·696c·652f·7265··"from·Profile/re 
0003bae0:·6669·6e65·2d76·616c·7565·3a20·7863·6364··fine-value:·xccd 
0003baf0:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject 
0003bb00:·2e63·6f6e·7465·6e74·5f76·616c·7565·5f76··.content_value_v 
0003bb10:·6172·5f73·7973·7465·6d5f·6372·7970·746f··ar_system_crypto0003b610:·2024·7b76·6172·5f73·7973·7465·6d5f·6372···${var_system_cr
 0003b620:·7970·746f·5f70·6f6c·6963·797d·2032·2667··ypto_policy}·2&g
 0003b630:·743b·2661·6d70·3b31·2026·6774·3b20·2f64··t;&amp;1·&gt;·/d
 0003b640:·6576·2f6e·756c·6c29·0a72·633d·243f·0a0a··ev/null).rc=$?..
 0003b650:·6966·2074·6573·7420·2224·7263·2220·3d20··if·test·"$rc"·=·
 0003b660:·3132·373b·2074·6865·6e0a·0965·6368·6f20··127;·then..echo·
 0003b670:·2224·7374·6465·7272·5f6f·665f·6361·6c6c··"$stderr_of_call
Max diff block lines reached; 10340328/10374028 bytes (99.68%) of diff not shown.
1.02 MB
html2text {}
    
Offset 105, 39 lines modifiedOffset 105, 33 lines modified
105 References:··_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1105 References:··_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
106 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174106 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
107 ·············_\x8c_\x8c_\x8n······A.5.SEC-RHEL4107 ·············_\x8c_\x8c_\x8n······A.5.SEC-RHEL4
108 ·············_\x8c_\x8i_\x8s······1.6.1108 ·············_\x8c_\x8i_\x8s······1.6.1
109 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2109 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
110 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-215105,·RHEL-09-671010,·RHEL-09-672030110 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-215105,·RHEL-09-671010,·RHEL-09-672030
111 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258241r1051259_rule,·SV-258230r958408_rule111 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258241r1051259_rule,·SV-258230r958408_rule
112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
  
 113 var_system_crypto_policy='DEFAULT'
  
  
 114 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null)
 115 rc=$?
  
 116 if·test·"$rc"·=·127;·then
 117 »       echo·"$stderr_of_call"·>&2
 118 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2
 119 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2
 120 »       echo·"to·see·what·package·to·(re)install"·>&2
  
 121 »       false··#·end·with·an·error·code
 122 elif·test·"$rc"·!=·0;·then
 123 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2
 124 »       false··#·end·with·an·error·code
 125 fi
113 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
114 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
115 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true 
116 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
117 --- 
118 apiVersion:·machineconfiguration.openshift.io/v1 
119 kind:·MachineConfig 
120 spec: 
121 ··config: 
122 ····ignition: 
123 ······version:·3.1.0 
124 ····systemd: 
125 ······units: 
126 ········-·name:·configure-crypto-policy.service 
127 ··········enabled:·true 
128 ··········contents:·| 
129 ············[Unit] 
130 ············Before=kubelet.service 
131 ············[Service] 
132 ············Type=oneshot 
133 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}} 
134 ············RemainAfterExit=yes 
135 ············[Install] 
136 ············WantedBy=multi-user.target 
137 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8126 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
138 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low127 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
139 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low128 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
140 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false129 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
141 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict130 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
142 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable131 -·name:·XCCDF·Value·var_system_crypto_policy·#·promote·to·variable
143 ··set_fact:132 ··set_fact:
Offset 190, 33 lines modifiedOffset 184, 39 lines modified
190 ··-·PCI-DSSv4-2.2.7184 ··-·PCI-DSSv4-2.2.7
191 ··-·configure_crypto_policy185 ··-·configure_crypto_policy
192 ··-·high_severity186 ··-·high_severity
193 ··-·low_complexity187 ··-·low_complexity
194 ··-·low_disruption188 ··-·low_disruption
195 ··-·no_reboot_needed189 ··-·no_reboot_needed
196 ··-·restrict_strategy190 ··-·restrict_strategy
197 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8191 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8K_.u_.b_.e_.r_.n_.e_.t_.e_.s_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8
  
198 var_system_crypto_policy='DEFAULT' 
  
  
199 stderr_of_call=$(update-crypto-policies·--set·${var_system_crypto_policy}·2>&1·>·/dev/null) 
200 rc=$? 
  
201 if·test·"$rc"·=·127;·then 
202 »       echo·"$stderr_of_call"·>&2 
203 »       echo·"Make·sure·that·the·script·is·installed·on·the·remediated·system."·>&2 
204 »       echo·"See·output·of·the·'dnf·provides·update-crypto-policies'·command"·>&2 
205 »       echo·"to·see·what·package·to·(re)install"·>&2 
  
206 »       false··#·end·with·an·error·code 
207 elif·test·"$rc"·!=·0;·then 
208 »       echo·"Error·invoking·the·update-crypto-policies·script:·$stderr_of_call"·>&2 
209 »       false··#·end·with·an·error·code 
210 fi192 C.Co.om.mp.pl.le.ex.xi.it.ty.y:.:·low
 193 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 194 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
 195 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 196 ---
 197 apiVersion:·machineconfiguration.openshift.io/v1
 198 kind:·MachineConfig
 199 spec:
 200 ··config:
 201 ····ignition:
 202 ······version:·3.1.0
 203 ····systemd:
 204 ······units:
 205 ········-·name:·configure-crypto-policy.service
 206 ··········enabled:·true
 207 ··········contents:·|
 208 ············[Unit]
 209 ············Before=kubelet.service
 210 ············[Service]
 211 ············Type=oneshot
 212 ············ExecStart=update-crypto-policies·--set·{{.var_system_crypto_policy}}
 213 ············RemainAfterExit=yes
 214 ············[Install]
 215 ············WantedBy=multi-user.target
211 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*216 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8SS\x8SH\x8H·t\x8to\x8o·u\x8us\x8se\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8o·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
212 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is·supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.217 Crypto·Policies·provide·a·centralized·control·over·crypto·algorithms·usage·of·many·packages.·SSH·is·supported·by·crypto·policy,·but·the·SSH·configuration·may·be·set·up·to·ignore·it.·To·check·that·Crypto·Policies·settings·are·configured·correctly,·ensure·that·the·CRYPTO_POLICY·variable·is·either·commented·or·not·set·at·all·in·the·/etc/sysconfig/sshd.
213 Rationale:···Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,·and·makes·system·configuration·more·fragmented.218 Rationale:···Overriding·the·system·crypto·policy·makes·the·behavior·of·the·SSH·service·violate·expectations,·and·makes·system·configuration·more·fragmented.
214 Severity: ···medium219 Severity: ···medium
215 Rule·ID:·····xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy220 Rule·ID:·····xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy
216 Identifiers:·CCE-83445-7221 Identifiers:·CCE-83445-7
217 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-001453222 ·············_\x8d_\x8i_\x8s_\x8a·····CCI-001453
Offset 227, 14 lines modifiedOffset 227, 19 lines modified
227 References:··_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2227 References:··_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s···Req-2.2
228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000250-GPOS-00093
229 ·············_\x8c_\x8c_\x8n······A.5.SEC-RHEL6229 ·············_\x8c_\x8c_\x8n······A.5.SEC-RHEL6
230 ·············_\x8c_\x8i_\x8s······1.6.2230 ·············_\x8c_\x8i_\x8s······1.6.2
231 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2231 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84··2.2.7,·2.2
232 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-255075232 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-255075
233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-257991r1051246_rule233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-257991r1051246_rule
 234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
  
 235 SSH_CONF="/etc/sysconfig/sshd"
  
 236 sed·-i·"/^\s*CRYPTO_POLICY.*$/Id"·$SSH_CONF
Max diff block lines reached; 1067242/1072661 bytes (99.49%) of diff not shown.
27.4 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cis.html
    
Offset 15165, 284 lines modifiedOffset 15165, 284 lines modified
0003b3c0:·6574·3d22·2369·646d·3834·3538·2220·7461··et="#idm8458"·ta0003b3c0:·6574·3d22·2369·646d·3834·3538·2220·7461··et="#idm8458"·ta
0003b3d0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003b3d0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b3e0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003b3e0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b3f0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003b3f0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b400:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003b400:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b410:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003b410:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003b420:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003b420:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b430:·416e·6163·6f6e·6461·2073·6e69·7070·6574··Anaconda·snippet 
0003b440:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003b450:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003b460:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003b470:·2069·643d·2269·646d·3834·3538·223e·3c74···id="idm8458"><t 
0003b480:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003b490:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003b4a0:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003b4b0:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003b4c0:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003b4d0:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003b4e0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b4f0:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003b500:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b510:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003b520:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003b530:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b540:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003b550:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003b560:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003b570:·3c63·6f64·653e·0a70·6163·6b61·6765·202d··<code>.package·- 
0003b580:·2d61·6464·3d61·6964·650a·3c2f·636f·6465··-add=aide.</code 
0003b590:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b5a0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b5b0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b5c0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b5d0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b5e0:·3834·3539·2220·7461·6269·6e64·6578·3d22··8459"·tabindex=" 
0003b5f0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b600:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b610:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b620:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b630:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b640:·6469·6174·696f·6e20·5075·7070·6574·2073··diation·Puppet·s 
0003b650:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b0003b430:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b
0003b660:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa0003b440:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
0003b670:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col0003b450:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
0003b680:·6c61·7073·6522·2069·643d·2269·646d·3834··lapse"·id="idm840003b460:·6c61·7073·6522·2069·643d·2269·646d·3834··lapse"·id="idm84
0003b690:·3539·223e·3c74·6162·6c65·2063·6c61·7373··59"><table·class0003b470:·3538·223e·3c74·6162·6c65·2063·6c61·7373··58"><table·class
0003b6a0:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st0003b480:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
0003b6b0:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord0003b490:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
0003b6c0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde0003b4a0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
0003b6d0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co0003b4b0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
0003b6e0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t0003b4c0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
0003b6f0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003b700:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003b710:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003b720:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b730:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
0003b740:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003b750:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003b760:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003b770:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003b780:·3e3c·7072·653e·3c63·6f64·653e·696e·636c··><pre><code>incl 
0003b790:·7564·6520·696e·7374·616c·6c5f·6169·6465··ude·install_aide 
0003b7a0:·0a0a·636c·6173·7320·696e·7374·616c·6c5f··..class·install_ 
0003b7b0:·6169·6465·207b·0a20·2070·6163·6b61·6765··aide·{.··package 
0003b7c0:·207b·2027·6169·6465·273a·0a20·2020·2065···{·'aide':.····e 
0003b7d0:·6e73·7572·6520·3d26·6774·3b20·2769·6e73··nsure·=&gt;·'ins 
0003b7e0:·7461·6c6c·6564·272c·0a20·207d·0a7d·0a3c··talled',.··}.}.< 
0003b7f0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003b800:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003b810:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003b820:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003b830:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003b840:·2223·6964·6d38·3436·3022·2074·6162·696e··"#idm8460"·tabin 
0003b850:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003b860:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003b870:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003b880:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003b890:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003b8a0:·3e52·656d·6564·6961·7469·6f6e·204f·5342··>Remediation·OSB 
0003b8b0:·7569·6c64·2042·6c75·6570·7269·6e74·2073··uild·Blueprint·s 
0003b8c0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003b8d0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003b8e0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003b8f0:·6c61·7073·6522·2069·643d·2269·646d·3834··lapse"·id="idm84 
0003b900:·3630·223e·3c70·7265·3e3c·636f·6465·3e0a··60"><pre><code>. 
0003b910:·5b5b·7061·636b·6167·6573·5d5d·0a6e·616d··[[packages]].nam 
0003b920:·6520·3d20·2261·6964·6522·0a76·6572·7369··e·=·"aide".versi 
0003b930:·6f6e·203d·2022·2a22·0a3c·2f63·6f64·653e··on·=·"*".</code> 
0003b940:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003b950:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003b960:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003b970:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003b980:·7461·2d74·6172·6765·743d·2223·6964·6d38··ta-target="#idm8 
0003b990:·3436·3122·2074·6162·696e·6465·783d·2230··461"·tabindex="0 
0003b9a0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003b9b0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003b9c0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003b9d0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003b9e0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003b9f0:·6961·7469·6f6e·2073·6372·6970·7420·e287··iation·script·.. 
0003ba00:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003ba10:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003ba20:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003ba30:·3d22·6964·6d38·3436·3122·3e3c·7461·626c··="idm8461"><tabl 
0003ba40:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t 
0003ba50:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab 
0003ba60:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl 
0003ba70:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr 
0003ba80:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity: 
0003ba90:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td 
0003baa0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di 
0003bab0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t 
0003bac0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003bad0:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</ 
0003bae0:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td 
0003baf0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St 
0003bb00:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td> 
0003bb10:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003bb20:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003bb30:·6465·3e0a·7061·636b·6167·6520·696e·7374··de>.package·inst 
0003bb40:·616c·6c20·6169·6465·0a3c·2f63·6f64·653e··all·aide.</code> 
0003bb50:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003bb60:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003bb70:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003bb80:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003bb90:·7461·2d74·6172·6765·743d·2223·6964·6d38··ta-target="#idm8 
0003bba0:·3436·3222·2074·6162·696e·6465·783d·2230··462"·tabindex="0 
Max diff block lines reached; 26214534/26252374 bytes (99.86%) of diff not shown.
2.32 MB
html2text {}
Max HTML report size reached
12.5 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cis_server_l1.html
    
Offset 15126, 285 lines modifiedOffset 15126, 285 lines modified
0003b150:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003b150:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003b160:·6964·6d38·3435·3822·2074·6162·696e·6465··idm8458"·tabinde0003b160:·6964·6d38·3435·3822·2074·6162·696e·6465··idm8458"·tabinde
0003b170:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003b170:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003b180:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003b180:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003b190:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003b190:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003b1a0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003b1a0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003b1b0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003b1b0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003b1c0:·656d·6564·6961·7469·6f6e·2041·6e61·636f··emediation·Anaco0003b1c0:·656d·6564·6961·7469·6f6e·2073·6372·6970··emediation·scrip
0003b1d0:·6e64·6120·736e·6970·7065·7420·e287·b23c··nda·snippet·...< 
0003b1e0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b1f0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b200:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b210:·6964·6d38·3435·3822·3e3c·7461·626c·6520··idm8458"><table· 
0003b220:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003b230:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003b240:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003b250:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003b260:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</ 
0003b270:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b280:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr 
0003b290:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td> 
0003b2a0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr 
0003b2b0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th 
0003b2c0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003b2d0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003b2e0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003b2f0:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></ 
0003b300:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b310:·3e0a·7061·636b·6167·6520·2d2d·6164·643d··>.package·--add= 
0003b320:·6169·6465·0a3c·2f63·6f64·653e·3c2f·7072··aide.</code></pr 
0003b330:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003b340:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003b350:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003b360:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003b370:·6172·6765·743d·2223·6964·6d38·3435·3922··arget="#idm8459" 
0003b380:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003b390:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003b3a0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003b3b0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003b3c0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003b3d0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003b3e0:·6f6e·2050·7570·7065·7420·736e·6970·7065··on·Puppet·snippe 
0003b3f0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di0003b1d0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003b400:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c0003b1e0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003b410:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse0003b1f0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003b420:·2220·6964·3d22·6964·6d38·3435·3922·3e3c··"·id="idm8459"><0003b200:·2220·6964·3d22·6964·6d38·3435·3822·3e3c··"·id="idm8458"><
0003b430:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab0003b210:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
0003b440:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped0003b220:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
0003b450:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·0003b230:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
0003b460:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"0003b240:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
0003b470:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex0003b250:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
0003b480:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low0003b260:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
0003b490:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b4a0:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b4b0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b4c0:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b4d0:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b4e0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b4f0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b500:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b510:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b520:·3e3c·636f·6465·3e69·6e63·6c75·6465·2069··><code>include·i 
0003b530:·6e73·7461·6c6c·5f61·6964·650a·0a63·6c61··nstall_aide..cla 
0003b540:·7373·2069·6e73·7461·6c6c·5f61·6964·6520··ss·install_aide· 
0003b550:·7b0a·2020·7061·636b·6167·6520·7b20·2761··{.··package·{·'a 
0003b560:·6964·6527·3a0a·2020·2020·656e·7375·7265··ide':.····ensure 
0003b570:·203d·2667·743b·2027·696e·7374·616c·6c65···=&gt;·'installe 
0003b580:·6427·2c0a·2020·7d0a·7d0a·3c2f·636f·6465··d',.··}.}.</code 
0003b590:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b5a0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b5b0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b5c0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b5d0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b5e0:·3834·3630·2220·7461·6269·6e64·6578·3d22··8460"·tabindex=" 
0003b5f0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b600:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b610:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b620:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b630:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b640:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild· 
0003b650:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003b660:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b670:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b680:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b690:·2220·6964·3d22·6964·6d38·3436·3022·3e3c··"·id="idm8460">< 
0003b6a0:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac 
0003b6b0:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·" 
0003b6c0:·6169·6465·220a·7665·7273·696f·6e20·3d20··aide".version·=· 
0003b6d0:·222a·220a·3c2f·636f·6465·3e3c·2f70·7265··"*".</code></pre 
0003b6e0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b6f0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b700:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b710:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b720:·7267·6574·3d22·2369·646d·3834·3631·2220··rget="#idm8461"· 
0003b730:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003b740:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003b750:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003b760:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003b770:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003b780:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003b790:·6e20·7363·7269·7074·20e2·87b2·3c2f·613e··n·script·...</a> 
0003b7a0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b7b0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b7c0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b7d0:·3834·3631·223e·3c74·6162·6c65·2063·6c61··8461"><table·cla 
0003b7e0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
0003b7f0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
0003b800:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
0003b810:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
0003b820:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
0003b830:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003b840:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
0003b850:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low 
0003b860:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b870:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t 
0003b880:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b890:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b8a0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b8b0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab 
0003b8c0:·6c65·3e3c·7072·653e·3c63·6f64·653e·0a70··le><pre><code>.p 
0003b8d0:·6163·6b61·6765·2069·6e73·7461·6c6c·2061··ackage·install·a 
0003b8e0:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre 
0003b8f0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b900:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b910:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b920:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b930:·7267·6574·3d22·2369·646d·3834·3632·2220··rget="#idm8462"· 
Max diff block lines reached; 11709226/11747204 bytes (99.68%) of diff not shown.
1.29 MB
html2text {}
    
Offset 106, 52 lines modifiedOffset 106, 48 lines modified
106 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5106 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
107 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199107 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
108 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79108 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
109 ·············_\x8c_\x8i_\x8s············6.1.1109 ·············_\x8c_\x8i_\x8s············6.1.1
110 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2110 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
111 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-09-651010111 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-09-651010
112 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule112 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule
113 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8113 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
114 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low114 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
115 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low115 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
116 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false116 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
117 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable117 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
118 package·--add=aide118 dnf·install·aide
119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8119 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low120 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low121 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false122 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable123 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
124 include·install_aide124 include·install_aide
  
125 class·install_aide·{125 class·install_aide·{
126 ··package·{·'aide':126 ··package·{·'aide':
127 ····ensure·=>·'installed',127 ····ensure·=>·'installed',
128 ··}128 ··}
129 }129 }
130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
131 [[packages]] 
132 name·=·"aide" 
133 version·=·"*" 
134 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8130 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
135 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low131 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
136 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low132 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
137 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false133 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
138 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable134 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 135 #·Remediation·is·applicable·only·in·certain·platforms
 136 if·rpm·--quiet·-q·kernel;·then
  
 137 if·!·rpm·-q·--quiet·"aide"·;·then
 138 ····dnf·install·-y·"aide"
 139 fi
139 package·install·aide 
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
145 dnf·install·aide140 else
 141 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 142 fi
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
151 -·name:·Gather·the·package·facts148 -·name:·Gather·the·package·facts
152 ··package_facts:149 ··package_facts:
Offset 184, 29 lines modifiedOffset 180, 33 lines modified
184 ··-·PCI-DSSv4-11.5.2180 ··-·PCI-DSSv4-11.5.2
185 ··-·enable_strategy181 ··-·enable_strategy
186 ··-·low_complexity182 ··-·low_complexity
187 ··-·low_disruption183 ··-·low_disruption
188 ··-·medium_severity184 ··-·medium_severity
189 ··-·no_reboot_needed185 ··-·no_reboot_needed
190 ··-·package_aide_installed186 ··-·package_aide_installed
 187 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 188 [[packages]]
 189 name·=·"aide"
 190 version·=·"*"
191 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8191 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
192 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low192 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
193 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low193 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
194 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false194 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
195 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable195 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
196 #·Remediation·is·applicable·only·in·certain·platforms 
197 if·rpm·--quiet·-q·kernel;·then 
  
198 if·!·rpm·-q·--quiet·"aide"·;·then 
199 ····dnf·install·-y·"aide" 
200 fi196 package·install·aide
 197 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 198 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 199 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 200 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 201 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 202 package·--add=aide
201 else 
202 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
203 fi 
204 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*203 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
205 Run·the·following·command·to·generate·a·new·database:204 Run·the·following·command·to·generate·a·new·database:
206 $·sudo·/usr/sbin/aide·--init205 $·sudo·/usr/sbin/aide·--init
207 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:206 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
208 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz207 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
209 To·initiate·a·manual·check,·run·the·following·command:208 To·initiate·a·manual·check,·run·the·following·command:
210 $·sudo·/usr/sbin/aide·--check209 $·sudo·/usr/sbin/aide·--check
Offset 227, 14 lines modifiedOffset 227, 28 lines modified
227 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5227 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
229 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79229 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
230 ·············_\x8c_\x8i_\x8s············6.1.1230 ·············_\x8c_\x8i_\x8s············6.1.1
231 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2231 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
232 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-09-651010232 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-09-651010
233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule
 234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 235 #·Remediation·is·applicable·only·in·certain·platforms
 236 if·rpm·--quiet·-q·kernel;·then
  
 237 if·!·rpm·-q·--quiet·"aide"·;·then
 238 ····dnf·install·-y·"aide"
 239 fi
  
 240 /usr/sbin/aide·--init
 241 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 242 else
 243 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 244 fi
234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8245 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
235 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low246 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
236 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low247 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
237 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false248 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
238 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict249 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1348073/1353352 bytes (99.61%) of diff not shown.
12.1 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cis_workstation_l1.html
    
Offset 15118, 284 lines modifiedOffset 15118, 284 lines modified
0003b0d0:·6765·743d·2223·6964·6d38·3435·3822·2074··get="#idm8458"·t0003b0d0:·6765·743d·2223·6964·6d38·3435·3822·2074··get="#idm8458"·t
0003b0e0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003b0e0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003b0f0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003b0f0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003b100:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003b100:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003b110:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003b110:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003b120:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003b120:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003b130:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003b130:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003b140:·2041·6e61·636f·6e64·6120·736e·6970·7065···Anaconda·snippe 
0003b150:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b160:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b170:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b180:·2220·6964·3d22·6964·6d38·3435·3822·3e3c··"·id="idm8458">< 
0003b190:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003b1a0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003b1b0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003b1c0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003b1d0:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003b1e0:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low 
0003b1f0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b200:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b210:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b220:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b230:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b240:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b250:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b260:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b270:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b280:·3e3c·636f·6465·3e0a·7061·636b·6167·6520··><code>.package· 
0003b290:·2d2d·6164·643d·6169·6465·0a3c·2f63·6f64··--add=aide.</cod 
0003b2a0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003b2b0:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003b2c0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003b2d0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003b2e0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003b2f0:·6d38·3435·3922·2074·6162·696e·6465·783d··m8459"·tabindex= 
0003b300:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003b310:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003b320:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003b330:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003b340:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003b350:·6564·6961·7469·6f6e·2050·7570·7065·7420··ediation·Puppet· 
0003b360:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003b140:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
0003b370:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b380:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b390:·6c6c·6170·7365·2220·6964·3d22·6964·6d38··llapse"·id="idm8 
0003b3a0:·3435·3922·3e3c·7461·626c·6520·636c·6173··459"><table·clas 
0003b3b0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003b3c0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003b3d0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003b3e0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003b3f0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003b400:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b410:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b420:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b430:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b440:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b450:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b460:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b470:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b480:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003b490:·653e·3c70·7265·3e3c·636f·6465·3e69·6e63··e><pre><code>inc 
0003b4a0:·6c75·6465·2069·6e73·7461·6c6c·5f61·6964··lude·install_aid 
0003b4b0:·650a·0a63·6c61·7373·2069·6e73·7461·6c6c··e..class·install 
0003b4c0:·5f61·6964·6520·7b0a·2020·7061·636b·6167··_aide·{.··packag 
0003b4d0:·6520·7b20·2761·6964·6527·3a0a·2020·2020··e·{·'aide':.···· 
0003b4e0:·656e·7375·7265·203d·2667·743b·2027·696e··ensure·=&gt;·'in 
0003b4f0:·7374·616c·6c65·6427·2c0a·2020·7d0a·7d0a··stalled',.··}.}. 
0003b500:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d 
0003b510:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn 
0003b520:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da 
0003b530:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla 
0003b540:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target 
0003b550:·3d22·2369·646d·3834·3630·2220·7461·6269··="#idm8460"·tabi 
0003b560:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b 
0003b570:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa 
0003b580:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit 
0003b590:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to· 
0003b5a0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#! 
0003b5b0:·223e·5265·6d65·6469·6174·696f·6e20·4f53··">Remediation·OS 
0003b5c0:·4275·696c·6420·426c·7565·7072·696e·7420··Build·Blueprint· 
0003b5d0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003b5e0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003b150:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003b5f0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003b160:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003b600:·6c6c·6170·7365·2220·6964·3d22·6964·6d38··llapse"·id="idm80003b170:·6c6c·6170·7365·2220·6964·3d22·6964·6d38··llapse"·id="idm8
 0003b180:·3435·3822·3e3c·7461·626c·6520·636c·6173··458"><table·clas
 0003b190:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
 0003b1a0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
 0003b1b0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003b610:·3436·3022·3e3c·7072·653e·3c63·6f64·653e··460"><pre><code> 
0003b620:·0a5b·5b70·6163·6b61·6765·735d·5d0a·6e61··.[[packages]].na 
0003b630:·6d65·203d·2022·6169·6465·220a·7665·7273··me·=·"aide".vers 
0003b640:·696f·6e20·3d20·222a·220a·3c2f·636f·6465··ion·=·"*".</code 
0003b650:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b660:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003b670:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003b680:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003b690:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003b6a0:·3834·3631·2220·7461·6269·6e64·6578·3d22··8461"·tabindex=" 
0003b6b0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003b6c0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003b6d0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003b6e0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003b6f0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003b700:·6469·6174·696f·6e20·7363·7269·7074·20e2··diation·script·. 
0003b710:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c 
0003b720:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll 
0003b730:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i 
0003b740:·643d·2269·646d·3834·3631·223e·3c74·6162··d="idm8461"><tab 
0003b750:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003b760:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003b770:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003b780:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003b790:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003b7a0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003b7b0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003b7c0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th>< 
0003b7d0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b7e0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003b7f0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003b800:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003b810:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003b820:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr 
0003b830:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c 
0003b840:·6f64·653e·0a70·6163·6b61·6765·2069·6e73··ode>.package·ins 
0003b850:·7461·6c6c·2061·6964·650a·3c2f·636f·6465··tall·aide.</code 
0003b860:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003b870:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
Max diff block lines reached; 11315617/11353457 bytes (99.67%) of diff not shown.
1.24 MB
html2text {}
    
Offset 105, 52 lines modifiedOffset 105, 48 lines modified
105 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5105 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
106 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199106 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
107 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79107 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
108 ·············_\x8c_\x8i_\x8s············6.1.1108 ·············_\x8c_\x8i_\x8s············6.1.1
109 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2109 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
110 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-09-651010110 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-09-651010
111 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule111 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule
112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8112 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
113 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low113 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
114 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low114 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
115 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false115 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
116 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable116 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
117 package·--add=aide117 dnf·install·aide
118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
123 include·install_aide123 include·install_aide
  
124 class·install_aide·{124 class·install_aide·{
125 ··package·{·'aide':125 ··package·{·'aide':
126 ····ensure·=>·'installed',126 ····ensure·=>·'installed',
127 ··}127 ··}
128 }128 }
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
130 [[packages]] 
131 name·=·"aide" 
132 version·=·"*" 
133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 134 #·Remediation·is·applicable·only·in·certain·platforms
 135 if·rpm·--quiet·-q·kernel;·then
  
 136 if·!·rpm·-q·--quiet·"aide"·;·then
 137 ····dnf·install·-y·"aide"
 138 fi
138 package·install·aide 
139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
140 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
141 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
142 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
143 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
144 dnf·install·aide139 else
 140 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 141 fi
145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
150 -·name:·Gather·the·package·facts147 -·name:·Gather·the·package·facts
151 ··package_facts:148 ··package_facts:
Offset 183, 29 lines modifiedOffset 179, 33 lines modified
183 ··-·PCI-DSSv4-11.5.2179 ··-·PCI-DSSv4-11.5.2
184 ··-·enable_strategy180 ··-·enable_strategy
185 ··-·low_complexity181 ··-·low_complexity
186 ··-·low_disruption182 ··-·low_disruption
187 ··-·medium_severity183 ··-·medium_severity
188 ··-·no_reboot_needed184 ··-·no_reboot_needed
189 ··-·package_aide_installed185 ··-·package_aide_installed
 186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 187 [[packages]]
 188 name·=·"aide"
 189 version·=·"*"
190 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8190 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
191 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low191 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
192 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low192 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
193 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false193 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
194 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable194 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
195 #·Remediation·is·applicable·only·in·certain·platforms 
196 if·rpm·--quiet·-q·kernel;·then 
  
197 if·!·rpm·-q·--quiet·"aide"·;·then 
198 ····dnf·install·-y·"aide" 
199 fi195 package·install·aide
 196 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 197 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 198 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 199 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 200 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 201 package·--add=aide
200 else 
201 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
202 fi 
203 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*202 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
204 Run·the·following·command·to·generate·a·new·database:203 Run·the·following·command·to·generate·a·new·database:
205 $·sudo·/usr/sbin/aide·--init204 $·sudo·/usr/sbin/aide·--init
206 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:205 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.gz.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/sbin/aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
207 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz206 $·sudo·cp·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
208 To·initiate·a·manual·check,·run·the·following·command:207 To·initiate·a·manual·check,·run·the·following·command:
209 $·sudo·/usr/sbin/aide·--check208 $·sudo·/usr/sbin/aide·--check
Offset 226, 14 lines modifiedOffset 226, 28 lines modified
226 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5226 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
227 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199227 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
228 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79228 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
229 ·············_\x8c_\x8i_\x8s············6.1.1229 ·············_\x8c_\x8i_\x8s············6.1.1
230 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2230 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
231 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-09-651010231 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········RHEL-09-651010
232 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule232 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-258134r1045265_rule
 233 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 234 #·Remediation·is·applicable·only·in·certain·platforms
 235 if·rpm·--quiet·-q·kernel;·then
  
 236 if·!·rpm·-q·--quiet·"aide"·;·then
 237 ····dnf·install·-y·"aide"
 238 fi
  
 239 /usr/sbin/aide·--init
 240 /bin/cp·-p·/var/lib/aide/aide.db.new.gz·/var/lib/aide/aide.db.gz
  
 241 else
 242 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 243 fi
233 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8244 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
234 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low245 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
235 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low246 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
236 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false247 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
237 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict248 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1298859/1304138 bytes (99.60%) of diff not shown.
27.1 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cis_workstation_l2.html
    
Offset 15156, 285 lines modifiedOffset 15156, 285 lines modified
0003b330:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003b330:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003b340:·646d·3834·3538·2220·7461·6269·6e64·6578··dm8458"·tabindex0003b340:·646d·3834·3538·2220·7461·6269·6e64·6578··dm8458"·tabindex
0003b350:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003b350:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003b360:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003b360:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003b370:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003b370:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003b380:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003b380:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003b390:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003b390:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003b3a0:·6d65·6469·6174·696f·6e20·416e·6163·6f6e··mediation·Anacon0003b3a0:·6d65·6469·6174·696f·6e20·7363·7269·7074··mediation·script
0003b3b0:·6461·2073·6e69·7070·6574·20e2·87b2·3c2f··da·snippet·...</ 
0003b3c0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b3d0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b3e0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b3f0:·646d·3834·3538·223e·3c74·6162·6c65·2063··dm8458"><table·c 
0003b400:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003b410:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003b420:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003b430:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003b440:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003b450:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b460:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003b470:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003b480:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b490:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003b4a0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003b4b0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b4c0:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003b4d0:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t 
0003b4e0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003b4f0:·0a70·6163·6b61·6765·202d·2d61·6464·3d61··.package·--add=a 
0003b500:·6964·650a·3c2f·636f·6465·3e3c·2f70·7265··ide.</code></pre 
0003b510:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b520:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b530:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b540:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b550:·7267·6574·3d22·2369·646d·3834·3539·2220··rget="#idm8459"· 
0003b560:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003b570:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003b580:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003b590:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003b5a0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003b5b0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003b5c0:·6e20·5075·7070·6574·2073·6e69·7070·6574··n·Puppet·snippet 
0003b5d0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div0003b3b0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003b5e0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0003b3c0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003b5f0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"0003b3d0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003b600:·2069·643d·2269·646d·3834·3539·223e·3c74···id="idm8459"><t0003b3e0:·2069·643d·2269·646d·3834·3538·223e·3c74···id="idm8458"><t
0003b610:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl0003b3f0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
0003b620:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·0003b400:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
0003b630:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t0003b410:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
0003b640:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">0003b420:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
0003b650:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi0003b430:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
0003b660:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<0003b440:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<
0003b670:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b680:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003b690:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b6a0:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003b6b0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003b6c0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b6d0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003b6e0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003b6f0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003b700:·3c63·6f64·653e·696e·636c·7564·6520·696e··<code>include·in 
0003b710:·7374·616c·6c5f·6169·6465·0a0a·636c·6173··stall_aide..clas 
0003b720:·7320·696e·7374·616c·6c5f·6169·6465·207b··s·install_aide·{ 
0003b730:·0a20·2070·6163·6b61·6765·207b·2027·6169··.··package·{·'ai 
0003b740:·6465·273a·0a20·2020·2065·6e73·7572·6520··de':.····ensure· 
0003b750:·3d26·6774·3b20·2769·6e73·7461·6c6c·6564··=&gt;·'installed 
0003b760:·272c·0a20·207d·0a7d·0a3c·2f63·6f64·653e··',.··}.}.</code> 
0003b770:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003b780:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003b790:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003b7a0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003b7b0:·7461·2d74·6172·6765·743d·2223·6964·6d38··ta-target="#idm8 
0003b7c0:·3436·3022·2074·6162·696e·6465·783d·2230··460"·tabindex="0 
0003b7d0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003b7e0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003b7f0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003b800:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003b810:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003b820:·6961·7469·6f6e·204f·5342·7569·6c64·2042··iation·OSBuild·B 
0003b830:·6c75·6570·7269·6e74·2073·6e69·7070·6574··lueprint·snippet 
0003b840:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003b850:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003b860:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003b870:·2069·643d·2269·646d·3834·3630·223e·3c70···id="idm8460"><p 
0003b880:·7265·3e3c·636f·6465·3e0a·5b5b·7061·636b··re><code>.[[pack 
0003b890:·6167·6573·5d5d·0a6e·616d·6520·3d20·2261··ages]].name·=·"a 
0003b8a0:·6964·6522·0a76·6572·7369·6f6e·203d·2022··ide".version·=·" 
0003b8b0:·2a22·0a3c·2f63·6f64·653e·3c2f·7072·653e··*".</code></pre> 
0003b8c0:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class=" 
0003b8d0:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success" 
0003b8e0:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co 
0003b8f0:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar 
0003b900:·6765·743d·2223·6964·6d38·3436·3122·2074··get="#idm8461"·t 
0003b910:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role 
0003b920:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e 
0003b930:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"· 
0003b940:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate· 
0003b950:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href= 
0003b960:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation 
0003b970:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a>< 
0003b980:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b990:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b9a0:·6c6c·6170·7365·2220·6964·3d22·6964·6d38··llapse"·id="idm8 
0003b9b0:·3436·3122·3e3c·7461·626c·6520·636c·6173··461"><table·clas 
0003b9c0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003b9d0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003b9e0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003b9f0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
0003ba00:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th>< 
0003ba10:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003ba20:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003ba30:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003ba40:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b450:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003ba50:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003ba60:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003ba70:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy0003b460:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th
 0003b470:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003b480:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
0003ba80:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable0003b490:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
0003ba90:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
0003baa0:·653e·3c70·7265·3e3c·636f·6465·3e0a·7061··e><pre><code>.pa0003b4a0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b4b0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
 0003b4c0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></
 0003b4d0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
 0003b4e0:·3c63·6f64·653e·0a64·6e66·2069·6e73·7461··<code>.dnf·insta
 0003b4f0:·6c6c·2061·6964·650a·3c2f·636f·6465·3e3c··ll·aide.</code><
Max diff block lines reached; 26005215/26043193 bytes (99.85%) of diff not shown.
2.3 MB
html2text {}
Max HTML report size reached
7.45 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cui.html
    
Offset 15474, 62 lines modifiedOffset 15474, 62 lines modified
0003c710:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003c710:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003c720:·646d·3930·3335·2220·7461·6269·6e64·6578··dm9035"·tabindex0003c720:·646d·3930·3335·2220·7461·6269·6e64·6578··dm9035"·tabindex
0003c730:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003c730:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003c740:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003c740:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003c750:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003c750:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003c760:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003c760:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003c770:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003c770:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003c780:·6d65·6469·6174·696f·6e20·4f53·4275·696c··mediation·OSBuil 
0003c790:·6420·426c·7565·7072·696e·7420·736e·6970··d·Blueprint·snip 
0003c7a0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003c7b0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003c7c0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003c7d0:·7365·2220·6964·3d22·6964·6d39·3033·3522··se"·id="idm9035" 
0003c7e0:·3e3c·7072·653e·3c63·6f64·653e·0a5b·6375··><pre><code>.[cu 
0003c7f0:·7374·6f6d·697a·6174·696f·6e73·5d0a·6669··stomizations].fi 
0003c800:·7073·203d·2074·7275·650a·3c2f·636f·6465··ps·=·true.</code 
0003c810:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a· 
0003c820:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s 
0003c830:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog 
0003c840:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d 
0003c850:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm 
0003c860:·3930·3336·2220·7461·6269·6e64·6578·3d22··9036"·tabindex=" 
0003c870:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button" 
0003c880:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded=" 
0003c890:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac 
0003c8a0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal 
0003c8b0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme 
0003c8c0:·6469·6174·696f·6e20·5368·656c·6c20·7363··diation·Shell·sc0003c780:·6d65·6469·6174·696f·6e20·5368·656c·6c20··mediation·Shell·
0003c8d0:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>0003c790:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b
0003c8e0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003c7a0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
0003c8f0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003c7b0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
0003c900:·7073·6522·2069·643d·2269·646d·3930·3336··pse"·id="idm90360003c7c0:·6c61·7073·6522·2069·643d·2269·646d·3930··lapse"·id="idm90
0003c910:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R0003c7d0:·3335·223e·3c70·7265·3e3c·636f·6465·3e23··35"><pre><code>#
 0003c7e0:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
 0003c7f0:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
 0003c800:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
 0003c810:·6f72·6d73·0a69·6620·2820·2120·2820·5b20··orms.if·(·!·(·[·
 0003c820:·2224·7b63·6f6e·7461·696e·6572·3a2d·7d22··"${container:-}"
 0003c830:·203d·3d20·2262·7772·6170·2d6f·7362·7569···==·"bwrap-osbui
 0003c840:·6c64·2220·5d20·2920·2661·6d70·3b26·616d··ld"·]·)·&amp;&am
 0003c850:·703b·2072·706d·202d·2d71·7569·6574·202d··p;·rpm·--quiet·-
 0003c860:·7120·6b65·726e·656c·2029·3b20·7468·656e··q·kernel·);·then
 0003c870:·0a0a·6966·205b·5b20·2224·4f53·4341·505f··..if·[[·"$OSCAP_
 0003c880:·424f·4f54·435f·4255·494c·4422·203d·3d20··BOOTC_BUILD"·==·
 0003c890:·2259·4553·2220·5d5d·3b20·7468·656e·0a09··"YES"·]];·then..
 0003c8a0:·6361·7420·2667·743b·202f·7573·722f·6c69··cat·&gt;·/usr/li
 0003c8b0:·622f·626f·6f74·632f·6b61·7267·732e·642f··b/bootc/kargs.d/
 0003c8c0:·3031·2d66·6970·732e·746f·6d6c·2026·6c74··01-fips.toml·&lt
 0003c8d0:·3b26·6c74·3b20·454f·460a·6b61·7267·7320··;&lt;·EOF.kargs·
 0003c8e0:·3d20·5b22·6669·7073·3d31·225d·0a45·4f46··=·["fips=1"].EOF
 0003c8f0:·0a66·690a·0a65·6c73·650a·2020·2020·2667··.fi..else.····&g
 0003c900:·743b·2661·6d70·3b32·2065·6368·6f20·2752··t;&amp;2·echo·'R
0003c920:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap0003c910:·656d·6564·6961·7469·6f6e·2069·7320·6e6f··emediation·is·no
0003c930:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in 
0003c940:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor 
0003c950:·6d73·0a69·6620·2820·2120·2820·5b20·2224··ms.if·(·!·(·[·"$ 
0003c960:·7b63·6f6e·7461·696e·6572·3a2d·7d22·203d··{container:-}"·= 
0003c970:·3d20·2262·7772·6170·2d6f·7362·7569·6c64··=·"bwrap-osbuild 
0003c980:·2220·5d20·2920·2661·6d70·3b26·616d·703b··"·]·)·&amp;&amp; 
0003c990:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q· 
0003c9a0:·6b65·726e·656c·2029·3b20·7468·656e·0a0a··kernel·);·then.. 
0003c9b0:·6966·205b·5b20·2224·4f53·4341·505f·424f··if·[[·"$OSCAP_BO 
0003c9c0:·4f54·435f·4255·494c·4422·203d·3d20·2259··OTC_BUILD"·==·"Y 
0003c9d0:·4553·2220·5d5d·3b20·7468·656e·0a09·6361··ES"·]];·then..ca 
0003c9e0:·7420·2667·743b·202f·7573·722f·6c69·622f··t·&gt;·/usr/lib/ 
0003c9f0:·626f·6f74·632f·6b61·7267·732e·642f·3031··bootc/kargs.d/01 
0003ca00:·2d66·6970·732e·746f·6d6c·2026·6c74·3b26··-fips.toml·&lt;& 
0003ca10:·6c74·3b20·454f·460a·6b61·7267·7320·3d20··lt;·EOF.kargs·=· 
0003ca20:·5b22·6669·7073·3d31·225d·0a45·4f46·0a66··["fips=1"].EOF.f 
0003ca30:·690a·0a65·6c73·650a·2020·2020·2667·743b··i..else.····&gt; 
0003ca40:·2661·6d70·3b32·2065·6368·6f20·2752·656d··&amp;2·echo·'Rem 
0003ca50:·6564·6961·7469·6f6e·2069·7320·6e6f·7420··ediation·is·not· 
0003ca60:·6170·706c·6963·6162·6c65·2c20·6e6f·7468··applicable,·noth0003c920:·7420·6170·706c·6963·6162·6c65·2c20·6e6f··t·applicable,·no
0003ca70:·696e·6720·7761·7320·646f·6e65·270a·6669··ing·was·done'.fi0003c930:·7468·696e·6720·7761·7320·646f·6e65·270a··thing·was·done'.
 0003c940:·6669·0a3c·2f63·6f64·653e·3c2f·7072·653e··fi.</code></pre>
 0003c950:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="
 0003c960:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"
 0003c970:·2064·6174·612d·746f·6767·6c65·3d22·636f···data-toggle="co
 0003c980:·6c6c·6170·7365·2220·6461·7461·2d74·6172··llapse"·data-tar
 0003c990:·6765·743d·2223·6964·6d39·3033·3622·2074··get="#idm9036"·t
 0003c9a0:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
 0003c9b0:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
 0003c9c0:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
 0003c9d0:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
 0003c9e0:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
 0003c9f0:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
 0003ca00:·204f·5342·7569·6c64·2042·6c75·6570·7269···OSBuild·Bluepri
 0003ca10:·6e74·2073·6e69·7070·6574·20e2·87b2·3c2f··nt·snippet·...</
 0003ca20:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
 0003ca30:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
 0003ca40:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
 0003ca50:·646d·3930·3336·223e·3c70·7265·3e3c·636f··dm9036"><pre><co
 0003ca60:·6465·3e0a·5b63·7573·746f·6d69·7a61·7469··de>.[customizati
 0003ca70:·6f6e·735d·0a66·6970·7320·3d20·7472·7565··ons].fips·=·true
0003ca80:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></0003ca80:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
0003ca90:·6469·763e·3c2f·6469·763e·3c2f·7464·3e3c··div></div></td><0003ca90:·6469·763e·3c2f·6469·763e·3c2f·7464·3e3c··div></div></td><
0003caa0:·2f74·723e·3c2f·7462·6f64·793e·3c2f·7461··/tr></tbody></ta0003caa0:·2f74·723e·3c2f·7462·6f64·793e·3c2f·7461··/tr></tbody></ta
0003cab0:·626c·653e·3c2f·7464·3e3c·2f74·723e·3c74··ble></td></tr><t0003cab0:·626c·653e·3c2f·7464·3e3c·2f74·723e·3c74··ble></td></tr><t
0003cac0:·7220·6461·7461·2d74·742d·6964·3d22·6368··r·data-tt-id="ch0003cac0:·7220·6461·7461·2d74·742d·6964·3d22·6368··r·data-tt-id="ch
0003cad0:·696c·6472·656e·2d78·6363·6466·5f6f·7267··ildren-xccdf_org0003cad0:·696c·6472·656e·2d78·6363·6466·5f6f·7267··ildren-xccdf_org
0003cae0:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont0003cae0:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
Offset 15843, 254 lines modifiedOffset 15843, 254 lines modified
0003de20:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003de20:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003de30:·6964·6d39·3136·3922·2074·6162·696e·6465··idm9169"·tabinde0003de30:·6964·6d39·3136·3922·2074·6162·696e·6465··idm9169"·tabinde
0003de40:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003de40:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003de50:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003de50:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003de60:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003de60:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003de70:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003de70:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003de80:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003de80:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003de90:·656d·6564·6961·7469·6f6e·2041·6e61·636f··emediation·Anaco0003de90:·656d·6564·6961·7469·6f6e·2073·6372·6970··emediation·scrip
0003dea0:·6e64·6120·736e·6970·7065·7420·e287·b23c··nda·snippet·...< 
0003deb0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003dec0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003ded0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003dee0:·6964·6d39·3136·3922·3e3c·7461·626c·6520··idm9169"><table· 
0003def0:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab 
0003df00:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table 
0003df10:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table- 
0003df20:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr>< 
0003df30:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003dea0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
 0003deb0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
 0003dec0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
 0003ded0:·2220·6964·3d22·6964·6d39·3136·3922·3e3c··"·id="idm9169"><
 0003dee0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
 0003def0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
 0003df00:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
 0003df10:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
Max diff block lines reached; 6862806/6904122 bytes (99.40%) of diff not shown.
890 KB
html2text {}
    
Offset 119, 31 lines modifiedOffset 119, 31 lines modified
119 ·············_\x8i_\x8s_\x8m······1446119 ·············_\x8i_\x8s_\x8m······1446
120 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1120 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
121 References:··_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12121 References:··_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
122 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1122 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
123 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176123 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
124 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-671010124 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-671010
125 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258230r958408_rule125 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258230r958408_rule
126 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
127 [customizations] 
128 fips·=·true 
129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8126 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
130 #·Remediation·is·applicable·only·in·certain·platforms127 #·Remediation·is·applicable·only·in·certain·platforms
131 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then128 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
132 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then129 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
133 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF130 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
134 kargs·=·["fips=1"]131 kargs·=·["fips=1"]
135 EOF132 EOF
136 fi133 fi
  
137 else134 else
138 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'135 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
139 fi136 fi
 137 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 138 [customizations]
 139 fips·=·true
140 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules140 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules
141 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:141 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:
142 ····*·GnuTLS·library142 ····*·GnuTLS·library
143 ····*·OpenSSL·library143 ····*·OpenSSL·library
144 ····*·NSS·library144 ····*·NSS·library
145 ····*·OpenJDK145 ····*·OpenJDK
146 ····*·Libkrb5146 ····*·Libkrb5
Offset 158, 52 lines modifiedOffset 158, 42 lines modified
158 Rule·ID:·····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed158 Rule·ID:·····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed
159 Identifiers:·CCE-83442-4159 Identifiers:·CCE-83442-4
160 ·············_\x8d_\x8i_\x8s_\x8a····CCI-002890,·CCI-002450,·CCI-003123160 ·············_\x8d_\x8i_\x8s_\x8a····CCI-002890,·CCI-002450,·CCI-003123
161 ·············_\x8o_\x8s_\x8p_\x8p····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1161 ·············_\x8o_\x8s_\x8p_\x8p····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
162 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174162 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
163 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··RHEL-09-215100163 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··RHEL-09-215100
164 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-258234r1051250_rule164 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-258234r1051250_rule
165 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8165 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
166 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low166 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
167 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low167 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
168 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false168 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
169 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable169 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
170 package·--add=crypto-policies170 dnf·install·crypto-policies
171 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8171 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
172 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low172 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
173 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low173 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
174 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false174 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
175 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable175 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
176 include·install_crypto-policies176 include·install_crypto-policies
  
177 class·install_crypto-policies·{177 class·install_crypto-policies·{
178 ··package·{·'crypto-policies':178 ··package·{·'crypto-policies':
179 ····ensure·=>·'installed',179 ····ensure·=>·'installed',
180 ··}180 ··}
181 }181 }
182 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
183 [[packages]] 
184 name·=·"crypto-policies" 
185 version·=·"*" 
186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8182 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
187 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
188 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
189 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
190 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
191 package·install·crypto-policies 
192 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
193 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low183 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
194 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low184 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
195 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false185 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
196 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable186 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 187 if·!·rpm·-q·--quiet·"crypto-policies"·;·then
197 dnf·install·crypto-policies188 ····dnf·install·-y·"crypto-policies"
 189 fi
198 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8190 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
199 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low191 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
200 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low192 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
201 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false193 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
202 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable194 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
203 -·name:·Ensure·crypto-policies·is·installed195 -·name:·Ensure·crypto-policies·is·installed
204 ··package:196 ··package:
Offset 214, 23 lines modifiedOffset 204, 33 lines modified
214 ··-·DISA-STIG-RHEL-09-215100204 ··-·DISA-STIG-RHEL-09-215100
215 ··-·enable_strategy205 ··-·enable_strategy
216 ··-·low_complexity206 ··-·low_complexity
217 ··-·low_disruption207 ··-·low_disruption
218 ··-·medium_severity208 ··-·medium_severity
219 ··-·no_reboot_needed209 ··-·no_reboot_needed
220 ··-·package_crypto-policies_installed210 ··-·package_crypto-policies_installed
 211 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 212 [[packages]]
 213 name·=·"crypto-policies"
 214 version·=·"*"
221 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8215 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
222 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low216 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
223 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low217 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
224 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false218 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
225 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable219 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
226 if·!·rpm·-q·--quiet·"crypto-policies"·;·then 
227 ····dnf·install·-y·"crypto-policies" 
228 fi220 package·install·crypto-policies
 221 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 222 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 223 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 224 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 225 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 226 package·--add=crypto-policies
229 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*227 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
230 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·FIPS·policy,·run·the·following·command:228 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·FIPS·policy,·run·the·following·command:
231 $·sudo·update-crypto-policies·--set·FIPS229 $·sudo·update-crypto-policies·--set·FIPS
232 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.·Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to·correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case·crypto·policy·customizations·are·applied.·Crypto·policies·may·be·customized·by·crypto·policy·modules,·in·which·case·it·is·delimited·from·the·base·policy·using·a·colon.230 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.·Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to·correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case·crypto·policy·customizations·are·applied.·Crypto·policies·may·be·customized·by·crypto·policy·modules,·in·which·case·it·is·delimited·from·the·base·policy·using·a·colon.
233 Warning: ·The·system·needs·to·be·rebooted·for·these·changes·to·take·effect.231 Warning: ·The·system·needs·to·be·rebooted·for·these·changes·to·take·effect.
234 Warning: ·System·Crypto·Modules·must·be·provided·by·a·vendor·that·undergoes·FIPS-140·certifications.·FIPS-140·is·applicable·to·all·Federal·agencies·that·use·cryptographic-based·security·systems·to·protect·sensitive·information·in·computer·and·telecommunication·systems·(including·voice·systems)·as·defined·in·Section·5131·of·the·Information·Technology·Management·Reform·Act·of·1996,·Public·Law·104-106.·This·standard·shall·be·used·in·designing·and·implementing·cryptographic·modules·that·Federal·departments·and·agencies·operate·or·are·operated·for·them·under·contract.·See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8n\x8n_\x8v\x8v_\x8l\x8l_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8/\x8/_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8/\x8/_\x8N\x8N_\x8I\x8I_\x8S\x8S_\x8T\x8T_\x8.\x8._\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x81\x81_\x84\x84_\x80\x80_\x8-\x8-_\x82\x82_\x8.\x8._\x8p\x8p_\x8d\x8d_\x8f\x8f·To·meet·this,·the·system·has·to·have·cryptographic·software·provided·by·a·vendor·that·has·undergone·this·certification.·This·means·providing·documentation,·test·results,·design·information,·and·independent·third·party·review·by·an·accredited·lab.·While·open·source·software·is·capable·of·meeting·this,·it·does·not·meet·FIPS-140·unless·the·vendor·submits·to·this·process.232 Warning: ·System·Crypto·Modules·must·be·provided·by·a·vendor·that·undergoes·FIPS-140·certifications.·FIPS-140·is·applicable·to·all·Federal·agencies·that·use·cryptographic-based·security·systems·to·protect·sensitive·information·in·computer·and·telecommunication·systems·(including·voice·systems)·as·defined·in·Section·5131·of·the·Information·Technology·Management·Reform·Act·of·1996,·Public·Law·104-106.·This·standard·shall·be·used·in·designing·and·implementing·cryptographic·modules·that·Federal·departments·and·agencies·operate·or·are·operated·for·them·under·contract.·See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8n\x8n_\x8v\x8v_\x8l\x8l_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8/\x8/_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8/\x8/_\x8N\x8N_\x8I\x8I_\x8S\x8S_\x8T\x8T_\x8.\x8._\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x81\x81_\x84\x84_\x80\x80_\x8-\x8-_\x82\x82_\x8.\x8._\x8p\x8p_\x8d\x8d_\x8f\x8f·To·meet·this,·the·system·has·to·have·cryptographic·software·provided·by·a·vendor·that·has·undergone·this·certification.·This·means·providing·documentation,·test·results,·design·information,·and·independent·third·party·review·by·an·accredited·lab.·While·open·source·software·is·capable·of·meeting·this,·it·does·not·meet·FIPS-140·unless·the·vendor·submits·to·this·process.
235 Rationale:···Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.233 Rationale:···Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.
Offset 245, 39 lines modifiedOffset 245, 33 lines modified
Max diff block lines reached; 903792/911687 bytes (99.13%) of diff not shown.
7.26 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-e8.html
    
Offset 15183, 414 lines modifiedOffset 15183, 414 lines modified
0003b4e0:·7461·7267·6574·3d22·2369·646d·3831·3135··target="#idm81150003b4e0:·7461·7267·6574·3d22·2369·646d·3831·3135··target="#idm8115
0003b4f0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003b4f0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003b500:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003b500:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003b510:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003b510:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003b520:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003b520:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003b530:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003b530:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
Diff chunk too large, falling back to line-by-line diff (400 lines added, 400 lines removed)
0003b540:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003b540:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
0003b550:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip0003b550:·696f·6e20·5368·656c·6c20·7363·7269·7074··ion·Shell·script
0003b560:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><0003b560:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003b570:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel0003b570:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003b580:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap0003b580:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003b590:·7365·2220·6964·3d22·6964·6d38·3131·3522··se"·id="idm8115"0003b590:·2069·643d·2269·646d·3831·3135·223e·3c70···id="idm8115"><p
0003b5a0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t0003b5a0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
0003b5b0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip0003b5b0:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
0003b5c0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere0003b5c0:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
0003b5d0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense0003b5d0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
0003b5e0:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl0003b5e0:·6620·2120·2820·7b20·7270·6d20·2d2d·7175··f·!·(·{·rpm·--qu
0003b5f0:·6578·6974·793a·3c2f·7468·3e3c·7464·3e68··exity:</th><td>h0003b5f0:·6965·7420·2d71·206b·6572·6e65·6c20·3b7d··iet·-q·kernel·;}
0003b600:·6967·683c·2f74·643e·3c2f·7472·3e3c·7472··igh</td></tr><tr0003b600:·2026·616d·703b·2661·6d70·3b20·7b20·7270···&amp;&amp;·{·rp
0003b610:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:0003b610:·6d20·2d2d·7175·6965·7420·2d71·2072·706d··m·--quiet·-q·rpm
0003b620:·3c2f·7468·3e3c·7464·3e6d·6564·6975·6d3c··</th><td>medium<0003b620:·2d6f·7374·7265·6520·3b7d·2026·616d·703b··-ostree·;}·&amp;
0003b630:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b630:·2661·6d70·3b20·7b20·7270·6d20·2d2d·7175··&amp;·{·rpm·--qu
0003b640:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td0003b640:·6965·7420·2d71·2062·6f6f·7463·203b·7d20··iet·-q·bootc·;}·
0003b650:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>0003b650:·2661·6d70·3b26·616d·703b·207b·2021·2072··&amp;&amp;·{·!·r
0003b660:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy0003b660:·706d·202d·2d71·7569·6574·202d·7120·6f70··pm·--quiet·-q·op
0003b670:·3a3c·2f74·683e·3c74·643e·7265·7374·7269··:</th><td>restri0003b670:·656e·7368·6966·742d·6b75·6265·6c65·7420··enshift-kubelet·
0003b680:·6374·3c2f·7464·3e3c·2f74·723e·3c2f·7461··ct</td></tr></ta0003b680:·3b7d·2029·3b20·7468·656e·0a0a·2320·4669··;}·);·then..#·Fi
0003b690:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-0003b690:·6e64·2077·6869·6368·2066·696c·6573·2068··nd·which·files·h
0003b6a0:·206e·616d·653a·2047·6174·6865·7220·7468···name:·Gather·th0003b6a0:·6176·6520·696e·636f·7272·6563·7420·6861··ave·incorrect·ha
0003b6b0:·6520·7061·636b·6167·6520·6661·6374·730a··e·package·facts.0003b6b0:·7368·2028·6e6f·7420·696e·202f·6574·632c··sh·(not·in·/etc,
0003b6c0:·2020·7061·636b·6167·655f·6661·6374·733a····package_facts:0003b6c0:·2062·6563·6175·7365·206f·6620·7468·6520···because·of·the·
0003b6d0:·0a20·2020·206d·616e·6167·6572·3a20·6175··.····manager:·au0003b6d0:·7379·7374·656d·2072·656c·6174·6564·2063··system·related·c
0003b6e0:·746f·0a20·2074·6167·733a·0a20·202d·2043··to.··tags:.··-·C0003b6e0:·6f6e·6669·6720·6669·6c65·7329·2061·6e64··onfig·files)·and
0003b6f0:·4345·2d39·3038·3431·2d38·0a20·202d·2043··CE-90841-8.··-·C0003b6f0:·2074·6865·6e20·6765·7420·6669·6c65·7320···then·get·files·
0003b700:·4a49·532d·352e·3130·2e34·2e31·0a20·202d··JIS-5.10.4.1.··-0003b700:·6e61·6d65·730a·6669·6c65·735f·7769·7468··names.files_with
0003b710:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003b710:·5f69·6e63·6f72·7265·6374·5f68·6173·683d··_incorrect_hash=
0003b720:·332e·380a·2020·2d20·4e49·5354·2d38·3030··3.8.··-·NIST-8000003b720:·2224·2872·706d·202d·5661·202d·2d6e·6f63··"$(rpm·-Va·--noc
0003b730:·2d31·3731·2d33·2e34·2e31·0a20·202d·204e··-171-3.4.1.··-·N0003b730:·6f6e·6669·6720·7c20·6772·6570·202d·4520··onfig·|·grep·-E·
0003b740:·4953·542d·3830·302d·3533·2d41·552d·3928··IST-800-53-AU-9(0003b740:·275e·2e2e·3527·207c·2061·776b·2027·7b70··'^..5'·|·awk·'{p
0003b750:·3329·0a20·202d·204e·4953·542d·3830·302d··3).··-·NIST-800-0003b750:·7269·6e74·2024·4e46·7d27·2029·220a·0a69··rint·$NF}'·)"..i
0003b760:·3533·2d43·4d2d·3628·6329·0a20·202d·204e··53-CM-6(c).··-·N0003b760:·6620·5b20·2d6e·2022·2466·696c·6573·5f77··f·[·-n·"$files_w
0003b770:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003b770:·6974·685f·696e·636f·7272·6563·745f·6861··ith_incorrect_ha
0003b780:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-0003b780:·7368·2220·5d3b·2074·6865·6e0a·2020·2020··sh"·];·then.····
0003b790:·3533·2d53·492d·370a·2020·2d20·4e49·5354··53-SI-7.··-·NIST0003b790:·2320·4672·6f6d·2066·696c·6573·206e·616d··#·From·files·nam
0003b7a0:·2d38·3030·2d35·332d·5349·2d37·2831·290a··-800-53-SI-7(1).0003b7a0:·6573·2067·6574·2070·6163·6b61·6765·206e··es·get·package·n
0003b7b0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b7b0:·616d·6573·2061·6e64·2063·6861·6e67·6520··ames·and·change·
0003b7c0:·5349·2d37·2836·290a·2020·2d20·5043·492d··SI-7(6).··-·PCI-0003b7c0:·6e65·776c·696e·6520·746f·2073·7061·6365··newline·to·space
0003b7d0:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··-0003b7d0:·2c20·6265·6361·7573·6520·7270·6d20·7772··,·because·rpm·wr
0003b7e0:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5.0003b7e0:·6974·6573·2065·6163·6820·7061·636b·6167··ites·each·packag
0003b7f0:·320a·2020·2d20·6869·6768·5f63·6f6d·706c··2.··-·high_compl0003b7f0:·6520·746f·206e·6577·206c·696e·650a·2020··e·to·new·line.··
0003b800:·6578·6974·790a·2020·2d20·6869·6768·5f73··exity.··-·high_s0003b800:·2020·7061·636b·6167·6573·5f74·6f5f·7265····packages_to_re
0003b810:·6576·6572·6974·790a·2020·2d20·6d65·6469··everity.··-·medi0003b810:·696e·7374·616c·6c3d·2224·2872·706d·202d··install="$(rpm·-
0003b820:·756d·5f64·6973·7275·7074·696f·6e0a·2020··um_disruption.··0003b820:·7166·2024·6669·6c65·735f·7769·7468·5f69··qf·$files_with_i
0003b830:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need0003b830:·6e63·6f72·7265·6374·5f68·6173·6820·7c20··ncorrect_hash·|·
0003b840:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_0003b840:·7472·2027·5c6e·2720·2720·2729·220a·0a20··tr·'\n'·'·')"..·
0003b850:·7374·7261·7465·6779·0a20·202d·2072·706d··strategy.··-·rpm0003b850:·2020·200a·2020·2020·646e·6620·7265·696e·····.····dnf·rein
0003b860:·5f76·6572·6966·795f·6861·7368·6573·0a0a··_verify_hashes..0003b860:·7374·616c·6c20·2d79·2024·7061·636b·6167··stall·-y·$packag
0003b870:·2d20·6e61·6d65·3a20·2753·6574·2066·6163··-·name:·'Set·fac0003b870:·6573·5f74·6f5f·7265·696e·7374·616c·6c0a··es_to_reinstall.
0003b880:·743a·2050·6163·6b61·6765·206d·616e·6167··t:·Package·manag0003b880:·2020·2020·0a66·690a·0a65·6c73·650a·2020······.fi..else.··
0003b890:·6572·2072·6569·6e73·7461·6c6c·2063·6f6d··er·reinstall·com0003b890:·2020·2667·743b·2661·6d70·3b32·2065·6368····&gt;&amp;2·ech
0003b8a0:·6d61·6e64·270a·2020·7365·745f·6661·6374··mand'.··set_fact0003b8a0:·6f20·2752·656d·6564·6961·7469·6f6e·2069··o·'Remediation·i
0003b8b0:·3a0a·2020·2020·7061·636b·6167·655f·6d61··:.····package_ma0003b8b0:·7320·6e6f·7420·6170·706c·6963·6162·6c65··s·not·applicable
0003b8c0:·6e61·6765·725f·7265·696e·7374·616c·6c5f··nager_reinstall_0003b8c0:·2c20·6e6f·7468·696e·6720·7761·7320·646f··,·nothing·was·do
0003b8d0:·636d·643a·2064·6e66·2072·6569·6e73·7461··cmd:·dnf·reinsta0003b8d0:·6e65·270a·6669·0a3c·2f63·6f64·653e·3c2f··ne'.fi.</code></
0003b8e0:·6c6c·202d·790a·2020·7768·656e·3a0a·2020··ll·-y.··when:.··0003b8e0:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
0003b8f0:·2d20·6e6f·7420·2820·226b·6572·6e65·6c22··-·not·(·"kernel"0003b8f0:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
0003b900:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003b900:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
0003b910:·732e·7061·636b·6167·6573·2061·6e64·2022··s.packages·and·"0003b910:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
0003b920:·7270·6d2d·6f73·7472·6565·2220·696e·2061··rpm-ostree"·in·a0003b920:·2d74·6172·6765·743d·2223·6964·6d38·3131··-target="#idm811
0003b930:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003b930:·3622·2074·6162·696e·6465·783d·2230·2220··6"·tabindex="0"·
0003b940:·6b61·6765·730a·2020·2020·616e·6420·2262··kages.····and·"b0003b940:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003b950:·6f6f·7463·2220·696e·2061·6e73·6962·6c65··ootc"·in·ansible0003b950:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003b960:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003b960:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003b970:·616e·6420·6e6f·7420·226f·7065·6e73·6869··and·not·"openshi0003b970:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003b980:·6674·2d6b·7562·656c·6574·2220·696e·2061··ft-kubelet"·in·a0003b980:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003b990:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003b990:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni
0003b9a0:·6b61·6765·730a·2020·2020·290a·2020·2d20··kages.····).··-·0003b9a0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>
0003b9b0:·616e·7369·626c·655f·6469·7374·7269·6275··ansible_distribu0003b9b0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003b9c0:·7469·6f6e·2069·6e20·5b20·2246·6564·6f72··tion·in·[·"Fedor0003b9c0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003b9d0:·6122·2c20·2252·6564·4861·7422·2c20·2243··a",·"RedHat",·"C0003b9d0:·7073·6522·2069·643d·2269·646d·3831·3136··pse"·id="idm8116
0003b9e0:·656e·744f·5322·2c20·224f·7261·636c·654c··entOS",·"OracleL0003b9e0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003b9f0:·696e·7578·2220·5d0a·2020·7461·6773·3a0a··inux"·].··tags:.0003b9f0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
0003ba00:·2020·2d20·4343·452d·3930·3834·312d·380a····-·CCE-90841-8.0003ba00:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
0003ba10:·2020·2d20·434a·4953·2d35·2e31·302e·342e····-·CJIS-5.10.4.0003ba10:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
0003ba20:·310a·2020·2d20·4e49·5354·2d38·3030·2d31··1.··-·NIST-800-10003ba20:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
0003ba30:·3731·2d33·2e33·2e38·0a20·202d·204e·4953··71-3.3.8.··-·NIS0003ba30:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
0003ba40:·542d·3830·302d·3137·312d·332e·342e·310a··T-800-171-3.4.1.0003ba40:·6869·6768·3c2f·7464·3e3c·2f74·723e·3c74··high</td></tr><t
0003ba50:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003ba50:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003ba60:·4155·2d39·2833·290a·2020·2d20·4e49·5354··AU-9(3).··-·NIST0003ba60:·3a3c·2f74·683e·3c74·643e·6d65·6469·756d··:</th><td>medium
0003ba70:·2d38·3030·2d35·332d·434d·2d36·2863·290a··-800-53-CM-6(c).0003ba70:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003ba80:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003ba80:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
0003ba90:·434d·2d36·2864·290a·2020·2d20·4e49·5354··CM-6(d).··-·NIST0003ba90:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
0003baa0:·2d38·3030·2d35·332d·5349·2d37·0a20·202d··-800-53-SI-7.··-0003baa0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
0003bab0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003bab0:·793a·3c2f·7468·3e3c·7464·3e72·6573·7472··y:</th><td>restr
0003bac0:·3728·3129·0a20·202d·204e·4953·542d·3830··7(1).··-·NIST-800003bac0:·6963·743c·2f74·643e·3c2f·7472·3e3c·2f74··ict</td></tr></t
0003bad0:·302d·3533·2d53·492d·3728·3629·0a20·202d··0-53-SI-7(6).··-0003bad0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
0003bae0:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.0003bae0:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t
0003baf0:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-0003baf0:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts
0003bb00:·3131·2e35·2e32·0a20·202d·2068·6967·685f··11.5.2.··-·high_0003bb00:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts
0003bb10:·636f·6d70·6c65·7869·7479·0a20·202d·2068··complexity.··-·h0003bb10:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a
0003bb20:·6967·685f·7365·7665·7269·7479·0a20·202d··igh_severity.··-0003bb20:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-·
0003bb30:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti0003bb30:·4343·452d·3930·3834·312d·380a·2020·2d20··CCE-90841-8.··-·
0003bb40:·6f6e·0a20·202d·206e·6f5f·7265·626f·6f74··on.··-·no_reboot0003bb40:·434a·4953·2d35·2e31·302e·342e·310a·2020··CJIS-5.10.4.1.··
0003bb50:·5f6e·6565·6465·640a·2020·2d20·7265·7374··_needed.··-·rest0003bb50:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003bb60:·7269·6374·5f73·7472·6174·6567·790a·2020··rict_strategy.··0003bb60:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-80
0003bb70:·2d20·7270·6d5f·7665·7269·6679·5f68·6173··-·rpm_verify_has0003bb70:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·
0003bb80:·6865·730a·0a2d·206e·616d·653a·2027·5365··hes..-·name:·'Se0003bb80:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-9
0003bb90:·7420·6661·6374·3a20·5061·636b·6167·6520··t·fact:·Package·0003bb90:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-800
0003bba0:·6d61·6e61·6765·7220·7265·696e·7374·616c··manager·reinstal0003bba0:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·
0003bbb0:·6c20·636f·6d6d·616e·6420·287a·7970·7065··l·command·(zyppe0003bbb0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
0003bbc0:·7229·270a·2020·7365·745f·6661·6374·3a0a··r)'.··set_fact:.0003bbc0:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-800
0003bbd0:·2020·2020·7061·636b·6167·655f·6d61·6e61······package_mana0003bbd0:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS
0003bbe0:·6765·725f·7265·696e·7374·616c·6c5f·636d··ger_reinstall_cm0003bbe0:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)
0003bbf0:·643a·207a·7970·7065·7220·696e·202d·6620··d:·zypper·in·-f·0003bbf0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bc00:·2d79·0a20·2077·6865·6e3a·0a20·202d·206e··-y.··when:.··-·n0003bc00:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI
0003bc10:·6f74·2028·2022·6b65·726e·656c·2220·696e··ot·(·"kernel"·in0003bc10:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··
0003bc20:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003bc20:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.5
0003bc30:·6163·6b61·6765·7320·616e·6420·2272·706d··ackages·and·"rpm0003bc30:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp
0003bc40:·2d6f·7374·7265·6522·2069·6e20·616e·7369··-ostree"·in·ansi0003bc40:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_
0003bc50:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003bc50:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med
0003bc60:·6573·0a20·2020·2061·6e64·2022·626f·6f74··es.····and·"boot0003bc60:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·
0003bc70:·6322·2069·6e20·616e·7369·626c·655f·6661··c"·in·ansible_fa0003bc70:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee
0003bc80:·6374·732e·7061·636b·6167·6573·2061·6e64··cts.packages·and0003bc80:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict
0003bc90:·206e·6f74·2022·6f70·656e·7368·6966·742d···not·"openshift-0003bc90:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp
0003bca0:·6b75·6265·6c65·7422·2069·6e20·616e·7369··kubelet"·in·ansi0003bca0:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.
0003bcb0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003bcb0:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa
Max diff block lines reached; 6832426/6888206 bytes (99.19%) of diff not shown.
712 KB
html2text {}
    
Offset 104, 14 lines modifiedOffset 104, 33 lines modified
104 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6104 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
105 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4105 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
106 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)106 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
107 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1107 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
108 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5108 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
109 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227109 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
110 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2110 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 111 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 112 #·Remediation·is·applicable·only·in·certain·platforms
 113 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 114 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 115 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 116 if·[·-n·"$files_with_incorrect_hash"·];·then
 117 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 118 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 119 ····dnf·reinstall·-y·$packages_to_reinstall
  
 120 fi
  
 121 else
 122 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 123 fi
111 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8124 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
112 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high125 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
113 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium126 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
114 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false127 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
115 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict128 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
116 -·name:·Gather·the·package·facts129 -·name:·Gather·the·package·facts
117 ··package_facts:130 ··package_facts:
Offset 284, 33 lines modifiedOffset 303, 14 lines modified
284 ··-·PCI-DSSv4-11.5.2303 ··-·PCI-DSSv4-11.5.2
285 ··-·high_complexity304 ··-·high_complexity
286 ··-·high_severity305 ··-·high_severity
287 ··-·medium_disruption306 ··-·medium_disruption
288 ··-·no_reboot_needed307 ··-·no_reboot_needed
289 ··-·restrict_strategy308 ··-·restrict_strategy
290 ··-·rpm_verify_hashes309 ··-·rpm_verify_hashes
291 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
292 #·Remediation·is·applicable·only·in·certain·platforms 
293 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
294 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
295 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
296 if·[·-n·"$files_with_incorrect_hash"·];·then 
297 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
298 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
299 ····dnf·reinstall·-y·$packages_to_reinstall 
  
300 fi 
  
301 else 
302 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
303 fi 
304 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*310 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
305 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:311 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
306 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'312 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
307 run·the·following·command·to·determine·which·package·owns·it:313 run·the·following·command·to·determine·which·package·owns·it:
308 $·rpm·-qf·FILENAME314 $·rpm·-qf·FILENAME
309 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:315 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
310 $·sudo·rpm·--restore·PACKAGENAME316 $·sudo·rpm·--restore·PACKAGENAME
Offset 330, 14 lines modifiedOffset 330, 46 lines modified
330 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5330 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
331 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2331 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
332 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)332 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
333 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1333 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
334 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5334 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
335 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108335 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
336 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2336 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 337 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 338 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 339 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 340 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 341 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 342 #·Remediation·is·applicable·only·in·certain·platforms
 343 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 344 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 345 declare·-A·SETPERMS_RPM_DICT
  
 346 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 347 #·is·expected·by·the·RPM·database
 348 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 349 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 350 do
 351 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 352 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 353 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 354 done
  
 355 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 356 #·correct·values
 357 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 358 do
 359 ········rpm·--restore·"${RPM_PACKAGE}"
 360 done
  
 361 else
 362 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 363 fi
337 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8364 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
338 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high365 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
339 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium366 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
340 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false367 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
341 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict368 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
342 -·name:·Gather·the·package·facts369 -·name:·Gather·the·package·facts
343 ··package_facts:370 ··package_facts:
Offset 449, 46 lines modifiedOffset 481, 14 lines modified
449 ··-·PCI-DSSv4-11.5.2481 ··-·PCI-DSSv4-11.5.2
450 ··-·high_complexity482 ··-·high_complexity
451 ··-·high_severity483 ··-·high_severity
452 ··-·medium_disruption484 ··-·medium_disruption
453 ··-·no_reboot_needed485 ··-·no_reboot_needed
454 ··-·restrict_strategy486 ··-·restrict_strategy
455 ··-·rpm_verify_ownership487 ··-·rpm_verify_ownership
456 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
457 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
458 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
459 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
460 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 720913/728638 bytes (98.94%) of diff not shown.
17.8 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-hipaa.html
    
Offset 15204, 414 lines modifiedOffset 15204, 414 lines modified
0003b630:·7461·7267·6574·3d22·2369·646d·3831·3135··target="#idm81150003b630:·7461·7267·6574·3d22·2369·646d·3831·3135··target="#idm8115
0003b640:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003b640:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003b650:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003b650:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003b660:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003b660:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003b670:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003b670:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003b680:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003b680:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
Diff chunk too large, falling back to line-by-line diff (400 lines added, 400 lines removed)
0003b690:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003b690:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
0003b6a0:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip0003b6a0:·696f·6e20·5368·656c·6c20·7363·7269·7074··ion·Shell·script
0003b6b0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><0003b6b0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003b6c0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel0003b6c0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003b6d0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap0003b6d0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003b6e0:·7365·2220·6964·3d22·6964·6d38·3131·3522··se"·id="idm8115"0003b6e0:·2069·643d·2269·646d·3831·3135·223e·3c70···id="idm8115"><p
0003b6f0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t0003b6f0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
0003b700:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip0003b700:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
0003b710:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere0003b710:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
0003b720:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense0003b720:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
0003b730:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl0003b730:·6620·2120·2820·7b20·7270·6d20·2d2d·7175··f·!·(·{·rpm·--qu
0003b740:·6578·6974·793a·3c2f·7468·3e3c·7464·3e68··exity:</th><td>h0003b740:·6965·7420·2d71·206b·6572·6e65·6c20·3b7d··iet·-q·kernel·;}
0003b750:·6967·683c·2f74·643e·3c2f·7472·3e3c·7472··igh</td></tr><tr0003b750:·2026·616d·703b·2661·6d70·3b20·7b20·7270···&amp;&amp;·{·rp
0003b760:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:0003b760:·6d20·2d2d·7175·6965·7420·2d71·2072·706d··m·--quiet·-q·rpm
0003b770:·3c2f·7468·3e3c·7464·3e6d·6564·6975·6d3c··</th><td>medium<0003b770:·2d6f·7374·7265·6520·3b7d·2026·616d·703b··-ostree·;}·&amp;
0003b780:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b780:·2661·6d70·3b20·7b20·7270·6d20·2d2d·7175··&amp;·{·rpm·--qu
0003b790:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td0003b790:·6965·7420·2d71·2062·6f6f·7463·203b·7d20··iet·-q·bootc·;}·
0003b7a0:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>0003b7a0:·2661·6d70·3b26·616d·703b·207b·2021·2072··&amp;&amp;·{·!·r
0003b7b0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy0003b7b0:·706d·202d·2d71·7569·6574·202d·7120·6f70··pm·--quiet·-q·op
0003b7c0:·3a3c·2f74·683e·3c74·643e·7265·7374·7269··:</th><td>restri0003b7c0:·656e·7368·6966·742d·6b75·6265·6c65·7420··enshift-kubelet·
0003b7d0:·6374·3c2f·7464·3e3c·2f74·723e·3c2f·7461··ct</td></tr></ta0003b7d0:·3b7d·2029·3b20·7468·656e·0a0a·2320·4669··;}·);·then..#·Fi
0003b7e0:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-0003b7e0:·6e64·2077·6869·6368·2066·696c·6573·2068··nd·which·files·h
0003b7f0:·206e·616d·653a·2047·6174·6865·7220·7468···name:·Gather·th0003b7f0:·6176·6520·696e·636f·7272·6563·7420·6861··ave·incorrect·ha
0003b800:·6520·7061·636b·6167·6520·6661·6374·730a··e·package·facts.0003b800:·7368·2028·6e6f·7420·696e·202f·6574·632c··sh·(not·in·/etc,
0003b810:·2020·7061·636b·6167·655f·6661·6374·733a····package_facts:0003b810:·2062·6563·6175·7365·206f·6620·7468·6520···because·of·the·
0003b820:·0a20·2020·206d·616e·6167·6572·3a20·6175··.····manager:·au0003b820:·7379·7374·656d·2072·656c·6174·6564·2063··system·related·c
0003b830:·746f·0a20·2074·6167·733a·0a20·202d·2043··to.··tags:.··-·C0003b830:·6f6e·6669·6720·6669·6c65·7329·2061·6e64··onfig·files)·and
0003b840:·4345·2d39·3038·3431·2d38·0a20·202d·2043··CE-90841-8.··-·C0003b840:·2074·6865·6e20·6765·7420·6669·6c65·7320···then·get·files·
0003b850:·4a49·532d·352e·3130·2e34·2e31·0a20·202d··JIS-5.10.4.1.··-0003b850:·6e61·6d65·730a·6669·6c65·735f·7769·7468··names.files_with
0003b860:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003b860:·5f69·6e63·6f72·7265·6374·5f68·6173·683d··_incorrect_hash=
0003b870:·332e·380a·2020·2d20·4e49·5354·2d38·3030··3.8.··-·NIST-8000003b870:·2224·2872·706d·202d·5661·202d·2d6e·6f63··"$(rpm·-Va·--noc
0003b880:·2d31·3731·2d33·2e34·2e31·0a20·202d·204e··-171-3.4.1.··-·N0003b880:·6f6e·6669·6720·7c20·6772·6570·202d·4520··onfig·|·grep·-E·
0003b890:·4953·542d·3830·302d·3533·2d41·552d·3928··IST-800-53-AU-9(0003b890:·275e·2e2e·3527·207c·2061·776b·2027·7b70··'^..5'·|·awk·'{p
0003b8a0:·3329·0a20·202d·204e·4953·542d·3830·302d··3).··-·NIST-800-0003b8a0:·7269·6e74·2024·4e46·7d27·2029·220a·0a69··rint·$NF}'·)"..i
0003b8b0:·3533·2d43·4d2d·3628·6329·0a20·202d·204e··53-CM-6(c).··-·N0003b8b0:·6620·5b20·2d6e·2022·2466·696c·6573·5f77··f·[·-n·"$files_w
0003b8c0:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003b8c0:·6974·685f·696e·636f·7272·6563·745f·6861··ith_incorrect_ha
0003b8d0:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-0003b8d0:·7368·2220·5d3b·2074·6865·6e0a·2020·2020··sh"·];·then.····
0003b8e0:·3533·2d53·492d·370a·2020·2d20·4e49·5354··53-SI-7.··-·NIST0003b8e0:·2320·4672·6f6d·2066·696c·6573·206e·616d··#·From·files·nam
0003b8f0:·2d38·3030·2d35·332d·5349·2d37·2831·290a··-800-53-SI-7(1).0003b8f0:·6573·2067·6574·2070·6163·6b61·6765·206e··es·get·package·n
0003b900:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b900:·616d·6573·2061·6e64·2063·6861·6e67·6520··ames·and·change·
0003b910:·5349·2d37·2836·290a·2020·2d20·5043·492d··SI-7(6).··-·PCI-0003b910:·6e65·776c·696e·6520·746f·2073·7061·6365··newline·to·space
0003b920:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··-0003b920:·2c20·6265·6361·7573·6520·7270·6d20·7772··,·because·rpm·wr
0003b930:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5.0003b930:·6974·6573·2065·6163·6820·7061·636b·6167··ites·each·packag
0003b940:·320a·2020·2d20·6869·6768·5f63·6f6d·706c··2.··-·high_compl0003b940:·6520·746f·206e·6577·206c·696e·650a·2020··e·to·new·line.··
0003b950:·6578·6974·790a·2020·2d20·6869·6768·5f73··exity.··-·high_s0003b950:·2020·7061·636b·6167·6573·5f74·6f5f·7265····packages_to_re
0003b960:·6576·6572·6974·790a·2020·2d20·6d65·6469··everity.··-·medi0003b960:·696e·7374·616c·6c3d·2224·2872·706d·202d··install="$(rpm·-
0003b970:·756d·5f64·6973·7275·7074·696f·6e0a·2020··um_disruption.··0003b970:·7166·2024·6669·6c65·735f·7769·7468·5f69··qf·$files_with_i
0003b980:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need0003b980:·6e63·6f72·7265·6374·5f68·6173·6820·7c20··ncorrect_hash·|·
0003b990:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_0003b990:·7472·2027·5c6e·2720·2720·2729·220a·0a20··tr·'\n'·'·')"..·
0003b9a0:·7374·7261·7465·6779·0a20·202d·2072·706d··strategy.··-·rpm0003b9a0:·2020·200a·2020·2020·646e·6620·7265·696e·····.····dnf·rein
0003b9b0:·5f76·6572·6966·795f·6861·7368·6573·0a0a··_verify_hashes..0003b9b0:·7374·616c·6c20·2d79·2024·7061·636b·6167··stall·-y·$packag
0003b9c0:·2d20·6e61·6d65·3a20·2753·6574·2066·6163··-·name:·'Set·fac0003b9c0:·6573·5f74·6f5f·7265·696e·7374·616c·6c0a··es_to_reinstall.
0003b9d0:·743a·2050·6163·6b61·6765·206d·616e·6167··t:·Package·manag0003b9d0:·2020·2020·0a66·690a·0a65·6c73·650a·2020······.fi..else.··
0003b9e0:·6572·2072·6569·6e73·7461·6c6c·2063·6f6d··er·reinstall·com0003b9e0:·2020·2667·743b·2661·6d70·3b32·2065·6368····&gt;&amp;2·ech
0003b9f0:·6d61·6e64·270a·2020·7365·745f·6661·6374··mand'.··set_fact0003b9f0:·6f20·2752·656d·6564·6961·7469·6f6e·2069··o·'Remediation·i
0003ba00:·3a0a·2020·2020·7061·636b·6167·655f·6d61··:.····package_ma0003ba00:·7320·6e6f·7420·6170·706c·6963·6162·6c65··s·not·applicable
0003ba10:·6e61·6765·725f·7265·696e·7374·616c·6c5f··nager_reinstall_0003ba10:·2c20·6e6f·7468·696e·6720·7761·7320·646f··,·nothing·was·do
0003ba20:·636d·643a·2064·6e66·2072·6569·6e73·7461··cmd:·dnf·reinsta0003ba20:·6e65·270a·6669·0a3c·2f63·6f64·653e·3c2f··ne'.fi.</code></
0003ba30:·6c6c·202d·790a·2020·7768·656e·3a0a·2020··ll·-y.··when:.··0003ba30:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
0003ba40:·2d20·6e6f·7420·2820·226b·6572·6e65·6c22··-·not·(·"kernel"0003ba40:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
0003ba50:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003ba50:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
0003ba60:·732e·7061·636b·6167·6573·2061·6e64·2022··s.packages·and·"0003ba60:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
0003ba70:·7270·6d2d·6f73·7472·6565·2220·696e·2061··rpm-ostree"·in·a0003ba70:·2d74·6172·6765·743d·2223·6964·6d38·3131··-target="#idm811
0003ba80:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003ba80:·3622·2074·6162·696e·6465·783d·2230·2220··6"·tabindex="0"·
0003ba90:·6b61·6765·730a·2020·2020·616e·6420·2262··kages.····and·"b0003ba90:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003baa0:·6f6f·7463·2220·696e·2061·6e73·6962·6c65··ootc"·in·ansible0003baa0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003bab0:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003bab0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003bac0:·616e·6420·6e6f·7420·226f·7065·6e73·6869··and·not·"openshi0003bac0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003bad0:·6674·2d6b·7562·656c·6574·2220·696e·2061··ft-kubelet"·in·a0003bad0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003bae0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003bae0:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni
0003baf0:·6b61·6765·730a·2020·2020·290a·2020·2d20··kages.····).··-·0003baf0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>
0003bb00:·616e·7369·626c·655f·6469·7374·7269·6275··ansible_distribu0003bb00:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003bb10:·7469·6f6e·2069·6e20·5b20·2246·6564·6f72··tion·in·[·"Fedor0003bb10:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003bb20:·6122·2c20·2252·6564·4861·7422·2c20·2243··a",·"RedHat",·"C0003bb20:·7073·6522·2069·643d·2269·646d·3831·3136··pse"·id="idm8116
0003bb30:·656e·744f·5322·2c20·224f·7261·636c·654c··entOS",·"OracleL0003bb30:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003bb40:·696e·7578·2220·5d0a·2020·7461·6773·3a0a··inux"·].··tags:.0003bb40:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
0003bb50:·2020·2d20·4343·452d·3930·3834·312d·380a····-·CCE-90841-8.0003bb50:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
0003bb60:·2020·2d20·434a·4953·2d35·2e31·302e·342e····-·CJIS-5.10.4.0003bb60:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
0003bb70:·310a·2020·2d20·4e49·5354·2d38·3030·2d31··1.··-·NIST-800-10003bb70:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
0003bb80:·3731·2d33·2e33·2e38·0a20·202d·204e·4953··71-3.3.8.··-·NIS0003bb80:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
0003bb90:·542d·3830·302d·3137·312d·332e·342e·310a··T-800-171-3.4.1.0003bb90:·6869·6768·3c2f·7464·3e3c·2f74·723e·3c74··high</td></tr><t
0003bba0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003bba0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003bbb0:·4155·2d39·2833·290a·2020·2d20·4e49·5354··AU-9(3).··-·NIST0003bbb0:·3a3c·2f74·683e·3c74·643e·6d65·6469·756d··:</th><td>medium
0003bbc0:·2d38·3030·2d35·332d·434d·2d36·2863·290a··-800-53-CM-6(c).0003bbc0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003bbd0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003bbd0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
0003bbe0:·434d·2d36·2864·290a·2020·2d20·4e49·5354··CM-6(d).··-·NIST0003bbe0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
0003bbf0:·2d38·3030·2d35·332d·5349·2d37·0a20·202d··-800-53-SI-7.··-0003bbf0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
0003bc00:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003bc00:·793a·3c2f·7468·3e3c·7464·3e72·6573·7472··y:</th><td>restr
0003bc10:·3728·3129·0a20·202d·204e·4953·542d·3830··7(1).··-·NIST-800003bc10:·6963·743c·2f74·643e·3c2f·7472·3e3c·2f74··ict</td></tr></t
0003bc20:·302d·3533·2d53·492d·3728·3629·0a20·202d··0-53-SI-7(6).··-0003bc20:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
0003bc30:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.0003bc30:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t
0003bc40:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-0003bc40:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts
0003bc50:·3131·2e35·2e32·0a20·202d·2068·6967·685f··11.5.2.··-·high_0003bc50:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts
0003bc60:·636f·6d70·6c65·7869·7479·0a20·202d·2068··complexity.··-·h0003bc60:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a
0003bc70:·6967·685f·7365·7665·7269·7479·0a20·202d··igh_severity.··-0003bc70:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-·
0003bc80:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti0003bc80:·4343·452d·3930·3834·312d·380a·2020·2d20··CCE-90841-8.··-·
0003bc90:·6f6e·0a20·202d·206e·6f5f·7265·626f·6f74··on.··-·no_reboot0003bc90:·434a·4953·2d35·2e31·302e·342e·310a·2020··CJIS-5.10.4.1.··
0003bca0:·5f6e·6565·6465·640a·2020·2d20·7265·7374··_needed.··-·rest0003bca0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003bcb0:·7269·6374·5f73·7472·6174·6567·790a·2020··rict_strategy.··0003bcb0:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-80
0003bcc0:·2d20·7270·6d5f·7665·7269·6679·5f68·6173··-·rpm_verify_has0003bcc0:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·
0003bcd0:·6865·730a·0a2d·206e·616d·653a·2027·5365··hes..-·name:·'Se0003bcd0:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-9
0003bce0:·7420·6661·6374·3a20·5061·636b·6167·6520··t·fact:·Package·0003bce0:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-800
0003bcf0:·6d61·6e61·6765·7220·7265·696e·7374·616c··manager·reinstal0003bcf0:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·
0003bd00:·6c20·636f·6d6d·616e·6420·287a·7970·7065··l·command·(zyppe0003bd00:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
0003bd10:·7229·270a·2020·7365·745f·6661·6374·3a0a··r)'.··set_fact:.0003bd10:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-800
0003bd20:·2020·2020·7061·636b·6167·655f·6d61·6e61······package_mana0003bd20:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS
0003bd30:·6765·725f·7265·696e·7374·616c·6c5f·636d··ger_reinstall_cm0003bd30:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)
0003bd40:·643a·207a·7970·7065·7220·696e·202d·6620··d:·zypper·in·-f·0003bd40:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bd50:·2d79·0a20·2077·6865·6e3a·0a20·202d·206e··-y.··when:.··-·n0003bd50:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI
0003bd60:·6f74·2028·2022·6b65·726e·656c·2220·696e··ot·(·"kernel"·in0003bd60:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··
0003bd70:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003bd70:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.5
0003bd80:·6163·6b61·6765·7320·616e·6420·2272·706d··ackages·and·"rpm0003bd80:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp
0003bd90:·2d6f·7374·7265·6522·2069·6e20·616e·7369··-ostree"·in·ansi0003bd90:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_
0003bda0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003bda0:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med
0003bdb0:·6573·0a20·2020·2061·6e64·2022·626f·6f74··es.····and·"boot0003bdb0:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·
0003bdc0:·6322·2069·6e20·616e·7369·626c·655f·6661··c"·in·ansible_fa0003bdc0:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee
0003bdd0:·6374·732e·7061·636b·6167·6573·2061·6e64··cts.packages·and0003bdd0:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict
0003bde0:·206e·6f74·2022·6f70·656e·7368·6966·742d···not·"openshift-0003bde0:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp
0003bdf0:·6b75·6265·6c65·7422·2069·6e20·616e·7369··kubelet"·in·ansi0003bdf0:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.
0003be00:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003be00:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa
Max diff block lines reached; 17356790/17412570 bytes (99.68%) of diff not shown.
1.23 MB
html2text {}
    
Offset 109, 14 lines modifiedOffset 109, 33 lines modified
109 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6109 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
110 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4110 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
111 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)111 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
112 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1112 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
113 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5113 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
114 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227114 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
115 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2115 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 116 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 117 #·Remediation·is·applicable·only·in·certain·platforms
 118 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 119 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 120 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 121 if·[·-n·"$files_with_incorrect_hash"·];·then
 122 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 123 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 124 ····dnf·reinstall·-y·$packages_to_reinstall
  
 125 fi
  
 126 else
 127 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 128 fi
116 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8129 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
117 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high130 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
118 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium131 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
119 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false132 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
120 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict133 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
121 -·name:·Gather·the·package·facts134 -·name:·Gather·the·package·facts
122 ··package_facts:135 ··package_facts:
Offset 289, 33 lines modifiedOffset 308, 14 lines modified
289 ··-·PCI-DSSv4-11.5.2308 ··-·PCI-DSSv4-11.5.2
290 ··-·high_complexity309 ··-·high_complexity
291 ··-·high_severity310 ··-·high_severity
292 ··-·medium_disruption311 ··-·medium_disruption
293 ··-·no_reboot_needed312 ··-·no_reboot_needed
294 ··-·restrict_strategy313 ··-·restrict_strategy
295 ··-·rpm_verify_hashes314 ··-·rpm_verify_hashes
296 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
297 #·Remediation·is·applicable·only·in·certain·platforms 
298 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
299 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
300 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
301 if·[·-n·"$files_with_incorrect_hash"·];·then 
302 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
303 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
304 ····dnf·reinstall·-y·$packages_to_reinstall 
  
305 fi 
  
306 else 
307 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
308 fi 
309 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*315 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
310 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:316 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
311 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'317 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
312 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:318 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
313 $·rpm·-qf·FILENAME319 $·rpm·-qf·FILENAME
  
314 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:320 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 337, 14 lines modifiedOffset 337, 50 lines modified
337 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5337 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
338 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2338 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
339 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)339 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
340 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1340 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
341 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5341 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
342 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108342 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
343 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2343 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 344 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 345 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 346 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 347 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 348 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 349 #·Remediation·is·applicable·only·in·certain·platforms
 350 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 351 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 352 declare·-A·SETPERMS_RPM_DICT
  
 353 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 354 #·is·expected·by·the·RPM·database
 355 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 356 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 357 do
 358 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 359 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 360 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 361 ········do
 362 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 363 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 364 ········done
 365 done
  
 366 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 367 #·correct·values
 368 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 369 do
 370 »       rpm·--restore·"${RPM_PACKAGE}"
 371 done
  
 372 else
 373 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 374 fi
344 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8375 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
345 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high376 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
346 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium377 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
347 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false378 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
348 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict379 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
349 -·name:·Gather·the·package·facts380 -·name:·Gather·the·package·facts
350 ··package_facts:381 ··package_facts:
Offset 460, 50 lines modifiedOffset 496, 14 lines modified
460 ··-·PCI-DSSv4-11.5.2496 ··-·PCI-DSSv4-11.5.2
461 ··-·high_complexity497 ··-·high_complexity
462 ··-·high_severity498 ··-·high_severity
463 ··-·medium_disruption499 ··-·medium_disruption
464 ··-·no_reboot_needed500 ··-·no_reboot_needed
465 ··-·restrict_strategy501 ··-·restrict_strategy
466 ··-·rpm_verify_permissions502 ··-·rpm_verify_permissions
467 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 1282248/1290346 bytes (99.37%) of diff not shown.
10.8 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-ism_o.html
    
Offset 15217, 414 lines modifiedOffset 15217, 414 lines modified
0003b700:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003b700:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003b710:·6d38·3131·3522·2074·6162·696e·6465·783d··m8115"·tabindex=0003b710:·6d38·3131·3522·2074·6162·696e·6465·783d··m8115"·tabindex=
0003b720:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003b720:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003b730:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003b730:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003b740:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003b740:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003b750:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003b750:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
Diff chunk too large, falling back to line-by-line diff (400 lines added, 400 lines removed)
0003b760:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003b760:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
0003b770:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible0003b770:·6564·6961·7469·6f6e·2053·6865·6c6c·2073··ediation·Shell·s
0003b780:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>0003b780:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br
0003b790:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="0003b790:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003b7a0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c0003b7a0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003b7b0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm0003b7b0:·6170·7365·2220·6964·3d22·6964·6d38·3131··apse"·id="idm811
0003b7c0:·3831·3135·223e·3c74·6162·6c65·2063·6c61··8115"><table·cla0003b7c0:·3522·3e3c·7072·653e·3c63·6f64·653e·2320··5"><pre><code>#·
0003b7d0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-0003b7d0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
0003b7e0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo0003b7e0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
0003b7f0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con0003b7f0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
0003b800:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>0003b800:·726d·730a·6966·2021·2028·207b·2072·706d··rms.if·!·(·{·rpm
0003b810:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>0003b810:·202d·2d71·7569·6574·202d·7120·6b65·726e···--quiet·-q·kern
0003b820:·3c74·643e·6869·6768·3c2f·7464·3e3c·2f74··<td>high</td></t0003b820:·656c·203b·7d20·2661·6d70·3b26·616d·703b··el·;}·&amp;&amp;
0003b830:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup0003b830:·207b·2072·706d·202d·2d71·7569·6574·202d···{·rpm·--quiet·-
0003b840:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6d65··tion:</th><td>me0003b840:·7120·7270·6d2d·6f73·7472·6565·203b·7d20··q·rpm-ostree·;}·
0003b850:·6469·756d·3c2f·7464·3e3c·2f74·723e·3c74··dium</td></tr><t0003b850:·2661·6d70·3b26·616d·703b·207b·2072·706d··&amp;&amp;·{·rpm
0003b860:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t0003b860:·202d·2d71·7569·6574·202d·7120·626f·6f74···--quiet·-q·boot
0003b870:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>0003b870:·6320·3b7d·2026·616d·703b·2661·6d70·3b20··c·;}·&amp;&amp;·
0003b880:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str0003b880:·7b20·2120·7270·6d20·2d2d·7175·6965·7420··{·!·rpm·--quiet·
0003b890:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r0003b890:·2d71·206f·7065·6e73·6869·6674·2d6b·7562··-q·openshift-kub
0003b8a0:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr0003b8a0:·656c·6574·203b·7d20·293b·2074·6865·6e0a··elet·;}·);·then.
0003b8b0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c0003b8b0:·0a23·2046·696e·6420·7768·6963·6820·6669··.#·Find·which·fi
0003b8c0:·6f64·653e·2d20·6e61·6d65·3a20·4761·7468··ode>-·name:·Gath0003b8c0:·6c65·7320·6861·7665·2069·6e63·6f72·7265··les·have·incorre
0003b8d0:·6572·2074·6865·2070·6163·6b61·6765·2066··er·the·package·f0003b8d0:·6374·2068·6173·6820·286e·6f74·2069·6e20··ct·hash·(not·in·
0003b8e0:·6163·7473·0a20·2070·6163·6b61·6765·5f66··acts.··package_f0003b8e0:·2f65·7463·2c20·6265·6361·7573·6520·6f66··/etc,·because·of
0003b8f0:·6163·7473·3a0a·2020·2020·6d61·6e61·6765··acts:.····manage0003b8f0:·2074·6865·2073·7973·7465·6d20·7265·6c61···the·system·rela
0003b900:·723a·2061·7574·6f0a·2020·7461·6773·3a0a··r:·auto.··tags:.0003b900:·7465·6420·636f·6e66·6967·2066·696c·6573··ted·config·files
0003b910:·2020·2d20·4343·452d·3930·3834·312d·380a····-·CCE-90841-8.0003b910:·2920·616e·6420·7468·656e·2067·6574·2066··)·and·then·get·f
0003b920:·2020·2d20·434a·4953·2d35·2e31·302e·342e····-·CJIS-5.10.4.0003b920:·696c·6573·206e·616d·6573·0a66·696c·6573··iles·names.files
0003b930:·310a·2020·2d20·4e49·5354·2d38·3030·2d31··1.··-·NIST-800-10003b930:·5f77·6974·685f·696e·636f·7272·6563·745f··_with_incorrect_
0003b940:·3731·2d33·2e33·2e38·0a20·202d·204e·4953··71-3.3.8.··-·NIS0003b940:·6861·7368·3d22·2428·7270·6d20·2d56·6120··hash="$(rpm·-Va·
0003b950:·542d·3830·302d·3137·312d·332e·342e·310a··T-800-171-3.4.1.0003b950:·2d2d·6e6f·636f·6e66·6967·207c·2067·7265··--noconfig·|·gre
0003b960:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b960:·7020·2d45·2027·5e2e·2e35·2720·7c20·6177··p·-E·'^..5'·|·aw
0003b970:·4155·2d39·2833·290a·2020·2d20·4e49·5354··AU-9(3).··-·NIST0003b970:·6b20·277b·7072·696e·7420·244e·467d·2720··k·'{print·$NF}'·
0003b980:·2d38·3030·2d35·332d·434d·2d36·2863·290a··-800-53-CM-6(c).0003b980:·2922·0a0a·6966·205b·202d·6e20·2224·6669··)"..if·[·-n·"$fi
0003b990:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b990:·6c65·735f·7769·7468·5f69·6e63·6f72·7265··les_with_incorre
0003b9a0:·434d·2d36·2864·290a·2020·2d20·4e49·5354··CM-6(d).··-·NIST0003b9a0:·6374·5f68·6173·6822·205d·3b20·7468·656e··ct_hash"·];·then
0003b9b0:·2d38·3030·2d35·332d·5349·2d37·0a20·202d··-800-53-SI-7.··-0003b9b0:·0a20·2020·2023·2046·726f·6d20·6669·6c65··.····#·From·file
0003b9c0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003b9c0:·7320·6e61·6d65·7320·6765·7420·7061·636b··s·names·get·pack
0003b9d0:·3728·3129·0a20·202d·204e·4953·542d·3830··7(1).··-·NIST-800003b9d0:·6167·6520·6e61·6d65·7320·616e·6420·6368··age·names·and·ch
0003b9e0:·302d·3533·2d53·492d·3728·3629·0a20·202d··0-53-SI-7(6).··-0003b9e0:·616e·6765·206e·6577·6c69·6e65·2074·6f20··ange·newline·to·
0003b9f0:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.0003b9f0:·7370·6163·652c·2062·6563·6175·7365·2072··space,·because·r
0003ba00:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-0003ba00:·706d·2077·7269·7465·7320·6561·6368·2070··pm·writes·each·p
0003ba10:·3131·2e35·2e32·0a20·202d·2068·6967·685f··11.5.2.··-·high_0003ba10:·6163·6b61·6765·2074·6f20·6e65·7720·6c69··ackage·to·new·li
0003ba20:·636f·6d70·6c65·7869·7479·0a20·202d·2068··complexity.··-·h0003ba20:·6e65·0a20·2020·2070·6163·6b61·6765·735f··ne.····packages_
0003ba30:·6967·685f·7365·7665·7269·7479·0a20·202d··igh_severity.··-0003ba30:·746f·5f72·6569·6e73·7461·6c6c·3d22·2428··to_reinstall="$(
0003ba40:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti0003ba40:·7270·6d20·2d71·6620·2466·696c·6573·5f77··rpm·-qf·$files_w
0003ba50:·6f6e·0a20·202d·206e·6f5f·7265·626f·6f74··on.··-·no_reboot0003ba50:·6974·685f·696e·636f·7272·6563·745f·6861··ith_incorrect_ha
0003ba60:·5f6e·6565·6465·640a·2020·2d20·7265·7374··_needed.··-·rest0003ba60:·7368·207c·2074·7220·275c·6e27·2027·2027··sh·|·tr·'\n'·'·'
0003ba70:·7269·6374·5f73·7472·6174·6567·790a·2020··rict_strategy.··0003ba70:·2922·0a0a·2020·2020·0a20·2020·2064·6e66··)"..····.····dnf
0003ba80:·2d20·7270·6d5f·7665·7269·6679·5f68·6173··-·rpm_verify_has0003ba80:·2072·6569·6e73·7461·6c6c·202d·7920·2470···reinstall·-y·$p
0003ba90:·6865·730a·0a2d·206e·616d·653a·2027·5365··hes..-·name:·'Se0003ba90:·6163·6b61·6765·735f·746f·5f72·6569·6e73··ackages_to_reins
0003baa0:·7420·6661·6374·3a20·5061·636b·6167·6520··t·fact:·Package·0003baa0:·7461·6c6c·0a20·2020·200a·6669·0a0a·656c··tall.····.fi..el
0003bab0:·6d61·6e61·6765·7220·7265·696e·7374·616c··manager·reinstal0003bab0:·7365·0a20·2020·2026·6774·3b26·616d·703b··se.····&gt;&amp;
0003bac0:·6c20·636f·6d6d·616e·6427·0a20·2073·6574··l·command'.··set0003bac0:·3220·6563·686f·2027·5265·6d65·6469·6174··2·echo·'Remediat
0003bad0:·5f66·6163·743a·0a20·2020·2070·6163·6b61··_fact:.····packa0003bad0:·696f·6e20·6973·206e·6f74·2061·7070·6c69··ion·is·not·appli
0003bae0:·6765·5f6d·616e·6167·6572·5f72·6569·6e73··ge_manager_reins0003bae0:·6361·626c·652c·206e·6f74·6869·6e67·2077··cable,·nothing·w
0003baf0:·7461·6c6c·5f63·6d64·3a20·646e·6620·7265··tall_cmd:·dnf·re0003baf0:·6173·2064·6f6e·6527·0a66·690a·3c2f·636f··as·done'.fi.</co
0003bb00:·696e·7374·616c·6c20·2d79·0a20·2077·6865··install·-y.··whe0003bb00:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
0003bb10:·6e3a·0a20·202d·206e·6f74·2028·2022·6b65··n:.··-·not·(·"ke0003bb10:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
0003bb20:·726e·656c·2220·696e·2061·6e73·6962·6c65··rnel"·in·ansible0003bb20:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
0003bb30:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003bb30:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
0003bb40:·616e·6420·2272·706d·2d6f·7374·7265·6522··and·"rpm-ostree"0003bb40:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003bb50:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003bb50:·646d·3831·3136·2220·7461·6269·6e64·6578··dm8116"·tabindex
0003bb60:·732e·7061·636b·6167·6573·0a20·2020·2061··s.packages.····a0003bb60:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003bb70:·6e64·2022·626f·6f74·6322·2069·6e20·616e··nd·"bootc"·in·an0003bb70:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003bb80:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003bb80:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003bb90:·6167·6573·2061·6e64·206e·6f74·2022·6f70··ages·and·not·"op0003bb90:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003bba0:·656e·7368·6966·742d·6b75·6265·6c65·7422··enshift-kubelet"0003bba0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003bbb0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003bbb0:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl
0003bbc0:·732e·7061·636b·6167·6573·0a20·2020·2029··s.packages.····)0003bbc0:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a
0003bbd0:·0a20·202d·2061·6e73·6962·6c65·5f64·6973··.··-·ansible_dis0003bbd0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003bbe0:·7472·6962·7574·696f·6e20·696e·205b·2022··tribution·in·[·"0003bbe0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003bbf0:·4665·646f·7261·222c·2022·5265·6448·6174··Fedora",·"RedHat0003bbf0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003bc00:·222c·2022·4365·6e74·4f53·222c·2022·4f72··",·"CentOS",·"Or0003bc00:·6d38·3131·3622·3e3c·7461·626c·6520·636c··m8116"><table·cl
0003bc10:·6163·6c65·4c69·6e75·7822·205d·0a20·2074··acleLinux"·].··t0003bc10:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
0003bc20:·6167·733a·0a20·202d·2043·4345·2d39·3038··ags:.··-·CCE-9080003bc20:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003bc30:·3431·2d38·0a20·202d·2043·4a49·532d·352e··41-8.··-·CJIS-5.0003bc30:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
0003bc40:·3130·2e34·2e31·0a20·202d·204e·4953·542d··10.4.1.··-·NIST-0003bc40:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
0003bc50:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··0003bc50:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003bc60:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003bc60:·3e3c·7464·3e68·6967·683c·2f74·643e·3c2f··><td>high</td></
0003bc70:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-800003bc70:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
0003bc80:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-0003bc80:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6d··ption:</th><td>m
0003bc90:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-0003bc90:·6564·6975·6d3c·2f74·643e·3c2f·7472·3e3c··edium</td></tr><
0003bca0:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-800003bca0:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</
0003bcb0:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-0003bcb0:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td
0003bcc0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003bcc0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
0003bcd0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-50003bcd0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
0003bce0:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI0003bce0:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t
0003bcf0:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(60003bcf0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
0003bd00:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re0003bd00:·636f·6465·3e2d·206e·616d·653a·2047·6174··code>-·name:·Gat
0003bd10:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D0003bd10:·6865·7220·7468·6520·7061·636b·6167·6520··her·the·package·
0003bd20:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·0003bd20:·6661·6374·730a·2020·7061·636b·6167·655f··facts.··package_
0003bd30:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.0003bd30:·6661·6374·733a·0a20·2020·206d·616e·6167··facts:.····manag
0003bd40:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit0003bd40:·6572·3a20·6175·746f·0a20·2074·6167·733a··er:·auto.··tags:
0003bd50:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis0003bd50:·0a20·202d·2043·4345·2d39·3038·3431·2d38··.··-·CCE-90841-8
0003bd60:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r0003bd60:·0a20·202d·2043·4a49·532d·352e·3130·2e34··.··-·CJIS-5.10.4
0003bd70:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-0003bd70:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-
0003bd80:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate0003bd80:·3137·312d·332e·332e·380a·2020·2d20·4e49··171-3.3.8.··-·NI
0003bd90:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif0003bd90:·5354·2d38·3030·2d31·3731·2d33·2e34·2e31··ST-800-171-3.4.1
0003bda0:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name0003bda0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bdb0:·3a20·2753·6574·2066·6163·743a·2050·6163··:·'Set·fact:·Pac0003bdb0:·2d41·552d·3928·3329·0a20·202d·204e·4953··-AU-9(3).··-·NIS
0003bdc0:·6b61·6765·206d·616e·6167·6572·2072·6569··kage·manager·rei0003bdc0:·542d·3830·302d·3533·2d43·4d2d·3628·6329··T-800-53-CM-6(c)
0003bdd0:·6e73·7461·6c6c·2063·6f6d·6d61·6e64·2028··nstall·command·(0003bdd0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bde0:·7a79·7070·6572·2927·0a20·2073·6574·5f66··zypper)'.··set_f0003bde0:·2d43·4d2d·3628·6429·0a20·202d·204e·4953··-CM-6(d).··-·NIS
0003bdf0:·6163·743a·0a20·2020·2070·6163·6b61·6765··act:.····package0003bdf0:·542d·3830·302d·3533·2d53·492d·370a·2020··T-800-53-SI-7.··
0003be00:·5f6d·616e·6167·6572·5f72·6569·6e73·7461··_manager_reinsta0003be00:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI
0003be10:·6c6c·5f63·6d64·3a20·7a79·7070·6572·2069··ll_cmd:·zypper·i0003be10:·2d37·2831·290a·2020·2d20·4e49·5354·2d38··-7(1).··-·NIST-8
0003be20:·6e20·2d66·202d·790a·2020·7768·656e·3a0a··n·-f·-y.··when:.0003be20:·3030·2d35·332d·5349·2d37·2836·290a·2020··00-53-SI-7(6).··
0003be30:·2020·2d20·6e6f·7420·2820·226b·6572·6e65····-·not·(·"kerne0003be30:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-11
0003be40:·6c22·2069·6e20·616e·7369·626c·655f·6661··l"·in·ansible_fa0003be40:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv4
0003be50:·6374·732e·7061·636b·6167·6573·2061·6e64··cts.packages·and0003be50:·2d31·312e·352e·320a·2020·2d20·6869·6768··-11.5.2.··-·high
0003be60:·2022·7270·6d2d·6f73·7472·6565·2220·696e···"rpm-ostree"·in0003be60:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·
0003be70:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003be70:·6869·6768·5f73·6576·6572·6974·790a·2020··high_severity.··
0003be80:·6163·6b61·6765·730a·2020·2020·616e·6420··ackages.····and·0003be80:·2d20·6d65·6469·756d·5f64·6973·7275·7074··-·medium_disrupt
0003be90:·2262·6f6f·7463·2220·696e·2061·6e73·6962··"bootc"·in·ansib0003be90:·696f·6e0a·2020·2d20·6e6f·5f72·6562·6f6f··ion.··-·no_reboo
0003bea0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003bea0:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res
0003beb0:·7320·616e·6420·6e6f·7420·226f·7065·6e73··s·and·not·"opens0003beb0:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.·
0003bec0:·6869·6674·2d6b·7562·656c·6574·2220·696e··hift-kubelet"·in0003bec0:·202d·2072·706d·5f76·6572·6966·795f·6861···-·rpm_verify_ha
0003bed0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003bed0:·7368·6573·0a0a·2d20·6e61·6d65·3a20·2753··shes..-·name:·'S
Max diff block lines reached; 10187263/10243043 bytes (99.46%) of diff not shown.
1010 KB
html2text {}
    
Offset 111, 14 lines modifiedOffset 111, 33 lines modified
111 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6111 ·············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
112 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4112 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
113 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)113 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
114 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1114 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
115 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5115 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
116 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227116 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
117 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2117 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 119 #·Remediation·is·applicable·only·in·certain·platforms
 120 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 121 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 122 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 123 if·[·-n·"$files_with_incorrect_hash"·];·then
 124 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 125 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 126 ····dnf·reinstall·-y·$packages_to_reinstall
  
 127 fi
  
 128 else
 129 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 130 fi
118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
123 -·name:·Gather·the·package·facts136 -·name:·Gather·the·package·facts
124 ··package_facts:137 ··package_facts:
Offset 291, 33 lines modifiedOffset 310, 14 lines modified
291 ··-·PCI-DSSv4-11.5.2310 ··-·PCI-DSSv4-11.5.2
292 ··-·high_complexity311 ··-·high_complexity
293 ··-·high_severity312 ··-·high_severity
294 ··-·medium_disruption313 ··-·medium_disruption
295 ··-·no_reboot_needed314 ··-·no_reboot_needed
296 ··-·restrict_strategy315 ··-·restrict_strategy
297 ··-·rpm_verify_hashes316 ··-·rpm_verify_hashes
298 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
299 #·Remediation·is·applicable·only·in·certain·platforms 
300 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
301 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
302 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
303 if·[·-n·"$files_with_incorrect_hash"·];·then 
304 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
305 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
306 ····dnf·reinstall·-y·$packages_to_reinstall 
  
307 fi 
  
308 else 
309 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
310 fi 
311 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*317 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
312 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:318 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
313 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'319 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
314 run·the·following·command·to·determine·which·package·owns·it:320 run·the·following·command·to·determine·which·package·owns·it:
315 $·rpm·-qf·FILENAME321 $·rpm·-qf·FILENAME
316 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:322 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
317 $·sudo·rpm·--restore·PACKAGENAME323 $·sudo·rpm·--restore·PACKAGENAME
Offset 337, 14 lines modifiedOffset 337, 46 lines modified
337 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5337 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
338 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2338 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
339 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)339 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
340 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1340 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
341 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5341 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
342 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108342 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
343 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2343 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 344 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 345 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 346 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 347 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 348 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 349 #·Remediation·is·applicable·only·in·certain·platforms
 350 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 351 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 352 declare·-A·SETPERMS_RPM_DICT
  
 353 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 354 #·is·expected·by·the·RPM·database
 355 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 356 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 357 do
 358 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 359 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 360 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 361 done
  
 362 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 363 #·correct·values
 364 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 365 do
 366 ········rpm·--restore·"${RPM_PACKAGE}"
 367 done
  
 368 else
 369 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 370 fi
344 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8371 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
345 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high372 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
346 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium373 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
347 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false374 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
348 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict375 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
349 -·name:·Gather·the·package·facts376 -·name:·Gather·the·package·facts
350 ··package_facts:377 ··package_facts:
Offset 456, 46 lines modifiedOffset 488, 14 lines modified
456 ··-·PCI-DSSv4-11.5.2488 ··-·PCI-DSSv4-11.5.2
457 ··-·high_complexity489 ··-·high_complexity
458 ··-·high_severity490 ··-·high_severity
459 ··-·medium_disruption491 ··-·medium_disruption
460 ··-·no_reboot_needed492 ··-·no_reboot_needed
461 ··-·restrict_strategy493 ··-·restrict_strategy
462 ··-·rpm_verify_ownership494 ··-·rpm_verify_ownership
463 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
464 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
465 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
466 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
467 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 1026228/1033953 bytes (99.25%) of diff not shown.
7.45 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-ospp.html
    
Offset 15442, 63 lines modifiedOffset 15442, 63 lines modified
0003c510:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003c510:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003c520:·6964·6d39·3033·3522·2074·6162·696e·6465··idm9035"·tabinde0003c520:·6964·6d39·3033·3522·2074·6162·696e·6465··idm9035"·tabinde
0003c530:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003c530:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003c540:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003c540:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003c550:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003c550:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003c560:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003c560:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003c570:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003c570:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003c580:·656d·6564·6961·7469·6f6e·204f·5342·7569··emediation·OSBui 
0003c590:·6c64·2042·6c75·6570·7269·6e74·2073·6e69··ld·Blueprint·sni 
0003c5a0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br> 
0003c5b0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane 
0003c5c0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla 
0003c5d0:·7073·6522·2069·643d·2269·646d·3930·3335··pse"·id="idm9035 
0003c5e0:·223e·3c70·7265·3e3c·636f·6465·3e0a·5b63··"><pre><code>.[c 
0003c5f0:·7573·746f·6d69·7a61·7469·6f6e·735d·0a66··ustomizations].f 
0003c600:·6970·7320·3d20·7472·7565·0a3c·2f63·6f64··ips·=·true.</cod 
0003c610:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003c620:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003c630:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003c640:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003c650:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003c660:·6d39·3033·3622·2074·6162·696e·6465·783d··m9036"·tabindex= 
0003c670:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003c680:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003c690:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003c6a0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003c6b0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003c6c0:·6564·6961·7469·6f6e·2053·6865·6c6c·2073··ediation·Shell·s0003c580:·656d·6564·6961·7469·6f6e·2053·6865·6c6c··emediation·Shell
0003c6d0:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br0003c590:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
0003c6e0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan0003c5a0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003c6f0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll0003c5b0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003c700:·6170·7365·2220·6964·3d22·6964·6d39·3033··apse"·id="idm9030003c5c0:·6c6c·6170·7365·2220·6964·3d22·6964·6d39··llapse"·id="idm9
0003c710:·3622·3e3c·7072·653e·3c63·6f64·653e·2320··6"><pre><code>#·0003c5d0:·3033·3522·3e3c·7072·653e·3c63·6f64·653e··035"><pre><code>
 0003c5e0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
 0003c5f0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
 0003c600:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
 0003c610:·666f·726d·730a·6966·2028·2021·2028·205b··forms.if·(·!·(·[
 0003c620:·2022·247b·636f·6e74·6169·6e65·723a·2d7d···"${container:-}
 0003c630:·2220·3d3d·2022·6277·7261·702d·6f73·6275··"·==·"bwrap-osbu
 0003c640:·696c·6422·205d·2029·2026·616d·703b·2661··ild"·]·)·&amp;&a
 0003c650:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·
 0003c660:·2d71·206b·6572·6e65·6c20·293b·2074·6865··-q·kernel·);·the
 0003c670:·6e0a·0a69·6620·5b5b·2022·244f·5343·4150··n..if·[[·"$OSCAP
 0003c680:·5f42·4f4f·5443·5f42·5549·4c44·2220·3d3d··_BOOTC_BUILD"·==
 0003c690:·2022·5945·5322·205d·5d3b·2074·6865·6e0a···"YES"·]];·then.
 0003c6a0:·0963·6174·2026·6774·3b20·2f75·7372·2f6c··.cat·&gt;·/usr/l
 0003c6b0:·6962·2f62·6f6f·7463·2f6b·6172·6773·2e64··ib/bootc/kargs.d
 0003c6c0:·2f30·312d·6669·7073·2e74·6f6d·6c20·266c··/01-fips.toml·&l
 0003c6d0:·743b·266c·743b·2045·4f46·0a6b·6172·6773··t;&lt;·EOF.kargs
 0003c6e0:·203d·205b·2266·6970·733d·3122·5d0a·454f···=·["fips=1"].EO
 0003c6f0:·460a·6669·0a0a·656c·7365·0a20·2020·2026··F.fi..else.····&
 0003c700:·6774·3b26·616d·703b·3220·6563·686f·2027··gt;&amp;2·echo·'
0003c720:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a0003c710:·5265·6d65·6469·6174·696f·6e20·6973·206e··Remediation·is·n
0003c730:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i 
0003c740:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo 
0003c750:·726d·730a·6966·2028·2021·2028·205b·2022··rms.if·(·!·(·[·" 
0003c760:·247b·636f·6e74·6169·6e65·723a·2d7d·2220··${container:-}"· 
0003c770:·3d3d·2022·6277·7261·702d·6f73·6275·696c··==·"bwrap-osbuil 
0003c780:·6422·205d·2029·2026·616d·703b·2661·6d70··d"·]·)·&amp;&amp 
0003c790:·3b20·7270·6d20·2d2d·7175·6965·7420·2d71··;·rpm·--quiet·-q 
0003c7a0:·206b·6572·6e65·6c20·293b·2074·6865·6e0a···kernel·);·then. 
0003c7b0:·0a69·6620·5b5b·2022·244f·5343·4150·5f42··.if·[[·"$OSCAP_B 
0003c7c0:·4f4f·5443·5f42·5549·4c44·2220·3d3d·2022··OOTC_BUILD"·==·" 
0003c7d0:·5945·5322·205d·5d3b·2074·6865·6e0a·0963··YES"·]];·then..c 
0003c7e0:·6174·2026·6774·3b20·2f75·7372·2f6c·6962··at·&gt;·/usr/lib 
0003c7f0:·2f62·6f6f·7463·2f6b·6172·6773·2e64·2f30··/bootc/kargs.d/0 
0003c800:·312d·6669·7073·2e74·6f6d·6c20·266c·743b··1-fips.toml·&lt; 
0003c810:·266c·743b·2045·4f46·0a6b·6172·6773·203d··&lt;·EOF.kargs·= 
0003c820:·205b·2266·6970·733d·3122·5d0a·454f·460a···["fips=1"].EOF. 
0003c830:·6669·0a0a·656c·7365·0a20·2020·2026·6774··fi..else.····&gt 
0003c840:·3b26·616d·703b·3220·6563·686f·2027·5265··;&amp;2·echo·'Re 
0003c850:·6d65·6469·6174·696f·6e20·6973·206e·6f74··mediation·is·not 
0003c860:·2061·7070·6c69·6361·626c·652c·206e·6f74···applicable,·not0003c720:·6f74·2061·7070·6c69·6361·626c·652c·206e··ot·applicable,·n
0003c870:·6869·6e67·2077·6173·2064·6f6e·6527·0a66··hing·was·done'.f0003c730:·6f74·6869·6e67·2077·6173·2064·6f6e·6527··othing·was·done'
 0003c740:·0a66·690a·3c2f·636f·6465·3e3c·2f70·7265··.fi.</code></pre
 0003c750:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class=
 0003c760:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success
 0003c770:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c
 0003c780:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta
 0003c790:·7267·6574·3d22·2369·646d·3930·3336·2220··rget="#idm9036"·
 0003c7a0:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
 0003c7b0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
 0003c7c0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
 0003c7d0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
 0003c7e0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
 0003c7f0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
 0003c800:·6e20·4f53·4275·696c·6420·426c·7565·7072··n·OSBuild·Bluepr
 0003c810:·696e·7420·736e·6970·7065·7420·e287·b23c··int·snippet·...<
 0003c820:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003c830:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003c840:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003c850:·6964·6d39·3033·3622·3e3c·7072·653e·3c63··idm9036"><pre><c
 0003c860:·6f64·653e·0a5b·6375·7374·6f6d·697a·6174··ode>.[customizat
 0003c870:·696f·6e73·5d0a·6669·7073·203d·2074·7275··ions].fips·=·tru
0003c880:·690a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··i.</code></pre><0003c880:·650a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··e.</code></pre><
0003c890:·2f64·6976·3e3c·2f64·6976·3e3c·2f74·643e··/div></div></td>0003c890:·2f64·6976·3e3c·2f64·6976·3e3c·2f74·643e··/div></div></td>
0003c8a0:·3c2f·7472·3e3c·2f74·626f·6479·3e3c·2f74··</tr></tbody></t0003c8a0:·3c2f·7472·3e3c·2f74·626f·6479·3e3c·2f74··</tr></tbody></t
0003c8b0:·6162·6c65·3e3c·2f74·643e·3c2f·7472·3e3c··able></td></tr><0003c8b0:·6162·6c65·3e3c·2f74·643e·3c2f·7472·3e3c··able></td></tr><
0003c8c0:·7472·2064·6174·612d·7474·2d69·643d·2263··tr·data-tt-id="c0003c8c0:·7472·2064·6174·612d·7474·2d69·643d·2263··tr·data-tt-id="c
0003c8d0:·6869·6c64·7265·6e2d·7863·6364·665f·6f72··hildren-xccdf_or0003c8d0:·6869·6c64·7265·6e2d·7863·6364·665f·6f72··hildren-xccdf_or
0003c8e0:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con0003c8e0:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
0003c8f0:·7465·6e74·5f67·726f·7570·5f63·7279·7074··tent_group_crypt0003c8f0:·7465·6e74·5f67·726f·7570·5f63·7279·7074··tent_group_crypt
Offset 15811, 254 lines modifiedOffset 15811, 254 lines modified
0003dc20:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003dc20:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003dc30:·2369·646d·3931·3639·2220·7461·6269·6e64··#idm9169"·tabind0003dc30:·2369·646d·3931·3639·2220·7461·6269·6e64··#idm9169"·tabind
0003dc40:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003dc40:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003dc50:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003dc50:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003dc60:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003dc60:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003dc70:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003dc70:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
0003dc80:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003dc80:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003dc90:·5265·6d65·6469·6174·696f·6e20·416e·6163··Remediation·Anac0003dc90:·5265·6d65·6469·6174·696f·6e20·7363·7269··Remediation·scri
0003dca0:·6f6e·6461·2073·6e69·7070·6574·20e2·87b2··onda·snippet·... 
0003dcb0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003dcc0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003dcd0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003dce0:·2269·646d·3931·3639·223e·3c74·6162·6c65··"idm9169"><table 
0003dcf0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003dd00:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003dd10:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003dd20:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003dd30:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003dca0:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
 0003dcb0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
 0003dcc0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
 0003dcd0:·6522·2069·643d·2269·646d·3931·3639·223e··e"·id="idm9169">
 0003dce0:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
 0003dcf0:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
 0003dd00:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
Max diff block lines reached; 6860874/6902328 bytes (99.40%) of diff not shown.
890 KB
html2text {}
    
Offset 110, 31 lines modifiedOffset 110, 31 lines modified
110 ·············_\x8i_\x8s_\x8m······1446110 ·············_\x8i_\x8s_\x8m······1446
111 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1111 ·············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·CIP-003-8·R4.2,·CIP-007-3·R5.1
112 References:··_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12112 References:··_\x8n_\x8i_\x8s_\x8t·····CM-3(6),·SC-12(2),·SC-12(3),·IA-7,·SC-13,·CM-6(a),·SC-12
113 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1113 ·············_\x8o_\x8s_\x8p_\x8p·····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1,·FCS_RBG_EXT.1
114 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176114 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g···SRG-OS-000478-GPOS-00223,·SRG-OS-000396-GPOS-00176
115 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-671010115 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d···RHEL-09-671010
116 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258230r958408_rule116 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f··SV-258230r958408_rule
117 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
118 [customizations] 
119 fips·=·true 
120 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8117 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
121 #·Remediation·is·applicable·only·in·certain·platforms118 #·Remediation·is·applicable·only·in·certain·platforms
122 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then119 if·(·!·(·[·"${container:-}"·==·"bwrap-osbuild"·]·)·&&·rpm·--quiet·-q·kernel·);·then
  
123 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then120 if·[[·"$OSCAP_BOOTC_BUILD"·==·"YES"·]];·then
124 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF121 »       cat·>·/usr/lib/bootc/kargs.d/01-fips.toml·<<·EOF
125 kargs·=·["fips=1"]122 kargs·=·["fips=1"]
126 EOF123 EOF
127 fi124 fi
  
128 else125 else
129 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'126 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
130 fi127 fi
 128 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 129 [customizations]
 130 fips·=·true
131 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules131 Group  ·System·Cryptographic·Policies·  Group·contains·4·rules
132 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:132 _\x8[_\x8r_\x8e_\x8f_\x8]  ·Linux·has·the·capability·to·centrally·configure·cryptographic·polices.·The·command·update-crypto-policies·is·used·to·set·the·policy·applicable·for·the·various·cryptographic·back-ends,·such·as·SSL/TLS·libraries.·The·configured·cryptographic·policies·will·be·the·default·policy·used·by·these·backends·unless·the·application·user·configures·them·otherwise.·When·the·system·has·been·configured·to·use·the·centralized·cryptographic·policies,·the·administrator·is·assured·that·any·application·that·utilizes·the·supported·backends·will·follow·a·policy·that·adheres·to·the·configured·profile.·Currently·the·supported·backends·are:
133 ····*·GnuTLS·library133 ····*·GnuTLS·library
134 ····*·OpenSSL·library134 ····*·OpenSSL·library
135 ····*·NSS·library135 ····*·NSS·library
136 ····*·OpenJDK136 ····*·OpenJDK
137 ····*·Libkrb5137 ····*·Libkrb5
Offset 149, 52 lines modifiedOffset 149, 42 lines modified
149 Rule·ID:·····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed149 Rule·ID:·····xccdf_org.ssgproject.content_rule_package_crypto-policies_installed
150 Identifiers:·CCE-83442-4150 Identifiers:·CCE-83442-4
151 ·············_\x8d_\x8i_\x8s_\x8a····CCI-002890,·CCI-002450,·CCI-003123151 ·············_\x8d_\x8i_\x8s_\x8a····CCI-002890,·CCI-002450,·CCI-003123
152 ·············_\x8o_\x8s_\x8p_\x8p····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1152 ·············_\x8o_\x8s_\x8p_\x8p····FCS_COP.1(1),·FCS_COP.1(2),·FCS_COP.1(3),·FCS_COP.1(4),·FCS_CKM.1,·FCS_CKM.2,·FCS_TLSC_EXT.1
153 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174153 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000396-GPOS-00176,·SRG-OS-000393-GPOS-00173,·SRG-OS-000394-GPOS-00174
154 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··RHEL-09-215100154 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··RHEL-09-215100
155 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-258234r1051250_rule155 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-258234r1051250_rule
156 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_.n_.a_.c_.o_.n_.d_.a_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8156 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_.c_.r_.i_.p_\x8t_\x8·_\x8
157 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low157 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
158 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low158 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
159 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false159 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
160 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable160 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
161 package·--add=crypto-policies161 dnf·install·crypto-policies
162 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8162 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8P_\x8u_\x8p_\x8p_\x8e_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
163 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low163 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
164 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low164 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
165 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false165 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
166 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable166 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
167 include·install_crypto-policies167 include·install_crypto-policies
  
168 class·install_crypto-policies·{168 class·install_crypto-policies·{
169 ··package·{·'crypto-policies':169 ··package·{·'crypto-policies':
170 ····ensure·=>·'installed',170 ····ensure·=>·'installed',
171 ··}171 ··}
172 }172 }
173 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8 
  
174 [[packages]] 
175 name·=·"crypto-policies" 
176 version·=·"*" 
177 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8173 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
178 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
179 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
180 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
181 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
  
182 package·install·crypto-policies 
183 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
184 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low174 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
185 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low175 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
186 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false176 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
187 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable177 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 178 if·!·rpm·-q·--quiet·"crypto-policies"·;·then
188 dnf·install·crypto-policies179 ····dnf·install·-y·"crypto-policies"
 180 fi
189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8181 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
190 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low182 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
191 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low183 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
192 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false184 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
193 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable185 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
194 -·name:·Ensure·crypto-policies·is·installed186 -·name:·Ensure·crypto-policies·is·installed
195 ··package:187 ··package:
Offset 205, 23 lines modifiedOffset 195, 33 lines modified
205 ··-·DISA-STIG-RHEL-09-215100195 ··-·DISA-STIG-RHEL-09-215100
206 ··-·enable_strategy196 ··-·enable_strategy
207 ··-·low_complexity197 ··-·low_complexity
208 ··-·low_disruption198 ··-·low_disruption
209 ··-·medium_severity199 ··-·medium_severity
210 ··-·no_reboot_needed200 ··-·no_reboot_needed
211 ··-·package_crypto-policies_installed201 ··-·package_crypto-policies_installed
 202 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
  
 203 [[packages]]
 204 name·=·"crypto-policies"
 205 version·=·"*"
212 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8206 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
213 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low207 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
214 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low208 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
215 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false209 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
216 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable210 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
217 if·!·rpm·-q·--quiet·"crypto-policies"·;·then 
218 ····dnf·install·-y·"crypto-policies" 
219 fi211 package·install·crypto-policies
 212 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8a_\x8c_\x8o_\x8n_\x8d_\x8a_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
 213 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 214 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 215 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 216 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
  
 217 package·--add=crypto-policies
220 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*218 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8m·C\x8Cr\x8ry\x8yp\x8pt\x8to\x8og\x8gr\x8ra\x8ap\x8ph\x8hy\x8y·P\x8Po\x8ol\x8li\x8ic\x8cy\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
221 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·FIPS:OSPP·policy,·run·the·following·command:219 To·configure·the·system·cryptography·policy·to·use·ciphers·only·from·the·FIPS:OSPP·policy,·run·the·following·command:
222 $·sudo·update-crypto-policies·--set·FIPS:OSPP220 $·sudo·update-crypto-policies·--set·FIPS:OSPP
223 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.·Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to·correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case·crypto·policy·customizations·are·applied.·Crypto·policies·may·be·customized·by·crypto·policy·modules,·in·which·case·it·is·delimited·from·the·base·policy·using·a·colon.221 The·rule·checks·if·settings·for·selected·crypto·policy·are·configured·as·expected.·Configuration·files·in·the·/etc/crypto-policies/back-ends·are·either·symlinks·to·correct·files·provided·by·Crypto-policies·package·or·they·are·regular·files·in·case·crypto·policy·customizations·are·applied.·Crypto·policies·may·be·customized·by·crypto·policy·modules,·in·which·case·it·is·delimited·from·the·base·policy·using·a·colon.
224 Warning: ·The·system·needs·to·be·rebooted·for·these·changes·to·take·effect.222 Warning: ·The·system·needs·to·be·rebooted·for·these·changes·to·take·effect.
225 Warning: ·System·Crypto·Modules·must·be·provided·by·a·vendor·that·undergoes·FIPS-140·certifications.·FIPS-140·is·applicable·to·all·Federal·agencies·that·use·cryptographic-based·security·systems·to·protect·sensitive·information·in·computer·and·telecommunication·systems·(including·voice·systems)·as·defined·in·Section·5131·of·the·Information·Technology·Management·Reform·Act·of·1996,·Public·Law·104-106.·This·standard·shall·be·used·in·designing·and·implementing·cryptographic·modules·that·Federal·departments·and·agencies·operate·or·are·operated·for·them·under·contract.·See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8n\x8n_\x8v\x8v_\x8l\x8l_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8/\x8/_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8/\x8/_\x8N\x8N_\x8I\x8I_\x8S\x8S_\x8T\x8T_\x8.\x8._\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x81\x81_\x84\x84_\x80\x80_\x8-\x8-_\x82\x82_\x8.\x8._\x8p\x8p_\x8d\x8d_\x8f\x8f·To·meet·this,·the·system·has·to·have·cryptographic·software·provided·by·a·vendor·that·has·undergone·this·certification.·This·means·providing·documentation,·test·results,·design·information,·and·independent·third·party·review·by·an·accredited·lab.·While·open·source·software·is·capable·of·meeting·this,·it·does·not·meet·FIPS-140·unless·the·vendor·submits·to·this·process.223 Warning: ·System·Crypto·Modules·must·be·provided·by·a·vendor·that·undergoes·FIPS-140·certifications.·FIPS-140·is·applicable·to·all·Federal·agencies·that·use·cryptographic-based·security·systems·to·protect·sensitive·information·in·computer·and·telecommunication·systems·(including·voice·systems)·as·defined·in·Section·5131·of·the·Information·Technology·Management·Reform·Act·of·1996,·Public·Law·104-106.·This·standard·shall·be·used·in·designing·and·implementing·cryptographic·modules·that·Federal·departments·and·agencies·operate·or·are·operated·for·them·under·contract.·See·_\x8h\x8h_\x8t\x8t_\x8t\x8t_\x8p\x8p_\x8s\x8s_\x8:\x8:_\x8/\x8/_\x8/\x8/_\x8n\x8n_\x8v\x8v_\x8l\x8l_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8.\x8._\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8.\x8._\x8g\x8g_\x8o\x8o_\x8v\x8v_\x8/\x8/_\x8n\x8n_\x8i\x8i_\x8s\x8s_\x8t\x8t_\x8p\x8p_\x8u\x8u_\x8b\x8b_\x8s\x8s_\x8/\x8/_\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8/\x8/_\x8N\x8N_\x8I\x8I_\x8S\x8S_\x8T\x8T_\x8.\x8._\x8F\x8F_\x8I\x8I_\x8P\x8P_\x8S\x8S_\x8.\x8._\x81\x81_\x84\x84_\x80\x80_\x8-\x8-_\x82\x82_\x8.\x8._\x8p\x8p_\x8d\x8d_\x8f\x8f·To·meet·this,·the·system·has·to·have·cryptographic·software·provided·by·a·vendor·that·has·undergone·this·certification.·This·means·providing·documentation,·test·results,·design·information,·and·independent·third·party·review·by·an·accredited·lab.·While·open·source·software·is·capable·of·meeting·this,·it·does·not·meet·FIPS-140·unless·the·vendor·submits·to·this·process.
226 Rationale:···Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.224 Rationale:···Centralized·cryptographic·policies·simplify·applying·secure·ciphers·across·an·operating·system·and·the·applications·that·run·on·that·operating·system.·Use·of·weak·or·untested·encryption·algorithms·undermines·the·purposes·of·utilizing·encryption·to·protect·data.
Offset 236, 39 lines modifiedOffset 236, 33 lines modified
Max diff block lines reached; 903801/911706 bytes (99.13%) of diff not shown.
18.8 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-pci-dss.html
    
Offset 15210, 414 lines modifiedOffset 15210, 414 lines modified
0003b690:·6172·6765·743d·2223·6964·6d38·3131·3522··arget="#idm8115"0003b690:·6172·6765·743d·2223·6964·6d38·3131·3522··arget="#idm8115"
0003b6a0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003b6a0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003b6b0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003b6b0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003b6c0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003b6c0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003b6d0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003b6d0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003b6e0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003b6e0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
Diff chunk too large, falling back to line-by-line diff (400 lines added, 400 lines removed)
0003b6f0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003b6f0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003b700:·6f6e·2041·6e73·6962·6c65·2073·6e69·7070··on·Ansible·snipp0003b700:·6f6e·2053·6865·6c6c·2073·6372·6970·7420··on·Shell·script·
0003b710:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d0003b710:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
0003b720:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-0003b720:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
0003b730:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps0003b730:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
0003b740:·6522·2069·643d·2269·646d·3831·3135·223e··e"·id="idm8115">0003b740:·6964·3d22·6964·6d38·3131·3522·3e3c·7072··id="idm8115"><pr
0003b750:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta0003b750:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
0003b760:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe0003b760:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
0003b770:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered0003b770:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
0003b780:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed0003b780:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
0003b790:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple0003b790:·2021·2028·207b·2072·706d·202d·2d71·7569···!·(·{·rpm·--qui
0003b7a0:·7869·7479·3a3c·2f74·683e·3c74·643e·6869··xity:</th><td>hi0003b7a0:·6574·202d·7120·6b65·726e·656c·203b·7d20··et·-q·kernel·;}·
0003b7b0:·6768·3c2f·7464·3e3c·2f74·723e·3c74·723e··gh</td></tr><tr>0003b7b0:·2661·6d70·3b26·616d·703b·207b·2072·706d··&amp;&amp;·{·rpm
0003b7c0:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<0003b7c0:·202d·2d71·7569·6574·202d·7120·7270·6d2d···--quiet·-q·rpm-
0003b7d0:·2f74·683e·3c74·643e·6d65·6469·756d·3c2f··/th><td>medium</0003b7d0:·6f73·7472·6565·203b·7d20·2661·6d70·3b26··ostree·;}·&amp;&
0003b7e0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>0003b7e0:·616d·703b·207b·2072·706d·202d·2d71·7569··amp;·{·rpm·--qui
0003b7f0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>0003b7f0:·6574·202d·7120·626f·6f74·6320·3b7d·2026··et·-q·bootc·;}·&
0003b800:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><0003b800:·616d·703b·2661·6d70·3b20·7b20·2120·7270··amp;&amp;·{·!·rp
0003b810:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:0003b810:·6d20·2d2d·7175·6965·7420·2d71·206f·7065··m·--quiet·-q·ope
0003b820:·3c2f·7468·3e3c·7464·3e72·6573·7472·6963··</th><td>restric0003b820:·6e73·6869·6674·2d6b·7562·656c·6574·203b··nshift-kubelet·;
0003b830:·743c·2f74·643e·3c2f·7472·3e3c·2f74·6162··t</td></tr></tab0003b830:·7d20·293b·2074·6865·6e0a·0a23·2046·696e··}·);·then..#·Fin
0003b840:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-·0003b840:·6420·7768·6963·6820·6669·6c65·7320·6861··d·which·files·ha
0003b850:·6e61·6d65·3a20·4761·7468·6572·2074·6865··name:·Gather·the0003b850:·7665·2069·6e63·6f72·7265·6374·2068·6173··ve·incorrect·has
0003b860:·2070·6163·6b61·6765·2066·6163·7473·0a20···package·facts.·0003b860:·6820·286e·6f74·2069·6e20·2f65·7463·2c20··h·(not·in·/etc,·
0003b870:·2070·6163·6b61·6765·5f66·6163·7473·3a0a···package_facts:.0003b870:·6265·6361·7573·6520·6f66·2074·6865·2073··because·of·the·s
0003b880:·2020·2020·6d61·6e61·6765·723a·2061·7574······manager:·aut0003b880:·7973·7465·6d20·7265·6c61·7465·6420·636f··ystem·related·co
0003b890:·6f0a·2020·7461·6773·3a0a·2020·2d20·4343··o.··tags:.··-·CC0003b890:·6e66·6967·2066·696c·6573·2920·616e·6420··nfig·files)·and·
0003b8a0:·452d·3930·3834·312d·380a·2020·2d20·434a··E-90841-8.··-·CJ0003b8a0:·7468·656e·2067·6574·2066·696c·6573·206e··then·get·files·n
0003b8b0:·4953·2d35·2e31·302e·342e·310a·2020·2d20··IS-5.10.4.1.··-·0003b8b0:·616d·6573·0a66·696c·6573·5f77·6974·685f··ames.files_with_
0003b8c0:·4e49·5354·2d38·3030·2d31·3731·2d33·2e33··NIST-800-171-3.30003b8c0:·696e·636f·7272·6563·745f·6861·7368·3d22··incorrect_hash="
0003b8d0:·2e38·0a20·202d·204e·4953·542d·3830·302d··.8.··-·NIST-800-0003b8d0:·2428·7270·6d20·2d56·6120·2d2d·6e6f·636f··$(rpm·-Va·--noco
0003b8e0:·3137·312d·332e·342e·310a·2020·2d20·4e49··171-3.4.1.··-·NI0003b8e0:·6e66·6967·207c·2067·7265·7020·2d45·2027··nfig·|·grep·-E·'
0003b8f0:·5354·2d38·3030·2d35·332d·4155·2d39·2833··ST-800-53-AU-9(30003b8f0:·5e2e·2e35·2720·7c20·6177·6b20·277b·7072··^..5'·|·awk·'{pr
0003b900:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003b900:·696e·7420·244e·467d·2720·2922·0a0a·6966··int·$NF}'·)"..if
0003b910:·332d·434d·2d36·2863·290a·2020·2d20·4e49··3-CM-6(c).··-·NI0003b910:·205b·202d·6e20·2224·6669·6c65·735f·7769···[·-n·"$files_wi
0003b920:·5354·2d38·3030·2d35·332d·434d·2d36·2864··ST-800-53-CM-6(d0003b920:·7468·5f69·6e63·6f72·7265·6374·5f68·6173··th_incorrect_has
0003b930:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003b930:·6822·205d·3b20·7468·656e·0a20·2020·2023··h"·];·then.····#
0003b940:·332d·5349·2d37·0a20·202d·204e·4953·542d··3-SI-7.··-·NIST-0003b940:·2046·726f·6d20·6669·6c65·7320·6e61·6d65···From·files·name
0003b950:·3830·302d·3533·2d53·492d·3728·3129·0a20··800-53-SI-7(1).·0003b950:·7320·6765·7420·7061·636b·6167·6520·6e61··s·get·package·na
0003b960:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003b960:·6d65·7320·616e·6420·6368·616e·6765·206e··mes·and·change·n
0003b970:·492d·3728·3629·0a20·202d·2050·4349·2d44··I-7(6).··-·PCI-D0003b970:·6577·6c69·6e65·2074·6f20·7370·6163·652c··ewline·to·space,
0003b980:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·0003b980:·2062·6563·6175·7365·2072·706d·2077·7269···because·rpm·wri
0003b990:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.20003b990:·7465·7320·6561·6368·2070·6163·6b61·6765··tes·each·package
0003b9a0:·0a20·202d·2068·6967·685f·636f·6d70·6c65··.··-·high_comple0003b9a0:·2074·6f20·6e65·7720·6c69·6e65·0a20·2020···to·new·line.···
0003b9b0:·7869·7479·0a20·202d·2068·6967·685f·7365··xity.··-·high_se0003b9b0:·2070·6163·6b61·6765·735f·746f·5f72·6569···packages_to_rei
0003b9c0:·7665·7269·7479·0a20·202d·206d·6564·6975··verity.··-·mediu0003b9c0:·6e73·7461·6c6c·3d22·2428·7270·6d20·2d71··nstall="$(rpm·-q
0003b9d0:·6d5f·6469·7372·7570·7469·6f6e·0a20·202d··m_disruption.··-0003b9d0:·6620·2466·696c·6573·5f77·6974·685f·696e··f·$files_with_in
0003b9e0:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede0003b9e0:·636f·7272·6563·745f·6861·7368·207c·2074··correct_hash·|·t
0003b9f0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s0003b9f0:·7220·275c·6e27·2027·2027·2922·0a0a·2020··r·'\n'·'·')"..··
0003ba00:·7472·6174·6567·790a·2020·2d20·7270·6d5f··trategy.··-·rpm_0003ba00:·2020·0a20·2020·2064·6e66·2072·6569·6e73····.····dnf·reins
0003ba10:·7665·7269·6679·5f68·6173·6865·730a·0a2d··verify_hashes..-0003ba10:·7461·6c6c·202d·7920·2470·6163·6b61·6765··tall·-y·$package
0003ba20:·206e·616d·653a·2027·5365·7420·6661·6374···name:·'Set·fact0003ba20:·735f·746f·5f72·6569·6e73·7461·6c6c·0a20··s_to_reinstall.·
0003ba30:·3a20·5061·636b·6167·6520·6d61·6e61·6765··:·Package·manage0003ba30:·2020·200a·6669·0a0a·656c·7365·0a20·2020·····.fi..else.···
0003ba40:·7220·7265·696e·7374·616c·6c20·636f·6d6d··r·reinstall·comm0003ba40:·2026·6774·3b26·616d·703b·3220·6563·686f···&gt;&amp;2·echo
0003ba50:·616e·6427·0a20·2073·6574·5f66·6163·743a··and'.··set_fact:0003ba50:·2027·5265·6d65·6469·6174·696f·6e20·6973···'Remediation·is
0003ba60:·0a20·2020·2070·6163·6b61·6765·5f6d·616e··.····package_man0003ba60:·206e·6f74·2061·7070·6c69·6361·626c·652c···not·applicable,
0003ba70:·6167·6572·5f72·6569·6e73·7461·6c6c·5f63··ager_reinstall_c0003ba70:·206e·6f74·6869·6e67·2077·6173·2064·6f6e···nothing·was·don
0003ba80:·6d64·3a20·646e·6620·7265·696e·7374·616c··md:·dnf·reinstal0003ba80:·6527·0a66·690a·3c2f·636f·6465·3e3c·2f70··e'.fi.</code></p
0003ba90:·6c20·2d79·0a20·2077·6865·6e3a·0a20·202d··l·-y.··when:.··-0003ba90:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas
0003baa0:·206e·6f74·2028·2022·6b65·726e·656c·2220···not·(·"kernel"·0003baa0:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe
0003bab0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003bab0:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle=
0003bac0:·2e70·6163·6b61·6765·7320·616e·6420·2272··.packages·and·"r0003bac0:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data-
0003bad0:·706d·2d6f·7374·7265·6522·2069·6e20·616e··pm-ostree"·in·an0003bad0:·7461·7267·6574·3d22·2369·646d·3831·3136··target="#idm8116
0003bae0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003bae0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003baf0:·6167·6573·0a20·2020·2061·6e64·2022·626f··ages.····and·"bo0003baf0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003bb00:·6f74·6322·2069·6e20·616e·7369·626c·655f··otc"·in·ansible_0003bb00:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003bb10:·6661·6374·732e·7061·636b·6167·6573·2061··facts.packages·a0003bb10:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003bb20:·6e64·206e·6f74·2022·6f70·656e·7368·6966··nd·not·"openshif0003bb20:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003bb30:·742d·6b75·6265·6c65·7422·2069·6e20·616e··t-kubelet"·in·an0003bb30:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
0003bb40:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003bb40:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip
0003bb50:·6167·6573·0a20·2020·2029·0a20·202d·2061··ages.····).··-·a0003bb50:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><
0003bb60:·6e73·6962·6c65·5f64·6973·7472·6962·7574··nsible_distribut0003bb60:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003bb70:·696f·6e20·696e·205b·2022·4665·646f·7261··ion·in·[·"Fedora0003bb70:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003bb80:·222c·2022·5265·6448·6174·222c·2022·4365··",·"RedHat",·"Ce0003bb80:·7365·2220·6964·3d22·6964·6d38·3131·3622··se"·id="idm8116"
0003bb90:·6e74·4f53·222c·2022·4f72·6163·6c65·4c69··ntOS",·"OracleLi0003bb90:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
0003bba0:·6e75·7822·205d·0a20·2074·6167·733a·0a20··nux"·].··tags:.·0003bba0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
0003bbb0:·202d·2043·4345·2d39·3038·3431·2d38·0a20···-·CCE-90841-8.·0003bbb0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
0003bbc0:·202d·2043·4a49·532d·352e·3130·2e34·2e31···-·CJIS-5.10.4.10003bbc0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
0003bbd0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170003bbd0:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
0003bbe0:·312d·332e·332e·380a·2020·2d20·4e49·5354··1-3.3.8.··-·NIST0003bbe0:·6578·6974·793a·3c2f·7468·3e3c·7464·3e68··exity:</th><td>h
0003bbf0:·2d38·3030·2d31·3731·2d33·2e34·2e31·0a20··-800-171-3.4.1.·0003bbf0:·6967·683c·2f74·643e·3c2f·7472·3e3c·7472··igh</td></tr><tr
0003bc00:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A0003bc00:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
0003bc10:·552d·3928·3329·0a20·202d·204e·4953·542d··U-9(3).··-·NIST-0003bc10:·3c2f·7468·3e3c·7464·3e6d·6564·6975·6d3c··</th><td>medium<
0003bc20:·3830·302d·3533·2d43·4d2d·3628·6329·0a20··800-53-CM-6(c).·0003bc20:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003bc30:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C0003bc30:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
0003bc40:·4d2d·3628·6429·0a20·202d·204e·4953·542d··M-6(d).··-·NIST-0003bc40:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
0003bc50:·3830·302d·3533·2d53·492d·370a·2020·2d20··800-53-SI-7.··-·0003bc50:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
0003bc60:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003bc60:·3a3c·2f74·683e·3c74·643e·7265·7374·7269··:</th><td>restri
0003bc70:·2831·290a·2020·2d20·4e49·5354·2d38·3030··(1).··-·NIST-8000003bc70:·6374·3c2f·7464·3e3c·2f74·723e·3c2f·7461··ct</td></tr></ta
0003bc80:·2d35·332d·5349·2d37·2836·290a·2020·2d20··-53-SI-7(6).··-·0003bc80:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-
0003bc90:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.50003bc90:·206e·616d·653a·2047·6174·6865·7220·7468···name:·Gather·th
0003bca0:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-10003bca0:·6520·7061·636b·6167·6520·6661·6374·730a··e·package·facts.
0003bcb0:·312e·352e·320a·2020·2d20·6869·6768·5f63··1.5.2.··-·high_c0003bcb0:·2020·7061·636b·6167·655f·6661·6374·733a····package_facts:
0003bcc0:·6f6d·706c·6578·6974·790a·2020·2d20·6869··omplexity.··-·hi0003bcc0:·0a20·2020·206d·616e·6167·6572·3a20·6175··.····manager:·au
0003bcd0:·6768·5f73·6576·6572·6974·790a·2020·2d20··gh_severity.··-·0003bcd0:·746f·0a20·2074·6167·733a·0a20·202d·2043··to.··tags:.··-·C
0003bce0:·6d65·6469·756d·5f64·6973·7275·7074·696f··medium_disruptio0003bce0:·4345·2d39·3038·3431·2d38·0a20·202d·2043··CE-90841-8.··-·C
0003bcf0:·6e0a·2020·2d20·6e6f·5f72·6562·6f6f·745f··n.··-·no_reboot_0003bcf0:·4a49·532d·352e·3130·2e34·2e31·0a20·202d··JIS-5.10.4.1.··-
0003bd00:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr0003bd00:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
0003bd10:·6963·745f·7374·7261·7465·6779·0a20·202d··ict_strategy.··-0003bd10:·332e·380a·2020·2d20·4e49·5354·2d38·3030··3.8.··-·NIST-800
0003bd20:·2072·706d·5f76·6572·6966·795f·6861·7368···rpm_verify_hash0003bd20:·2d31·3731·2d33·2e34·2e31·0a20·202d·204e··-171-3.4.1.··-·N
0003bd30:·6573·0a0a·2d20·6e61·6d65·3a20·2753·6574··es..-·name:·'Set0003bd30:·4953·542d·3830·302d·3533·2d41·552d·3928··IST-800-53-AU-9(
0003bd40:·2066·6163·743a·2050·6163·6b61·6765·206d···fact:·Package·m0003bd40:·3329·0a20·202d·204e·4953·542d·3830·302d··3).··-·NIST-800-
0003bd50:·616e·6167·6572·2072·6569·6e73·7461·6c6c··anager·reinstall0003bd50:·3533·2d43·4d2d·3628·6329·0a20·202d·204e··53-CM-6(c).··-·N
0003bd60:·2063·6f6d·6d61·6e64·2028·7a79·7070·6572···command·(zypper0003bd60:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(
0003bd70:·2927·0a20·2073·6574·5f66·6163·743a·0a20··)'.··set_fact:.·0003bd70:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-
0003bd80:·2020·2070·6163·6b61·6765·5f6d·616e·6167·····package_manag0003bd80:·3533·2d53·492d·370a·2020·2d20·4e49·5354··53-SI-7.··-·NIST
0003bd90:·6572·5f72·6569·6e73·7461·6c6c·5f63·6d64··er_reinstall_cmd0003bd90:·2d38·3030·2d35·332d·5349·2d37·2831·290a··-800-53-SI-7(1).
0003bda0:·3a20·7a79·7070·6572·2069·6e20·2d66·202d··:·zypper·in·-f·-0003bda0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0003bdb0:·790a·2020·7768·656e·3a0a·2020·2d20·6e6f··y.··when:.··-·no0003bdb0:·5349·2d37·2836·290a·2020·2d20·5043·492d··SI-7(6).··-·PCI-
0003bdc0:·7420·2820·226b·6572·6e65·6c22·2069·6e20··t·(·"kernel"·in·0003bdc0:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··-
0003bdd0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003bdd0:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5.
0003bde0:·636b·6167·6573·2061·6e64·2022·7270·6d2d··ckages·and·"rpm-0003bde0:·320a·2020·2d20·6869·6768·5f63·6f6d·706c··2.··-·high_compl
0003bdf0:·6f73·7472·6565·2220·696e·2061·6e73·6962··ostree"·in·ansib0003bdf0:·6578·6974·790a·2020·2d20·6869·6768·5f73··exity.··-·high_s
0003be00:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003be00:·6576·6572·6974·790a·2020·2d20·6d65·6469··everity.··-·medi
0003be10:·730a·2020·2020·616e·6420·2262·6f6f·7463··s.····and·"bootc0003be10:·756d·5f64·6973·7275·7074·696f·6e0a·2020··um_disruption.··
0003be20:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003be20:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need
0003be30:·7473·2e70·6163·6b61·6765·7320·616e·6420··ts.packages·and·0003be30:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_
0003be40:·6e6f·7420·226f·7065·6e73·6869·6674·2d6b··not·"openshift-k0003be40:·7374·7261·7465·6779·0a20·202d·2072·706d··strategy.··-·rpm
0003be50:·7562·656c·6574·2220·696e·2061·6e73·6962··ubelet"·in·ansib0003be50:·5f76·6572·6966·795f·6861·7368·6573·0a0a··_verify_hashes..
0003be60:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003be60:·2d20·6e61·6d65·3a20·2753·6574·2066·6163··-·name:·'Set·fac
Max diff block lines reached; 17906711/17962491 bytes (99.69%) of diff not shown.
1.62 MB
html2text {}
Max HTML report size reached
34.0 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-stig.html
    
Offset 15159, 284 lines modifiedOffset 15159, 284 lines modified
0003b360:·6172·6765·743d·2223·6964·6d38·3435·3822··arget="#idm8458"0003b360:·6172·6765·743d·2223·6964·6d38·3435·3822··arget="#idm8458"
0003b370:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003b370:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003b380:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003b380:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003b390:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003b390:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003b3a0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003b3a0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003b3b0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003b3b0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003b3c0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003b3c0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003b3d0:·6f6e·2041·6e61·636f·6e64·6120·736e·6970··on·Anaconda·snip 
0003b3e0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br>< 
0003b3f0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel 
0003b400:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap 
0003b410:·7365·2220·6964·3d22·6964·6d38·3435·3822··se"·id="idm8458" 
0003b420:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t 
0003b430:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip 
0003b440:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere 
0003b450:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense 
0003b460:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl 
0003b470:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l 
0003b480:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003b490:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:< 
0003b4a0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003b4b0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb 
0003b4c0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal 
0003b4d0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr> 
0003b4e0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t 
0003b4f0:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td 
0003b500:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p 
0003b510:·7265·3e3c·636f·6465·3e0a·7061·636b·6167··re><code>.packag 
0003b520:·6520·2d2d·6164·643d·6169·6465·0a3c·2f63··e·--add=aide.</c 
0003b530:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b540:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b550:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b560:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b570:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b580:·6964·6d38·3435·3922·2074·6162·696e·6465··idm8459"·tabinde 
0003b590:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b5a0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b5b0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b5c0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b5d0:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b5e0:·656d·6564·6961·7469·6f6e·2050·7570·7065··emediation·Puppe 
0003b5f0:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a0003b3d0:·6f6e·2073·6372·6970·7420·e287·b23c·2f61··on·script·...</a
0003b600:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=0003b3e0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003b610:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·0003b3f0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003b620:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id0003b400:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003b630:·6d38·3435·3922·3e3c·7461·626c·6520·636c··m8459"><table·cl0003b410:·6d38·3435·3822·3e3c·7461·626c·6520·636c··m8458"><table·cl
0003b640:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table0003b420:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
0003b650:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b0003b430:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003b660:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co0003b440:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
0003b670:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th0003b450:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
0003b680:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th0003b460:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003b690:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003b6a0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003b6b0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003b6c0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b6d0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003b6e0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003b6f0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003b700:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003b710:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
0003b720:·626c·653e·3c70·7265·3e3c·636f·6465·3e69··ble><pre><code>i 
0003b730:·6e63·6c75·6465·2069·6e73·7461·6c6c·5f61··nclude·install_a 
0003b740:·6964·650a·0a63·6c61·7373·2069·6e73·7461··ide..class·insta 
0003b750:·6c6c·5f61·6964·6520·7b0a·2020·7061·636b··ll_aide·{.··pack 
0003b760:·6167·6520·7b20·2761·6964·6527·3a0a·2020··age·{·'aide':.·· 
0003b770:·2020·656e·7375·7265·203d·2667·743b·2027····ensure·=&gt;·' 
0003b780:·696e·7374·616c·6c65·6427·2c0a·2020·7d0a··installed',.··}. 
0003b790:·7d0a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··}.</code></pre>< 
0003b7a0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003b7b0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003b7c0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003b7d0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003b7e0:·6574·3d22·2369·646d·3834·3630·2220·7461··et="#idm8460"·ta 
0003b7f0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003b800:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003b810:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003b820:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003b830:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003b840:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003b850:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
0003b860:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003b870:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b880:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b890:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b8a0:·6d38·3436·3022·3e3c·7072·653e·3c63·6f64··m8460"><pre><cod 
0003b8b0:·653e·0a5b·5b70·6163·6b61·6765·735d·5d0a··e>.[[packages]]. 
0003b8c0:·6e61·6d65·203d·2022·6169·6465·220a·7665··name·=·"aide".ve 
0003b8d0:·7273·696f·6e20·3d20·222a·220a·3c2f·636f··rsion·=·"*".</co 
0003b8e0:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003b8f0:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003b900:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003b910:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003b920:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003b930:·646d·3834·3631·2220·7461·6269·6e64·6578··dm8461"·tabindex 
0003b940:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto 
0003b950:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded 
0003b960:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title=" 
0003b970:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve 
0003b980:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re 
0003b990:·6d65·6469·6174·696f·6e20·7363·7269·7074··mediation·script 
0003b9a0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div 
0003b9b0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co 
0003b9c0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse" 
0003b9d0:·2069·643d·2269·646d·3834·3631·223e·3c74···id="idm8461"><t 
0003b9e0:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl 
0003b9f0:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped· 
0003ba00:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t 
0003ba10:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed"> 
0003ba20:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi 
0003ba30:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low< 
0003ba40:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003ba50:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th 
0003ba60:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003ba70:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot 
0003ba80:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false< 
0003ba90:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003baa0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th>< 
0003bab0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></ 
0003bac0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre> 
0003bad0:·3c63·6f64·653e·0a70·6163·6b61·6765·2069··<code>.package·i 
0003bae0:·6e73·7461·6c6c·2061·6964·650a·3c2f·636f··nstall·aide.</co 
0003baf0:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div>< 
0003bb00:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn 
0003bb10:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t 
0003bb20:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse" 
0003bb30:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i 
0003bb40:·646d·3834·3632·2220·7461·6269·6e64·6578··dm8462"·tabindex 
Max diff block lines reached; 32757684/32795524 bytes (99.88%) of diff not shown.
2.74 MB
html2text {}
Max HTML report size reached
33.9 MB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-stig_gui.html
    
Offset 15177, 285 lines modifiedOffset 15177, 285 lines modified
0003b480:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003b480:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
0003b490:·2369·646d·3834·3538·2220·7461·6269·6e64··#idm8458"·tabind0003b490:·2369·646d·3834·3538·2220·7461·6269·6e64··#idm8458"·tabind
0003b4a0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003b4a0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
0003b4b0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003b4b0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
0003b4c0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003b4c0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
0003b4d0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003b4d0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
0003b4e0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003b4e0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
0003b4f0:·5265·6d65·6469·6174·696f·6e20·416e·6163··Remediation·Anac0003b4f0:·5265·6d65·6469·6174·696f·6e20·7363·7269··Remediation·scri
0003b500:·6f6e·6461·2073·6e69·7070·6574·20e2·87b2··onda·snippet·... 
0003b510:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003b520:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003b530:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003b540:·2269·646d·3834·3538·223e·3c74·6162·6c65··"idm8458"><table 
0003b550:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
0003b560:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl 
0003b570:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table 
0003b580:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr> 
0003b590:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:< 
0003b5a0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td> 
0003b5b0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis 
0003b5c0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td 
0003b5d0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003b5e0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t 
0003b5f0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003b600:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003b610:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e 
0003b620:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr>< 
0003b630:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod 
0003b640:·653e·0a70·6163·6b61·6765·202d·2d61·6464··e>.package·--add 
0003b650:·3d61·6964·650a·3c2f·636f·6465·3e3c·2f70··=aide.</code></p 
0003b660:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas 
0003b670:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe 
0003b680:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle= 
0003b690:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data- 
0003b6a0:·7461·7267·6574·3d22·2369·646d·3834·3539··target="#idm8459 
0003b6b0:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r 
0003b6c0:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari 
0003b6d0:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals 
0003b6e0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa 
0003b6f0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr 
0003b700:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat 
0003b710:·696f·6e20·5075·7070·6574·2073·6e69·7070··ion·Puppet·snipp 
0003b720:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d0003b500:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
0003b730:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-0003b510:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0003b740:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps0003b520:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
0003b750:·6522·2069·643d·2269·646d·3834·3539·223e··e"·id="idm8459">0003b530:·6522·2069·643d·2269·646d·3834·3538·223e··e"·id="idm8458">
0003b760:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta0003b540:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
0003b770:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe0003b550:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
0003b780:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered0003b560:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
0003b790:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed0003b570:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
0003b7a0:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple0003b580:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
0003b7b0:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo0003b590:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo
0003b7c0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003b7d0:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</ 
0003b7e0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003b7f0:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo 
0003b800:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals 
0003b810:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr>< 
0003b820:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th 
0003b830:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td> 
0003b840:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr 
0003b850:·653e·3c63·6f64·653e·696e·636c·7564·6520··e><code>include· 
0003b860:·696e·7374·616c·6c5f·6169·6465·0a0a·636c··install_aide..cl 
0003b870:·6173·7320·696e·7374·616c·6c5f·6169·6465··ass·install_aide 
0003b880:·207b·0a20·2070·6163·6b61·6765·207b·2027···{.··package·{·' 
0003b890:·6169·6465·273a·0a20·2020·2065·6e73·7572··aide':.····ensur 
0003b8a0:·6520·3d26·6774·3b20·2769·6e73·7461·6c6c··e·=&gt;·'install 
0003b8b0:·6564·272c·0a20·207d·0a7d·0a3c·2f63·6f64··ed',.··}.}.</cod 
0003b8c0:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003b8d0:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003b8e0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003b8f0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003b900:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003b910:·6d38·3436·3022·2074·6162·696e·6465·783d··m8460"·tabindex= 
0003b920:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003b930:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003b940:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003b950:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003b960:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003b970:·6564·6961·7469·6f6e·204f·5342·7569·6c64··ediation·OSBuild 
0003b980:·2042·6c75·6570·7269·6e74·2073·6e69·7070···Blueprint·snipp 
0003b990:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d 
0003b9a0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003b9b0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003b9c0:·6522·2069·643d·2269·646d·3834·3630·223e··e"·id="idm8460"> 
0003b9d0:·3c70·7265·3e3c·636f·6465·3e0a·5b5b·7061··<pre><code>.[[pa 
0003b9e0:·636b·6167·6573·5d5d·0a6e·616d·6520·3d20··ckages]].name·=· 
0003b9f0:·2261·6964·6522·0a76·6572·7369·6f6e·203d··"aide".version·= 
0003ba00:·2022·2a22·0a3c·2f63·6f64·653e·3c2f·7072···"*".</code></pr 
0003ba10:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003ba20:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003ba30:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003ba40:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003ba50:·6172·6765·743d·2223·6964·6d38·3436·3122··arget="#idm8461" 
0003ba60:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro 
0003ba70:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria 
0003ba80:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false 
0003ba90:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat 
0003baa0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre 
0003bab0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati 
0003bac0:·6f6e·2073·6372·6970·7420·e287·b23c·2f61··on·script·...</a 
0003bad0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003bae0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003baf0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003bb00:·6d38·3436·3122·3e3c·7461·626c·6520·636c··m8461"><table·cl 
0003bb10:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table 
0003bb20:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b 
0003bb30:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co 
0003bb40:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th 
0003bb50:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th 
0003bb60:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t 
0003bb70:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup 
0003bb80:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo 
0003bb90:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003bba0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
0003bbb0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003bbc0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003bbd0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003bbe0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta 
0003bbf0:·626c·653e·3c70·7265·3e3c·636f·6465·3e0a··ble><pre><code>. 
0003bc00:·7061·636b·6167·6520·696e·7374·616c·6c20··package·install· 
0003bc10:·6169·6465·0a3c·2f63·6f64·653e·3c2f·7072··aide.</code></pr 
0003bc20:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class 
0003bc30:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes 
0003bc40:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle=" 
0003bc50:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t 
0003bc60:·6172·6765·743d·2223·6964·6d38·3436·3222··arget="#idm8462" 
Max diff block lines reached; 32663517/32701495 bytes (99.88%) of diff not shown.
2.73 MB
html2text {}
Max HTML report size reached
14.5 MB
./usr/share/doc/ssg-nondebian/ssg-rhv4-guide-pci-dss.html
    
Offset 15127, 408 lines modifiedOffset 15127, 408 lines modified
0003b160:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003b160:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b170:·2223·6964·6d31·3630·3822·2074·6162·696e··"#idm1608"·tabin0003b170:·2223·6964·6d31·3630·3822·2074·6162·696e··"#idm1608"·tabin
0003b180:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003b180:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b190:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b190:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b1a0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b1a0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b1b0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b1b0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b1c0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b1c0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b1d0:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003b1d0:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
0003b1e0:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...0003b1e0:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
0003b1f0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003b1f0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003b200:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003b200:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003b210:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003b210:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003b220:·2269·646d·3136·3038·223e·3c74·6162·6c65··"idm1608"><table0003b220:·6d31·3630·3822·3e3c·7072·653e·3c63·6f64··m1608"><pre><cod
0003b230:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003b230:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
0003b240:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003b240:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
0003b250:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003b250:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
0003b260:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003b260:·6174·666f·726d·730a·6966·2021·2028·207b··atforms.if·!·(·{
0003b270:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003b270:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b280:·2f74·683e·3c74·643e·6869·6768·3c2f·7464··/th><td>high</td0003b280:·6b65·726e·656c·203b·7d20·2661·6d70·3b26··kernel·;}·&amp;&
0003b290:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di0003b290:·616d·703b·207b·2072·706d·202d·2d71·7569··amp;·{·rpm·--qui
0003b2a0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003b2a0:·6574·202d·7120·7270·6d2d·6f73·7472·6565··et·-q·rpm-ostree
0003b2b0:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t0003b2b0:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003b2c0:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot0003b2c0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b2d0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<0003b2d0:·626f·6f74·6320·3b7d·2026·616d·703b·2661··bootc·;}·&amp;&a
0003b2e0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b2e0:·6d70·3b20·7b20·2120·7270·6d20·2d2d·7175··mp;·{·!·rpm·--qu
0003b2f0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><0003b2f0:·6965·7420·2d71·206f·7065·6e73·6869·6674··iet·-q·openshift
0003b300:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>0003b300:·2d6b·7562·656c·6574·203b·7d20·293b·2074··-kubelet·;}·);·t
0003b310:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr0003b310:·6865·6e0a·0a23·2046·696e·6420·7768·6963··hen..#·Find·whic
0003b320:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·0003b320:·6820·6669·6c65·7320·6861·7665·2069·6e63··h·files·have·inc
0003b330:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa0003b330:·6f72·7265·6374·2068·6173·6820·286e·6f74··orrect·hash·(not
0003b340:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa0003b340:·2069·6e20·2f65·7463·2c20·6265·6361·7573···in·/etc,·becaus
0003b350:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma0003b350:·6520·6f66·2074·6865·2073·7973·7465·6d20··e·of·the·system·
0003b360:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta0003b360:·7265·6c61·7465·6420·636f·6e66·6967·2066··related·config·f
0003b370:·6773·3a0a·2020·2d20·434a·4953·2d35·2e31··gs:.··-·CJIS-5.10003b370:·696c·6573·2920·616e·6420·7468·656e·2067··iles)·and·then·g
0003b380:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-80003b380:·6574·2066·696c·6573·206e·616d·6573·0a66··et·files·names.f
0003b390:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-0003b390:·696c·6573·5f77·6974·685f·696e·636f·7272··iles_with_incorr
0003b3a0:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003b3a0:·6563·745f·6861·7368·3d22·2428·7270·6d20··ect_hash="$(rpm·
0003b3b0:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003b3b0:·2d56·6120·2d2d·6e6f·636f·6e66·6967·207c··-Va·--noconfig·|
0003b3c0:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·0003b3c0:·2067·7265·7020·2d45·2027·5e2e·2e35·2720···grep·-E·'^..5'·
0003b3d0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003b3d0:·7c20·6177·6b20·277b·7072·696e·7420·244e··|·awk·'{print·$N
0003b3e0:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-8000003b3e0:·467d·2720·2922·0a0a·6966·205b·202d·6e20··F}'·)"..if·[·-n·
0003b3f0:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·0003b3f0:·2224·6669·6c65·735f·7769·7468·5f69·6e63··"$files_with_inc
0003b400:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003b400:·6f72·7265·6374·5f68·6173·6822·205d·3b20··orrect_hash"·];·
0003b410:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b410:·7468·656e·0a20·2020·2023·2046·726f·6d20··then.····#·From·
0003b420:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS0003b420:·6669·6c65·7320·6e61·6d65·7320·6765·7420··files·names·get·
0003b430:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)0003b430:·7061·636b·6167·6520·6e61·6d65·7320·616e··package·names·an
0003b440:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003b440:·6420·6368·616e·6765·206e·6577·6c69·6e65··d·change·newline
0003b450:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS0003b450:·2074·6f20·7370·6163·652c·2062·6563·6175···to·space,·becau
0003b460:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h0003b460:·7365·2072·706d·2077·7269·7465·7320·6561··se·rpm·writes·ea
0003b470:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·0003b470:·6368·2070·6163·6b61·6765·2074·6f20·6e65··ch·package·to·ne
0003b480:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity0003b480:·7720·6c69·6e65·0a20·2020·2070·6163·6b61··w·line.····packa
0003b490:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003b490:·6765·735f·746f·5f72·6569·6e73·7461·6c6c··ges_to_reinstall
0003b4a0:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re0003b4a0:·3d22·2428·7270·6d20·2d71·6620·2466·696c··="$(rpm·-qf·$fil
0003b4b0:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003b4b0:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003b4c0:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0003b4c0:·745f·6861·7368·207c·2074·7220·275c·6e27··t_hash·|·tr·'\n'
0003b4d0:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify0003b4d0:·2027·2027·2922·0a0a·2020·2020·0a20·2020···'·')"..····.···
0003b4e0:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:0003b4e0:·2079·756d·2072·6569·6e73·7461·6c6c·202d···yum·reinstall·-
0003b4f0:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack0003b4f0:·7920·2470·6163·6b61·6765·735f·746f·5f72··y·$packages_to_r
0003b500:·6167·6520·6d61·6e61·6765·7220·7265·696e··age·manager·rein0003b500:·6569·6e73·7461·6c6c·0a20·2020·200a·6669··einstall.····.fi
0003b510:·7374·616c·6c20·636f·6d6d·616e·6427·0a20··stall·command'.·0003b510:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
0003b520:·2073·6574·5f66·6163·743a·0a20·2020·2070···set_fact:.····p0003b520:·616d·703b·3220·6563·686f·2027·5265·6d65··amp;2·echo·'Reme
0003b530:·6163·6b61·6765·5f6d·616e·6167·6572·5f72··ackage_manager_r0003b530:·6469·6174·696f·6e20·6973·206e·6f74·2061··diation·is·not·a
0003b540:·6569·6e73·7461·6c6c·5f63·6d64·3a20·7975··einstall_cmd:·yu0003b540:·7070·6c69·6361·626c·652c·206e·6f74·6869··pplicable,·nothi
0003b550:·6d20·7265·696e·7374·616c·6c20·2d79·0a20··m·reinstall·-y.·0003b550:·6e67·2077·6173·2064·6f6e·6527·0a66·690a··ng·was·done'.fi.
0003b560:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003b560:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
0003b570:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003b570:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
0003b580:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003b580:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
0003b590:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003b590:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
0003b5a0:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003b5a0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b5b0:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003b5b0:·3d22·2369·646d·3136·3039·2220·7461·6269··="#idm1609"·tabi
0003b5c0:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003b5c0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b5d0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003b5d0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b5e0:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003b5e0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b5f0:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003b5f0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b600:·6c65·7422·2069·6e20·616e·7369·626c·655f··let"·in·ansible_0003b600:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b610:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003b610:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An
0003b620:·2020·2029·0a20·202d·2061·6e73·6962·6c65·····).··-·ansible0003b620:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..
0003b630:·5f64·6973·7472·6962·7574·696f·6e20·696e··_distribution·in0003b630:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003b640:·205b·2022·4665·646f·7261·222c·2022·5265···[·"Fedora",·"Re0003b640:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003b650:·6448·6174·222c·2022·4365·6e74·4f53·222c··dHat",·"CentOS",0003b650:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003b660:·2022·4f72·6163·6c65·4c69·6e75·7822·205d···"OracleLinux"·]0003b660:·3d22·6964·6d31·3630·3922·3e3c·7461·626c··="idm1609"><tabl
0003b670:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI0003b670:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
0003b680:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N0003b680:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
0003b690:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.0003b690:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
0003b6a0:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-10003b6a0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
0003b6b0:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS0003b6b0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
0003b6c0:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)0003b6c0:·3c2f·7468·3e3c·7464·3e68·6967·683c·2f74··</th><td>high</t
0003b6d0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b6d0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
0003b6e0:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS0003b6e0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
0003b6f0:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)0003b6f0:·7464·3e6d·6564·6975·6d3c·2f74·643e·3c2f··td>medium</td></
0003b700:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b700:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003b710:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-80003b710:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
0003b720:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··0003b720:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003b730:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003b730:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
0003b740:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS0003b740:·3c74·643e·7265·7374·7269·6374·3c2f·7464··<td>restrict</td
0003b750:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P0003b750:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0003b760:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.0003b760:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
0003b770:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex0003b770:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
0003b780:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev0003b780:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
0003b790:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium0003b790:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
0003b7a0:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·0003b7a0:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
0003b7b0:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed0003b7b0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
0003b7c0:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st0003b7c0:·3130·2e34·2e31·0a20·202d·204e·4953·542d··10.4.1.··-·NIST-
0003b7d0:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v0003b7d0:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··
0003b7e0:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·0003b7e0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003b7f0:·6e61·6d65·3a20·2753·6574·2066·6163·743a··name:·'Set·fact:0003b7f0:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-80
0003b800:·2050·6163·6b61·6765·206d·616e·6167·6572···Package·manager0003b800:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-
0003b810:·2072·6569·6e73·7461·6c6c·2063·6f6d·6d61···reinstall·comma0003b810:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
0003b820:·6e64·2028·7a79·7070·6572·2927·0a20·2073··nd·(zypper)'.··s0003b820:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-80
0003b830:·6574·5f66·6163·743a·0a20·2020·2070·6163··et_fact:.····pac0003b830:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-
0003b840:·6b61·6765·5f6d·616e·6167·6572·5f72·6569··kage_manager_rei0003b840:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003b850:·6e73·7461·6c6c·5f63·6d64·3a20·7a79·7070··nstall_cmd:·zypp0003b850:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
0003b860:·6572·2069·6e20·2d66·202d·790a·2020·7768··er·in·-f·-y.··wh0003b860:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI
0003b870:·656e·3a0a·2020·2d20·6e6f·7420·2820·226b··en:.··-·not·(·"k0003b870:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(6
0003b880:·6572·6e65·6c22·2069·6e20·616e·7369·626c··ernel"·in·ansibl0003b880:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re
0003b890:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003b890:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D
0003b8a0:·2061·6e64·2022·7270·6d2d·6f73·7472·6565···and·"rpm-ostree0003b8a0:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·
0003b8b0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b8b0:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.
0003b8c0:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003b8c0:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit
0003b8d0:·616e·6420·2262·6f6f·7463·2220·696e·2061··and·"bootc"·in·a0003b8d0:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis
0003b8e0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003b8e0:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r
0003b8f0:·6b61·6765·7320·616e·6420·6e6f·7420·226f··kages·and·not·"o0003b8f0:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-
0003b900:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet0003b900:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate
0003b910:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b910:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif
0003b920:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003b920:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name
0003b930:·290a·2020·2d20·616e·7369·626c·655f·6469··).··-·ansible_di0003b930:·3a20·2753·6574·2066·6163·743a·2050·6163··:·'Set·fact:·Pac
Max diff block lines reached; 14090669/14145621 bytes (99.61%) of diff not shown.
1020 KB
html2text {}
    
Offset 97, 14 lines modifiedOffset 97, 33 lines modified
97 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.697 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
98 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.498 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
99 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)99 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
100 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1100 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
101 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5101 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
102 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227102 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
103 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2103 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 104 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 105 #·Remediation·is·applicable·only·in·certain·platforms
 106 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 107 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 108 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 109 if·[·-n·"$files_with_incorrect_hash"·];·then
 110 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 111 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 112 ····yum·reinstall·-y·$packages_to_reinstall
  
 113 fi
  
 114 else
 115 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 116 fi
104 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8117 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
105 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high118 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
106 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium119 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
107 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false120 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
108 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict121 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
109 -·name:·Gather·the·package·facts122 -·name:·Gather·the·package·facts
110 ··package_facts:123 ··package_facts:
Offset 271, 33 lines modifiedOffset 290, 14 lines modified
271 ··-·PCI-DSSv4-11.5.2290 ··-·PCI-DSSv4-11.5.2
272 ··-·high_complexity291 ··-·high_complexity
273 ··-·high_severity292 ··-·high_severity
274 ··-·medium_disruption293 ··-·medium_disruption
275 ··-·no_reboot_needed294 ··-·no_reboot_needed
276 ··-·restrict_strategy295 ··-·restrict_strategy
277 ··-·rpm_verify_hashes296 ··-·rpm_verify_hashes
278 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
279 #·Remediation·is·applicable·only·in·certain·platforms 
280 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
281 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
282 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
283 if·[·-n·"$files_with_incorrect_hash"·];·then 
284 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
285 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
286 ····yum·reinstall·-y·$packages_to_reinstall 
  
287 fi 
  
288 else 
289 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
290 fi 
291 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*297 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
292 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:298 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and·commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
293 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'299 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
294 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:300 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,·run·the·following·command·to·determine·which·package·owns·it:
295 $·rpm·-qf·FILENAME301 $·rpm·-qf·FILENAME
  
296 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:302 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
Offset 318, 14 lines modifiedOffset 318, 50 lines modified
318 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5318 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
319 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2319 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
320 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)320 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
321 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1321 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
322 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5322 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
323 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108323 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,·SRG-OS-000278-GPOS-00108
324 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2324 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 325 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 326 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 327 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 328 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 329 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 330 #·Remediation·is·applicable·only·in·certain·platforms
 331 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 332 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 333 declare·-A·SETPERMS_RPM_DICT
  
 334 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 335 #·is·expected·by·the·RPM·database
 336 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}')
  
 337 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 338 do
 339 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 340 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 341 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 342 ········do
 343 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 344 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 345 ········done
 346 done
  
 347 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 348 #·correct·values
 349 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 350 do
 351 »       rpm·--restore·"${RPM_PACKAGE}"
 352 done
  
 353 else
 354 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 355 fi
325 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8356 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
326 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high357 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
327 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium358 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
328 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false359 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
329 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict360 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
330 -·name:·Gather·the·package·facts361 -·name:·Gather·the·package·facts
331 ··package_facts:362 ··package_facts:
Offset 437, 50 lines modifiedOffset 473, 14 lines modified
437 ··-·PCI-DSSv4-11.5.2473 ··-·PCI-DSSv4-11.5.2
438 ··-·high_complexity474 ··-·high_complexity
439 ··-·high_severity475 ··-·high_severity
440 ··-·medium_disruption476 ··-·medium_disruption
441 ··-·no_reboot_needed477 ··-·no_reboot_needed
442 ··-·restrict_strategy478 ··-·restrict_strategy
443 ··-·rpm_verify_permissions479 ··-·rpm_verify_permissions
444 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
Max diff block lines reached; 1032511/1040590 bytes (99.22%) of diff not shown.
25.8 MB
./usr/share/doc/ssg-nondebian/ssg-rhv4-guide-rhvh-stig.html
    
Offset 15180, 408 lines modifiedOffset 15180, 408 lines modified
0003b4b0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003b4b0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003b4c0:·646d·3136·3038·2220·7461·6269·6e64·6578··dm1608"·tabindex0003b4c0:·646d·3136·3038·2220·7461·6269·6e64·6578··dm1608"·tabindex
0003b4d0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003b4d0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003b4e0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003b4e0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003b4f0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003b4f0:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003b500:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003b500:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b510:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003b510:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003b520:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl0003b520:·6d65·6469·6174·696f·6e20·5368·656c·6c20··mediation·Shell·
0003b530:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a0003b530:·7363·7269·7074·20e2·87b2·3c2f·613e·3c62··script·...</a><b
0003b540:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=0003b540:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
0003b550:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·0003b550:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
0003b560:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id0003b560:·6c61·7073·6522·2069·643d·2269·646d·3136··lapse"·id="idm16
0003b570:·6d31·3630·3822·3e3c·7461·626c·6520·636c··m1608"><table·cl0003b570:·3038·223e·3c70·7265·3e3c·636f·6465·3e23··08"><pre><code>#
0003b580:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table0003b580:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
0003b590:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b0003b590:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
0003b5a0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co0003b5a0:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
0003b5b0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th0003b5b0:·6f72·6d73·0a69·6620·2120·2820·7b20·7270··orms.if·!·(·{·rp
0003b5c0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th0003b5c0:·6d20·2d2d·7175·6965·7420·2d71·206b·6572··m·--quiet·-q·ker
0003b5d0:·3e3c·7464·3e68·6967·683c·2f74·643e·3c2f··><td>high</td></0003b5d0:·6e65·6c20·3b7d·2026·616d·703b·2661·6d70··nel·;}·&amp;&amp
0003b5e0:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru0003b5e0:·3b20·7b20·7270·6d20·2d2d·7175·6965·7420··;·{·rpm·--quiet·
0003b5f0:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6d··ption:</th><td>m0003b5f0:·2d71·2072·706d·2d6f·7374·7265·6520·3b7d··-q·rpm-ostree·;}
0003b600:·6564·6975·6d3c·2f74·643e·3c2f·7472·3e3c··edium</td></tr><0003b600:·2026·616d·703b·2661·6d70·3b20·7b20·7270···&amp;&amp;·{·rp
0003b610:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</0003b610:·6d20·2d2d·7175·6965·7420·2d71·2062·6f6f··m·--quiet·-q·boo
0003b620:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td0003b620:·7463·203b·7d20·2661·6d70·3b26·616d·703b··tc·;}·&amp;&amp;
0003b630:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St0003b630:·207b·2021·2072·706d·202d·2d71·7569·6574···{·!·rpm·--quiet
0003b640:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>0003b640:·202d·7120·6f70·656e·7368·6966·742d·6b75···-q·openshift-ku
0003b650:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t0003b650:·6265·6c65·7420·3b7d·2029·3b20·7468·656e··belet·;}·);·then
0003b660:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><0003b660:·0a0a·2320·4669·6e64·2077·6869·6368·2066··..#·Find·which·f
0003b670:·636f·6465·3e2d·206e·616d·653a·2047·6174··code>-·name:·Gat0003b670:·696c·6573·2068·6176·6520·696e·636f·7272··iles·have·incorr
0003b680:·6865·7220·7468·6520·7061·636b·6167·6520··her·the·package·0003b680:·6563·7420·6861·7368·2028·6e6f·7420·696e··ect·hash·(not·in
0003b690:·6661·6374·730a·2020·7061·636b·6167·655f··facts.··package_0003b690:·202f·6574·632c·2062·6563·6175·7365·206f···/etc,·because·o
0003b6a0:·6661·6374·733a·0a20·2020·206d·616e·6167··facts:.····manag0003b6a0:·6620·7468·6520·7379·7374·656d·2072·656c··f·the·system·rel
0003b6b0:·6572·3a20·6175·746f·0a20·2074·6167·733a··er:·auto.··tags:0003b6b0:·6174·6564·2063·6f6e·6669·6720·6669·6c65··ated·config·file
0003b6c0:·0a20·202d·2043·4a49·532d·352e·3130·2e34··.··-·CJIS-5.10.40003b6c0:·7329·2061·6e64·2074·6865·6e20·6765·7420··s)·and·then·get·
0003b6d0:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-0003b6d0:·6669·6c65·7320·6e61·6d65·730a·6669·6c65··files·names.file
0003b6e0:·3137·312d·332e·332e·380a·2020·2d20·4e49··171-3.3.8.··-·NI0003b6e0:·735f·7769·7468·5f69·6e63·6f72·7265·6374··s_with_incorrect
0003b6f0:·5354·2d38·3030·2d31·3731·2d33·2e34·2e31··ST-800-171-3.4.10003b6f0:·5f68·6173·683d·2224·2872·706d·202d·5661··_hash="$(rpm·-Va
0003b700:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b700:·202d·2d6e·6f63·6f6e·6669·6720·7c20·6772···--noconfig·|·gr
0003b710:·2d41·552d·3928·3329·0a20·202d·204e·4953··-AU-9(3).··-·NIS0003b710:·6570·202d·4520·275e·2e2e·3527·207c·2061··ep·-E·'^..5'·|·a
0003b720:·542d·3830·302d·3533·2d43·4d2d·3628·6329··T-800-53-CM-6(c)0003b720:·776b·2027·7b70·7269·6e74·2024·4e46·7d27··wk·'{print·$NF}'
0003b730:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b730:·2029·220a·0a69·6620·5b20·2d6e·2022·2466···)"..if·[·-n·"$f
0003b740:·2d43·4d2d·3628·6429·0a20·202d·204e·4953··-CM-6(d).··-·NIS0003b740:·696c·6573·5f77·6974·685f·696e·636f·7272··iles_with_incorr
0003b750:·542d·3830·302d·3533·2d53·492d·370a·2020··T-800-53-SI-7.··0003b750:·6563·745f·6861·7368·2220·5d3b·2074·6865··ect_hash"·];·the
0003b760:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003b760:·6e0a·2020·2020·2320·4672·6f6d·2066·696c··n.····#·From·fil
0003b770:·2d37·2831·290a·2020·2d20·4e49·5354·2d38··-7(1).··-·NIST-80003b770:·6573·206e·616d·6573·2067·6574·2070·6163··es·names·get·pac
0003b780:·3030·2d35·332d·5349·2d37·2836·290a·2020··00-53-SI-7(6).··0003b780:·6b61·6765·206e·616d·6573·2061·6e64·2063··kage·names·and·c
0003b790:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-110003b790:·6861·6e67·6520·6e65·776c·696e·6520·746f··hange·newline·to
0003b7a0:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv40003b7a0:·2073·7061·6365·2c20·6265·6361·7573·6520···space,·because·
0003b7b0:·2d31·312e·352e·320a·2020·2d20·6869·6768··-11.5.2.··-·high0003b7b0:·7270·6d20·7772·6974·6573·2065·6163·6820··rpm·writes·each·
0003b7c0:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·0003b7c0:·7061·636b·6167·6520·746f·206e·6577·206c··package·to·new·l
0003b7d0:·6869·6768·5f73·6576·6572·6974·790a·2020··high_severity.··0003b7d0:·696e·650a·2020·2020·7061·636b·6167·6573··ine.····packages
0003b7e0:·2d20·6d65·6469·756d·5f64·6973·7275·7074··-·medium_disrupt0003b7e0:·5f74·6f5f·7265·696e·7374·616c·6c3d·2224··_to_reinstall="$
0003b7f0:·696f·6e0a·2020·2d20·6e6f·5f72·6562·6f6f··ion.··-·no_reboo0003b7f0:·2872·706d·202d·7166·2024·6669·6c65·735f··(rpm·-qf·$files_
0003b800:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res0003b800:·7769·7468·5f69·6e63·6f72·7265·6374·5f68··with_incorrect_h
0003b810:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.·0003b810:·6173·6820·7c20·7472·2027·5c6e·2720·2720··ash·|·tr·'\n'·'·
0003b820:·202d·2072·706d·5f76·6572·6966·795f·6861···-·rpm_verify_ha0003b820:·2729·220a·0a20·2020·200a·2020·2020·7975··')"..····.····yu
0003b830:·7368·6573·0a0a·2d20·6e61·6d65·3a20·2753··shes..-·name:·'S0003b830:·6d20·7265·696e·7374·616c·6c20·2d79·2024··m·reinstall·-y·$
0003b840:·6574·2066·6163·743a·2050·6163·6b61·6765··et·fact:·Package0003b840:·7061·636b·6167·6573·5f74·6f5f·7265·696e··packages_to_rein
0003b850:·206d·616e·6167·6572·2072·6569·6e73·7461···manager·reinsta0003b850:·7374·616c·6c0a·2020·2020·0a66·690a·0a65··stall.····.fi..e
0003b860:·6c6c·2063·6f6d·6d61·6e64·270a·2020·7365··ll·command'.··se0003b860:·6c73·650a·2020·2020·2667·743b·2661·6d70··lse.····&gt;&amp
0003b870:·745f·6661·6374·3a0a·2020·2020·7061·636b··t_fact:.····pack0003b870:·3b32·2065·6368·6f20·2752·656d·6564·6961··;2·echo·'Remedia
0003b880:·6167·655f·6d61·6e61·6765·725f·7265·696e··age_manager_rein0003b880:·7469·6f6e·2069·7320·6e6f·7420·6170·706c··tion·is·not·appl
0003b890:·7374·616c·6c5f·636d·643a·2079·756d·2072··stall_cmd:·yum·r0003b890:·6963·6162·6c65·2c20·6e6f·7468·696e·6720··icable,·nothing·
0003b8a0:·6569·6e73·7461·6c6c·202d·790a·2020·7768··einstall·-y.··wh0003b8a0:·7761·7320·646f·6e65·270a·6669·0a3c·2f63··was·done'.fi.</c
0003b8b0:·656e·3a0a·2020·2d20·6e6f·7420·2820·226b··en:.··-·not·(·"k0003b8b0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div>
0003b8c0:·6572·6e65·6c22·2069·6e20·616e·7369·626c··ernel"·in·ansibl0003b8c0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt
0003b8d0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003b8d0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data-
0003b8e0:·2061·6e64·2022·7270·6d2d·6f73·7472·6565···and·"rpm-ostree0003b8e0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse
0003b8f0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b8f0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003b900:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003b900:·6964·6d31·3630·3922·2074·6162·696e·6465··idm1609"·tabinde
0003b910:·616e·6420·2262·6f6f·7463·2220·696e·2061··and·"bootc"·in·a0003b910:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003b920:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003b920:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003b930:·6b61·6765·7320·616e·6420·6e6f·7420·226f··kages·and·not·"o0003b930:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003b940:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet0003b940:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003b950:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003b950:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003b960:·7473·2e70·6163·6b61·6765·730a·2020·2020··ts.packages.····0003b960:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib
0003b970:·290a·2020·2d20·616e·7369·626c·655f·6469··).··-·ansible_di0003b970:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</
0003b980:·7374·7269·6275·7469·6f6e·2069·6e20·5b20··stribution·in·[·0003b980:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0003b990:·2246·6564·6f72·6122·2c20·2252·6564·4861··"Fedora",·"RedHa0003b990:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0003b9a0:·7422·2c20·2243·656e·744f·5322·2c20·224f··t",·"CentOS",·"O0003b9a0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0003b9b0:·7261·636c·654c·696e·7578·2220·5d0a·2020··racleLinux"·].··0003b9b0:·646d·3136·3039·223e·3c74·6162·6c65·2063··dm1609"><table·c
0003b9c0:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-50003b9c0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
0003b9d0:·2e31·302e·342e·310a·2020·2d20·4e49·5354··.10.4.1.··-·NIST0003b9d0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
0003b9e0:·2d38·3030·2d31·3731·2d33·2e33·2e38·0a20··-800-171-3.3.8.·0003b9e0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
0003b9f0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-0003b9f0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
0003ba00:·332e·342e·310a·2020·2d20·4e49·5354·2d38··3.4.1.··-·NIST-80003ba00:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
0003ba10:·3030·2d35·332d·4155·2d39·2833·290a·2020··00-53-AU-9(3).··0003ba10:·683e·3c74·643e·6869·6768·3c2f·7464·3e3c··h><td>high</td><
0003ba20:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM0003ba20:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
0003ba30:·2d36·2863·290a·2020·2d20·4e49·5354·2d38··-6(c).··-·NIST-80003ba30:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
0003ba40:·3030·2d35·332d·434d·2d36·2864·290a·2020··00-53-CM-6(d).··0003ba40:·6d65·6469·756d·3c2f·7464·3e3c·2f74·723e··medium</td></tr>
0003ba50:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI0003ba50:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
0003ba60:·2d37·0a20·202d·204e·4953·542d·3830·302d··-7.··-·NIST-800-0003ba60:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
0003ba70:·3533·2d53·492d·3728·3129·0a20·202d·204e··53-SI-7(1).··-·N0003ba70:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
0003ba80:·4953·542d·3830·302d·3533·2d53·492d·3728··IST-800-53-SI-7(0003ba80:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
0003ba90:·3629·0a20·202d·2050·4349·2d44·5353·2d52··6).··-·PCI-DSS-R0003ba90:·3e72·6573·7472·6963·743c·2f74·643e·3c2f··>restrict</td></
0003baa0:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI-0003baa0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
0003bab0:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··-0003bab0:·3c63·6f64·653e·2d20·6e61·6d65·3a20·4761··<code>-·name:·Ga
0003bac0:·2068·6967·685f·636f·6d70·6c65·7869·7479···high_complexity0003bac0:·7468·6572·2074·6865·2070·6163·6b61·6765··ther·the·package
0003bad0:·0a20·202d·2068·6967·685f·7365·7665·7269··.··-·high_severi0003bad0:·2066·6163·7473·0a20·2070·6163·6b61·6765···facts.··package
0003bae0:·7479·0a20·202d·206d·6564·6975·6d5f·6469··ty.··-·medium_di0003bae0:·5f66·6163·7473·3a0a·2020·2020·6d61·6e61··_facts:.····mana
0003baf0:·7372·7570·7469·6f6e·0a20·202d·206e·6f5f··sruption.··-·no_0003baf0:·6765·723a·2061·7574·6f0a·2020·7461·6773··ger:·auto.··tags
0003bb00:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.··0003bb00:·3a0a·2020·2d20·434a·4953·2d35·2e31·302e··:.··-·CJIS-5.10.
0003bb10:·2d20·7265·7374·7269·6374·5f73·7472·6174··-·restrict_strat0003bb10:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-800
0003bb20:·6567·790a·2020·2d20·7270·6d5f·7665·7269··egy.··-·rpm_veri0003bb20:·2d31·3731·2d33·2e33·2e38·0a20·202d·204e··-171-3.3.8.··-·N
0003bb30:·6679·5f68·6173·6865·730a·0a2d·206e·616d··fy_hashes..-·nam0003bb30:·4953·542d·3830·302d·3137·312d·332e·342e··IST-800-171-3.4.
0003bb40:·653a·2027·5365·7420·6661·6374·3a20·5061··e:·'Set·fact:·Pa0003bb40:·310a·2020·2d20·4e49·5354·2d38·3030·2d35··1.··-·NIST-800-5
0003bb50:·636b·6167·6520·6d61·6e61·6765·7220·7265··ckage·manager·re0003bb50:·332d·4155·2d39·2833·290a·2020·2d20·4e49··3-AU-9(3).··-·NI
0003bb60:·696e·7374·616c·6c20·636f·6d6d·616e·6420··install·command·0003bb60:·5354·2d38·3030·2d35·332d·434d·2d36·2863··ST-800-53-CM-6(c
0003bb70:·287a·7970·7065·7229·270a·2020·7365·745f··(zypper)'.··set_0003bb70:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
0003bb80:·6661·6374·3a0a·2020·2020·7061·636b·6167··fact:.····packag0003bb80:·332d·434d·2d36·2864·290a·2020·2d20·4e49··3-CM-6(d).··-·NI
0003bb90:·655f·6d61·6e61·6765·725f·7265·696e·7374··e_manager_reinst0003bb90:·5354·2d38·3030·2d35·332d·5349·2d37·0a20··ST-800-53-SI-7.·
0003bba0:·616c·6c5f·636d·643a·207a·7970·7065·7220··all_cmd:·zypper·0003bba0:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S
0003bbb0:·696e·202d·6620·2d79·0a20·2077·6865·6e3a··in·-f·-y.··when:0003bbb0:·492d·3728·3129·0a20·202d·204e·4953·542d··I-7(1).··-·NIST-
0003bbc0:·0a20·202d·206e·6f74·2028·2022·6b65·726e··.··-·not·(·"kern0003bbc0:·3830·302d·3533·2d53·492d·3728·3629·0a20··800-53-SI-7(6).·
0003bbd0:·656c·2220·696e·2061·6e73·6962·6c65·5f66··el"·in·ansible_f0003bbd0:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1
0003bbe0:·6163·7473·2e70·6163·6b61·6765·7320·616e··acts.packages·an0003bbe0:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv
0003bbf0:·6420·2272·706d·2d6f·7374·7265·6522·2069··d·"rpm-ostree"·i0003bbf0:·342d·3131·2e35·2e32·0a20·202d·2068·6967··4-11.5.2.··-·hig
0003bc00:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003bc00:·685f·636f·6d70·6c65·7869·7479·0a20·202d··h_complexity.··-
0003bc10:·7061·636b·6167·6573·0a20·2020·2061·6e64··packages.····and0003bc10:·2068·6967·685f·7365·7665·7269·7479·0a20···high_severity.·
0003bc20:·2022·626f·6f74·6322·2069·6e20·616e·7369···"bootc"·in·ansi0003bc20:·202d·206d·6564·6975·6d5f·6469·7372·7570···-·medium_disrup
0003bc30:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003bc30:·7469·6f6e·0a20·202d·206e·6f5f·7265·626f··tion.··-·no_rebo
0003bc40:·6573·2061·6e64·206e·6f74·2022·6f70·656e··es·and·not·"open0003bc40:·6f74·5f6e·6565·6465·640a·2020·2d20·7265··ot_needed.··-·re
0003bc50:·7368·6966·742d·6b75·6265·6c65·7422·2069··shift-kubelet"·i0003bc50:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.
0003bc60:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003bc60:·2020·2d20·7270·6d5f·7665·7269·6679·5f68····-·rpm_verify_h
0003bc70:·7061·636b·6167·6573·0a20·2020·2029·0a20··packages.····).·0003bc70:·6173·6865·730a·0a2d·206e·616d·653a·2027··ashes..-·name:·'
0003bc80:·202d·2061·6e73·6962·6c65·5f64·6973·7472···-·ansible_distr0003bc80:·5365·7420·6661·6374·3a20·5061·636b·6167··Set·fact:·Packag
Max diff block lines reached; 24695783/24750735 bytes (99.78%) of diff not shown.
2.19 MB
html2text {}
Max HTML report size reached
16.5 MB
./usr/share/doc/ssg-nondebian/ssg-rhv4-guide-rhvh-vpp.html
    
Offset 15203, 408 lines modifiedOffset 15203, 408 lines modified
0003b620:·7461·7267·6574·3d22·2369·646d·3136·3038··target="#idm16080003b620:·7461·7267·6574·3d22·2369·646d·3136·3038··target="#idm1608
0003b630:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003b630:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003b640:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003b640:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003b650:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003b650:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003b660:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003b660:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003b670:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003b670:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
Diff chunk too large, falling back to line-by-line diff (394 lines added, 394 lines removed)
0003b680:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003b680:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
0003b690:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip0003b690:·696f·6e20·5368·656c·6c20·7363·7269·7074··ion·Shell·script
0003b6a0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><0003b6a0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003b6b0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel0003b6b0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003b6c0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap0003b6c0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0003b6d0:·7365·2220·6964·3d22·6964·6d31·3630·3822··se"·id="idm1608"0003b6d0:·2069·643d·2269·646d·3136·3038·223e·3c70···id="idm1608"><p
0003b6e0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t0003b6e0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
0003b6f0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip0003b6f0:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
0003b700:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere0003b700:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
0003b710:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense0003b710:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
0003b720:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl0003b720:·6620·2120·2820·7b20·7270·6d20·2d2d·7175··f·!·(·{·rpm·--qu
0003b730:·6578·6974·793a·3c2f·7468·3e3c·7464·3e68··exity:</th><td>h0003b730:·6965·7420·2d71·206b·6572·6e65·6c20·3b7d··iet·-q·kernel·;}
0003b740:·6967·683c·2f74·643e·3c2f·7472·3e3c·7472··igh</td></tr><tr0003b740:·2026·616d·703b·2661·6d70·3b20·7b20·7270···&amp;&amp;·{·rp
0003b750:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:0003b750:·6d20·2d2d·7175·6965·7420·2d71·2072·706d··m·--quiet·-q·rpm
0003b760:·3c2f·7468·3e3c·7464·3e6d·6564·6975·6d3c··</th><td>medium<0003b760:·2d6f·7374·7265·6520·3b7d·2026·616d·703b··-ostree·;}·&amp;
0003b770:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b770:·2661·6d70·3b20·7b20·7270·6d20·2d2d·7175··&amp;·{·rpm·--qu
0003b780:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td0003b780:·6965·7420·2d71·2062·6f6f·7463·203b·7d20··iet·-q·bootc·;}·
0003b790:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>0003b790:·2661·6d70·3b26·616d·703b·207b·2021·2072··&amp;&amp;·{·!·r
0003b7a0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy0003b7a0:·706d·202d·2d71·7569·6574·202d·7120·6f70··pm·--quiet·-q·op
0003b7b0:·3a3c·2f74·683e·3c74·643e·7265·7374·7269··:</th><td>restri0003b7b0:·656e·7368·6966·742d·6b75·6265·6c65·7420··enshift-kubelet·
0003b7c0:·6374·3c2f·7464·3e3c·2f74·723e·3c2f·7461··ct</td></tr></ta0003b7c0:·3b7d·2029·3b20·7468·656e·0a0a·2320·4669··;}·);·then..#·Fi
0003b7d0:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-0003b7d0:·6e64·2077·6869·6368·2066·696c·6573·2068··nd·which·files·h
0003b7e0:·206e·616d·653a·2047·6174·6865·7220·7468···name:·Gather·th0003b7e0:·6176·6520·696e·636f·7272·6563·7420·6861··ave·incorrect·ha
0003b7f0:·6520·7061·636b·6167·6520·6661·6374·730a··e·package·facts.0003b7f0:·7368·2028·6e6f·7420·696e·202f·6574·632c··sh·(not·in·/etc,
0003b800:·2020·7061·636b·6167·655f·6661·6374·733a····package_facts:0003b800:·2062·6563·6175·7365·206f·6620·7468·6520···because·of·the·
0003b810:·0a20·2020·206d·616e·6167·6572·3a20·6175··.····manager:·au0003b810:·7379·7374·656d·2072·656c·6174·6564·2063··system·related·c
0003b820:·746f·0a20·2074·6167·733a·0a20·202d·2043··to.··tags:.··-·C0003b820:·6f6e·6669·6720·6669·6c65·7329·2061·6e64··onfig·files)·and
0003b830:·4a49·532d·352e·3130·2e34·2e31·0a20·202d··JIS-5.10.4.1.··-0003b830:·2074·6865·6e20·6765·7420·6669·6c65·7320···then·get·files·
0003b840:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003b840:·6e61·6d65·730a·6669·6c65·735f·7769·7468··names.files_with
0003b850:·332e·380a·2020·2d20·4e49·5354·2d38·3030··3.8.··-·NIST-8000003b850:·5f69·6e63·6f72·7265·6374·5f68·6173·683d··_incorrect_hash=
0003b860:·2d31·3731·2d33·2e34·2e31·0a20·202d·204e··-171-3.4.1.··-·N0003b860:·2224·2872·706d·202d·5661·202d·2d6e·6f63··"$(rpm·-Va·--noc
0003b870:·4953·542d·3830·302d·3533·2d41·552d·3928··IST-800-53-AU-9(0003b870:·6f6e·6669·6720·7c20·6772·6570·202d·4520··onfig·|·grep·-E·
0003b880:·3329·0a20·202d·204e·4953·542d·3830·302d··3).··-·NIST-800-0003b880:·275e·2e2e·3527·207c·2061·776b·2027·7b70··'^..5'·|·awk·'{p
0003b890:·3533·2d43·4d2d·3628·6329·0a20·202d·204e··53-CM-6(c).··-·N0003b890:·7269·6e74·2024·4e46·7d27·2029·220a·0a69··rint·$NF}'·)"..i
0003b8a0:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003b8a0:·6620·5b20·2d6e·2022·2466·696c·6573·5f77··f·[·-n·"$files_w
0003b8b0:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-0003b8b0:·6974·685f·696e·636f·7272·6563·745f·6861··ith_incorrect_ha
0003b8c0:·3533·2d53·492d·370a·2020·2d20·4e49·5354··53-SI-7.··-·NIST0003b8c0:·7368·2220·5d3b·2074·6865·6e0a·2020·2020··sh"·];·then.····
0003b8d0:·2d38·3030·2d35·332d·5349·2d37·2831·290a··-800-53-SI-7(1).0003b8d0:·2320·4672·6f6d·2066·696c·6573·206e·616d··#·From·files·nam
0003b8e0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b8e0:·6573·2067·6574·2070·6163·6b61·6765·206e··es·get·package·n
0003b8f0:·5349·2d37·2836·290a·2020·2d20·5043·492d··SI-7(6).··-·PCI-0003b8f0:·616d·6573·2061·6e64·2063·6861·6e67·6520··ames·and·change·
0003b900:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··-0003b900:·6e65·776c·696e·6520·746f·2073·7061·6365··newline·to·space
0003b910:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5.0003b910:·2c20·6265·6361·7573·6520·7270·6d20·7772··,·because·rpm·wr
0003b920:·320a·2020·2d20·6869·6768·5f63·6f6d·706c··2.··-·high_compl0003b920:·6974·6573·2065·6163·6820·7061·636b·6167··ites·each·packag
0003b930:·6578·6974·790a·2020·2d20·6869·6768·5f73··exity.··-·high_s0003b930:·6520·746f·206e·6577·206c·696e·650a·2020··e·to·new·line.··
0003b940:·6576·6572·6974·790a·2020·2d20·6d65·6469··everity.··-·medi0003b940:·2020·7061·636b·6167·6573·5f74·6f5f·7265····packages_to_re
0003b950:·756d·5f64·6973·7275·7074·696f·6e0a·2020··um_disruption.··0003b950:·696e·7374·616c·6c3d·2224·2872·706d·202d··install="$(rpm·-
0003b960:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need0003b960:·7166·2024·6669·6c65·735f·7769·7468·5f69··qf·$files_with_i
0003b970:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_0003b970:·6e63·6f72·7265·6374·5f68·6173·6820·7c20··ncorrect_hash·|·
0003b980:·7374·7261·7465·6779·0a20·202d·2072·706d··strategy.··-·rpm0003b980:·7472·2027·5c6e·2720·2720·2729·220a·0a20··tr·'\n'·'·')"..·
0003b990:·5f76·6572·6966·795f·6861·7368·6573·0a0a··_verify_hashes..0003b990:·2020·200a·2020·2020·7975·6d20·7265·696e·····.····yum·rein
0003b9a0:·2d20·6e61·6d65·3a20·2753·6574·2066·6163··-·name:·'Set·fac0003b9a0:·7374·616c·6c20·2d79·2024·7061·636b·6167··stall·-y·$packag
0003b9b0:·743a·2050·6163·6b61·6765·206d·616e·6167··t:·Package·manag0003b9b0:·6573·5f74·6f5f·7265·696e·7374·616c·6c0a··es_to_reinstall.
0003b9c0:·6572·2072·6569·6e73·7461·6c6c·2063·6f6d··er·reinstall·com0003b9c0:·2020·2020·0a66·690a·0a65·6c73·650a·2020······.fi..else.··
0003b9d0:·6d61·6e64·270a·2020·7365·745f·6661·6374··mand'.··set_fact0003b9d0:·2020·2667·743b·2661·6d70·3b32·2065·6368····&gt;&amp;2·ech
0003b9e0:·3a0a·2020·2020·7061·636b·6167·655f·6d61··:.····package_ma0003b9e0:·6f20·2752·656d·6564·6961·7469·6f6e·2069··o·'Remediation·i
0003b9f0:·6e61·6765·725f·7265·696e·7374·616c·6c5f··nager_reinstall_0003b9f0:·7320·6e6f·7420·6170·706c·6963·6162·6c65··s·not·applicable
0003ba00:·636d·643a·2079·756d·2072·6569·6e73·7461··cmd:·yum·reinsta0003ba00:·2c20·6e6f·7468·696e·6720·7761·7320·646f··,·nothing·was·do
0003ba10:·6c6c·202d·790a·2020·7768·656e·3a0a·2020··ll·-y.··when:.··0003ba10:·6e65·270a·6669·0a3c·2f63·6f64·653e·3c2f··ne'.fi.</code></
0003ba20:·2d20·6e6f·7420·2820·226b·6572·6e65·6c22··-·not·(·"kernel"0003ba20:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
0003ba30:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003ba30:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
0003ba40:·732e·7061·636b·6167·6573·2061·6e64·2022··s.packages·and·"0003ba40:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
0003ba50:·7270·6d2d·6f73·7472·6565·2220·696e·2061··rpm-ostree"·in·a0003ba50:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
0003ba60:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003ba60:·2d74·6172·6765·743d·2223·6964·6d31·3630··-target="#idm160
0003ba70:·6b61·6765·730a·2020·2020·616e·6420·2262··kages.····and·"b0003ba70:·3922·2074·6162·696e·6465·783d·2230·2220··9"·tabindex="0"·
0003ba80:·6f6f·7463·2220·696e·2061·6e73·6962·6c65··ootc"·in·ansible0003ba80:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003ba90:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003ba90:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003baa0:·616e·6420·6e6f·7420·226f·7065·6e73·6869··and·not·"openshi0003baa0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003bab0:·6674·2d6b·7562·656c·6574·2220·696e·2061··ft-kubelet"·in·a0003bab0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003bac0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0003bac0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003bad0:·6b61·6765·730a·2020·2020·290a·2020·2d20··kages.····).··-·0003bad0:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni
0003bae0:·616e·7369·626c·655f·6469·7374·7269·6275··ansible_distribu0003bae0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>
0003baf0:·7469·6f6e·2069·6e20·5b20·2246·6564·6f72··tion·in·[·"Fedor0003baf0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003bb00:·6122·2c20·2252·6564·4861·7422·2c20·2243··a",·"RedHat",·"C0003bb00:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003bb10:·656e·744f·5322·2c20·224f·7261·636c·654c··entOS",·"OracleL0003bb10:·7073·6522·2069·643d·2269·646d·3136·3039··pse"·id="idm1609
0003bb20:·696e·7578·2220·5d0a·2020·7461·6773·3a0a··inux"·].··tags:.0003bb20:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003bb30:·2020·2d20·434a·4953·2d35·2e31·302e·342e····-·CJIS-5.10.4.0003bb30:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
0003bb40:·310a·2020·2d20·4e49·5354·2d38·3030·2d31··1.··-·NIST-800-10003bb40:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
0003bb50:·3731·2d33·2e33·2e38·0a20·202d·204e·4953··71-3.3.8.··-·NIS0003bb50:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
0003bb60:·542d·3830·302d·3137·312d·332e·342e·310a··T-800-171-3.4.1.0003bb60:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
0003bb70:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003bb70:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
0003bb80:·4155·2d39·2833·290a·2020·2d20·4e49·5354··AU-9(3).··-·NIST0003bb80:·6869·6768·3c2f·7464·3e3c·2f74·723e·3c74··high</td></tr><t
0003bb90:·2d38·3030·2d35·332d·434d·2d36·2863·290a··-800-53-CM-6(c).0003bb90:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003bba0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003bba0:·3a3c·2f74·683e·3c74·643e·6d65·6469·756d··:</th><td>medium
0003bbb0:·434d·2d36·2864·290a·2020·2d20·4e49·5354··CM-6(d).··-·NIST0003bbb0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003bbc0:·2d38·3030·2d35·332d·5349·2d37·0a20·202d··-800-53-SI-7.··-0003bbc0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
0003bbd0:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003bbd0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
0003bbe0:·3728·3129·0a20·202d·204e·4953·542d·3830··7(1).··-·NIST-800003bbe0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
0003bbf0:·302d·3533·2d53·492d·3728·3629·0a20·202d··0-53-SI-7(6).··-0003bbf0:·793a·3c2f·7468·3e3c·7464·3e72·6573·7472··y:</th><td>restr
0003bc00:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.0003bc00:·6963·743c·2f74·643e·3c2f·7472·3e3c·2f74··ict</td></tr></t
0003bc10:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-0003bc10:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
0003bc20:·3131·2e35·2e32·0a20·202d·2068·6967·685f··11.5.2.··-·high_0003bc20:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t
0003bc30:·636f·6d70·6c65·7869·7479·0a20·202d·2068··complexity.··-·h0003bc30:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts
0003bc40:·6967·685f·7365·7665·7269·7479·0a20·202d··igh_severity.··-0003bc40:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts
0003bc50:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti0003bc50:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a
0003bc60:·6f6e·0a20·202d·206e·6f5f·7265·626f·6f74··on.··-·no_reboot0003bc60:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-·
0003bc70:·5f6e·6565·6465·640a·2020·2d20·7265·7374··_needed.··-·rest0003bc70:·434a·4953·2d35·2e31·302e·342e·310a·2020··CJIS-5.10.4.1.··
0003bc80:·7269·6374·5f73·7472·6174·6567·790a·2020··rict_strategy.··0003bc80:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003bc90:·2d20·7270·6d5f·7665·7269·6679·5f68·6173··-·rpm_verify_has0003bc90:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-80
0003bca0:·6865·730a·0a2d·206e·616d·653a·2027·5365··hes..-·name:·'Se0003bca0:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·
0003bcb0:·7420·6661·6374·3a20·5061·636b·6167·6520··t·fact:·Package·0003bcb0:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-9
0003bcc0:·6d61·6e61·6765·7220·7265·696e·7374·616c··manager·reinstal0003bcc0:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-800
0003bcd0:·6c20·636f·6d6d·616e·6420·287a·7970·7065··l·command·(zyppe0003bcd0:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·
0003bce0:·7229·270a·2020·7365·745f·6661·6374·3a0a··r)'.··set_fact:.0003bce0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
0003bcf0:·2020·2020·7061·636b·6167·655f·6d61·6e61······package_mana0003bcf0:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-800
0003bd00:·6765·725f·7265·696e·7374·616c·6c5f·636d··ger_reinstall_cm0003bd00:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS
0003bd10:·643a·207a·7970·7065·7220·696e·202d·6620··d:·zypper·in·-f·0003bd10:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)
0003bd20:·2d79·0a20·2077·6865·6e3a·0a20·202d·206e··-y.··when:.··-·n0003bd20:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bd30:·6f74·2028·2022·6b65·726e·656c·2220·696e··ot·(·"kernel"·in0003bd30:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI
0003bd40:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003bd40:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··
0003bd50:·6163·6b61·6765·7320·616e·6420·2272·706d··ackages·and·"rpm0003bd50:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.5
0003bd60:·2d6f·7374·7265·6522·2069·6e20·616e·7369··-ostree"·in·ansi0003bd60:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp
0003bd70:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003bd70:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_
0003bd80:·6573·0a20·2020·2061·6e64·2022·626f·6f74··es.····and·"boot0003bd80:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med
0003bd90:·6322·2069·6e20·616e·7369·626c·655f·6661··c"·in·ansible_fa0003bd90:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·
0003bda0:·6374·732e·7061·636b·6167·6573·2061·6e64··cts.packages·and0003bda0:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee
0003bdb0:·206e·6f74·2022·6f70·656e·7368·6966·742d···not·"openshift-0003bdb0:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict
0003bdc0:·6b75·6265·6c65·7422·2069·6e20·616e·7369··kubelet"·in·ansi0003bdc0:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp
0003bdd0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003bdd0:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.
0003bde0:·6573·0a20·2020·2029·0a20·202d·2061·6e73··es.····).··-·ans0003bde0:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa
0003bdf0:·6962·6c65·5f64·6973·7472·6962·7574·696f··ible_distributio0003bdf0:·6374·3a20·5061·636b·6167·6520·6d61·6e61··ct:·Package·mana
Max diff block lines reached; 16156009/16210961 bytes (99.66%) of diff not shown.
1.08 MB
html2text {}
    
Offset 116, 14 lines modifiedOffset 116, 33 lines modified
116 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6116 ············_\x8i_\x8s_\x8a_\x8-_\x86_\x82_\x84_\x84_\x83_\x8-_\x82_\x80_\x81_\x83·SR·3.1,·SR·3.3,·SR·3.4,·SR·3.8,·SR·7.6
117 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4117 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4
118 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)118 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
119 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1119 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
120 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5120 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
121 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227121 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
122 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2122 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 123 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 124 #·Remediation·is·applicable·only·in·certain·platforms
 125 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 126 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names
 127 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 128 if·[·-n·"$files_with_incorrect_hash"·];·then
 129 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line
 130 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 131 ····yum·reinstall·-y·$packages_to_reinstall
  
 132 fi
  
 133 else
 134 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 135 fi
123 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
124 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
125 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
126 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
127 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
128 -·name:·Gather·the·package·facts141 -·name:·Gather·the·package·facts
129 ··package_facts:142 ··package_facts:
Offset 290, 33 lines modifiedOffset 309, 14 lines modified
290 ··-·PCI-DSSv4-11.5.2309 ··-·PCI-DSSv4-11.5.2
291 ··-·high_complexity310 ··-·high_complexity
292 ··-·high_severity311 ··-·high_severity
293 ··-·medium_disruption312 ··-·medium_disruption
294 ··-·no_reboot_needed313 ··-·no_reboot_needed
295 ··-·restrict_strategy314 ··-·restrict_strategy
296 ··-·rpm_verify_hashes315 ··-·rpm_verify_hashes
297 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
298 #·Remediation·is·applicable·only·in·certain·platforms 
299 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
300 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then·get·files·names 
301 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
302 if·[·-n·"$files_with_incorrect_hash"·];·then 
303 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to·new·line 
304 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
305 ····yum·reinstall·-y·$packages_to_reinstall 
  
306 fi 
  
307 else 
308 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
309 fi 
310 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*316 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
311 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:317 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,·including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,·which·can·be·found·with:
312 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'318 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
313 run·the·following·command·to·determine·which·package·owns·it:319 run·the·following·command·to·determine·which·package·owns·it:
314 $·rpm·-qf·FILENAME320 $·rpm·-qf·FILENAME
315 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:321 Next,·run·the·following·command·to·reset·its·permissions·to·the·correct·values:
316 $·sudo·rpm·--restore·PACKAGENAME322 $·sudo·rpm·--restore·PACKAGENAME
Offset 335, 14 lines modifiedOffset 335, 46 lines modified
335 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5335 ············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.1.2,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.5.1,·A.12.6.2,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5
336 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2336 ············_\x8n_\x8e_\x8r_\x8c_\x8-_\x8c_\x8i_\x8p·······CIP-003-8·R4.2,·CIP-003-8·R6,·CIP-007-3·R4,·CIP-007-3·R4.1,·CIP-007-3·R4.2
337 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)337 ············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
338 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1338 ············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
339 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5339 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
340 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108340 ············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000278-GPOS-00108
341 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2341 ············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 342 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 343 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 344 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 345 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 346 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 347 #·Remediation·is·applicable·only·in·certain·platforms
 348 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 349 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 350 declare·-A·SETPERMS_RPM_DICT
  
 351 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 352 #·is·expected·by·the·RPM·database
 353 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}')
  
 354 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 355 do
 356 ········RPM_PACKAGE=$(rpm·-qf·"$FILE_PATH")
 357 »       #·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about·duplicates.
 358 »       SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 359 done
  
 360 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 361 #·correct·values
 362 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 363 do
 364 ········rpm·--restore·"${RPM_PACKAGE}"
 365 done
  
 366 else
 367 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 368 fi
342 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8369 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
343 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high370 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
344 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium371 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
345 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false372 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
346 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict373 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
347 -·name:·Gather·the·package·facts374 -·name:·Gather·the·package·facts
348 ··package_facts:375 ··package_facts:
Offset 450, 46 lines modifiedOffset 482, 14 lines modified
450 ··-·PCI-DSSv4-11.5.2482 ··-·PCI-DSSv4-11.5.2
451 ··-·high_complexity483 ··-·high_complexity
452 ··-·high_severity484 ··-·high_severity
453 ··-·medium_disruption485 ··-·medium_disruption
454 ··-·no_reboot_needed486 ··-·no_reboot_needed
455 ··-·restrict_strategy487 ··-·restrict_strategy
456 ··-·rpm_verify_ownership488 ··-·rpm_verify_ownership
457 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
458 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high 
459 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium 
460 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
461 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
Max diff block lines reached; 1120420/1128131 bytes (99.32%) of diff not shown.
21.3 MB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-anssi_bp28_enhanced.html
    
Offset 15171, 146 lines modifiedOffset 15171, 146 lines modified
0003b420:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003b420:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b430:·2223·6964·6d35·3339·3822·2074·6162·696e··"#idm5398"·tabin0003b430:·2223·6964·6d35·3339·3822·2074·6162·696e··"#idm5398"·tabin
0003b440:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003b440:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b450:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b450:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b460:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b460:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b470:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b470:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003b480:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b480:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b490:·3e52·656d·6564·6961·7469·6f6e·204f·5342··>Remediation·OSB0003b490:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
 0003b4a0:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
 0003b4b0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003b4c0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003b4d0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003b4e0:·6d35·3339·3822·3e3c·7461·626c·6520·636c··m5398"><table·cl
 0003b4f0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
 0003b500:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003b4a0:·7569·6c64·2042·6c75·6570·7269·6e74·2073··uild·Blueprint·s 
0003b4b0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003b4c0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003b4d0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003b4e0:·6c61·7073·6522·2069·643d·2269·646d·3533··lapse"·id="idm53 
0003b4f0:·3938·223e·3c70·7265·3e3c·636f·6465·3e0a··98"><pre><code>. 
0003b500:·5b5b·7061·636b·6167·6573·5d5d·0a6e·616d··[[packages]].nam 
0003b510:·6520·3d20·2261·6964·6522·0a76·6572·7369··e·=·"aide".versi 
0003b520:·6f6e·203d·2022·2a22·0a3c·2f63·6f64·653e··on·=·"*".</code> 
0003b530:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003b540:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003b550:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003b560:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003b570:·7461·2d74·6172·6765·743d·2223·6964·6d35··ta-target="#idm5 
0003b580:·3339·3922·2074·6162·696e·6465·783d·2230··399"·tabindex="0 
0003b590:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003b5a0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003b5b0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003b5c0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003b5d0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003b5e0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s 
0003b5f0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003b600:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003b610:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003b620:·6c61·7073·6522·2069·643d·2269·646d·3533··lapse"·id="idm53 
0003b630:·3939·223e·3c74·6162·6c65·2063·6c61·7373··99"><table·class 
0003b640:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
0003b650:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord0003b510:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
 0003b520:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
 0003b530:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
 0003b540:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003b550:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
0003b660:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
0003b670:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
0003b680:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
0003b690:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003b6a0:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003b6b0:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003b6c0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b6d0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>0003b560:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
0003b6e0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003b6f0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003b700:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003b710:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table0003b570:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003b580:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
 0003b590:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
 0003b5a0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
 0003b5b0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab
0003b720:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na 
0003b730:·6d65·3a20·4761·7468·6572·2074·6865·2070··me:·Gather·the·p 
0003b740:·6163·6b61·6765·2066·6163·7473·0a20·2070··ackage·facts.··p 
0003b750:·6163·6b61·6765·5f66·6163·7473·3a0a·2020··ackage_facts:.·· 
0003b760:·2020·6d61·6e61·6765·723a·2061·7574·6f0a····manager:·auto. 
0003b770:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE- 
0003b780:·3833·3036·372d·390a·2020·2d20·434a·4953··83067-9.··-·CJIS 
0003b790:·2d35·2e31·302e·312e·330a·2020·2d20·4449··-5.10.1.3.··-·DI 
0003b7a0:·5341·2d53·5449·472d·534c·4553·2d31·322d··SA-STIG-SLES-12- 
0003b7b0:·3031·3034·3939·0a20·202d·204e·4953·542d··010499.··-·NIST- 
0003b7c0:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).· 
0003b7d0:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1 
0003b7e0:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv 
0003b7f0:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena 
0003b800:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··- 
0003b810:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity. 
0003b820:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti 
0003b830:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se 
0003b840:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re 
0003b850:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-· 
0003b860:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins 
0003b870:·7461·6c6c·6564·0a0a·2d20·6e61·6d65·3a20··talled..-·name:· 
0003b880:·456e·7375·7265·2061·6964·6520·6973·2069··Ensure·aide·is·i 
0003b890:·6e73·7461·6c6c·6564·0a20·2070·6163·6b61··nstalled.··packa 
0003b8a0:·6765·3a0a·2020·2020·6e61·6d65·3a20·6169··ge:.····name:·ai 
0003b8b0:·6465·0a20·2020·2073·7461·7465·3a20·7072··de.····state:·pr 
0003b8c0:·6573·656e·740a·2020·7768·656e·3a20·2722··esent.··when:·'" 
0003b8d0:·6b65·726e·656c·2d64·6566·6175·6c74·2220··kernel-default"· 
0003b8e0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
0003b8f0:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag 
0003b900:·733a·0a20·202d·2043·4345·2d38·3330·3637··s:.··-·CCE-83067 
0003b910:·2d39·0a20·202d·2043·4a49·532d·352e·3130··-9.··-·CJIS-5.10 
0003b920:·2e31·2e33·0a20·202d·2044·4953·412d·5354··.1.3.··-·DISA-ST 
0003b930:·4947·2d53·4c45·532d·3132·2d30·3130·3439··IG-SLES-12-01049 
0003b940:·390a·2020·2d20·4e49·5354·2d38·3030·2d35··9.··-·NIST-800-5 
0003b950:·332d·434d·2d36·2861·290a·2020·2d20·5043··3-CM-6(a).··-·PC 
0003b960:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.· 
0003b970:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11. 
0003b980:·352e·320a·2020·2d20·656e·6162·6c65·5f73··5.2.··-·enable_s 
0003b990:·7472·6174·6567·790a·2020·2d20·6c6f·775f··trategy.··-·low_ 
0003b9a0:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l 
0003b9b0:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.·· 
0003b9c0:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit 
0003b9d0:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_ 
0003b9e0:·6e65·6564·6564·0a20·202d·2070·6163·6b61··needed.··-·packa 
0003b9f0:·6765·5f61·6964·655f·696e·7374·616c·6c65··ge_aide_installe 
0003ba00:·640a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··d.</code></pre>< 
0003ba10:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003ba20:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003ba30:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003ba40:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003ba50:·6574·3d22·2369·646d·3534·3030·2220·7461··et="#idm5400"·ta 
0003ba60:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003ba70:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003ba80:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003ba90:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003baa0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003bab0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003bac0:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·... 
0003bad0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003bae0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003baf0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003bb00:·2269·646d·3534·3030·223e·3c74·6162·6c65··"idm5400"><table 
0003bb10:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
Max diff block lines reached; 20406656/20425452 bytes (99.91%) of diff not shown.
1.78 MB
html2text {}
Max HTML report size reached
21.5 MB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-anssi_bp28_high.html
    
Offset 15177, 145 lines modifiedOffset 15177, 145 lines modified
0003b480:·6574·3d22·2369·646d·3533·3938·2220·7461··et="#idm5398"·ta0003b480:·6574·3d22·2369·646d·3533·3938·2220·7461··et="#idm5398"·ta
0003b490:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003b490:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b4a0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003b4a0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b4b0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003b4b0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b4c0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003b4c0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b4d0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003b4d0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003b4e0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003b4e0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b4f0:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
0003b500:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003b510:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b520:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b530:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b540:·6d35·3339·3822·3e3c·7072·653e·3c63·6f64··m5398"><pre><cod 
0003b550:·653e·0a5b·5b70·6163·6b61·6765·735d·5d0a··e>.[[packages]]. 
0003b560:·6e61·6d65·203d·2022·6169·6465·220a·7665··name·=·"aide".ve 
0003b570:·7273·696f·6e20·3d20·222a·220a·3c2f·636f··rsion·=·"*".</co0003b4f0:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
 0003b500:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
 0003b510:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
 0003b520:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
 0003b530:·2269·646d·3533·3938·223e·3c74·6162·6c65··"idm5398"><table
 0003b540:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
 0003b550:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
 0003b560:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
 0003b570:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
 0003b580:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
 0003b590:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003b5a0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
 0003b5b0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
 0003b5c0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003b5d0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
 0003b5e0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
 0003b5f0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
 0003b600:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e
 0003b610:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><
 0003b620:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
 0003b630:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
 0003b640:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
 0003b650:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
 0003b660:·6174·666f·726d·730a·6966·2072·706d·202d··atforms.if·rpm·-
 0003b670:·2d71·7569·6574·202d·7120·6b65·726e·656c··-quiet·-q·kernel
 0003b680:·2d64·6566·6175·6c74·3b20·7468·656e·0a0a··-default;·then..
 0003b690:·7a79·7070·6572·2069·6e73·7461·6c6c·202d··zypper·install·-
 0003b6a0:·7920·2261·6964·6522·0a0a·656c·7365·0a20··y·"aide"..else.·
 0003b6b0:·2020·2026·6774·3b26·616d·703b·3220·6563·····&gt;&amp;2·ec
 0003b6c0:·686f·2027·5265·6d65·6469·6174·696f·6e20··ho·'Remediation·
 0003b6d0:·6973·206e·6f74·2061·7070·6c69·6361·626c··is·not·applicabl
 0003b6e0:·652c·206e·6f74·6869·6e67·2077·6173·2064··e,·nothing·was·d
 0003b6f0:·6f6e·6527·0a66·690a·3c2f·636f·6465·3e3c··one'.fi.</code><
0003b580:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><0003b700:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl
0003b590:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn0003b710:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc
0003b5a0:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t0003b720:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl
0003b5b0:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"0003b730:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat
0003b5c0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003b740:·612d·7461·7267·6574·3d22·2369·646d·3533··a-target="#idm53
0003b5d0:·646d·3533·3939·2220·7461·6269·6e64·6578··dm5399"·tabindex0003b750:·3939·2220·7461·6269·6e64·6578·3d22·3022··99"·tabindex="0"
0003b5e0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003b760:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003b5f0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003b770:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003b600:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003b780:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003b610:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003b790:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003b620:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003b7a0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
0003b630:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl0003b7b0:·6174·696f·6e20·416e·7369·626c·6520·736e··ation·Ansible·sn
0003b640:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a0003b7c0:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br
0003b650:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=0003b7d0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003b660:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·0003b7e0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003b670:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id0003b7f0:·6170·7365·2220·6964·3d22·6964·6d35·3339··apse"·id="idm539
0003b680:·6d35·3339·3922·3e3c·7461·626c·6520·636c··m5399"><table·cl0003b800:·3922·3e3c·7461·626c·6520·636c·6173·733d··9"><table·class=
0003b690:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table0003b810:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
0003b6a0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b0003b820:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
0003b6b0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co0003b830:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
0003b6c0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th0003b840:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
0003b6d0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th0003b850:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
0003b6e0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t0003b860:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
0003b6f0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup0003b870:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003b700:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo0003b880:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
0003b710:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><0003b890:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
0003b720:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><0003b8a0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
0003b730:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003b740:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003b750:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003b760:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta0003b8b0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
 0003b8c0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
 0003b8d0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
 0003b8e0:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
0003b770:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-0003b8f0:·3c70·7265·3e3c·636f·6465·3e2d·206e·616d··<pre><code>-·nam
0003b780:·206e·616d·653a·2047·6174·6865·7220·7468···name:·Gather·th0003b900:·653a·2047·6174·6865·7220·7468·6520·7061··e:·Gather·the·pa
0003b790:·6520·7061·636b·6167·6520·6661·6374·730a··e·package·facts.0003b910:·636b·6167·6520·6661·6374·730a·2020·7061··ckage·facts.··pa
0003b7a0:·2020·7061·636b·6167·655f·6661·6374·733a····package_facts:0003b920:·636b·6167·655f·6661·6374·733a·0a20·2020··ckage_facts:.···
0003b7b0:·0a20·2020·206d·616e·6167·6572·3a20·6175··.····manager:·au0003b930:·206d·616e·6167·6572·3a20·6175·746f·0a20···manager:·auto.·
0003b7c0:·746f·0a20·2074·6167·733a·0a20·202d·2043··to.··tags:.··-·C 
0003b7d0:·4345·2d38·3330·3637·2d39·0a20·202d·2043··CE-83067-9.··-·C 
0003b7e0:·4a49·532d·352e·3130·2e31·2e33·0a20·202d··JIS-5.10.1.3.··- 
0003b7f0:·2044·4953·412d·5354·4947·2d53·4c45·532d···DISA-STIG-SLES- 
0003b800:·3132·2d30·3130·3439·390a·2020·2d20·4e49··12-010499.··-·NI 
0003b810:·5354·2d38·3030·2d35·332d·434d·2d36·2861··ST-800-53-CM-6(a 
0003b820:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re 
0003b830:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D 
0003b840:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-· 
0003b850:·656e·6162·6c65·5f73·7472·6174·6567·790a··enable_strategy. 
0003b860:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi 
0003b870:·7479·0a20·202d·206c·6f77·5f64·6973·7275··ty.··-·low_disru 
0003b880:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium 
0003b890:·5f73·6576·6572·6974·790a·2020·2d20·6e6f··_severity.··-·no 
0003b8a0:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.· 
0003b8b0:·202d·2070·6163·6b61·6765·5f61·6964·655f···-·package_aide_ 
0003b8c0:·696e·7374·616c·6c65·640a·0a2d·206e·616d··installed..-·nam 
0003b8d0:·653a·2045·6e73·7572·6520·6169·6465·2069··e:·Ensure·aide·i 
0003b8e0:·7320·696e·7374·616c·6c65·640a·2020·7061··s·installed.··pa 
0003b8f0:·636b·6167·653a·0a20·2020·206e·616d·653a··ckage:.····name: 
0003b900:·2061·6964·650a·2020·2020·7374·6174·653a···aide.····state: 
0003b910:·2070·7265·7365·6e74·0a20·2077·6865·6e3a···present.··when: 
0003b920:·2027·226b·6572·6e65·6c2d·6465·6661·756c···'"kernel-defaul 
0003b930:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
0003b940:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
0003b950:·7461·6773·3a0a·2020·2d20·4343·452d·3833··tags:.··-·CCE-830003b940:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
0003b960:·3036·372d·390a·2020·2d20·434a·4953·2d35··067-9.··-·CJIS-50003b950:·3330·3637·2d39·0a20·202d·2043·4a49·532d··3067-9.··-·CJIS-
0003b970:·2e31·302e·312e·330a·2020·2d20·4449·5341··.10.1.3.··-·DISA 
0003b980:·2d53·5449·472d·534c·4553·2d31·322d·3031··-STIG-SLES-12-01 
0003b990:·3034·3939·0a20·202d·204e·4953·542d·3830··0499.··-·NIST-80 
0003b9a0:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··-0003b960:·352e·3130·2e31·2e33·0a20·202d·2044·4953··5.10.1.3.··-·DIS
 0003b970:·412d·5354·4947·2d53·4c45·532d·3132·2d30··A-STIG-SLES-12-0
 0003b980:·3130·3439·390a·2020·2d20·4e49·5354·2d38··10499.··-·NIST-8
 0003b990:·3030·2d35·332d·434d·2d36·2861·290a·2020··00-53-CM-6(a).··
0003b9b0:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.0003b9a0:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-11
 0003b9b0:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv4
 0003b9c0:·2d31·312e·352e·320a·2020·2d20·656e·6162··-11.5.2.··-·enab
 0003b9d0:·6c65·5f73·7472·6174·6567·790a·2020·2d20··le_strategy.··-·
 0003b9e0:·6c6f·775f·636f·6d70·6c65·7869·7479·0a20··low_complexity.·
 0003b9f0:·202d·206c·6f77·5f64·6973·7275·7074·696f···-·low_disruptio
Max diff block lines reached; 20614401/20633059 bytes (99.91%) of diff not shown.
1.81 MB
html2text {}
Max HTML report size reached
8.7 MB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-anssi_bp28_intermediary.html
    
Offset 15162, 146 lines modifiedOffset 15162, 146 lines modified
0003b390:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b390:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b3a0:·3d22·2369·646d·3533·3938·2220·7461·6269··="#idm5398"·tabi0003b3a0:·3d22·2369·646d·3533·3938·2220·7461·6269··="#idm5398"·tabi
0003b3b0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b3b0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b3c0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b3c0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b3d0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b3d0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b3e0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b3e0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b3f0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b3f0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b400:·223e·5265·6d65·6469·6174·696f·6e20·4f53··">Remediation·OS0003b400:·223e·5265·6d65·6469·6174·696f·6e20·5368··">Remediation·Sh
0003b410:·4275·696c·6420·426c·7565·7072·696e·7420··Build·Blueprint· 
0003b420:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003b430:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b440:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b450:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm50003b410:·656c·6c20·7363·7269·7074·20e2·87b2·3c2f··ell·script·...</
 0003b420:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
 0003b430:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
 0003b440:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
 0003b450:·646d·3533·3938·223e·3c74·6162·6c65·2063··dm5398"><table·c
 0003b460:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
 0003b470:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
 0003b480:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
 0003b490:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
 0003b4a0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
 0003b4b0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003b4c0:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
 0003b4d0:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l
 0003b4e0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003b4f0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>
 0003b500:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></
 0003b510:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
 0003b520:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena
 0003b530:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t
0003b460:·3339·3822·3e3c·7072·653e·3c63·6f64·653e··398"><pre><code>0003b540:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
0003b470:·0a5b·5b70·6163·6b61·6765·735d·5d0a·6e61··.[[packages]].na 
0003b480:·6d65·203d·2022·6169·6465·220a·7665·7273··me·=·"aide".vers 
0003b490:·696f·6e20·3d20·222a·220a·3c2f·636f·6465··ion·=·"*".</code0003b550:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
 0003b560:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
 0003b570:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
 0003b580:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q
 0003b590:·7569·6574·202d·7120·6b65·726e·656c·2d64··uiet·-q·kernel-d
 0003b5a0:·6566·6175·6c74·3b20·7468·656e·0a0a·7a79··efault;·then..zy
 0003b5b0:·7070·6572·2069·6e73·7461·6c6c·202d·7920··pper·install·-y·
 0003b5c0:·2261·6964·6522·0a0a·656c·7365·0a20·2020··"aide"..else.···
 0003b5d0:·2026·6774·3b26·616d·703b·3220·6563·686f···&gt;&amp;2·echo
 0003b5e0:·2027·5265·6d65·6469·6174·696f·6e20·6973···'Remediation·is
 0003b5f0:·206e·6f74·2061·7070·6c69·6361·626c·652c···not·applicable,
 0003b600:·206e·6f74·6869·6e67·2077·6173·2064·6f6e···nothing·was·don
 0003b610:·6527·0a66·690a·3c2f·636f·6465·3e3c·2f70··e'.fi.</code></p
0003b4a0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·0003b620:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas
0003b4b0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s0003b630:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe
0003b4c0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog0003b640:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle=
0003b4d0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d0003b650:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data-
0003b4e0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003b660:·7461·7267·6574·3d22·2369·646d·3533·3939··target="#idm5399
0003b4f0:·3533·3939·2220·7461·6269·6e64·6578·3d22··5399"·tabindex="0003b670:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003b500:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003b680:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003b510:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003b690:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003b520:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003b6a0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003b530:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003b6b0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003b540:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003b6c0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
0003b550:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·0003b6d0:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip
0003b560:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003b6e0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><
0003b570:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003b6f0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003b580:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003b700:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003b590:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm50003b710:·7365·2220·6964·3d22·6964·6d35·3339·3922··se"·id="idm5399"
0003b5a0:·3339·3922·3e3c·7461·626c·6520·636c·6173··399"><table·clas0003b720:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
0003b5b0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s0003b730:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
0003b5c0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor0003b740:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
0003b5d0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond0003b750:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
0003b5e0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C0003b760:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
0003b5f0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><0003b770:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
0003b600:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b610:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b620:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b630:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b640:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b650:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b660:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b670:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b680:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl0003b780:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003b790:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
 0003b7a0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003b7b0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
 0003b7c0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
 0003b7d0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
 0003b7e0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
 0003b7f0:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td
 0003b800:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0003b690:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n0003b810:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
0003b6a0:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the·0003b820:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
0003b6b0:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.··0003b830:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
0003b6c0:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.·0003b840:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
0003b6d0:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto0003b850:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
0003b6e0:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE0003b860:·6167·733a·0a20·202d·2043·4345·2d38·3330··ags:.··-·CCE-830
0003b6f0:·2d38·3330·3637·2d39·0a20·202d·2043·4a49··-83067-9.··-·CJI0003b870:·3637·2d39·0a20·202d·2043·4a49·532d·352e··67-9.··-·CJIS-5.
0003b700:·532d·352e·3130·2e31·2e33·0a20·202d·2044··S-5.10.1.3.··-·D0003b880:·3130·2e31·2e33·0a20·202d·2044·4953·412d··10.1.3.··-·DISA-
0003b710:·4953·412d·5354·4947·2d53·4c45·532d·3132··ISA-STIG-SLES-120003b890:·5354·4947·2d53·4c45·532d·3132·2d30·3130··STIG-SLES-12-010
0003b720:·2d30·3130·3439·390a·2020·2d20·4e49·5354··-010499.··-·NIST0003b8a0:·3439·390a·2020·2d20·4e49·5354·2d38·3030··499.··-·NIST-800
0003b730:·2d38·3030·2d35·332d·434d·2d36·2861·290a··-800-53-CM-6(a).0003b8b0:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-·
0003b740:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-0003b8c0:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.5
0003b750:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS0003b8d0:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1
0003b760:·7634·2d31·312e·352e·320a·2020·2d20·656e··v4-11.5.2.··-·en0003b8e0:·312e·352e·320a·2020·2d20·656e·6162·6c65··1.5.2.··-·enable
0003b770:·6162·6c65·5f73·7472·6174·6567·790a·2020··able_strategy.··0003b8f0:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo
0003b780:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity0003b900:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-
0003b790:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt0003b910:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption.
0003b7a0:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s0003b920:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever
0003b7b0:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r0003b930:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo
0003b7c0:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-0003b940:·745f·6e65·6564·6564·0a20·202d·2070·6163··t_needed.··-·pac
0003b7d0:·2070·6163·6b61·6765·5f61·6964·655f·696e···package_aide_in0003b950:·6b61·6765·5f61·6964·655f·696e·7374·616c··kage_aide_instal
0003b7e0:·7374·616c·6c65·640a·0a2d·206e·616d·653a··stalled..-·name:0003b960:·6c65·640a·0a2d·206e·616d·653a·2045·6e73··led..-·name:·Ens
0003b7f0:·2045·6e73·7572·6520·6169·6465·2069·7320···Ensure·aide·is·0003b970:·7572·6520·6169·6465·2069·7320·696e·7374··ure·aide·is·inst
0003b800:·696e·7374·616c·6c65·640a·2020·7061·636b··installed.··pack0003b980:·616c·6c65·640a·2020·7061·636b·6167·653a··alled.··package:
0003b810:·6167·653a·0a20·2020·206e·616d·653a·2061··age:.····name:·a0003b990:·0a20·2020·206e·616d·653a·2061·6964·650a··.····name:·aide.
0003b820:·6964·650a·2020·2020·7374·6174·653a·2070··ide.····state:·p0003b9a0:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
0003b830:·7265·7365·6e74·0a20·2077·6865·6e3a·2027··resent.··when:·'0003b9b0:·6e74·0a20·2077·6865·6e3a·2027·226b·6572··nt.··when:·'"ker
0003b840:·226b·6572·6e65·6c2d·6465·6661·756c·7422··"kernel-default"0003b9c0:·6e65·6c2d·6465·6661·756c·7422·2069·6e20··nel-default"·in·
0003b850:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003b9d0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
0003b860:·732e·7061·636b·6167·6573·270a·2020·7461··s.packages'.··ta0003b9e0:·636b·6167·6573·270a·2020·7461·6773·3a0a··ckages'.··tags:.
0003b870:·6773·3a0a·2020·2d20·4343·452d·3833·3036··gs:.··-·CCE-83060003b9f0:·2020·2d20·4343·452d·3833·3036·372d·390a····-·CCE-83067-9.
0003b880:·372d·390a·2020·2d20·434a·4953·2d35·2e31··7-9.··-·CJIS-5.10003ba00:·2020·2d20·434a·4953·2d35·2e31·302e·312e····-·CJIS-5.10.1.
0003b890:·302e·312e·330a·2020·2d20·4449·5341·2d53··0.1.3.··-·DISA-S0003ba10:·330a·2020·2d20·4449·5341·2d53·5449·472d··3.··-·DISA-STIG-
0003b8a0:·5449·472d·534c·4553·2d31·322d·3031·3034··TIG-SLES-12-01040003ba20:·534c·4553·2d31·322d·3031·3034·3939·0a20··SLES-12-010499.·
0003b8b0:·3939·0a20·202d·204e·4953·542d·3830·302d··99.··-·NIST-800-0003ba30:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C
0003b8c0:·3533·2d43·4d2d·3628·6129·0a20·202d·2050··53-CM-6(a).··-·P0003ba40:·4d2d·3628·6129·0a20·202d·2050·4349·2d44··M-6(a).··-·PCI-D
0003b8d0:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.0003ba50:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·
0003b8e0:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-110003ba60:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.2
0003b8f0:·2e35·2e32·0a20·202d·2065·6e61·626c·655f··.5.2.··-·enable_0003ba70:·0a20·202d·2065·6e61·626c·655f·7374·7261··.··-·enable_stra
0003b900:·7374·7261·7465·6779·0a20·202d·206c·6f77··strategy.··-·low0003ba80:·7465·6779·0a20·202d·206c·6f77·5f63·6f6d··tegy.··-·low_com
0003b910:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·0003ba90:·706c·6578·6974·790a·2020·2d20·6c6f·775f··plexity.··-·low_
Max diff block lines reached; 8160130/8178926 bytes (99.77%) of diff not shown.
920 KB
html2text {}
    
Offset 134, 19 lines modifiedOffset 134, 27 lines modified
134 include·install_aide134 include·install_aide
  
135 class·install_aide·{135 class·install_aide·{
136 ··package·{·'aide':136 ··package·{·'aide':
137 ····ensure·=>·'installed',137 ····ensure·=>·'installed',
138 ··}138 ··}
139 }139 }
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 145 #·Remediation·is·applicable·only·in·certain·platforms
 146 if·rpm·--quiet·-q·kernel-default;·then
  
141 [[packages]] 
142 name·=·"aide" 
143 version·=·"*"147 zypper·install·-y·"aide"
  
 148 else
 149 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 150 fi
144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
145 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low152 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
146 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low153 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
147 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false154 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
148 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable155 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
149 -·name:·Gather·the·package·facts156 -·name:·Gather·the·package·facts
150 ··package_facts:157 ··package_facts:
Offset 179, 27 lines modifiedOffset 187, 19 lines modified
179 ··-·PCI-DSSv4-11.5.2187 ··-·PCI-DSSv4-11.5.2
180 ··-·enable_strategy188 ··-·enable_strategy
181 ··-·low_complexity189 ··-·low_complexity
182 ··-·low_disruption190 ··-·low_disruption
183 ··-·medium_severity191 ··-·medium_severity
184 ··-·no_reboot_needed192 ··-·no_reboot_needed
185 ··-·package_aide_installed193 ··-·package_aide_installed
 194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
187 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
188 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
189 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
190 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
191 #·Remediation·is·applicable·only·in·certain·platforms 
192 if·rpm·--quiet·-q·kernel-default;·then 
  
193 zypper·install·-y·"aide" 
  
194 else 
195 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
196 fi195 [[packages]]
 196 name·=·"aide"
 197 version·=·"*"
197 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*198 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
198 Run·the·following·command·to·generate·a·new·database:199 Run·the·following·command·to·generate·a·new·database:
199 $·sudo·/usr/bin/aide·--init200 $·sudo·/usr/bin/aide·--init
200 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the201 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the
201 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these202 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these
202 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their203 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
203 integrity.·The·newly-generated·database·can·be·installed·as·follows:204 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 227, 14 lines modifiedOffset 227, 29 lines modified
227 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5227 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
229 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-12-010499229 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-12-010499
230 ·············_\x8c_\x8i_\x8s············1.4.1230 ·············_\x8c_\x8i_\x8s············1.4.1
231 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79231 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
232 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2232 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255916r958794_rule233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255916r958794_rule
 234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 235 #·Remediation·is·applicable·only·in·certain·platforms
 236 if·rpm·--quiet·-q·kernel-default;·then
  
 237 zypper·-q·--no-remote·ref
  
  
 238 zypper·install·-y·"aide"
  
 239 /usr/bin/aide·--init
 240 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db
  
 241 else
 242 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 243 fi
234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8244 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
235 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low245 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
236 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low246 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
237 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false247 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
238 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict248 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
239 -·name:·Gather·the·package·facts249 -·name:·Gather·the·package·facts
240 ··package_facts:250 ··package_facts:
Offset 347, 29 lines modifiedOffset 362, 14 lines modified
347 ··-·PCI-DSSv4-11.5.2362 ··-·PCI-DSSv4-11.5.2
348 ··-·aide_build_database363 ··-·aide_build_database
349 ··-·low_complexity364 ··-·low_complexity
350 ··-·low_disruption365 ··-·low_disruption
351 ··-·medium_severity366 ··-·medium_severity
352 ··-·no_reboot_needed367 ··-·no_reboot_needed
353 ··-·restrict_strategy368 ··-·restrict_strategy
354 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
355 #·Remediation·is·applicable·only·in·certain·platforms 
356 if·rpm·--quiet·-q·kernel-default;·then 
  
357 zypper·-q·--no-remote·ref 
  
  
358 zypper·install·-y·"aide" 
  
359 /usr/bin/aide·--init 
360 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db 
  
361 else 
362 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
363 fi 
364 Group  ·Disk·Partitioning·  Group·contains·9·rules369 Group  ·Disk·Partitioning·  Group·contains·9·rules
365 _\x8[_\x8r_\x8e_\x8f_\x8]  ·To·ensure·separation·and·protection·of·data,·there·are·top-level·system·directories·which370 _\x8[_\x8r_\x8e_\x8f_\x8]  ·To·ensure·separation·and·protection·of·data,·there·are·top-level·system·directories·which
366 should·be·placed·on·their·own·physical·partition·or·logical·volume.·The·installer's·default371 should·be·placed·on·their·own·physical·partition·or·logical·volume.·The·installer's·default
367 partitioning·scheme·creates·separate·logical·volumes·for·/,·/boot,·and·swap.372 partitioning·scheme·creates·separate·logical·volumes·for·/,·/boot,·and·swap.
368 ····*·If·starting·with·any·of·the·default·layouts,·check·the·box·to·\"Review·and·modify373 ····*·If·starting·with·any·of·the·default·layouts,·check·the·box·to·\"Review·and·modify
369 ······partitioning.\"·This·allows·for·the·easy·creation·of·additional·logical·volumes·inside·the374 ······partitioning.\"·This·allows·for·the·easy·creation·of·additional·logical·volumes·inside·the
370 ······volume·group·already·created,·though·it·may·require·making·/'s·logical·volume·smaller·to·create375 ······volume·group·already·created,·though·it·may·require·making·/'s·logical·volume·smaller·to·create
Offset 511, 14 lines modifiedOffset 511, 34 lines modified
511 ············The·/tmp·directory·is·used·as·temporary·storage·by·many·programs.·Placing·/tmp·in·a·tmpfs511 ············The·/tmp·directory·is·used·as·temporary·storage·by·many·programs.·Placing·/tmp·in·a·tmpfs
512 Rationale:··filesystem·enables·the·setting·of·more·restrictive·mount·options,·which·can·help·protect512 Rationale:··filesystem·enables·the·setting·of·more·restrictive·mount·options,·which·can·help·protect
513 ············programs·which·use·it.·The·tmp.mount·unit·configures·the·tmpfs·filesystem·and·ensures·the513 ············programs·which·use·it.·The·tmp.mount·unit·configures·the·tmpfs·filesystem·and·ensures·the
514 ············/tmp·directory·is·wiped·during·reboot.514 ············/tmp·directory·is·wiped·during·reboot.
515 Severity: ··low515 Severity: ··low
516 Rule·ID:····xccdf_org.ssgproject.content_rule_systemd_tmp_mount_enabled516 Rule·ID:····xccdf_org.ssgproject.content_rule_systemd_tmp_mount_enabled
Max diff block lines reached; 937117/942266 bytes (99.45%) of diff not shown.
2.14 MB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-anssi_bp28_minimal.html
    
Offset 14840, 152 lines modifiedOffset 14840, 152 lines modified
00039f70:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm00039f70:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
00039f80:·3831·3137·2220·7461·6269·6e64·6578·3d22··8117"·tabindex="00039f80:·3831·3137·2220·7461·6269·6e64·6578·3d22··8117"·tabindex="
00039f90:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"00039f90:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
00039fa0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="00039fa0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
00039fb0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac00039fb0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
00039fc0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal00039fc0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
00039fd0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme00039fd0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
00039fe0:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild·00039fe0:·6469·6174·696f·6e20·5368·656c·6c20·7363··diation·Shell·sc
00039ff0:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003a000:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003a010:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003a020:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003a030:·2220·6964·3d22·6964·6d38·3131·3722·3e3c··"·id="idm8117"><00039ff0:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
 0003a000:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
 0003a010:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
 0003a020:·7073·6522·2069·643d·2269·646d·3831·3137··pse"·id="idm8117
 0003a030:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
 0003a040:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
 0003a050:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
 0003a060:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
 0003a070:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
 0003a080:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
 0003a090:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003a0a0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
 0003a0b0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003a0c0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
 0003a0d0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
 0003a0e0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
 0003a0f0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
 0003a100:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t
 0003a110:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
0003a040:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac0003a120:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
0003a050:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·"0003a130:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
 0003a140:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
 0003a150:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
 0003a160:·6966·2021·2028·207b·2072·706d·202d·2d71··if·!·(·{·rpm·--q
 0003a170:·7569·6574·202d·7120·6b65·726e·656c·203b··uiet·-q·kernel·;
 0003a180:·7d20·2661·6d70·3b26·616d·703b·207b·2072··}·&amp;&amp;·{·r
 0003a190:·706d·202d·2d71·7569·6574·202d·7120·7270··pm·--quiet·-q·rp
 0003a1a0:·6d2d·6f73·7472·6565·203b·7d20·2661·6d70··m-ostree·;}·&amp
 0003a1b0:·3b26·616d·703b·207b·2072·706d·202d·2d71··;&amp;·{·rpm·--q
 0003a1c0:·7569·6574·202d·7120·626f·6f74·6320·3b7d··uiet·-q·bootc·;}
 0003a1d0:·2026·616d·703b·2661·6d70·3b20·7b20·2120···&amp;&amp;·{·!·
 0003a1e0:·7270·6d20·2d2d·7175·6965·7420·2d71·206f··rpm·--quiet·-q·o
 0003a1f0:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet
 0003a200:·203b·7d20·293b·2074·6865·6e0a·0a7a·7970···;}·);·then..zyp
 0003a210:·7065·7220·696e·7374·616c·6c20·2d79·2022··per·install·-y·"
0003a060:·646e·662d·6175·746f·6d61·7469·6322·0a76··dnf-automatic".v0003a220:·646e·662d·6175·746f·6d61·7469·6322·0a0a··dnf-automatic"..
0003a070:·6572·7369·6f6e·203d·2022·2a22·0a3c·2f63··ersion·=·"*".</c 
0003a080:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003a090:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003a0a0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003a0b0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003a0c0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003a0d0:·6964·6d38·3131·3822·2074·6162·696e·6465··idm8118"·tabinde 
0003a0e0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003a0f0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003a100:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003a110:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003a120:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003a130:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib 
0003a140:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</ 
0003a150:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003a160:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003a170:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0003a230:·656c·7365·0a20·2020·2026·6774·3b26·616d··else.····&gt;&am
 0003a240:·703b·3220·6563·686f·2027·5265·6d65·6469··p;2·echo·'Remedi
 0003a250:·6174·696f·6e20·6973·206e·6f74·2061·7070··ation·is·not·app
 0003a260:·6c69·6361·626c·652c·206e·6f74·6869·6e67··licable,·nothing
 0003a270:·2077·6173·2064·6f6e·6527·0a66·690a·3c2f···was·done'.fi.</
 0003a280:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div
 0003a290:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b
 0003a2a0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data
 0003a2b0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps
 0003a2c0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
 0003a2d0:·2369·646d·3831·3138·2220·7461·6269·6e64··#idm8118"·tabind
 0003a2e0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
 0003a2f0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
 0003a300:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
 0003a310:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
 0003a320:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
 0003a330:·5265·6d65·6469·6174·696f·6e20·416e·7369··Remediation·Ansi
 0003a340:·626c·6520·736e·6970·7065·7420·e287·b23c··ble·snippet·...<
 0003a350:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003a360:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003a370:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
0003a180:·646d·3831·3138·223e·3c74·6162·6c65·2063··dm8118"><table·c0003a380:·6964·6d38·3131·3822·3e3c·7461·626c·6520··idm8118"><table·
 0003a390:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 0003a3a0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 0003a3b0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 0003a3c0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 0003a3d0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
 0003a3e0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003a3f0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 0003a400:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
0003a190:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003a1a0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003a1b0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003a1c0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003a1d0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003a1e0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003a1f0:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003a200:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003a210:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003a220:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003a230:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003a240:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003a250:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003a260:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t0003a410:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
0003a270:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003a280:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t 
0003a290:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts 
0003a2a0:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts 
0003a2b0:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a 
0003a2c0:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-·0003a420:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 0003a430:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 0003a440:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 0003a450:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
 0003a460:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
 0003a470:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
 0003a480:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather·
 0003a490:·7468·6520·7061·636b·6167·6520·6661·6374··the·package·fact
 0003a4a0:·730a·2020·7061·636b·6167·655f·6661·6374··s.··package_fact
 0003a4b0:·733a·0a20·2020·206d·616e·6167·6572·3a20··s:.····manager:·
 0003a4c0:·6175·746f·0a20·2074·6167·733a·0a20·202d··auto.··tags:.··-
0003a2d0:·4343·452d·3931·3437·362d·320a·2020·2d20··CCE-91476-2.··-·0003a4d0:·2043·4345·2d39·3134·3736·2d32·0a20·202d···CCE-91476-2.··-
0003a2e0:·656e·6162·6c65·5f73·7472·6174·6567·790a··enable_strategy. 
0003a2f0:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi 
Max diff block lines reached; 2062838/2082462 bytes (99.06%) of diff not shown.
153 KB
html2text {}
    
Offset 100, 19 lines modifiedOffset 100, 28 lines modified
100 include·install_dnf-automatic100 include·install_dnf-automatic
  
101 class·install_dnf-automatic·{101 class·install_dnf-automatic·{
102 ··package·{·'dnf-automatic':102 ··package·{·'dnf-automatic':
103 ····ensure·=>·'installed',103 ····ensure·=>·'installed',
104 ··}104 ··}
105 }105 }
106 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8106 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 107 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 108 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 109 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 110 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 111 #·Remediation·is·applicable·only·in·certain·platforms
 112 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-
 113 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
107 [[packages]] 
108 name·=·"dnf-automatic" 
109 version·=·"*"114 zypper·install·-y·"dnf-automatic"
  
 115 else
 116 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 117 fi
110 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
111 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
112 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
113 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
114 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
115 -·name:·Gather·the·package·facts123 -·name:·Gather·the·package·facts
116 ··package_facts:124 ··package_facts:
Offset 139, 28 lines modifiedOffset 148, 19 lines modified
139 ··-·CCE-91476-2148 ··-·CCE-91476-2
140 ··-·enable_strategy149 ··-·enable_strategy
141 ··-·low_complexity150 ··-·low_complexity
142 ··-·low_disruption151 ··-·low_disruption
143 ··-·medium_severity152 ··-·medium_severity
144 ··-·no_reboot_needed153 ··-·no_reboot_needed
145 ··-·package_dnf-automatic_installed154 ··-·package_dnf-automatic_installed
 155 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
151 #·Remediation·is·applicable·only·in·certain·platforms 
152 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·- 
153 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
154 zypper·install·-y·"dnf-automatic" 
  
155 else 
156 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
157 fi156 [[packages]]
 157 name·=·"dnf-automatic"
 158 version·=·"*"
158 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*159 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
159 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically160 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically
160 installed·by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/161 installed·by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/
161 automatic.conf.162 automatic.conf.
162 ·············Installing·software·updates·is·a·fundamental·mitigation·against·the163 ·············Installing·software·updates·is·a·fundamental·mitigation·against·the
163 ·············exploitation·of·publicly-known·vulnerabilities.·If·the·most·recent·security164 ·············exploitation·of·publicly-known·vulnerabilities.·If·the·most·recent·security
164 Rationale:···patches·and·updates·are·not·installed,·unauthorized·users·may·take·advantage165 Rationale:···patches·and·updates·are·not·installed,·unauthorized·users·may·take·advantage
Offset 171, 14 lines modifiedOffset 171, 57 lines modified
171 Rule·ID:·····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates171 Rule·ID:·····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates
172 Identifiers:·CCE-91474-7172 Identifiers:·CCE-91474-7
173 ·············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495173 ·············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495
174 ·············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)174 ·············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)
175 References:··_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1175 References:··_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1
176 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260176 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260
177 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61177 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
 178 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 179 #·Remediation·is·applicable·only·in·certain·platforms
 180 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-
 181 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 182 found=false
  
 183 #·set·value·in·all·files·if·they·contain·section·or·key
 184 for·f·in·$(echo·-n·"/etc/dnf/automatic.conf");·do
 185 ····if·[·!·-e·"$f"·];·then
 186 ········continue
 187 ····fi
  
 188 ····#·find·key·in·section·and·change·value
 189 ····if·grep·-qzosP·"[[:space:]]*\[commands\]([^\n\[]*\n+)+?[[:space:]]*apply_updates"
 190 "$f";·then
  
 191 ············sed·-i·"s/apply_updates[^(\n)]*/apply_updates=yes/"·"$f"
  
 192 ············found=true
  
 193 ····#·find·section·and·add·key·=·value·to·it
 194 ····elif·grep·-qs·"[[:space:]]*\[commands\]"·"$f";·then
  
 195 ············sed·-i·"/[[:space:]]*\[commands\]/a·apply_updates=yes"·"$f"
  
 196 ············found=true
 197 ····fi
 198 done
  
 199 #·if·section·not·in·any·file,·append·section·with·key·=·value·to·FIRST·file·in·files
 200 parameter
 201 if·!·$found·;·then
 202 ····file=$(echo·"/etc/dnf/automatic.conf"·|·cut·-f1·-d·'·')
 203 ····mkdir·-p·"$(dirname·"$file")"
  
 204 ····echo·-e·"[commands]\napply_updates=yes"·>>·"$file"
  
 205 fi
  
 206 else
 207 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 208 fi
178 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8209 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
179 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low210 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
180 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium211 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
181 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false212 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
182 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···unknown213 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···unknown
183 -·name:·Gather·the·package·facts214 -·name:·Gather·the·package·facts
184 ··package_facts:215 ··package_facts:
Offset 214, 69 lines modifiedOffset 257, 69 lines modified
214 ··-·NIST-800-53-SI-2(c)257 ··-·NIST-800-53-SI-2(c)
215 ··-·dnf-automatic_apply_updates258 ··-·dnf-automatic_apply_updates
216 ··-·low_complexity259 ··-·low_complexity
217 ··-·medium_disruption260 ··-·medium_disruption
218 ··-·medium_severity261 ··-·medium_severity
219 ··-·no_reboot_needed262 ··-·no_reboot_needed
Max diff block lines reached; 151775/156706 bytes (96.85%) of diff not shown.
20.2 MB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-cis.html
    
Offset 15208, 146 lines modifiedOffset 15208, 146 lines modified
0003b670:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe0003b670:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003b680:·743d·2223·6964·6d35·3339·3822·2074·6162··t="#idm5398"·tab0003b680:·743d·2223·6964·6d35·3339·3822·2074·6162··t="#idm5398"·tab
0003b690:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="0003b690:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003b6a0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp0003b6a0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003b6b0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti0003b6b0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003b6c0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to0003b6c0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003b6d0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#0003b6d0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003b6e0:·2122·3e52·656d·6564·6961·7469·6f6e·204f··!">Remediation·O0003b6e0:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
0003b6f0:·5342·7569·6c64·2042·6c75·6570·7269·6e74··SBuild·Blueprint 
0003b700:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b710:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b720:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b730:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
0003b740:·3533·3938·223e·3c70·7265·3e3c·636f·6465··5398"><pre><code 
0003b750:·3e0a·5b5b·7061·636b·6167·6573·5d5d·0a6e··>.[[packages]].n 
0003b760:·616d·6520·3d20·2261·6964·6522·0a76·6572··ame·=·"aide".ver 
0003b770:·7369·6f6e·203d·2022·2a22·0a3c·2f63·6f64··sion·=·"*".</cod0003b6f0:·6865·6c6c·2073·6372·6970·7420·e287·b23c··hell·script·...<
 0003b700:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003b710:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003b720:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003b730:·6964·6d35·3339·3822·3e3c·7461·626c·6520··idm5398"><table·
 0003b740:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 0003b750:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 0003b760:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 0003b770:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 0003b780:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
 0003b790:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003b7a0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 0003b7b0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
 0003b7c0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003b7d0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 0003b7e0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 0003b7f0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 0003b800:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
 0003b810:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
 0003b820:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
 0003b830:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
 0003b840:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
 0003b850:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
 0003b860:·7466·6f72·6d73·0a69·6620·7270·6d20·2d2d··tforms.if·rpm·--
 0003b870:·7175·6965·7420·2d71·206b·6572·6e65·6c2d··quiet·-q·kernel-
 0003b880:·6465·6661·756c·743b·2074·6865·6e0a·0a7a··default;·then..z
 0003b890:·7970·7065·7220·696e·7374·616c·6c20·2d79··ypper·install·-y
 0003b8a0:·2022·6169·6465·220a·0a65·6c73·650a·2020···"aide"..else.··
 0003b8b0:·2020·2667·743b·2661·6d70·3b32·2065·6368····&gt;&amp;2·ech
 0003b8c0:·6f20·2752·656d·6564·6961·7469·6f6e·2069··o·'Remediation·i
 0003b8d0:·7320·6e6f·7420·6170·706c·6963·6162·6c65··s·not·applicable
 0003b8e0:·2c20·6e6f·7468·696e·6720·7761·7320·646f··,·nothing·was·do
 0003b8f0:·6e65·270a·6669·0a3c·2f63·6f64·653e·3c2f··ne'.fi.</code></
0003b780:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a0003b900:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
0003b790:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-0003b910:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
0003b7a0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to0003b920:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
0003b7b0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·0003b930:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
0003b7c0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003b940:·2d74·6172·6765·743d·2223·6964·6d35·3339··-target="#idm539
0003b7d0:·6d35·3339·3922·2074·6162·696e·6465·783d··m5399"·tabindex=0003b950:·3922·2074·6162·696e·6465·783d·2230·2220··9"·tabindex="0"·
0003b7e0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003b960:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003b7f0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003b970:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003b800:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003b980:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003b810:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003b990:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003b820:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003b9a0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003b830:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible0003b9b0:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni
0003b840:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>0003b9c0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>
0003b850:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="0003b9d0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003b860:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c0003b9e0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003b870:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm0003b9f0:·7073·6522·2069·643d·2269·646d·3533·3939··pse"·id="idm5399
0003b880:·3533·3939·223e·3c74·6162·6c65·2063·6c61··5399"><table·cla0003ba00:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003b890:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-0003ba10:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
0003b8a0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo0003ba20:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
0003b8b0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con0003ba30:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
0003b8c0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>0003ba40:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
0003b8d0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>0003ba50:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
0003b8e0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr0003ba60:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
0003b8f0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt0003ba70:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
0003b900:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low0003ba80:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
0003b910:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003ba90:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
0003b920:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t0003baa0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
0003b930:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b940:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b950:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b960:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab0003bab0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
 0003bac0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
 0003bad0:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t
 0003bae0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
0003b970:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-·0003baf0:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name
0003b980:·6e61·6d65·3a20·4761·7468·6572·2074·6865··name:·Gather·the0003bb00:·3a20·4761·7468·6572·2074·6865·2070·6163··:·Gather·the·pac
0003b990:·2070·6163·6b61·6765·2066·6163·7473·0a20···package·facts.·0003bb10:·6b61·6765·2066·6163·7473·0a20·2070·6163··kage·facts.··pac
0003b9a0:·2070·6163·6b61·6765·5f66·6163·7473·3a0a···package_facts:.0003bb20:·6b61·6765·5f66·6163·7473·3a0a·2020·2020··kage_facts:.····
0003b9b0:·2020·2020·6d61·6e61·6765·723a·2061·7574······manager:·aut0003bb30:·6d61·6e61·6765·723a·2061·7574·6f0a·2020··manager:·auto.··
0003b9c0:·6f0a·2020·7461·6773·3a0a·2020·2d20·4343··o.··tags:.··-·CC 
0003b9d0:·452d·3833·3036·372d·390a·2020·2d20·434a··E-83067-9.··-·CJ 
0003b9e0:·4953·2d35·2e31·302e·312e·330a·2020·2d20··IS-5.10.1.3.··-· 
0003b9f0:·4449·5341·2d53·5449·472d·534c·4553·2d31··DISA-STIG-SLES-1 
0003ba00:·322d·3031·3034·3939·0a20·202d·204e·4953··2-010499.··-·NIS 
0003ba10:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a) 
0003ba20:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req 
0003ba30:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS 
0003ba40:·5376·342d·3131·2e35·2e32·0a20·202d·2065··Sv4-11.5.2.··-·e 
0003ba50:·6e61·626c·655f·7374·7261·7465·6779·0a20··nable_strategy.· 
0003ba60:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit 
0003ba70:·790a·2020·2d20·6c6f·775f·6469·7372·7570··y.··-·low_disrup 
0003ba80:·7469·6f6e·0a20·202d·206d·6564·6975·6d5f··tion.··-·medium_ 
0003ba90:·7365·7665·7269·7479·0a20·202d·206e·6f5f··severity.··-·no_ 
0003baa0:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.·· 
0003bab0:·2d20·7061·636b·6167·655f·6169·6465·5f69··-·package_aide_i 
0003bac0:·6e73·7461·6c6c·6564·0a0a·2d20·6e61·6d65··nstalled..-·name 
0003bad0:·3a20·456e·7375·7265·2061·6964·6520·6973··:·Ensure·aide·is 
0003bae0:·2069·6e73·7461·6c6c·6564·0a20·2070·6163···installed.··pac 
0003baf0:·6b61·6765·3a0a·2020·2020·6e61·6d65·3a20··kage:.····name:· 
0003bb00:·6169·6465·0a20·2020·2073·7461·7465·3a20··aide.····state:· 
0003bb10:·7072·6573·656e·740a·2020·7768·656e·3a20··present.··when:· 
0003bb20:·2722·6b65·726e·656c·2d64·6566·6175·6c74··'"kernel-default 
0003bb30:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
0003bb40:·7473·2e70·6163·6b61·6765·7327·0a20·2074··ts.packages'.··t 
0003bb50:·6167·733a·0a20·202d·2043·4345·2d38·3330··ags:.··-·CCE-8300003bb40:·7461·6773·3a0a·2020·2d20·4343·452d·3833··tags:.··-·CCE-83
0003bb60:·3637·2d39·0a20·202d·2043·4a49·532d·352e··67-9.··-·CJIS-5.0003bb50:·3036·372d·390a·2020·2d20·434a·4953·2d35··067-9.··-·CJIS-5
0003bb70:·3130·2e31·2e33·0a20·202d·2044·4953·412d··10.1.3.··-·DISA-0003bb60:·2e31·302e·312e·330a·2020·2d20·4449·5341··.10.1.3.··-·DISA
0003bb80:·5354·4947·2d53·4c45·532d·3132·2d30·3130··STIG-SLES-12-0100003bb70:·2d53·5449·472d·534c·4553·2d31·322d·3031··-STIG-SLES-12-01
0003bb90:·3439·390a·2020·2d20·4e49·5354·2d38·3030··499.··-·NIST-8000003bb80:·3034·3939·0a20·202d·204e·4953·542d·3830··0499.··-·NIST-80
0003bba0:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-·0003bb90:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··-
0003bbb0:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.50003bba0:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.
0003bbc0:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1 
0003bbd0:·312e·352e·320a·2020·2d20·656e·6162·6c65··1.5.2.··-·enable 
0003bbe0:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo 
0003bbf0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··- 
0003bc00:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption. 
0003bc10:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever 
0003bc20:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo0003bbb0:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-
Max diff block lines reached; 19382650/19401446 bytes (99.90%) of diff not shown.
1.74 MB
html2text {}
Max HTML report size reached
8.93 MB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-cis_server_l1.html
    
Offset 15187, 145 lines modifiedOffset 15187, 145 lines modified
0003b520:·7267·6574·3d22·2369·646d·3533·3938·2220··rget="#idm5398"·0003b520:·7267·6574·3d22·2369·646d·3533·3938·2220··rget="#idm5398"·
0003b530:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003b530:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003b540:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003b540:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003b550:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003b550:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003b560:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003b560:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003b570:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003b570:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003b580:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003b580:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003b590:·6e20·4f53·4275·696c·6420·426c·7565·7072··n·OSBuild·Bluepr 
0003b5a0:·696e·7420·736e·6970·7065·7420·e287·b23c··int·snippet·...< 
0003b5b0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b5c0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b5d0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b5e0:·6964·6d35·3339·3822·3e3c·7072·653e·3c63··idm5398"><pre><c 
0003b5f0:·6f64·653e·0a5b·5b70·6163·6b61·6765·735d··ode>.[[packages] 
0003b600:·5d0a·6e61·6d65·203d·2022·6169·6465·220a··].name·=·"aide". 
0003b610:·7665·7273·696f·6e20·3d20·222a·220a·3c2f··version·=·"*".</0003b590:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
 0003b5a0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
 0003b5b0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
 0003b5c0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
 0003b5d0:·643d·2269·646d·3533·3938·223e·3c74·6162··d="idm5398"><tab
 0003b5e0:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 0003b5f0:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 0003b600:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 0003b610:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 0003b620:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
 0003b630:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003b640:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003b650:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
 0003b660:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003b670:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003b680:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
 0003b690:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 0003b6a0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003b6b0:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr
 0003b6c0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
 0003b6d0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
 0003b6e0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
 0003b6f0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
 0003b700:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm
 0003b710:·202d·2d71·7569·6574·202d·7120·6b65·726e···--quiet·-q·kern
 0003b720:·656c·2d64·6566·6175·6c74·3b20·7468·656e··el-default;·then
 0003b730:·0a0a·7a79·7070·6572·2069·6e73·7461·6c6c··..zypper·install
 0003b740:·202d·7920·2261·6964·6522·0a0a·656c·7365···-y·"aide"..else
 0003b750:·0a20·2020·2026·6774·3b26·616d·703b·3220··.····&gt;&amp;2·
 0003b760:·6563·686f·2027·5265·6d65·6469·6174·696f··echo·'Remediatio
 0003b770:·6e20·6973·206e·6f74·2061·7070·6c69·6361··n·is·not·applica
 0003b780:·626c·652c·206e·6f74·6869·6e67·2077·6173··ble,·nothing·was
 0003b790:·2064·6f6e·6527·0a66·690a·3c2f·636f·6465···done'.fi.</code
0003b620:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div0003b7a0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
0003b630:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b0003b7b0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
0003b640:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data0003b7c0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
0003b650:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps0003b7d0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
0003b660:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003b7e0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b670:·2369·646d·3533·3939·2220·7461·6269·6e64··#idm5399"·tabind0003b7f0:·3533·3939·2220·7461·6269·6e64·6578·3d22··5399"·tabindex="
0003b680:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003b800:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b690:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003b810:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b6a0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003b820:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b6b0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003b830:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003b6c0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003b840:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003b6d0:·5265·6d65·6469·6174·696f·6e20·416e·7369··Remediation·Ansi0003b850:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·
0003b6e0:·626c·6520·736e·6970·7065·7420·e287·b23c··ble·snippet·...<0003b860:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
0003b6f0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003b870:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003b700:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003b880:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003b710:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003b890:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5
0003b720:·6964·6d35·3339·3922·3e3c·7461·626c·6520··idm5399"><table·0003b8a0:·3339·3922·3e3c·7461·626c·6520·636c·6173··399"><table·clas
0003b730:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003b8b0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003b740:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003b8c0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003b750:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003b8d0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003b760:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003b8e0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003b770:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003b8f0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003b780:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><0003b900:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
0003b790:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr0003b910:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
0003b7a0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>0003b920:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
0003b7b0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr0003b930:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003b7c0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th0003b940:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
0003b7d0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003b7e0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003b7f0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003b800:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></0003b950:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
 0003b960:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
 0003b970:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable
0003b810:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b820:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather· 
0003b830:·7468·6520·7061·636b·6167·6520·6661·6374··the·package·fact 
0003b840:·730a·2020·7061·636b·6167·655f·6661·6374··s.··package_fact 
0003b850:·733a·0a20·2020·206d·616e·6167·6572·3a20··s:.····manager:· 
0003b860:·6175·746f·0a20·2074·6167·733a·0a20·202d··auto.··tags:.··- 
0003b870:·2043·4345·2d38·3330·3637·2d39·0a20·202d···CCE-83067-9.··- 
0003b880:·2043·4a49·532d·352e·3130·2e31·2e33·0a20···CJIS-5.10.1.3.· 
0003b890:·202d·2044·4953·412d·5354·4947·2d53·4c45···-·DISA-STIG-SLE 
0003b8a0:·532d·3132·2d30·3130·3439·390a·2020·2d20··S-12-010499.··-· 
0003b8b0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6 
0003b8c0:·2861·290a·2020·2d20·5043·492d·4453·532d··(a).··-·PCI-DSS- 
0003b8d0:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI 
0003b8e0:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.·· 
0003b8f0:·2d20·656e·6162·6c65·5f73·7472·6174·6567··-·enable_strateg 
0003b900:·790a·2020·2d20·6c6f·775f·636f·6d70·6c65··y.··-·low_comple 
0003b910:·7869·7479·0a20·202d·206c·6f77·5f64·6973··xity.··-·low_dis 
0003b920:·7275·7074·696f·6e0a·2020·2d20·6d65·6469··ruption.··-·medi 
0003b930:·756d·5f73·6576·6572·6974·790a·2020·2d20··um_severity.··-· 
0003b940:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed 
0003b950:·0a20·202d·2070·6163·6b61·6765·5f61·6964··.··-·package_aid 
0003b960:·655f·696e·7374·616c·6c65·640a·0a2d·206e··e_installed..-·n 
0003b970:·616d·653a·2045·6e73·7572·6520·6169·6465··ame:·Ensure·aide 
0003b980:·2069·7320·696e·7374·616c·6c65·640a·2020···is·installed.·· 
0003b990:·7061·636b·6167·653a·0a20·2020·206e·616d··package:.····nam 
0003b9a0:·653a·2061·6964·650a·2020·2020·7374·6174··e:·aide.····stat 
0003b9b0:·653a·2070·7265·7365·6e74·0a20·2077·6865··e:·present.··whe 
0003b9c0:·6e3a·2027·226b·6572·6e65·6c2d·6465·6661··n:·'"kernel-defa 
0003b9d0:·756c·7422·2069·6e20·616e·7369·626c·655f··ult"·in·ansible_ 
0003b9e0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
0003b9f0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE- 
0003ba00:·3833·3036·372d·390a·2020·2d20·434a·4953··83067-9.··-·CJIS 
0003ba10:·2d35·2e31·302e·312e·330a·2020·2d20·4449··-5.10.1.3.··-·DI 
0003ba20:·5341·2d53·5449·472d·534c·4553·2d31·322d··SA-STIG-SLES-12- 
0003ba30:·3031·3034·3939·0a20·202d·204e·4953·542d··010499.··-·NIST- 
0003ba40:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).· 
0003ba50:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1 
0003ba60:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv 
0003ba70:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena 
0003ba80:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··- 
0003ba90:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity. 
0003baa0:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti 
0003bab0:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se 
0003bac0:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re 
0003bad0:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-· 
0003bae0:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins 
Max diff block lines reached; 8352442/8371100 bytes (99.78%) of diff not shown.
968 KB
html2text {}
    
Offset 137, 19 lines modifiedOffset 137, 27 lines modified
137 include·install_aide137 include·install_aide
  
138 class·install_aide·{138 class·install_aide·{
139 ··package·{·'aide':139 ··package·{·'aide':
140 ····ensure·=>·'installed',140 ····ensure·=>·'installed',
141 ··}141 ··}
142 }142 }
143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 148 #·Remediation·is·applicable·only·in·certain·platforms
 149 if·rpm·--quiet·-q·kernel-default;·then
  
144 [[packages]] 
145 name·=·"aide" 
146 version·=·"*"150 zypper·install·-y·"aide"
  
 151 else
 152 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 153 fi
147 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8154 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
148 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low155 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
149 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low156 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
150 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false157 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
151 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable158 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
152 -·name:·Gather·the·package·facts159 -·name:·Gather·the·package·facts
153 ··package_facts:160 ··package_facts:
Offset 182, 27 lines modifiedOffset 190, 19 lines modified
182 ··-·PCI-DSSv4-11.5.2190 ··-·PCI-DSSv4-11.5.2
183 ··-·enable_strategy191 ··-·enable_strategy
184 ··-·low_complexity192 ··-·low_complexity
185 ··-·low_disruption193 ··-·low_disruption
186 ··-·medium_severity194 ··-·medium_severity
187 ··-·no_reboot_needed195 ··-·no_reboot_needed
188 ··-·package_aide_installed196 ··-·package_aide_installed
 197 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
190 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
191 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
192 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
193 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
194 #·Remediation·is·applicable·only·in·certain·platforms 
195 if·rpm·--quiet·-q·kernel-default;·then 
  
196 zypper·install·-y·"aide" 
  
197 else 
198 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
199 fi198 [[packages]]
 199 name·=·"aide"
 200 version·=·"*"
200 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*201 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
201 Run·the·following·command·to·generate·a·new·database:202 Run·the·following·command·to·generate·a·new·database:
202 $·sudo·/usr/bin/aide·--init203 $·sudo·/usr/bin/aide·--init
203 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the204 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the
204 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure205 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure
205 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-206 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-
206 generated·database·can·be·installed·as·follows:207 generated·database·can·be·installed·as·follows:
Offset 230, 14 lines modifiedOffset 230, 29 lines modified
230 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5230 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
231 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199231 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
232 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-12-010499232 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-12-010499
233 ·············_\x8c_\x8i_\x8s············1.4.1233 ·············_\x8c_\x8i_\x8s············1.4.1
234 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79234 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
235 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2235 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
236 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255916r958794_rule236 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255916r958794_rule
 237 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 238 #·Remediation·is·applicable·only·in·certain·platforms
 239 if·rpm·--quiet·-q·kernel-default;·then
  
 240 zypper·-q·--no-remote·ref
  
  
 241 zypper·install·-y·"aide"
  
 242 /usr/bin/aide·--init
 243 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db
  
 244 else
 245 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 246 fi
237 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8247 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
238 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low248 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
239 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low249 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
240 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false250 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
241 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict251 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
242 -·name:·Gather·the·package·facts252 -·name:·Gather·the·package·facts
243 ··package_facts:253 ··package_facts:
Offset 350, 29 lines modifiedOffset 365, 14 lines modified
350 ··-·PCI-DSSv4-11.5.2365 ··-·PCI-DSSv4-11.5.2
351 ··-·aide_build_database366 ··-·aide_build_database
352 ··-·low_complexity367 ··-·low_complexity
353 ··-·low_disruption368 ··-·low_disruption
354 ··-·medium_severity369 ··-·medium_severity
355 ··-·no_reboot_needed370 ··-·no_reboot_needed
356 ··-·restrict_strategy371 ··-·restrict_strategy
357 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
358 #·Remediation·is·applicable·only·in·certain·platforms 
359 if·rpm·--quiet·-q·kernel-default;·then 
  
360 zypper·-q·--no-remote·ref 
  
  
361 zypper·install·-y·"aide" 
  
362 /usr/bin/aide·--init 
363 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db 
  
364 else 
365 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
366 fi 
367 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*372 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
368 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of·AIDE·at·4:373 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of·AIDE·at·4:
369 05am·using·cron,·add·the·following·line·to·/etc/crontab:374 05am·using·cron,·add·the·following·line·to·/etc/crontab:
370 05·4·*·*·*·root·/usr/bin/aide·--check375 05·4·*·*·*·root·/usr/bin/aide·--check
371 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:376 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:
372 05·4·*·*·0·root·/usr/bin/aide·--check377 05·4·*·*·0·root·/usr/bin/aide·--check
373 AIDE·can·be·executed·periodically·through·other·means;·this·is·merely·one·example.·The·usage·of·cron's378 AIDE·can·be·executed·periodically·through·other·means;·this·is·merely·one·example.·The·usage·of·cron's
Offset 407, 14 lines modifiedOffset 407, 30 lines modified
407 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5407 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
408 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-00201408 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-00201
409 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-12-010500409 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-12-010500
410 ·············_\x8c_\x8i_\x8s············1.4.2410 ·············_\x8c_\x8i_\x8s············1.4.2
411 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76411 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76
412 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2412 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
Max diff block lines reached; 986399/991491 bytes (99.49%) of diff not shown.
8.69 MB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-cis_workstation_l1.html
    
Offset 15173, 145 lines modifiedOffset 15173, 145 lines modified
0003b440:·7461·7267·6574·3d22·2369·646d·3533·3938··target="#idm53980003b440:·7461·7267·6574·3d22·2369·646d·3533·3938··target="#idm5398
0003b450:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003b450:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003b460:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003b460:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003b470:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003b470:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003b480:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003b480:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003b490:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003b490:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003b4a0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003b4a0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
0003b4b0:·696f·6e20·4f53·4275·696c·6420·426c·7565··ion·OSBuild·Blue 
0003b4c0:·7072·696e·7420·736e·6970·7065·7420·e287··print·snippet·.. 
0003b4d0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003b4e0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003b4f0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003b500:·3d22·6964·6d35·3339·3822·3e3c·7072·653e··="idm5398"><pre> 
0003b510:·3c63·6f64·653e·0a5b·5b70·6163·6b61·6765··<code>.[[package 
0003b520:·735d·5d0a·6e61·6d65·203d·2022·6169·6465··s]].name·=·"aide 
0003b530:·220a·7665·7273·696f·6e20·3d20·222a·220a··".version·=·"*".0003b4b0:·696f·6e20·5368·656c·6c20·7363·7269·7074··ion·Shell·script
 0003b4c0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
 0003b4d0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
 0003b4e0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
 0003b4f0:·2069·643d·2269·646d·3533·3938·223e·3c74···id="idm5398"><t
 0003b500:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
 0003b510:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
 0003b520:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
 0003b530:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
 0003b540:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
 0003b550:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<
 0003b560:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b570:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th
 0003b580:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003b590:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
 0003b5a0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
 0003b5b0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b5c0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
 0003b5d0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></
 0003b5e0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
 0003b5f0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
 0003b600:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
 0003b610:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
 0003b620:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r
 0003b630:·706d·202d·2d71·7569·6574·202d·7120·6b65··pm·--quiet·-q·ke
 0003b640:·726e·656c·2d64·6566·6175·6c74·3b20·7468··rnel-default;·th
 0003b650:·656e·0a0a·7a79·7070·6572·2069·6e73·7461··en..zypper·insta
 0003b660:·6c6c·202d·7920·2261·6964·6522·0a0a·656c··ll·-y·"aide"..el
 0003b670:·7365·0a20·2020·2026·6774·3b26·616d·703b··se.····&gt;&amp;
 0003b680:·3220·6563·686f·2027·5265·6d65·6469·6174··2·echo·'Remediat
 0003b690:·696f·6e20·6973·206e·6f74·2061·7070·6c69··ion·is·not·appli
 0003b6a0:·6361·626c·652c·206e·6f74·6869·6e67·2077··cable,·nothing·w
 0003b6b0:·6173·2064·6f6e·6527·0a66·690a·3c2f·636f··as·done'.fi.</co
0003b540:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d0003b6c0:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
0003b550:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn0003b6d0:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
0003b560:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da0003b6e0:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
0003b570:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla0003b6f0:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
0003b580:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b700:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003b590:·3d22·2369·646d·3533·3939·2220·7461·6269··="#idm5399"·tabi0003b710:·646d·3533·3939·2220·7461·6269·6e64·6578··dm5399"·tabindex
0003b5a0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b720:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003b5b0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b730:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003b5c0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b740:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003b5d0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b750:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003b5e0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b760:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003b5f0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003b770:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl
0003b600:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..0003b780:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a
0003b610:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl0003b790:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003b620:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla0003b7a0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003b630:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id0003b7b0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003b640:·3d22·6964·6d35·3339·3922·3e3c·7461·626c··="idm5399"><tabl0003b7c0:·6d35·3339·3922·3e3c·7461·626c·6520·636c··m5399"><table·cl
0003b650:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t0003b7d0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
0003b660:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab0003b7e0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003b670:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl0003b7f0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
0003b680:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr0003b800:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
0003b690:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:0003b810:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003b6a0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td0003b820:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
0003b6b0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di0003b830:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
0003b6c0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003b840:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
0003b6d0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><0003b850:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
0003b6e0:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</0003b860:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
0003b6f0:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td0003b870:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
0003b700:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St0003b880:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
0003b710:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>0003b890:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab
0003b720:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003b730:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003b740:·6465·3e2d·206e·616d·653a·2047·6174·6865··de>-·name:·Gathe 
0003b750:·7220·7468·6520·7061·636b·6167·6520·6661··r·the·package·fa 
0003b760:·6374·730a·2020·7061·636b·6167·655f·6661··cts.··package_fa 
0003b770:·6374·733a·0a20·2020·206d·616e·6167·6572··cts:.····manager 
0003b780:·3a20·6175·746f·0a20·2074·6167·733a·0a20··:·auto.··tags:.· 
0003b790:·202d·2043·4345·2d38·3330·3637·2d39·0a20···-·CCE-83067-9.· 
0003b7a0:·202d·2043·4a49·532d·352e·3130·2e31·2e33···-·CJIS-5.10.1.3 
0003b7b0:·0a20·202d·2044·4953·412d·5354·4947·2d53··.··-·DISA-STIG-S 
0003b7c0:·4c45·532d·3132·2d30·3130·3439·390a·2020··LES-12-010499.·· 
0003b7d0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM 
0003b7e0:·2d36·2861·290a·2020·2d20·5043·492d·4453··-6(a).··-·PCI-DS 
0003b7f0:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P 
0003b800:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2. 
0003b810:·2020·2d20·656e·6162·6c65·5f73·7472·6174····-·enable_strat 
0003b820:·6567·790a·2020·2d20·6c6f·775f·636f·6d70··egy.··-·low_comp 
0003b830:·6c65·7869·7479·0a20·202d·206c·6f77·5f64··lexity.··-·low_d 
0003b840:·6973·7275·7074·696f·6e0a·2020·2d20·6d65··isruption.··-·me 
0003b850:·6469·756d·5f73·6576·6572·6974·790a·2020··dium_severity.·· 
0003b860:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need 
0003b870:·6564·0a20·202d·2070·6163·6b61·6765·5f61··ed.··-·package_a 
0003b880:·6964·655f·696e·7374·616c·6c65·640a·0a2d··ide_installed..- 
0003b890:·206e·616d·653a·2045·6e73·7572·6520·6169···name:·Ensure·ai 
0003b8a0:·6465·2069·7320·696e·7374·616c·6c65·640a··de·is·installed. 
0003b8b0:·2020·7061·636b·6167·653a·0a20·2020·206e····package:.····n 
0003b8c0:·616d·653a·2061·6964·650a·2020·2020·7374··ame:·aide.····st 
0003b8d0:·6174·653a·2070·7265·7365·6e74·0a20·2077··ate:·present.··w 
0003b8e0:·6865·6e3a·2027·226b·6572·6e65·6c2d·6465··hen:·'"kernel-de 
0003b8f0:·6661·756c·7422·2069·6e20·616e·7369·626c··fault"·in·ansibl 
0003b900:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
0003b910:·270a·2020·7461·6773·3a0a·2020·2d20·4343··'.··tags:.··-·CC 
0003b920:·452d·3833·3036·372d·390a·2020·2d20·434a··E-83067-9.··-·CJ 
0003b930:·4953·2d35·2e31·302e·312e·330a·2020·2d20··IS-5.10.1.3.··-· 
0003b940:·4449·5341·2d53·5449·472d·534c·4553·2d31··DISA-STIG-SLES-1 
0003b950:·322d·3031·3034·3939·0a20·202d·204e·4953··2-010499.··-·NIS 
0003b960:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a) 
0003b970:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req 
0003b980:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS 
0003b990:·5376·342d·3131·2e35·2e32·0a20·202d·2065··Sv4-11.5.2.··-·e 
0003b9a0:·6e61·626c·655f·7374·7261·7465·6779·0a20··nable_strategy.· 
0003b9b0:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit 
0003b9c0:·790a·2020·2d20·6c6f·775f·6469·7372·7570··y.··-·low_disrup 
0003b9d0:·7469·6f6e·0a20·202d·206d·6564·6975·6d5f··tion.··-·medium_ 
0003b9e0:·7365·7665·7269·7479·0a20·202d·206e·6f5f··severity.··-·no_ 
0003b9f0:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.·· 
0003ba00:·2d20·7061·636b·6167·655f·6169·6465·5f69··-·package_aide_i 
0003ba10:·6e73·7461·6c6c·6564·0a3c·2f63·6f64·653e··nstalled.</code> 
0003ba20:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
Max diff block lines reached; 8124403/8143061 bytes (99.77%) of diff not shown.
944 KB
html2text {}
    
Offset 134, 19 lines modifiedOffset 134, 27 lines modified
134 include·install_aide134 include·install_aide
  
135 class·install_aide·{135 class·install_aide·{
136 ··package·{·'aide':136 ··package·{·'aide':
137 ····ensure·=>·'installed',137 ····ensure·=>·'installed',
138 ··}138 ··}
139 }139 }
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 145 #·Remediation·is·applicable·only·in·certain·platforms
 146 if·rpm·--quiet·-q·kernel-default;·then
  
141 [[packages]] 
142 name·=·"aide" 
143 version·=·"*"147 zypper·install·-y·"aide"
  
 148 else
 149 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 150 fi
144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
145 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low152 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
146 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low153 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
147 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false154 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
148 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable155 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
149 -·name:·Gather·the·package·facts156 -·name:·Gather·the·package·facts
150 ··package_facts:157 ··package_facts:
Offset 179, 27 lines modifiedOffset 187, 19 lines modified
179 ··-·PCI-DSSv4-11.5.2187 ··-·PCI-DSSv4-11.5.2
180 ··-·enable_strategy188 ··-·enable_strategy
181 ··-·low_complexity189 ··-·low_complexity
182 ··-·low_disruption190 ··-·low_disruption
183 ··-·medium_severity191 ··-·medium_severity
184 ··-·no_reboot_needed192 ··-·no_reboot_needed
185 ··-·package_aide_installed193 ··-·package_aide_installed
 194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
187 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
188 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
189 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
190 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
191 #·Remediation·is·applicable·only·in·certain·platforms 
192 if·rpm·--quiet·-q·kernel-default;·then 
  
193 zypper·install·-y·"aide" 
  
194 else 
195 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
196 fi195 [[packages]]
 196 name·=·"aide"
 197 version·=·"*"
197 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*198 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
198 Run·the·following·command·to·generate·a·new·database:199 Run·the·following·command·to·generate·a·new·database:
199 $·sudo·/usr/bin/aide·--init200 $·sudo·/usr/bin/aide·--init
200 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the201 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the
201 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure202 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure
202 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-203 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-
203 generated·database·can·be·installed·as·follows:204 generated·database·can·be·installed·as·follows:
Offset 227, 14 lines modifiedOffset 227, 29 lines modified
227 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5227 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
229 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-12-010499229 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-12-010499
230 ·············_\x8c_\x8i_\x8s············1.4.1230 ·············_\x8c_\x8i_\x8s············1.4.1
231 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79231 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
232 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2232 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255916r958794_rule233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255916r958794_rule
 234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 235 #·Remediation·is·applicable·only·in·certain·platforms
 236 if·rpm·--quiet·-q·kernel-default;·then
  
 237 zypper·-q·--no-remote·ref
  
  
 238 zypper·install·-y·"aide"
  
 239 /usr/bin/aide·--init
 240 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db
  
 241 else
 242 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 243 fi
234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8244 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
235 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low245 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
236 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low246 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
237 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false247 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
238 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict248 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
239 -·name:·Gather·the·package·facts249 -·name:·Gather·the·package·facts
240 ··package_facts:250 ··package_facts:
Offset 347, 29 lines modifiedOffset 362, 14 lines modified
347 ··-·PCI-DSSv4-11.5.2362 ··-·PCI-DSSv4-11.5.2
348 ··-·aide_build_database363 ··-·aide_build_database
349 ··-·low_complexity364 ··-·low_complexity
350 ··-·low_disruption365 ··-·low_disruption
351 ··-·medium_severity366 ··-·medium_severity
352 ··-·no_reboot_needed367 ··-·no_reboot_needed
353 ··-·restrict_strategy368 ··-·restrict_strategy
354 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
355 #·Remediation·is·applicable·only·in·certain·platforms 
356 if·rpm·--quiet·-q·kernel-default;·then 
  
357 zypper·-q·--no-remote·ref 
  
  
358 zypper·install·-y·"aide" 
  
359 /usr/bin/aide·--init 
360 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db 
  
361 else 
362 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
363 fi 
364 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*369 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·P\x8Pe\x8er\x8ri\x8io\x8od\x8di\x8ic\x8c·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
365 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of·AIDE·at·4:370 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·daily·execution·of·AIDE·at·4:
366 05am·using·cron,·add·the·following·line·to·/etc/crontab:371 05am·using·cron,·add·the·following·line·to·/etc/crontab:
367 05·4·*·*·*·root·/usr/bin/aide·--check372 05·4·*·*·*·root·/usr/bin/aide·--check
368 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:373 To·implement·a·weekly·execution·of·AIDE·at·4:05am·using·cron,·add·the·following·line·to·/etc/crontab:
369 05·4·*·*·0·root·/usr/bin/aide·--check374 05·4·*·*·0·root·/usr/bin/aide·--check
370 AIDE·can·be·executed·periodically·through·other·means;·this·is·merely·one·example.·The·usage·of·cron's375 AIDE·can·be·executed·periodically·through·other·means;·this·is·merely·one·example.·The·usage·of·cron's
Offset 404, 14 lines modifiedOffset 404, 30 lines modified
404 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5404 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
405 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-00201405 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-00201
406 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-12-010500406 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-12-010500
407 ·············_\x8c_\x8i_\x8s············1.4.2407 ·············_\x8c_\x8i_\x8s············1.4.2
408 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76408 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76
409 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2409 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
Max diff block lines reached; 961640/966732 bytes (99.47%) of diff not shown.
20.2 MB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-cis_workstation_l2.html
    
Offset 15200, 145 lines modifiedOffset 15200, 145 lines modified
0003b5f0:·6765·743d·2223·6964·6d35·3339·3822·2074··get="#idm5398"·t0003b5f0:·6765·743d·2223·6964·6d35·3339·3822·2074··get="#idm5398"·t
0003b600:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003b600:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003b610:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003b610:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003b620:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003b620:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003b630:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003b630:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003b640:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003b640:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003b650:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003b650:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003b660:·204f·5342·7569·6c64·2042·6c75·6570·7269···OSBuild·Bluepri0003b660:·2053·6865·6c6c·2073·6372·6970·7420·e287···Shell·script·..
 0003b670:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
 0003b680:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
 0003b690:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
 0003b6a0:·3d22·6964·6d35·3339·3822·3e3c·7461·626c··="idm5398"><tabl
 0003b6b0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
 0003b6c0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
 0003b6d0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
 0003b6e0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
 0003b6f0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
 0003b700:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003b710:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di
 0003b720:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t
 0003b730:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
 0003b740:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</
 0003b750:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td
 0003b760:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
 0003b770:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
 0003b780:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr>
 0003b790:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
 0003b7a0:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
 0003b7b0:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
 0003b7c0:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
 0003b7d0:·6c61·7466·6f72·6d73·0a69·6620·7270·6d20··latforms.if·rpm·
 0003b7e0:·2d2d·7175·6965·7420·2d71·206b·6572·6e65··--quiet·-q·kerne
 0003b7f0:·6c2d·6465·6661·756c·743b·2074·6865·6e0a··l-default;·then.
 0003b800:·0a7a·7970·7065·7220·696e·7374·616c·6c20··.zypper·install·
 0003b810:·2d79·2022·6169·6465·220a·0a65·6c73·650a··-y·"aide"..else.
 0003b820:·2020·2020·2667·743b·2661·6d70·3b32·2065······&gt;&amp;2·e
 0003b830:·6368·6f20·2752·656d·6564·6961·7469·6f6e··cho·'Remediation
 0003b840:·2069·7320·6e6f·7420·6170·706c·6963·6162···is·not·applicab
 0003b850:·6c65·2c20·6e6f·7468·696e·6720·7761·7320··le,·nothing·was·
 0003b860:·646f·6e65·270a·6669·0a3c·2f63·6f64·653e··done'.fi.</code>
 0003b870:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
 0003b880:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
 0003b890:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
 0003b8a0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
 0003b8b0:·7461·2d74·6172·6765·743d·2223·6964·6d35··ta-target="#idm5
 0003b8c0:·3339·3922·2074·6162·696e·6465·783d·2230··399"·tabindex="0
 0003b8d0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
 0003b8e0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
 0003b8f0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
 0003b900:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
 0003b910:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003b920:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s
0003b670:·6e74·2073·6e69·7070·6574·20e2·87b2·3c2f··nt·snippet·...</0003b930:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b
0003b680:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0003b940:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
0003b690:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0003b950:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
0003b6a0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0003b960:·6c61·7073·6522·2069·643d·2269·646d·3533··lapse"·id="idm53
0003b6b0:·646d·3533·3938·223e·3c70·7265·3e3c·636f··dm5398"><pre><co 
0003b6c0:·6465·3e0a·5b5b·7061·636b·6167·6573·5d5d··de>.[[packages]] 
0003b6d0:·0a6e·616d·6520·3d20·2261·6964·6522·0a76··.name·=·"aide".v 
0003b6e0:·6572·7369·6f6e·203d·2022·2a22·0a3c·2f63··ersion·=·"*".</c 
0003b6f0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b700:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b710:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b720:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b730:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b740:·6964·6d35·3339·3922·2074·6162·696e·6465··idm5399"·tabinde 
0003b750:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b760:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b770:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b780:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b790:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b7a0:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib 
0003b7b0:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</ 
0003b7c0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b7d0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b7e0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b7f0:·646d·3533·3939·223e·3c74·6162·6c65·2063··dm5399"><table·c0003b970:·3939·223e·3c74·6162·6c65·2063·6c61·7373··99"><table·class
0003b800:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl0003b980:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
0003b810:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-0003b990:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
0003b820:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c0003b9a0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
0003b830:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t0003b9b0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
0003b840:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t0003b9c0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
0003b850:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></0003b9d0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
0003b860:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru0003b9e0:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio
0003b870:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l0003b9f0:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</
0003b880:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>0003ba00:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003b890:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>0003ba10:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>
0003b8a0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003b8b0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b8c0:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003b8d0:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t0003ba20:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><
 0003ba30:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
 0003ba40:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable<
 0003ba50:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
0003b8e0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>0003ba60:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na
0003b8f0:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t0003ba70:·6d65·3a20·4761·7468·6572·2074·6865·2070··me:·Gather·the·p
0003b900:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts0003ba80:·6163·6b61·6765·2066·6163·7473·0a20·2070··ackage·facts.··p
0003b910:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts0003ba90:·6163·6b61·6765·5f66·6163·7473·3a0a·2020··ackage_facts:.··
0003b920:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a0003baa0:·2020·6d61·6e61·6765·723a·2061·7574·6f0a····manager:·auto.
0003b930:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-·0003bab0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
0003b940:·4343·452d·3833·3036·372d·390a·2020·2d20··CCE-83067-9.··-·0003bac0:·3833·3036·372d·390a·2020·2d20·434a·4953··83067-9.··-·CJIS
0003b950:·434a·4953·2d35·2e31·302e·312e·330a·2020··CJIS-5.10.1.3.··0003bad0:·2d35·2e31·302e·312e·330a·2020·2d20·4449··-5.10.1.3.··-·DI
0003b960:·2d20·4449·5341·2d53·5449·472d·534c·4553··-·DISA-STIG-SLES0003bae0:·5341·2d53·5449·472d·534c·4553·2d31·322d··SA-STIG-SLES-12-
0003b970:·2d31·322d·3031·3034·3939·0a20·202d·204e··-12-010499.··-·N0003baf0:·3031·3034·3939·0a20·202d·204e·4953·542d··010499.··-·NIST-
0003b980:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003bb00:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·
0003b990:·6129·0a20·202d·2050·4349·2d44·5353·2d52··a).··-·PCI-DSS-R0003bb10:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1
0003b9a0:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI-0003bb20:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv
0003b9b0:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··-0003bb30:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena
0003b9c0:·2065·6e61·626c·655f·7374·7261·7465·6779···enable_strategy0003bb40:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··-
0003b9d0:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex0003bb50:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity.
0003b9e0:·6974·790a·2020·2d20·6c6f·775f·6469·7372··ity.··-·low_disr0003bb60:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti
0003b9f0:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu0003bb70:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se
0003ba00:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n0003bb80:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re
0003ba10:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003bb90:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·
0003ba20:·2020·2d20·7061·636b·6167·655f·6169·6465····-·package_aide0003bba0:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins
0003ba30:·5f69·6e73·7461·6c6c·6564·0a0a·2d20·6e61··_installed..-·na0003bbb0:·7461·6c6c·6564·0a0a·2d20·6e61·6d65·3a20··talled..-·name:·
0003ba40:·6d65·3a20·456e·7375·7265·2061·6964·6520··me:·Ensure·aide·0003bbc0:·456e·7375·7265·2061·6964·6520·6973·2069··Ensure·aide·is·i
0003ba50:·6973·2069·6e73·7461·6c6c·6564·0a20·2070··is·installed.··p0003bbd0:·6e73·7461·6c6c·6564·0a20·2070·6163·6b61··nstalled.··packa
0003ba60:·6163·6b61·6765·3a0a·2020·2020·6e61·6d65··ackage:.····name0003bbe0:·6765·3a0a·2020·2020·6e61·6d65·3a20·6169··ge:.····name:·ai
0003ba70:·3a20·6169·6465·0a20·2020·2073·7461·7465··:·aide.····state0003bbf0:·6465·0a20·2020·2073·7461·7465·3a20·7072··de.····state:·pr
0003ba80:·3a20·7072·6573·656e·740a·2020·7768·656e··:·present.··when0003bc00:·6573·656e·740a·2020·7768·656e·3a20·2722··esent.··when:·'"
0003ba90:·3a20·2722·6b65·726e·656c·2d64·6566·6175··:·'"kernel-defau 
0003baa0:·6c74·2220·696e·2061·6e73·6962·6c65·5f66··lt"·in·ansible_f 
0003bab0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
0003bac0:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8 
0003bad0:·3330·3637·2d39·0a20·202d·2043·4a49·532d··3067-9.··-·CJIS- 
0003bae0:·352e·3130·2e31·2e33·0a20·202d·2044·4953··5.10.1.3.··-·DIS 
Max diff block lines reached; 19307456/19326114 bytes (99.90%) of diff not shown.
1.73 MB
html2text {}
Max HTML report size reached
19.0 MB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-pci-dss-4.html
    
Offset 15218, 414 lines modifiedOffset 15218, 414 lines modified
0003b710:·2d74·6172·6765·743d·2223·6964·6d35·3035··-target="#idm5050003b710:·2d74·6172·6765·743d·2223·6964·6d35·3035··-target="#idm505
0003b720:·3622·2074·6162·696e·6465·783d·2230·2220··6"·tabindex="0"·0003b720:·3622·2074·6162·696e·6465·783d·2230·2220··6"·tabindex="0"·
0003b730:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar0003b730:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003b740:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal0003b740:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003b750:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ0003b750:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003b760:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h0003b760:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
Diff chunk too large, falling back to line-by-line diff (400 lines added, 400 lines removed)
0003b770:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia0003b770:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003b780:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni0003b780:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
0003b790:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>0003b790:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003b7a0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0003b7a0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003b7b0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0003b7b0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003b7c0:·7073·6522·2069·643d·2269·646d·3530·3536··pse"·id="idm50560003b7c0:·2220·6964·3d22·6964·6d35·3035·3622·3e3c··"·id="idm5056"><
0003b7d0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="0003b7d0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
0003b7e0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri0003b7e0:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
0003b7f0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border0003b7f0:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
0003b800:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens0003b800:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
0003b810:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp0003b810:·6966·2021·2028·207b·2072·706d·202d·2d71··if·!·(·{·rpm·--q
0003b820:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>0003b820:·7569·6574·202d·7120·6b65·726e·656c·203b··uiet·-q·kernel·;
0003b830:·6869·6768·3c2f·7464·3e3c·2f74·723e·3c74··high</td></tr><t0003b830:·7d20·2661·6d70·3b26·616d·703b·207b·2072··}·&amp;&amp;·{·r
0003b840:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption0003b840:·706d·202d·2d71·7569·6574·202d·7120·7270··pm·--quiet·-q·rp
0003b850:·3a3c·2f74·683e·3c74·643e·6d65·6469·756d··:</th><td>medium0003b850:·6d2d·6f73·7472·6565·203b·7d20·2661·6d70··m-ostree·;}·&amp
0003b860:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003b860:·3b26·616d·703b·207b·2072·706d·202d·2d71··;&amp;·{·rpm·--q
0003b870:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t0003b870:·7569·6574·202d·7120·626f·6f74·6320·3b7d··uiet·-q·bootc·;}
0003b880:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr0003b880:·2026·616d·703b·2661·6d70·3b20·7b20·2120···&amp;&amp;·{·!·
0003b890:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg0003b890:·7270·6d20·2d2d·7175·6965·7420·2d71·206f··rpm·--quiet·-q·o
0003b8a0:·793a·3c2f·7468·3e3c·7464·3e72·6573·7472··y:</th><td>restr0003b8a0:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet
0003b8b0:·6963·743c·2f74·643e·3c2f·7472·3e3c·2f74··ict</td></tr></t0003b8b0:·203b·7d20·293b·2074·6865·6e0a·0a23·2046···;}·);·then..#·F
0003b8c0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>0003b8c0:·696e·6420·7768·6963·6820·6669·6c65·7320··ind·which·files·
0003b8d0:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t0003b8d0:·6861·7665·2069·6e63·6f72·7265·6374·2068··have·incorrect·h
0003b8e0:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts0003b8e0:·6173·6820·286e·6f74·2069·6e20·2f65·7463··ash·(not·in·/etc
0003b8f0:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts0003b8f0:·2c20·6265·6361·7573·6520·6f66·2074·6865··,·because·of·the
0003b900:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a0003b900:·2073·7973·7465·6d20·7265·6c61·7465·6420···system·related·
0003b910:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-·0003b910:·636f·6e66·6967·2066·696c·6573·2920·616e··config·files)·an
0003b920:·4343·452d·3931·3633·322d·300a·2020·2d20··CCE-91632-0.··-·0003b920:·6420·7468·656e·2067·6574·2066·696c·6573··d·then·get·files
0003b930:·434a·4953·2d35·2e31·302e·342e·310a·2020··CJIS-5.10.4.1.··0003b930:·206e·616d·6573·0a66·696c·6573·5f77·6974···names.files_wit
0003b940:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003b940:·685f·696e·636f·7272·6563·745f·6861·7368··h_incorrect_hash
0003b950:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-800003b950:·3d22·2428·7270·6d20·2d56·6120·2d2d·6e6f··="$(rpm·-Va·--no
0003b960:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·0003b960:·636f·6e66·6967·207c·2067·7265·7020·2d45··config·|·grep·-E
0003b970:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-90003b970:·2027·5e2e·2e35·2720·7c20·6177·6b20·277b···'^..5'·|·awk·'{
0003b980:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-8000003b980:·7072·696e·7420·244e·467d·2720·2922·0a0a··print·$NF}'·)"..
0003b990:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·0003b990:·6966·205b·202d·6e20·2224·6669·6c65·735f··if·[·-n·"$files_
0003b9a0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003b9a0:·7769·7468·5f69·6e63·6f72·7265·6374·5f68··with_incorrect_h
0003b9b0:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-8000003b9b0:·6173·6822·205d·3b20·7468·656e·0a20·2020··ash"·];·then.···
0003b9c0:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS0003b9c0:·2023·2046·726f·6d20·6669·6c65·7320·6e61···#·From·files·na
0003b9d0:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)0003b9d0:·6d65·7320·6765·7420·7061·636b·6167·6520··mes·get·package·
0003b9e0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b9e0:·6e61·6d65·7320·616e·6420·6368·616e·6765··names·and·change
0003b9f0:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI0003b9f0:·206e·6577·6c69·6e65·2074·6f20·7370·6163···newline·to·spac
0003ba00:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··0003ba00:·652c·2062·6563·6175·7365·2072·706d·2077··e,·because·rpm·w
0003ba10:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.50003ba10:·7269·7465·7320·6561·6368·2070·6163·6b61··rites·each·packa
0003ba20:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp0003ba20:·6765·2074·6f20·6e65·7720·6c69·6e65·0a20··ge·to·new·line.·
0003ba30:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_0003ba30:·2020·2070·6163·6b61·6765·735f·746f·5f72·····packages_to_r
0003ba40:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med0003ba40:·6569·6e73·7461·6c6c·3d22·2428·7270·6d20··einstall="$(rpm·
0003ba50:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·0003ba50:·2d71·6620·2466·696c·6573·5f77·6974·685f··-qf·$files_with_
0003ba60:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee0003ba60:·696e·636f·7272·6563·745f·6861·7368·207c··incorrect_hash·|
0003ba70:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict0003ba70:·2074·7220·275c·6e27·2027·2027·2922·0a0a···tr·'\n'·'·')"..
0003ba80:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp0003ba80:·2020·2020·0a20·2020·207a·7970·7065·7220······.····zypper·
0003ba90:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.0003ba90:·696e·7374·616c·6c20·2d66·202d·7920·2470··install·-f·-y·$p
0003baa0:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa0003baa0:·6163·6b61·6765·735f·746f·5f72·6569·6e73··ackages_to_reins
0003bab0:·6374·3a20·5061·636b·6167·6520·6d61·6e61··ct:·Package·mana0003bab0:·7461·6c6c·0a20·2020·200a·6669·0a0a·656c··tall.····.fi..el
0003bac0:·6765·7220·7265·696e·7374·616c·6c20·636f··ger·reinstall·co0003bac0:·7365·0a20·2020·2026·6774·3b26·616d·703b··se.····&gt;&amp;
0003bad0:·6d6d·616e·6427·0a20·2073·6574·5f66·6163··mmand'.··set_fac0003bad0:·3220·6563·686f·2027·5265·6d65·6469·6174··2·echo·'Remediat
0003bae0:·743a·0a20·2020·2070·6163·6b61·6765·5f6d··t:.····package_m0003bae0:·696f·6e20·6973·206e·6f74·2061·7070·6c69··ion·is·not·appli
0003baf0:·616e·6167·6572·5f72·6569·6e73·7461·6c6c··anager_reinstall0003baf0:·6361·626c·652c·206e·6f74·6869·6e67·2077··cable,·nothing·w
0003bb00:·5f63·6d64·3a20·7a79·7070·6572·2072·6569··_cmd:·zypper·rei0003bb00:·6173·2064·6f6e·6527·0a66·690a·3c2f·636f··as·done'.fi.</co
0003bb10:·6e73·7461·6c6c·202d·790a·2020·7768·656e··nstall·-y.··when0003bb10:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
0003bb20:·3a0a·2020·2d20·6e6f·7420·2820·226b·6572··:.··-·not·(·"ker0003bb20:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
0003bb30:·6e65·6c22·2069·6e20·616e·7369·626c·655f··nel"·in·ansible_0003bb30:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
0003bb40:·6661·6374·732e·7061·636b·6167·6573·2061··facts.packages·a0003bb40:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
0003bb50:·6e64·2022·7270·6d2d·6f73·7472·6565·2220··nd·"rpm-ostree"·0003bb50:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003bb60:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003bb60:·646d·3530·3537·2220·7461·6269·6e64·6578··dm5057"·tabindex
0003bb70:·2e70·6163·6b61·6765·730a·2020·2020·616e··.packages.····an0003bb70:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003bb80:·6420·2262·6f6f·7463·2220·696e·2061·6e73··d·"bootc"·in·ans0003bb80:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003bb90:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003bb90:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003bba0:·6765·7320·616e·6420·6e6f·7420·226f·7065··ges·and·not·"ope0003bba0:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003bbb0:·6e73·6869·6674·2d6b·7562·656c·6574·2220··nshift-kubelet"·0003bbb0:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003bbc0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003bbc0:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl
0003bbd0:·2e70·6163·6b61·6765·730a·2020·2020·290a··.packages.····).0003bbd0:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a
0003bbe0:·2020·2d20·616e·7369·626c·655f·6469·7374····-·ansible_dist0003bbe0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003bbf0:·7269·6275·7469·6f6e·2069·6e20·5b20·2246··ribution·in·[·"F0003bbf0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003bc00:·6564·6f72·6122·2c20·2252·6564·4861·7422··edora",·"RedHat"0003bc00:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003bc10:·2c20·2243·656e·744f·5322·2c20·224f·7261··,·"CentOS",·"Ora0003bc10:·6d35·3035·3722·3e3c·7461·626c·6520·636c··m5057"><table·cl
0003bc20:·636c·654c·696e·7578·2220·5d0a·2020·7461··cleLinux"·].··ta0003bc20:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
0003bc30:·6773·3a0a·2020·2d20·4343·452d·3931·3633··gs:.··-·CCE-91630003bc30:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003bc40:·322d·300a·2020·2d20·434a·4953·2d35·2e31··2-0.··-·CJIS-5.10003bc40:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
0003bc50:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-80003bc50:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
0003bc60:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-0003bc60:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003bc70:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003bc70:·3e3c·7464·3e68·6967·683c·2f74·643e·3c2f··><td>high</td></
0003bc80:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003bc80:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
0003bc90:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·0003bc90:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6d··ption:</th><td>m
0003bca0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003bca0:·6564·6975·6d3c·2f74·643e·3c2f·7472·3e3c··edium</td></tr><
0003bcb0:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-8000003bcb0:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</
0003bcc0:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·0003bcc0:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td
0003bcd0:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003bcd0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
0003bce0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bce0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
0003bcf0:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS0003bcf0:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t
0003bd00:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)0003bd00:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
0003bd10:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003bd10:·636f·6465·3e2d·206e·616d·653a·2047·6174··code>-·name:·Gat
0003bd20:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS0003bd20:·6865·7220·7468·6520·7061·636b·6167·6520··her·the·package·
0003bd30:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h0003bd30:·6661·6374·730a·2020·7061·636b·6167·655f··facts.··package_
0003bd40:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·0003bd40:·6661·6374·733a·0a20·2020·206d·616e·6167··facts:.····manag
0003bd50:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity0003bd50:·6572·3a20·6175·746f·0a20·2074·6167·733a··er:·auto.··tags:
0003bd60:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003bd60:·0a20·202d·2043·4345·2d39·3136·3332·2d30··.··-·CCE-91632-0
0003bd70:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re0003bd70:·0a20·202d·2043·4a49·532d·352e·3130·2e34··.··-·CJIS-5.10.4
0003bd80:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003bd80:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-
0003bd90:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0003bd90:·3137·312d·332e·332e·380a·2020·2d20·4e49··171-3.3.8.··-·NI
0003bda0:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify0003bda0:·5354·2d38·3030·2d31·3731·2d33·2e34·2e31··ST-800-171-3.4.1
0003bdb0:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:0003bdb0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bdc0:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack0003bdc0:·2d41·552d·3928·3329·0a20·202d·204e·4953··-AU-9(3).··-·NIS
0003bdd0:·6167·6520·6d61·6e61·6765·7220·7265·696e··age·manager·rein0003bdd0:·542d·3830·302d·3533·2d43·4d2d·3628·6329··T-800-53-CM-6(c)
0003bde0:·7374·616c·6c20·636f·6d6d·616e·6420·287a··stall·command·(z0003bde0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bdf0:·7970·7065·7229·270a·2020·7365·745f·6661··ypper)'.··set_fa0003bdf0:·2d43·4d2d·3628·6429·0a20·202d·204e·4953··-CM-6(d).··-·NIS
0003be00:·6374·3a0a·2020·2020·7061·636b·6167·655f··ct:.····package_0003be00:·542d·3830·302d·3533·2d53·492d·370a·2020··T-800-53-SI-7.··
0003be10:·6d61·6e61·6765·725f·7265·696e·7374·616c··manager_reinstal0003be10:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI
0003be20:·6c5f·636d·643a·207a·7970·7065·7220·696e··l_cmd:·zypper·in0003be20:·2d37·2831·290a·2020·2d20·4e49·5354·2d38··-7(1).··-·NIST-8
0003be30:·202d·6620·2d79·0a20·2077·6865·6e3a·0a20···-f·-y.··when:.·0003be30:·3030·2d35·332d·5349·2d37·2836·290a·2020··00-53-SI-7(6).··
0003be40:·202d·206e·6f74·2028·2022·6b65·726e·656c···-·not·(·"kernel0003be40:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-11
0003be50:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003be50:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv4
0003be60:·7473·2e70·6163·6b61·6765·7320·616e·6420··ts.packages·and·0003be60:·2d31·312e·352e·320a·2020·2d20·6869·6768··-11.5.2.··-·high
0003be70:·2272·706d·2d6f·7374·7265·6522·2069·6e20··"rpm-ostree"·in·0003be70:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·
0003be80:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003be80:·6869·6768·5f73·6576·6572·6974·790a·2020··high_severity.··
0003be90:·636b·6167·6573·0a20·2020·2061·6e64·2022··ckages.····and·"0003be90:·2d20·6d65·6469·756d·5f64·6973·7275·7074··-·medium_disrupt
0003bea0:·626f·6f74·6322·2069·6e20·616e·7369·626c··bootc"·in·ansibl0003bea0:·696f·6e0a·2020·2d20·6e6f·5f72·6562·6f6f··ion.··-·no_reboo
0003beb0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0003beb0:·745f·6e65·6564·6564·0a20·202d·2072·6573··t_needed.··-·res
0003bec0:·2061·6e64·206e·6f74·2022·6f70·656e·7368···and·not·"opensh0003bec0:·7472·6963·745f·7374·7261·7465·6779·0a20··trict_strategy.·
0003bed0:·6966·742d·6b75·6265·6c65·7422·2069·6e20··ift-kubelet"·in·0003bed0:·202d·2072·706d·5f76·6572·6966·795f·6861···-·rpm_verify_ha
0003bee0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003bee0:·7368·6573·0a0a·2d20·6e61·6d65·3a20·2753··shes..-·name:·'S
Max diff block lines reached; 18405059/18460839 bytes (99.70%) of diff not shown.
1.39 MB
html2text {}
    
Offset 134, 14 lines modifiedOffset 134, 36 lines modified
134 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,134 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,
135 ····························A.14.2.3,·A.14.2.4135 ····························A.14.2.3,·A.14.2.4
136 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)136 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
137 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1137 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
138 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5138 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
139 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227139 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
140 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2140 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 142 #·Remediation·is·applicable·only·in·certain·platforms
 143 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm
 144 --quiet·-q·openshift-kubelet·;}·);·then
  
 145 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then
 146 get·files·names
 147 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 148 if·[·-n·"$files_with_incorrect_hash"·];·then
 149 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to
 150 new·line
 151 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 152 ····zypper·install·-f·-y·$packages_to_reinstall
  
 153 fi
  
 154 else
 155 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 156 fi
141 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8157 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
142 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high158 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
143 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium159 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
144 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false160 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
145 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict161 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
146 -·name:·Gather·the·package·facts162 -·name:·Gather·the·package·facts
147 ··package_facts:163 ··package_facts:
Offset 314, 36 lines modifiedOffset 336, 14 lines modified
314 ··-·PCI-DSSv4-11.5.2336 ··-·PCI-DSSv4-11.5.2
315 ··-·high_complexity337 ··-·high_complexity
316 ··-·high_severity338 ··-·high_severity
317 ··-·medium_disruption339 ··-·medium_disruption
318 ··-·no_reboot_needed340 ··-·no_reboot_needed
319 ··-·restrict_strategy341 ··-·restrict_strategy
320 ··-·rpm_verify_hashes342 ··-·rpm_verify_hashes
321 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
322 #·Remediation·is·applicable·only·in·certain·platforms 
323 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm 
324 --quiet·-q·openshift-kubelet·;}·);·then 
  
325 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then 
326 get·files·names 
327 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
328 if·[·-n·"$files_with_incorrect_hash"·];·then 
329 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to 
330 new·line 
331 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
332 ····zypper·install·-f·-y·$packages_to_reinstall 
  
333 fi 
  
334 else 
335 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
336 fi 
337 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*343 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
338 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,344 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,
339 including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,345 including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,
340 which·can·be·found·with:346 which·can·be·found·with:
341 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'347 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
342 run·the·following·command·to·determine·which·package·owns·it:348 run·the·following·command·to·determine·which·package·owns·it:
343 $·rpm·-qf·FILENAME349 $·rpm·-qf·FILENAME
Offset 425, 14 lines modifiedOffset 425, 53 lines modified
425 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)425 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
426 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1426 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
427 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5427 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
428 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,428 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,
429 ····························SRG-OS-000278-GPOS-00108429 ····························SRG-OS-000278-GPOS-00108
430 ·············_\x8c_\x8i_\x8s············6.1.1430 ·············_\x8c_\x8i_\x8s············6.1.1
431 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2431 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 432 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 433 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 434 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 435 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 436 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 437 #·Remediation·is·applicable·only·in·certain·platforms
 438 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm
 439 --quiet·-q·openshift-kubelet·;}·);·then
  
 440 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 441 declare·-A·SETPERMS_RPM_DICT
  
 442 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 443 #·is·expected·by·the·RPM·database
 444 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print
 445 $NF·}')
  
 446 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 447 do
 448 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 449 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 450 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 451 ········do
 452 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about
 453 duplicates.
 454 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 455 ········done
 456 done
  
 457 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 458 #·correct·values
 459 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 460 do
 461 »       rpm·--restore·"${RPM_PACKAGE}"
 462 done
  
 463 else
 464 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 465 fi
432 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8466 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
433 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high467 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
434 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium468 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
435 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false469 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
436 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict470 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
437 -·name:·Gather·the·package·facts471 -·name:·Gather·the·package·facts
438 ··package_facts:472 ··package_facts:
Max diff block lines reached; 1447563/1453216 bytes (99.61%) of diff not shown.
17.6 MB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-pci-dss.html
    
Offset 15163, 415 lines modifiedOffset 15163, 415 lines modified
0003b3a0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#0003b3a0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003b3b0:·6964·6d35·3035·3622·2074·6162·696e·6465··idm5056"·tabinde0003b3b0:·6964·6d35·3035·3622·2074·6162·696e·6465··idm5056"·tabinde
0003b3c0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt0003b3c0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003b3d0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande0003b3d0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003b3e0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=0003b3e0:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003b3f0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev0003b3f0:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
Diff chunk too large, falling back to line-by-line diff (401 lines added, 401 lines removed)
0003b400:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R0003b400:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003b410:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib0003b410:·656d·6564·6961·7469·6f6e·2053·6865·6c6c··emediation·Shell
0003b420:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</0003b420:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
0003b430:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0003b430:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003b440:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0003b440:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003b450:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0003b450:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5
0003b460:·646d·3530·3536·223e·3c74·6162·6c65·2063··dm5056"><table·c0003b460:·3035·3622·3e3c·7072·653e·3c63·6f64·653e··056"><pre><code>
0003b470:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl0003b470:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
0003b480:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-0003b480:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
0003b490:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c0003b490:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
0003b4a0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t0003b4a0:·666f·726d·730a·6966·2021·2028·207b·2072··forms.if·!·(·{·r
0003b4b0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t0003b4b0:·706d·202d·2d71·7569·6574·202d·7120·6b65··pm·--quiet·-q·ke
0003b4c0:·683e·3c74·643e·6869·6768·3c2f·7464·3e3c··h><td>high</td><0003b4c0:·726e·656c·203b·7d20·2661·6d70·3b26·616d··rnel·;}·&amp;&am
0003b4d0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr0003b4d0:·703b·207b·2072·706d·202d·2d71·7569·6574··p;·{·rpm·--quiet
0003b4e0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>0003b4e0:·202d·7120·7270·6d2d·6f73·7472·6565·203b···-q·rpm-ostree·;
0003b4f0:·6d65·6469·756d·3c2f·7464·3e3c·2f74·723e··medium</td></tr>0003b4f0:·7d20·2661·6d70·3b26·616d·703b·207b·2072··}·&amp;&amp;·{·r
0003b500:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<0003b500:·706d·202d·2d71·7569·6574·202d·7120·626f··pm·--quiet·-q·bo
0003b510:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t0003b510:·6f74·6320·3b7d·2026·616d·703b·2661·6d70··otc·;}·&amp;&amp
0003b520:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S0003b520:·3b20·7b20·2120·7270·6d20·2d2d·7175·6965··;·{·!·rpm·--quie
0003b530:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td0003b530:·7420·2d71·206f·7065·6e73·6869·6674·2d6b··t·-q·openshift-k
0003b540:·3e72·6573·7472·6963·743c·2f74·643e·3c2f··>restrict</td></0003b540:·7562·656c·6574·203b·7d20·293b·2074·6865··ubelet·;}·);·the
0003b550:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>0003b550:·6e0a·0a23·2046·696e·6420·7768·6963·6820··n..#·Find·which·
0003b560:·3c63·6f64·653e·2d20·6e61·6d65·3a20·4761··<code>-·name:·Ga0003b560:·6669·6c65·7320·6861·7665·2069·6e63·6f72··files·have·incor
0003b570:·7468·6572·2074·6865·2070·6163·6b61·6765··ther·the·package0003b570:·7265·6374·2068·6173·6820·286e·6f74·2069··rect·hash·(not·i
0003b580:·2066·6163·7473·0a20·2070·6163·6b61·6765···facts.··package0003b580:·6e20·2f65·7463·2c20·6265·6361·7573·6520··n·/etc,·because·
0003b590:·5f66·6163·7473·3a0a·2020·2020·6d61·6e61··_facts:.····mana0003b590:·6f66·2074·6865·2073·7973·7465·6d20·7265··of·the·system·re
0003b5a0:·6765·723a·2061·7574·6f0a·2020·7461·6773··ger:·auto.··tags0003b5a0:·6c61·7465·6420·636f·6e66·6967·2066·696c··lated·config·fil
0003b5b0:·3a0a·2020·2d20·4343·452d·3931·3633·322d··:.··-·CCE-91632-0003b5b0:·6573·2920·616e·6420·7468·656e·2067·6574··es)·and·then·get
0003b5c0:·300a·2020·2d20·434a·4953·2d35·2e31·302e··0.··-·CJIS-5.10.0003b5c0:·2066·696c·6573·206e·616d·6573·0a66·696c···files·names.fil
0003b5d0:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003b5d0:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003b5e0:·2d31·3731·2d33·2e33·2e38·0a20·202d·204e··-171-3.3.8.··-·N0003b5e0:·745f·6861·7368·3d22·2428·7270·6d20·2d56··t_hash="$(rpm·-V
0003b5f0:·4953·542d·3830·302d·3137·312d·332e·342e··IST-800-171-3.4.0003b5f0:·6120·2d2d·6e6f·636f·6e66·6967·207c·2067··a·--noconfig·|·g
0003b600:·310a·2020·2d20·4e49·5354·2d38·3030·2d35··1.··-·NIST-800-50003b600:·7265·7020·2d45·2027·5e2e·2e35·2720·7c20··rep·-E·'^..5'·|·
0003b610:·332d·4155·2d39·2833·290a·2020·2d20·4e49··3-AU-9(3).··-·NI0003b610:·6177·6b20·277b·7072·696e·7420·244e·467d··awk·'{print·$NF}
0003b620:·5354·2d38·3030·2d35·332d·434d·2d36·2863··ST-800-53-CM-6(c0003b620:·2720·2922·0a0a·6966·205b·202d·6e20·2224··'·)"..if·[·-n·"$
0003b630:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003b630:·6669·6c65·735f·7769·7468·5f69·6e63·6f72··files_with_incor
0003b640:·332d·434d·2d36·2864·290a·2020·2d20·4e49··3-CM-6(d).··-·NI0003b640:·7265·6374·5f68·6173·6822·205d·3b20·7468··rect_hash"·];·th
0003b650:·5354·2d38·3030·2d35·332d·5349·2d37·0a20··ST-800-53-SI-7.·0003b650:·656e·0a20·2020·2023·2046·726f·6d20·6669··en.····#·From·fi
0003b660:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003b660:·6c65·7320·6e61·6d65·7320·6765·7420·7061··les·names·get·pa
0003b670:·492d·3728·3129·0a20·202d·204e·4953·542d··I-7(1).··-·NIST-0003b670:·636b·6167·6520·6e61·6d65·7320·616e·6420··ckage·names·and·
0003b680:·3830·302d·3533·2d53·492d·3728·3629·0a20··800-53-SI-7(6).·0003b680:·6368·616e·6765·206e·6577·6c69·6e65·2074··change·newline·t
0003b690:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-10003b690:·6f20·7370·6163·652c·2062·6563·6175·7365··o·space,·because
0003b6a0:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv0003b6a0:·2072·706d·2077·7269·7465·7320·6561·6368···rpm·writes·each
0003b6b0:·342d·3131·2e35·2e32·0a20·202d·2068·6967··4-11.5.2.··-·hig0003b6b0:·2070·6163·6b61·6765·2074·6f20·6e65·7720···package·to·new·
0003b6c0:·685f·636f·6d70·6c65·7869·7479·0a20·202d··h_complexity.··-0003b6c0:·6c69·6e65·0a20·2020·2070·6163·6b61·6765··line.····package
0003b6d0:·2068·6967·685f·7365·7665·7269·7479·0a20···high_severity.·0003b6d0:·735f·746f·5f72·6569·6e73·7461·6c6c·3d22··s_to_reinstall="
0003b6e0:·202d·206d·6564·6975·6d5f·6469·7372·7570···-·medium_disrup0003b6e0:·2428·7270·6d20·2d71·6620·2466·696c·6573··$(rpm·-qf·$files
0003b6f0:·7469·6f6e·0a20·202d·206e·6f5f·7265·626f··tion.··-·no_rebo0003b6f0:·5f77·6974·685f·696e·636f·7272·6563·745f··_with_incorrect_
0003b700:·6f74·5f6e·6565·6465·640a·2020·2d20·7265··ot_needed.··-·re0003b700:·6861·7368·207c·2074·7220·275c·6e27·2027··hash·|·tr·'\n'·'
0003b710:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.0003b710:·2027·2922·0a0a·2020·2020·0a20·2020·207a···')"..····.····z
0003b720:·2020·2d20·7270·6d5f·7665·7269·6679·5f68····-·rpm_verify_h0003b720:·7970·7065·7220·696e·7374·616c·6c20·2d66··ypper·install·-f
0003b730:·6173·6865·730a·0a2d·206e·616d·653a·2027··ashes..-·name:·'0003b730:·202d·7920·2470·6163·6b61·6765·735f·746f···-y·$packages_to
0003b740:·5365·7420·6661·6374·3a20·5061·636b·6167··Set·fact:·Packag0003b740:·5f72·6569·6e73·7461·6c6c·0a20·2020·200a··_reinstall.····.
0003b750:·6520·6d61·6e61·6765·7220·7265·696e·7374··e·manager·reinst0003b750:·6669·0a0a·656c·7365·0a20·2020·2026·6774··fi..else.····&gt
0003b760:·616c·6c20·636f·6d6d·616e·6427·0a20·2073··all·command'.··s0003b760:·3b26·616d·703b·3220·6563·686f·2027·5265··;&amp;2·echo·'Re
0003b770:·6574·5f66·6163·743a·0a20·2020·2070·6163··et_fact:.····pac0003b770:·6d65·6469·6174·696f·6e20·6973·206e·6f74··mediation·is·not
0003b780:·6b61·6765·5f6d·616e·6167·6572·5f72·6569··kage_manager_rei0003b780:·2061·7070·6c69·6361·626c·652c·206e·6f74···applicable,·not
0003b790:·6e73·7461·6c6c·5f63·6d64·3a20·7a79·7070··nstall_cmd:·zypp0003b790:·6869·6e67·2077·6173·2064·6f6e·6527·0a66··hing·was·done'.f
0003b7a0:·6572·2072·6569·6e73·7461·6c6c·202d·790a··er·reinstall·-y.0003b7a0:·690a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··i.</code></pre><
0003b7b0:·2020·7768·656e·3a0a·2020·2d20·6e6f·7420····when:.··-·not·0003b7b0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b
0003b7c0:·2820·226b·6572·6e65·6c22·2069·6e20·616e··(·"kernel"·in·an0003b7c0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"·
0003b7d0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003b7d0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col
0003b7e0:·6167·6573·2061·6e64·2022·7270·6d2d·6f73··ages·and·"rpm-os0003b7e0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ
0003b7f0:·7472·6565·2220·696e·2061·6e73·6962·6c65··tree"·in·ansible0003b7f0:·6574·3d22·2369·646d·3530·3537·2220·7461··et="#idm5057"·ta
0003b800:·5f66·6163·7473·2e70·6163·6b61·6765·730a··_facts.packages.0003b800:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b810:·2020·2020·616e·6420·2262·6f6f·7463·2220······and·"bootc"·0003b810:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b820:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts0003b820:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b830:·2e70·6163·6b61·6765·7320·616e·6420·6e6f··.packages·and·no0003b830:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b840:·7420·226f·7065·6e73·6869·6674·2d6b·7562··t·"openshift-kub0003b840:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003b850:·656c·6574·2220·696e·2061·6e73·6962·6c65··elet"·in·ansible0003b850:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b860:·5f66·6163·7473·2e70·6163·6b61·6765·730a··_facts.packages.0003b860:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet·
0003b870:·2020·2020·290a·2020·2d20·616e·7369·626c······).··-·ansibl0003b870:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
0003b880:·655f·6469·7374·7269·6275·7469·6f6e·2069··e_distribution·i0003b880:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
0003b890:·6e20·5b20·2246·6564·6f72·6122·2c20·2252··n·[·"Fedora",·"R0003b890:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
0003b8a0:·6564·4861·7422·2c20·2243·656e·744f·5322··edHat",·"CentOS"0003b8a0:·6964·3d22·6964·6d35·3035·3722·3e3c·7461··id="idm5057"><ta
0003b8b0:·2c20·224f·7261·636c·654c·696e·7578·2220··,·"OracleLinux"·0003b8b0:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
0003b8c0:·5d0a·2020·7461·6773·3a0a·2020·2d20·4343··].··tags:.··-·CC0003b8c0:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
0003b8d0:·452d·3931·3633·322d·300a·2020·2d20·434a··E-91632-0.··-·CJ0003b8d0:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
0003b8e0:·4953·2d35·2e31·302e·342e·310a·2020·2d20··IS-5.10.4.1.··-·0003b8e0:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
0003b8f0:·4e49·5354·2d38·3030·2d31·3731·2d33·2e33··NIST-800-171-3.30003b8f0:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
0003b900:·2e38·0a20·202d·204e·4953·542d·3830·302d··.8.··-·NIST-800-0003b900:·793a·3c2f·7468·3e3c·7464·3e68·6967·683c··y:</th><td>high<
0003b910:·3137·312d·332e·342e·310a·2020·2d20·4e49··171-3.4.1.··-·NI0003b910:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003b920:·5354·2d38·3030·2d35·332d·4155·2d39·2833··ST-800-53-AU-9(30003b920:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th
0003b930:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003b930:·3e3c·7464·3e6d·6564·6975·6d3c·2f74·643e··><td>medium</td>
0003b940:·332d·434d·2d36·2863·290a·2020·2d20·4e49··3-CM-6(c).··-·NI0003b940:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
0003b950:·5354·2d38·3030·2d35·332d·434d·2d36·2864··ST-800-53-CM-6(d0003b950:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
0003b960:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50003b960:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
0003b970:·332d·5349·2d37·0a20·202d·204e·4953·542d··3-SI-7.··-·NIST-0003b970:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
0003b980:·3830·302d·3533·2d53·492d·3728·3129·0a20··800-53-SI-7(1).·0003b980:·683e·3c74·643e·7265·7374·7269·6374·3c2f··h><td>restrict</
0003b990:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S0003b990:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
0003b9a0:·492d·3728·3629·0a20·202d·2050·4349·2d44··I-7(6).··-·PCI-D0003b9a0:·3c70·7265·3e3c·636f·6465·3e2d·206e·616d··<pre><code>-·nam
0003b9b0:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·0003b9b0:·653a·2047·6174·6865·7220·7468·6520·7061··e:·Gather·the·pa
0003b9c0:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.20003b9c0:·636b·6167·6520·6661·6374·730a·2020·7061··ckage·facts.··pa
0003b9d0:·0a20·202d·2068·6967·685f·636f·6d70·6c65··.··-·high_comple0003b9d0:·636b·6167·655f·6661·6374·733a·0a20·2020··ckage_facts:.···
0003b9e0:·7869·7479·0a20·202d·2068·6967·685f·7365··xity.··-·high_se0003b9e0:·206d·616e·6167·6572·3a20·6175·746f·0a20···manager:·auto.·
0003b9f0:·7665·7269·7479·0a20·202d·206d·6564·6975··verity.··-·mediu0003b9f0:·2074·6167·733a·0a20·202d·2043·4345·2d39···tags:.··-·CCE-9
0003ba00:·6d5f·6469·7372·7570·7469·6f6e·0a20·202d··m_disruption.··-0003ba00:·3136·3332·2d30·0a20·202d·2043·4a49·532d··1632-0.··-·CJIS-
0003ba10:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede0003ba10:·352e·3130·2e34·2e31·0a20·202d·204e·4953··5.10.4.1.··-·NIS
0003ba20:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s0003ba20:·542d·3830·302d·3137·312d·332e·332e·380a··T-800-171-3.3.8.
0003ba30:·7472·6174·6567·790a·2020·2d20·7270·6d5f··trategy.··-·rpm_0003ba30:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
0003ba40:·7665·7269·6679·5f68·6173·6865·730a·0a2d··verify_hashes..-0003ba40:·2d33·2e34·2e31·0a20·202d·204e·4953·542d··-3.4.1.··-·NIST-
0003ba50:·206e·616d·653a·2027·5365·7420·6661·6374···name:·'Set·fact0003ba50:·3830·302d·3533·2d41·552d·3928·3329·0a20··800-53-AU-9(3).·
0003ba60:·3a20·5061·636b·6167·6520·6d61·6e61·6765··:·Package·manage0003ba60:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C
0003ba70:·7220·7265·696e·7374·616c·6c20·636f·6d6d··r·reinstall·comm0003ba70:·4d2d·3628·6329·0a20·202d·204e·4953·542d··M-6(c).··-·NIST-
0003ba80:·616e·6420·287a·7970·7065·7229·270a·2020··and·(zypper)'.··0003ba80:·3830·302d·3533·2d43·4d2d·3628·6429·0a20··800-53-CM-6(d).·
0003ba90:·7365·745f·6661·6374·3a0a·2020·2020·7061··set_fact:.····pa0003ba90:·202d·204e·4953·542d·3830·302d·3533·2d53···-·NIST-800-53-S
0003baa0:·636b·6167·655f·6d61·6e61·6765·725f·7265··ckage_manager_re0003baa0:·492d·370a·2020·2d20·4e49·5354·2d38·3030··I-7.··-·NIST-800
0003bab0:·696e·7374·616c·6c5f·636d·643a·207a·7970··install_cmd:·zyp0003bab0:·2d35·332d·5349·2d37·2831·290a·2020·2d20··-53-SI-7(1).··-·
0003bac0:·7065·7220·696e·202d·6620·2d79·0a20·2077··per·in·-f·-y.··w0003bac0:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-7
0003bad0:·6865·6e3a·0a20·202d·206e·6f74·2028·2022··hen:.··-·not·(·"0003bad0:·2836·290a·2020·2d20·5043·492d·4453·532d··(6).··-·PCI-DSS-
0003bae0:·6b65·726e·656c·2220·696e·2061·6e73·6962··kernel"·in·ansib0003bae0:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI
0003baf0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003baf0:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.··
0003bb00:·7320·616e·6420·2272·706d·2d6f·7374·7265··s·and·"rpm-ostre0003bb00:·2d20·6869·6768·5f63·6f6d·706c·6578·6974··-·high_complexit
0003bb10:·6522·2069·6e20·616e·7369·626c·655f·6661··e"·in·ansible_fa0003bb10:·790a·2020·2d20·6869·6768·5f73·6576·6572··y.··-·high_sever
0003bb20:·6374·732e·7061·636b·6167·6573·0a20·2020··cts.packages.···0003bb20:·6974·790a·2020·2d20·6d65·6469·756d·5f64··ity.··-·medium_d
0003bb30:·2061·6e64·2022·626f·6f74·6322·2069·6e20···and·"bootc"·in·0003bb30:·6973·7275·7074·696f·6e0a·2020·2d20·6e6f··isruption.··-·no
0003bb40:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003bb40:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·
0003bb50:·636b·6167·6573·2061·6e64·206e·6f74·2022··ckages·and·not·"0003bb50:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra
0003bb60:·6f70·656e·7368·6966·742d·6b75·6265·6c65··openshift-kubele0003bb60:·7465·6779·0a20·202d·2072·706d·5f76·6572··tegy.··-·rpm_ver
0003bb70:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa0003bb70:·6966·795f·6861·7368·6573·0a0a·2d20·6e61··ify_hashes..-·na
Max diff block lines reached; 17159101/17215019 bytes (99.68%) of diff not shown.
1.23 MB
html2text {}
    
Offset 124, 14 lines modifiedOffset 124, 36 lines modified
124 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,124 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,
125 ····························A.14.2.3,·A.14.2.4125 ····························A.14.2.3,·A.14.2.4
126 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)126 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
127 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1127 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
128 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5128 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
129 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227129 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
130 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2130 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 132 #·Remediation·is·applicable·only·in·certain·platforms
 133 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm
 134 --quiet·-q·openshift-kubelet·;}·);·then
  
 135 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then
 136 get·files·names
 137 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 138 if·[·-n·"$files_with_incorrect_hash"·];·then
 139 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to
 140 new·line
 141 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 142 ····zypper·install·-f·-y·$packages_to_reinstall
  
 143 fi
  
 144 else
 145 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 146 fi
131 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8147 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
132 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high148 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
133 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium149 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
134 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false150 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
135 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict151 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
136 -·name:·Gather·the·package·facts152 -·name:·Gather·the·package·facts
137 ··package_facts:153 ··package_facts:
Offset 304, 36 lines modifiedOffset 326, 14 lines modified
304 ··-·PCI-DSSv4-11.5.2326 ··-·PCI-DSSv4-11.5.2
305 ··-·high_complexity327 ··-·high_complexity
306 ··-·high_severity328 ··-·high_severity
307 ··-·medium_disruption329 ··-·medium_disruption
308 ··-·no_reboot_needed330 ··-·no_reboot_needed
309 ··-·restrict_strategy331 ··-·restrict_strategy
310 ··-·rpm_verify_hashes332 ··-·rpm_verify_hashes
311 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
312 #·Remediation·is·applicable·only·in·certain·platforms 
313 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm 
314 --quiet·-q·openshift-kubelet·;}·);·then 
  
315 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then 
316 get·files·names 
317 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
318 if·[·-n·"$files_with_incorrect_hash"·];·then 
319 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to 
320 new·line 
321 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
322 ····zypper·install·-f·-y·$packages_to_reinstall 
  
323 fi 
  
324 else 
325 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
326 fi 
327 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*333 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
328 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,334 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,
329 including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,335 including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,
330 which·can·be·found·with:336 which·can·be·found·with:
331 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'337 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
332 run·the·following·command·to·determine·which·package·owns·it:338 run·the·following·command·to·determine·which·package·owns·it:
333 $·rpm·-qf·FILENAME339 $·rpm·-qf·FILENAME
Offset 415, 14 lines modifiedOffset 415, 53 lines modified
415 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)415 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
416 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1416 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
417 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5417 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
418 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,418 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,
419 ····························SRG-OS-000278-GPOS-00108419 ····························SRG-OS-000278-GPOS-00108
420 ·············_\x8c_\x8i_\x8s············6.1.1420 ·············_\x8c_\x8i_\x8s············6.1.1
421 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2421 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 422 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 423 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 424 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 425 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 426 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 427 #·Remediation·is·applicable·only·in·certain·platforms
 428 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm
 429 --quiet·-q·openshift-kubelet·;}·);·then
  
 430 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 431 declare·-A·SETPERMS_RPM_DICT
  
 432 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 433 #·is·expected·by·the·RPM·database
 434 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print
 435 $NF·}')
  
 436 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 437 do
 438 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 439 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 440 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 441 ········do
 442 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about
 443 duplicates.
 444 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 445 ········done
 446 done
  
 447 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 448 #·correct·values
 449 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 450 do
 451 »       rpm·--restore·"${RPM_PACKAGE}"
 452 done
  
 453 else
 454 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 455 fi
422 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8456 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
423 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high457 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
424 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium458 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
425 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false459 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
426 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict460 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
427 -·name:·Gather·the·package·facts461 -·name:·Gather·the·package·facts
428 ··package_facts:462 ··package_facts:
Max diff block lines reached; 1285188/1290841 bytes (99.56%) of diff not shown.
51.5 KB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-standard.html
    
Offset 14957, 120 lines modifiedOffset 14957, 120 lines modified
0003a6c0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003a6c0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003a6d0:·2223·6964·6d32·3436·3035·2220·7461·6269··"#idm24605"·tabi0003a6d0:·2223·6964·6d32·3436·3035·2220·7461·6269··"#idm24605"·tabi
0003a6e0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003a6e0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003a6f0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003a6f0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003a700:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003a700:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003a710:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003a710:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003a720:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003a720:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003a730:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003a730:·223e·5265·6d65·6469·6174·696f·6e20·5368··">Remediation·Sh
0003a740:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·.. 
0003a750:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003a760:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003a770:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003a780:·3d22·6964·6d32·3436·3035·223e·3c74·6162··="idm24605"><tab 
0003a790:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table· 
0003a7a0:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta 
0003a7b0:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab 
0003a7c0:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t 
0003a7d0:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity 
0003a7e0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t 
0003a7f0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D 
0003a800:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><0003a740:·656c·6c20·7363·7269·7074·20e2·87b2·3c2f··ell·script·...</
 0003a750:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
 0003a760:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
 0003a770:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
 0003a780:·646d·3234·3630·3522·3e3c·7461·626c·6520··dm24605"><table·
 0003a790:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 0003a7a0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 0003a7b0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 0003a7c0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 0003a7d0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
 0003a7e0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003a7f0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 0003a800:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
 0003a810:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003a820:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 0003a830:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 0003a840:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 0003a850:·7465·6779·3a3c·2f74·683e·3c74·643e·636f··tegy:</th><td>co
 0003a860:·6e66·6967·7572·653c·2f74·643e·3c2f·7472··nfigure</td></tr
 0003a870:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
 0003a880:·6f64·653e·6368·6772·7020·3020·2f65·7463··ode>chgrp·0·/etc
 0003a890:·2f70·6173·7377·640a·3c2f·636f·6465·3e3c··/passwd.</code><
 0003a8a0:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl
 0003a8b0:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc
 0003a8c0:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl
 0003a8d0:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat
 0003a8e0:·612d·7461·7267·6574·3d22·2369·646d·3234··a-target="#idm24
 0003a8f0:·3630·3622·2074·6162·696e·6465·783d·2230··606"·tabindex="0
 0003a900:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
 0003a910:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
 0003a920:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
 0003a930:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
 0003a940:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003a950:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s
 0003a960:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b
 0003a970:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
 0003a980:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
 0003a990:·6c61·7073·6522·2069·643d·2269·646d·3234··lapse"·id="idm24
 0003a9a0:·3630·3622·3e3c·7461·626c·6520·636c·6173··606"><table·clas
 0003a9b0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
 0003a9c0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
 0003a9d0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
 0003a9e0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
 0003a9f0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003a810:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>0003aa00:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003aa10:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
0003a820:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:< 
0003a830:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t 
0003a840:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S 
0003a850:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td 
0003a860:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td>< 
0003a870:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003a880:·3e3c·636f·6465·3e2d·206e·616d·653a·2054··><code>-·name:·T 
0003a890:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc 
0003a8a0:·6520·2f65·7463·2f70·6173·7377·640a·2020··e·/etc/passwd.·· 
0003a8b0:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:· 
0003a8c0:·2f65·7463·2f70·6173·7377·640a·2020·7265··/etc/passwd.··re 
0003a8d0:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi 
0003a8e0:·7374·730a·2020·7461·6773·3a0a·2020·2d20··sts.··tags:.··-· 
0003a8f0:·4343·452d·3931·3632·372d·300a·2020·2d20··CCE-91627-0.··-· 
0003a900:·434a·4953·2d35·2e35·2e32·2e32·0a20·202d··CJIS-5.5.2.2.··- 
0003a910:·204e·4953·542d·3830·302d·3533·2d41·432d···NIST-800-53-AC- 
0003a920:·3628·3129·0a20·202d·204e·4953·542d·3830··6(1).··-·NIST-80 
0003a930:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··- 
0003a940:·2050·4349·2d44·5353·2d52·6571·2d38·2e37···PCI-DSS-Req-8.7 
0003a950:·2e63·0a20·202d·2050·4349·2d44·5353·7634··.c.··-·PCI-DSSv4 
0003a960:·2d32·2e32·0a20·202d·2050·4349·2d44·5353··-2.2.··-·PCI-DSS 
0003a970:·7634·2d32·2e32·2e36·0a20·202d·2063·6f6e··v4-2.2.6.··-·con 
0003a980:·6669·6775·7265·5f73·7472·6174·6567·790a··figure_strategy. 
0003a990:·2020·2d20·6669·6c65·5f67·726f·7570·6f77····-·file_groupow 
0003a9a0:·6e65·725f·6574·635f·7061·7373·7764·0a20··ner_etc_passwd.· 
0003a9b0:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit 
0003a9c0:·790a·2020·2d20·6c6f·775f·6469·7372·7570··y.··-·low_disrup 
0003a9d0:·7469·6f6e·0a20·202d·206d·6564·6975·6d5f··tion.··-·medium_ 
0003a9e0:·7365·7665·7269·7479·0a20·202d·206e·6f5f··severity.··-·no_ 
0003a9f0:·7265·626f·6f74·5f6e·6565·6465·640a·0a2d··reboot_needed..- 
0003aa00:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr 
0003aa10:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/ 
0003aa20:·6574·632f·7061·7373·7764·0a20·2066·696c··etc/passwd.··fil 
0003aa30:·653a·0a20·2020·2070·6174·683a·202f·6574··e:.····path:·/et 
0003aa40:·632f·7061·7373·7764·0a20·2020·2067·726f··c/passwd.····gro 
0003aa50:·7570·3a20·2730·270a·2020·7768·656e·3a20··up:·'0'.··when:· 
0003aa60:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat 
0003aa70:·2069·7320·6465·6669·6e65·6420·616e·6420···is·defined·and· 
0003aa80:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat 
0003aa90:·2e65·7869·7374·730a·2020·7461·6773·3a0a··.exists.··tags:. 
0003aaa0:·2020·2d20·4343·452d·3931·3632·372d·300a····-·CCE-91627-0. 
0003aab0:·2020·2d20·434a·4953·2d35·2e35·2e32·2e32····-·CJIS-5.5.2.2 
0003aac0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53 
0003aad0:·2d41·432d·3628·3129·0a20·202d·204e·4953··-AC-6(1).··-·NIS 
0003aae0:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a) 
0003aaf0:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req 
0003ab00:·2d38·2e37·2e63·0a20·202d·2050·4349·2d44··-8.7.c.··-·PCI-D 
0003ab10:·5353·7634·2d32·2e32·0a20·202d·2050·4349··SSv4-2.2.··-·PCI 
0003ab20:·2d44·5353·7634·2d32·2e32·2e36·0a20·202d··-DSSv4-2.2.6.··- 
0003ab30:·2063·6f6e·6669·6775·7265·5f73·7472·6174···configure_strat 
0003ab40:·6567·790a·2020·2d20·6669·6c65·5f67·726f··egy.··-·file_gro 
0003ab50:·7570·6f77·6e65·725f·6574·635f·7061·7373··upowner_etc_pass 
0003ab60:·7764·0a20·202d·206c·6f77·5f63·6f6d·706c··wd.··-·low_compl 
0003ab70:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di 
0003ab80:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med 
0003ab90:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··- 
0003aba0:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede 
0003abb0:·640a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··d.</code></pre>< 
0003abc0:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003abd0:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003abe0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
Max diff block lines reached; 31934/47142 bytes (67.74%) of diff not shown.
5.36 KB
html2text {}
    
Offset 108, 14 lines modifiedOffset 108, 20 lines modified
108 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)108 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)
109 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5109 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5
110 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.7.c110 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.7.c
111 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227111 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
112 ·············_\x8c_\x8i_\x8s············6.1.2112 ·············_\x8c_\x8i_\x8s············6.1.2
113 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R50113 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R50
114 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········2.2.6,·2.2114 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········2.2.6,·2.2
 115 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 116 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 117 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 118 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 119 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
 120 chgrp·0·/etc/passwd
115 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8121 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
116 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low122 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
117 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low123 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
118 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false124 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
119 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure125 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
120 -·name:·Test·for·existence·/etc/passwd126 -·name:·Test·for·existence·/etc/passwd
121 ··stat:127 ··stat:
Offset 151, 20 lines modifiedOffset 157, 14 lines modified
151 ··-·PCI-DSSv4-2.2.6157 ··-·PCI-DSSv4-2.2.6
152 ··-·configure_strategy158 ··-·configure_strategy
153 ··-·file_groupowner_etc_passwd159 ··-·file_groupowner_etc_passwd
154 ··-·low_complexity160 ··-·low_complexity
155 ··-·low_disruption161 ··-·low_disruption
156 ··-·medium_severity162 ··-·medium_severity
157 ··-·no_reboot_needed163 ··-·no_reboot_needed
158 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
159 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
160 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
161 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
162 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure 
163 chgrp·0·/etc/passwd 
164 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·U\x8Us\x8se\x8er\x8r·W\x8Wh\x8ho\x8o·O\x8Ow\x8wn\x8ns\x8s·p\x8pa\x8as\x8ss\x8sw\x8wd\x8d·F\x8Fi\x8il\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*164 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·U\x8Us\x8se\x8er\x8r·W\x8Wh\x8ho\x8o·O\x8Ow\x8wn\x8ns\x8s·p\x8pa\x8as\x8ss\x8sw\x8wd\x8d·F\x8Fi\x8il\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
165 To·properly·set·the·owner·of·/etc/passwd,·run·the·command:165 To·properly·set·the·owner·of·/etc/passwd,·run·the·command:
166 $·sudo·chown·root·/etc/passwd166 $·sudo·chown·root·/etc/passwd
167 ·············The·/etc/passwd·file·contains·information·about·the·users·that·are167 ·············The·/etc/passwd·file·contains·information·about·the·users·that·are
168 Rationale:···configured·on·the·system.·Protection·of·this·file·is·critical·for168 Rationale:···configured·on·the·system.·Protection·of·this·file·is·critical·for
169 ·············system·security.169 ·············system·security.
170 Severity: ···medium170 Severity: ···medium
Offset 187, 14 lines modifiedOffset 187, 20 lines modified
187 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)187 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)
188 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5188 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5
189 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.7.c189 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.7.c
190 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227190 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
191 ·············_\x8c_\x8i_\x8s············6.1.2191 ·············_\x8c_\x8i_\x8s············6.1.2
192 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R50192 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R50
193 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········2.2.6,·2.2193 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········2.2.6,·2.2
 194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 195 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 196 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 197 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 198 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
 199 chown·0·/etc/passwd
194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8200 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
195 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low201 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
196 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low202 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
197 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false203 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
198 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure204 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
199 -·name:·Test·for·existence·/etc/passwd205 -·name:·Test·for·existence·/etc/passwd
200 ··stat:206 ··stat:
Offset 230, 20 lines modifiedOffset 236, 14 lines modified
230 ··-·PCI-DSSv4-2.2.6236 ··-·PCI-DSSv4-2.2.6
231 ··-·configure_strategy237 ··-·configure_strategy
232 ··-·file_owner_etc_passwd238 ··-·file_owner_etc_passwd
233 ··-·low_complexity239 ··-·low_complexity
234 ··-·low_disruption240 ··-·low_disruption
235 ··-·medium_severity241 ··-·medium_severity
236 ··-·no_reboot_needed242 ··-·no_reboot_needed
237 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
238 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
239 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
240 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
241 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure 
242 chown·0·/etc/passwd 
243 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·o\x8on\x8n·p\x8pa\x8as\x8ss\x8sw\x8wd\x8d·F\x8Fi\x8il\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*243 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·o\x8on\x8n·p\x8pa\x8as\x8ss\x8sw\x8wd\x8d·F\x8Fi\x8il\x8le\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
244 To·properly·set·the·permissions·of·/etc/passwd,·run·the·command:244 To·properly·set·the·permissions·of·/etc/passwd,·run·the·command:
245 $·sudo·chmod·0644·/etc/passwd245 $·sudo·chmod·0644·/etc/passwd
246 ·············If·the·/etc/passwd·file·is·writable·by·a·group-owner·or·the·world246 ·············If·the·/etc/passwd·file·is·writable·by·a·group-owner·or·the·world
247 Rationale:···the·risk·of·its·compromise·is·increased.·The·file·contains·the247 Rationale:···the·risk·of·its·compromise·is·increased.·The·file·contains·the
248 ·············list·of·accounts·on·the·system·and·associated·information,·and248 ·············list·of·accounts·on·the·system·and·associated·information,·and
249 ·············protection·of·this·file·is·critical·for·system·security.249 ·············protection·of·this·file·is·critical·for·system·security.
Offset 267, 14 lines modifiedOffset 267, 24 lines modified
267 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)267 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(a),·AC-6(1)
268 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5268 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5
269 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.7.c269 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-8.7.c
270 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227270 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
271 ·············_\x8c_\x8i_\x8s············6.1.2271 ·············_\x8c_\x8i_\x8s············6.1.2
272 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R50272 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R50
273 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········2.2.6,·2.2273 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········2.2.6,·2.2
 274 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 275 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 276 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 277 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 278 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
  
  
  
  
 279 chmod·u-xs,g-xws,o-xwt·/etc/passwd
274 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8280 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
275 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low281 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
276 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low282 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
277 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false283 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
278 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure284 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure
279 -·name:·Test·for·existence·/etc/passwd285 -·name:·Test·for·existence·/etc/passwd
280 ··stat:286 ··stat:
Offset 310, 21 lines modifiedOffset 320, 11 lines modified
310 ··-·PCI-DSSv4-2.2.6320 ··-·PCI-DSSv4-2.2.6
311 ··-·configure_strategy321 ··-·configure_strategy
312 ··-·file_permissions_etc_passwd322 ··-·file_permissions_etc_passwd
313 ··-·low_complexity323 ··-·low_complexity
314 ··-·low_disruption324 ··-·low_disruption
315 ··-·medium_severity325 ··-·medium_severity
316 ··-·no_reboot_needed326 ··-·no_reboot_needed
317 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
318 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
319 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
320 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
321 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···configure 
  
  
  
  
322 chmod·u-xs,g-xws,o-xwt·/etc/passwd 
323 Red·Hat·and·Red·Hat·Enterprise·Linux·are·either·registered·trademarks·or327 Red·Hat·and·Red·Hat·Enterprise·Linux·are·either·registered·trademarks·or
Max diff block lines reached; 126/5465 bytes (2.31%) of diff not shown.
20.4 MB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-stig.html
    
Offset 15145, 145 lines modifiedOffset 15145, 145 lines modified
0003b280:·7267·6574·3d22·2369·646d·3533·3938·2220··rget="#idm5398"·0003b280:·7267·6574·3d22·2369·646d·3533·3938·2220··rget="#idm5398"·
0003b290:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003b290:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003b2a0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003b2a0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003b2b0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003b2b0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003b2c0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003b2c0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003b2d0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003b2d0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003b2e0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003b2e0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003b2f0:·6e20·4f53·4275·696c·6420·426c·7565·7072··n·OSBuild·Bluepr 
0003b300:·696e·7420·736e·6970·7065·7420·e287·b23c··int·snippet·...< 
0003b310:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b320:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b330:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b340:·6964·6d35·3339·3822·3e3c·7072·653e·3c63··idm5398"><pre><c 
0003b350:·6f64·653e·0a5b·5b70·6163·6b61·6765·735d··ode>.[[packages] 
0003b360:·5d0a·6e61·6d65·203d·2022·6169·6465·220a··].name·=·"aide". 
0003b370:·7665·7273·696f·6e20·3d20·222a·220a·3c2f··version·=·"*".</0003b2f0:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
 0003b300:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
 0003b310:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
 0003b320:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
 0003b330:·643d·2269·646d·3533·3938·223e·3c74·6162··d="idm5398"><tab
 0003b340:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 0003b350:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 0003b360:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 0003b370:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 0003b380:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
 0003b390:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003b3a0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003b3b0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
 0003b3c0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003b3d0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003b3e0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
 0003b3f0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 0003b400:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003b410:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr
 0003b420:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
 0003b430:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
 0003b440:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
 0003b450:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
 0003b460:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm
 0003b470:·202d·2d71·7569·6574·202d·7120·6b65·726e···--quiet·-q·kern
 0003b480:·656c·2d64·6566·6175·6c74·3b20·7468·656e··el-default;·then
 0003b490:·0a0a·7a79·7070·6572·2069·6e73·7461·6c6c··..zypper·install
 0003b4a0:·202d·7920·2261·6964·6522·0a0a·656c·7365···-y·"aide"..else
 0003b4b0:·0a20·2020·2026·6774·3b26·616d·703b·3220··.····&gt;&amp;2·
 0003b4c0:·6563·686f·2027·5265·6d65·6469·6174·696f··echo·'Remediatio
 0003b4d0:·6e20·6973·206e·6f74·2061·7070·6c69·6361··n·is·not·applica
 0003b4e0:·626c·652c·206e·6f74·6869·6e67·2077·6173··ble,·nothing·was
 0003b4f0:·2064·6f6e·6527·0a66·690a·3c2f·636f·6465···done'.fi.</code
0003b380:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div0003b500:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
0003b390:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b0003b510:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
0003b3a0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data0003b520:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
0003b3b0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps0003b530:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
0003b3c0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003b540:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b3d0:·2369·646d·3533·3939·2220·7461·6269·6e64··#idm5399"·tabind0003b550:·3533·3939·2220·7461·6269·6e64·6578·3d22··5399"·tabindex="
0003b3e0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003b560:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b3f0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003b570:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b400:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003b580:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b410:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003b590:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003b420:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003b5a0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003b430:·5265·6d65·6469·6174·696f·6e20·416e·7369··Remediation·Ansi0003b5b0:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·
0003b440:·626c·6520·736e·6970·7065·7420·e287·b23c··ble·snippet·...<0003b5c0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
0003b450:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003b5d0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003b460:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003b5e0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003b470:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003b5f0:·6c6c·6170·7365·2220·6964·3d22·6964·6d35··llapse"·id="idm5
0003b480:·6964·6d35·3339·3922·3e3c·7461·626c·6520··idm5399"><table·0003b600:·3339·3922·3e3c·7461·626c·6520·636c·6173··399"><table·clas
0003b490:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003b610:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003b4a0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003b620:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003b4b0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003b630:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003b4c0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003b640:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003b4d0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003b650:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003b4e0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><0003b660:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
0003b4f0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr0003b670:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
0003b500:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>0003b680:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
0003b510:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr0003b690:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003b520:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th0003b6a0:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
0003b530:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003b540:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003b550:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003b560:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></0003b6b0:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
 0003b6c0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
 0003b6d0:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable
0003b570:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b580:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather· 
0003b590:·7468·6520·7061·636b·6167·6520·6661·6374··the·package·fact 
0003b5a0:·730a·2020·7061·636b·6167·655f·6661·6374··s.··package_fact 
0003b5b0:·733a·0a20·2020·206d·616e·6167·6572·3a20··s:.····manager:· 
0003b5c0:·6175·746f·0a20·2074·6167·733a·0a20·202d··auto.··tags:.··- 
0003b5d0:·2043·4345·2d38·3330·3637·2d39·0a20·202d···CCE-83067-9.··- 
0003b5e0:·2043·4a49·532d·352e·3130·2e31·2e33·0a20···CJIS-5.10.1.3.· 
0003b5f0:·202d·2044·4953·412d·5354·4947·2d53·4c45···-·DISA-STIG-SLE 
0003b600:·532d·3132·2d30·3130·3439·390a·2020·2d20··S-12-010499.··-· 
0003b610:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6 
0003b620:·2861·290a·2020·2d20·5043·492d·4453·532d··(a).··-·PCI-DSS- 
0003b630:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI 
0003b640:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.·· 
0003b650:·2d20·656e·6162·6c65·5f73·7472·6174·6567··-·enable_strateg 
0003b660:·790a·2020·2d20·6c6f·775f·636f·6d70·6c65··y.··-·low_comple 
0003b670:·7869·7479·0a20·202d·206c·6f77·5f64·6973··xity.··-·low_dis 
0003b680:·7275·7074·696f·6e0a·2020·2d20·6d65·6469··ruption.··-·medi 
0003b690:·756d·5f73·6576·6572·6974·790a·2020·2d20··um_severity.··-· 
0003b6a0:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed 
0003b6b0:·0a20·202d·2070·6163·6b61·6765·5f61·6964··.··-·package_aid 
0003b6c0:·655f·696e·7374·616c·6c65·640a·0a2d·206e··e_installed..-·n 
0003b6d0:·616d·653a·2045·6e73·7572·6520·6169·6465··ame:·Ensure·aide 
0003b6e0:·2069·7320·696e·7374·616c·6c65·640a·2020···is·installed.·· 
0003b6f0:·7061·636b·6167·653a·0a20·2020·206e·616d··package:.····nam 
0003b700:·653a·2061·6964·650a·2020·2020·7374·6174··e:·aide.····stat 
0003b710:·653a·2070·7265·7365·6e74·0a20·2077·6865··e:·present.··whe 
0003b720:·6e3a·2027·226b·6572·6e65·6c2d·6465·6661··n:·'"kernel-defa 
0003b730:·756c·7422·2069·6e20·616e·7369·626c·655f··ult"·in·ansible_ 
0003b740:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
0003b750:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE- 
0003b760:·3833·3036·372d·390a·2020·2d20·434a·4953··83067-9.··-·CJIS 
0003b770:·2d35·2e31·302e·312e·330a·2020·2d20·4449··-5.10.1.3.··-·DI 
0003b780:·5341·2d53·5449·472d·534c·4553·2d31·322d··SA-STIG-SLES-12- 
0003b790:·3031·3034·3939·0a20·202d·204e·4953·542d··010499.··-·NIST- 
0003b7a0:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).· 
0003b7b0:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1 
0003b7c0:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv 
0003b7d0:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena 
0003b7e0:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··- 
0003b7f0:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity. 
0003b800:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti 
0003b810:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se 
0003b820:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re 
0003b830:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-· 
0003b840:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins 
Max diff block lines reached; 19861480/19880138 bytes (99.91%) of diff not shown.
1.39 MB
html2text {}
    
Offset 126, 19 lines modifiedOffset 126, 27 lines modified
126 include·install_aide126 include·install_aide
  
127 class·install_aide·{127 class·install_aide·{
128 ··package·{·'aide':128 ··package·{·'aide':
129 ····ensure·=>·'installed',129 ····ensure·=>·'installed',
130 ··}130 ··}
131 }131 }
132 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8132 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 133 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 134 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 135 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 136 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 137 #·Remediation·is·applicable·only·in·certain·platforms
 138 if·rpm·--quiet·-q·kernel-default;·then
  
133 [[packages]] 
134 name·=·"aide" 
135 version·=·"*"139 zypper·install·-y·"aide"
  
 140 else
 141 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 142 fi
136 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
137 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
138 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
139 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
140 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
141 -·name:·Gather·the·package·facts148 -·name:·Gather·the·package·facts
142 ··package_facts:149 ··package_facts:
Offset 171, 27 lines modifiedOffset 179, 19 lines modified
171 ··-·PCI-DSSv4-11.5.2179 ··-·PCI-DSSv4-11.5.2
172 ··-·enable_strategy180 ··-·enable_strategy
173 ··-·low_complexity181 ··-·low_complexity
174 ··-·low_disruption182 ··-·low_disruption
175 ··-·medium_severity183 ··-·medium_severity
176 ··-·no_reboot_needed184 ··-·no_reboot_needed
177 ··-·package_aide_installed185 ··-·package_aide_installed
 186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
178 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
179 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
180 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
181 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
182 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
183 #·Remediation·is·applicable·only·in·certain·platforms 
184 if·rpm·--quiet·-q·kernel-default;·then 
  
185 zypper·install·-y·"aide" 
  
186 else 
187 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
188 fi187 [[packages]]
 188 name·=·"aide"
 189 version·=·"*"
189 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*190 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
190 Run·the·following·command·to·generate·a·new·database:191 Run·the·following·command·to·generate·a·new·database:
191 $·sudo·/usr/bin/aide·--init192 $·sudo·/usr/bin/aide·--init
192 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the193 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the
193 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure194 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure
194 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-195 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-
195 generated·database·can·be·installed·as·follows:196 generated·database·can·be·installed·as·follows:
Offset 219, 14 lines modifiedOffset 219, 29 lines modified
219 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5219 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
220 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199220 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
221 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-12-010499221 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-12-010499
222 ·············_\x8c_\x8i_\x8s············1.4.1222 ·············_\x8c_\x8i_\x8s············1.4.1
223 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79223 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
224 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2224 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
225 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255916r958794_rule225 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255916r958794_rule
 226 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 227 #·Remediation·is·applicable·only·in·certain·platforms
 228 if·rpm·--quiet·-q·kernel-default;·then
  
 229 zypper·-q·--no-remote·ref
  
  
 230 zypper·install·-y·"aide"
  
 231 /usr/bin/aide·--init
 232 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db
  
 233 else
 234 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 235 fi
226 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
227 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low237 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
228 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low238 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
229 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false239 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
230 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict240 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
231 -·name:·Gather·the·package·facts241 -·name:·Gather·the·package·facts
232 ··package_facts:242 ··package_facts:
Offset 339, 29 lines modifiedOffset 354, 14 lines modified
339 ··-·PCI-DSSv4-11.5.2354 ··-·PCI-DSSv4-11.5.2
340 ··-·aide_build_database355 ··-·aide_build_database
341 ··-·low_complexity356 ··-·low_complexity
342 ··-·low_disruption357 ··-·low_disruption
343 ··-·medium_severity358 ··-·medium_severity
344 ··-·no_reboot_needed359 ··-·no_reboot_needed
345 ··-·restrict_strategy360 ··-·restrict_strategy
346 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
347 #·Remediation·is·applicable·only·in·certain·platforms 
348 if·rpm·--quiet·-q·kernel-default;·then 
  
349 zypper·-q·--no-remote·ref 
  
  
350 zypper·install·-y·"aide" 
  
351 /usr/bin/aide·--init 
352 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db 
  
353 else 
354 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
355 fi 
356 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·A\x8AI\x8ID\x8DE\x8E·t\x8to\x8o·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·t\x8th\x8he\x8e·A\x8Au\x8ud\x8di\x8it\x8t·T\x8To\x8oo\x8ol\x8ls\x8s·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*361 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·A\x8AI\x8ID\x8DE\x8E·t\x8to\x8o·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·t\x8th\x8he\x8e·A\x8Au\x8ud\x8di\x8it\x8t·T\x8To\x8oo\x8ol\x8ls\x8s·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
357 The·operating·system·file·integrity·tool·must·be·configured·to·protect·the·integrity·of·the·audit·tools.362 The·operating·system·file·integrity·tool·must·be·configured·to·protect·the·integrity·of·the·audit·tools.
358 ·············Protecting·the·integrity·of·the·tools·used·for·auditing·purposes·is·a·critical·step·toward363 ·············Protecting·the·integrity·of·the·tools·used·for·auditing·purposes·is·a·critical·step·toward
359 ·············ensuring·the·integrity·of·audit·information.·Audit·information·includes·all·information·(e.g.,364 ·············ensuring·the·integrity·of·audit·information.·Audit·information·includes·all·information·(e.g.,
360 ·············audit·records,·audit·settings,·and·audit·reports)·needed·to·successfully·audit·information365 ·············audit·records,·audit·settings,·and·audit·reports)·needed·to·successfully·audit·information
361 ·············system·activity.·Audit·tools·include·but·are·not·limited·to·vendor-provided·and·open-source366 ·············system·activity.·Audit·tools·include·but·are·not·limited·to·vendor-provided·and·open-source
362 ·············audit·tools·needed·to·successfully·view·and·manipulate·audit·information·system·activity·and367 ·············audit·tools·needed·to·successfully·view·and·manipulate·audit·information·system·activity·and
Offset 375, 14 lines modifiedOffset 375, 82 lines modified
375 Rule·ID:·····xccdf_org.ssgproject.content_rule_aide_check_audit_tools375 Rule·ID:·····xccdf_org.ssgproject.content_rule_aide_check_audit_tools
376 Identifiers:·CCE-83204-8376 Identifiers:·CCE-83204-8
377 ·············_\x8d_\x8i_\x8s_\x8a····CCI-001496,·CCI-001494,·CCI-001495,·CCI-001493377 ·············_\x8d_\x8i_\x8s_\x8a····CCI-001496,·CCI-001494,·CCI-001495,·CCI-001493
378 ·············_\x8n_\x8i_\x8s_\x8t····AU-9(3),·AU-9(3).1378 ·············_\x8n_\x8i_\x8s_\x8t····AU-9(3),·AU-9(3).1
379 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000278-GPOS-00108379 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000278-GPOS-00108
380 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··SLES-12-010540380 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··SLES-12-010540
Max diff block lines reached; 1455809/1461062 bytes (99.64%) of diff not shown.
21.4 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-anssi_bp28_enhanced.html
    
Offset 15171, 146 lines modifiedOffset 15171, 146 lines modified
0003b420:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003b420:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b430:·2223·6964·6d36·3336·3222·2074·6162·696e··"#idm6362"·tabin0003b430:·2223·6964·6d36·3336·3222·2074·6162·696e··"#idm6362"·tabin
0003b440:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003b440:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b450:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b450:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b460:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b460:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b470:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b470:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003b480:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b480:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b490:·3e52·656d·6564·6961·7469·6f6e·204f·5342··>Remediation·OSB0003b490:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
 0003b4a0:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
 0003b4b0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003b4c0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003b4d0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003b4e0:·6d36·3336·3222·3e3c·7461·626c·6520·636c··m6362"><table·cl
 0003b4f0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
 0003b500:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003b4a0:·7569·6c64·2042·6c75·6570·7269·6e74·2073··uild·Blueprint·s 
0003b4b0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003b4c0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003b4d0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003b4e0:·6c61·7073·6522·2069·643d·2269·646d·3633··lapse"·id="idm63 
0003b4f0:·3632·223e·3c70·7265·3e3c·636f·6465·3e0a··62"><pre><code>. 
0003b500:·5b5b·7061·636b·6167·6573·5d5d·0a6e·616d··[[packages]].nam 
0003b510:·6520·3d20·2261·6964·6522·0a76·6572·7369··e·=·"aide".versi 
0003b520:·6f6e·203d·2022·2a22·0a3c·2f63·6f64·653e··on·=·"*".</code> 
0003b530:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003b540:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003b550:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003b560:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003b570:·7461·2d74·6172·6765·743d·2223·6964·6d36··ta-target="#idm6 
0003b580:·3336·3322·2074·6162·696e·6465·783d·2230··363"·tabindex="0 
0003b590:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003b5a0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003b5b0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003b5c0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003b5d0:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003b5e0:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s 
0003b5f0:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003b600:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003b610:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003b620:·6c61·7073·6522·2069·643d·2269·646d·3633··lapse"·id="idm63 
0003b630:·3633·223e·3c74·6162·6c65·2063·6c61·7373··63"><table·class 
0003b640:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
0003b650:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord0003b510:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
 0003b520:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
 0003b530:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
 0003b540:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003b550:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
0003b660:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
0003b670:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
0003b680:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t 
0003b690:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr>< 
0003b6a0:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003b6b0:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003b6c0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b6d0:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>0003b560:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
0003b6e0:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003b6f0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003b700:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003b710:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table0003b570:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003b580:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
 0003b590:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
 0003b5a0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
 0003b5b0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab
0003b720:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na 
0003b730:·6d65·3a20·4761·7468·6572·2074·6865·2070··me:·Gather·the·p 
0003b740:·6163·6b61·6765·2066·6163·7473·0a20·2070··ackage·facts.··p 
0003b750:·6163·6b61·6765·5f66·6163·7473·3a0a·2020··ackage_facts:.·· 
0003b760:·2020·6d61·6e61·6765·723a·2061·7574·6f0a····manager:·auto. 
0003b770:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE- 
0003b780:·3833·3238·392d·390a·2020·2d20·434a·4953··83289-9.··-·CJIS 
0003b790:·2d35·2e31·302e·312e·330a·2020·2d20·4449··-5.10.1.3.··-·DI 
0003b7a0:·5341·2d53·5449·472d·534c·4553·2d31·352d··SA-STIG-SLES-15- 
0003b7b0:·3031·3034·3139·0a20·202d·204e·4953·542d··010419.··-·NIST- 
0003b7c0:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).· 
0003b7d0:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1 
0003b7e0:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv 
0003b7f0:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena 
0003b800:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··- 
0003b810:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity. 
0003b820:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti 
0003b830:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se 
0003b840:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re 
0003b850:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-· 
0003b860:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins 
0003b870:·7461·6c6c·6564·0a0a·2d20·6e61·6d65·3a20··talled..-·name:· 
0003b880:·456e·7375·7265·2061·6964·6520·6973·2069··Ensure·aide·is·i 
0003b890:·6e73·7461·6c6c·6564·0a20·2070·6163·6b61··nstalled.··packa 
0003b8a0:·6765·3a0a·2020·2020·6e61·6d65·3a20·6169··ge:.····name:·ai 
0003b8b0:·6465·0a20·2020·2073·7461·7465·3a20·7072··de.····state:·pr 
0003b8c0:·6573·656e·740a·2020·7768·656e·3a20·2722··esent.··when:·'" 
0003b8d0:·6b65·726e·656c·2d64·6566·6175·6c74·2220··kernel-default"· 
0003b8e0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
0003b8f0:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag 
0003b900:·733a·0a20·202d·2043·4345·2d38·3332·3839··s:.··-·CCE-83289 
0003b910:·2d39·0a20·202d·2043·4a49·532d·352e·3130··-9.··-·CJIS-5.10 
0003b920:·2e31·2e33·0a20·202d·2044·4953·412d·5354··.1.3.··-·DISA-ST 
0003b930:·4947·2d53·4c45·532d·3135·2d30·3130·3431··IG-SLES-15-01041 
0003b940:·390a·2020·2d20·4e49·5354·2d38·3030·2d35··9.··-·NIST-800-5 
0003b950:·332d·434d·2d36·2861·290a·2020·2d20·5043··3-CM-6(a).··-·PC 
0003b960:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.· 
0003b970:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11. 
0003b980:·352e·320a·2020·2d20·656e·6162·6c65·5f73··5.2.··-·enable_s 
0003b990:·7472·6174·6567·790a·2020·2d20·6c6f·775f··trategy.··-·low_ 
0003b9a0:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l 
0003b9b0:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.·· 
0003b9c0:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit 
0003b9d0:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_ 
0003b9e0:·6e65·6564·6564·0a20·202d·2070·6163·6b61··needed.··-·packa 
0003b9f0:·6765·5f61·6964·655f·696e·7374·616c·6c65··ge_aide_installe 
0003ba00:·640a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··d.</code></pre>< 
0003ba10:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003ba20:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003ba30:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003ba40:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003ba50:·6574·3d22·2369·646d·3633·3634·2220·7461··et="#idm6364"·ta 
0003ba60:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003ba70:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003ba80:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003ba90:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003baa0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003bab0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003bac0:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·... 
0003bad0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003bae0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003baf0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003bb00:·2269·646d·3633·3634·223e·3c74·6162·6c65··"idm6364"><table 
0003bb10:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
Max diff block lines reached; 20505632/20524428 bytes (99.91%) of diff not shown.
1.79 MB
html2text {}
Max HTML report size reached
21.7 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-anssi_bp28_high.html
    
Offset 15177, 145 lines modifiedOffset 15177, 145 lines modified
0003b480:·6574·3d22·2369·646d·3633·3632·2220·7461··et="#idm6362"·ta0003b480:·6574·3d22·2369·646d·3633·3632·2220·7461··et="#idm6362"·ta
0003b490:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003b490:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b4a0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003b4a0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b4b0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003b4b0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b4c0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003b4c0:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b4d0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003b4d0:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003b4e0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003b4e0:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b4f0:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
0003b500:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003b510:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b520:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b530:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b540:·6d36·3336·3222·3e3c·7072·653e·3c63·6f64··m6362"><pre><cod 
0003b550:·653e·0a5b·5b70·6163·6b61·6765·735d·5d0a··e>.[[packages]]. 
0003b560:·6e61·6d65·203d·2022·6169·6465·220a·7665··name·=·"aide".ve 
0003b570:·7273·696f·6e20·3d20·222a·220a·3c2f·636f··rsion·=·"*".</co0003b4f0:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
 0003b500:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
 0003b510:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
 0003b520:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
 0003b530:·2269·646d·3633·3632·223e·3c74·6162·6c65··"idm6362"><table
 0003b540:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
 0003b550:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
 0003b560:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
 0003b570:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
 0003b580:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
 0003b590:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003b5a0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
 0003b5b0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
 0003b5c0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003b5d0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
 0003b5e0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
 0003b5f0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
 0003b600:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e
 0003b610:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><
 0003b620:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
 0003b630:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
 0003b640:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
 0003b650:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
 0003b660:·6174·666f·726d·730a·6966·2072·706d·202d··atforms.if·rpm·-
 0003b670:·2d71·7569·6574·202d·7120·6b65·726e·656c··-quiet·-q·kernel
 0003b680:·2d64·6566·6175·6c74·3b20·7468·656e·0a0a··-default;·then..
 0003b690:·7a79·7070·6572·2069·6e73·7461·6c6c·202d··zypper·install·-
 0003b6a0:·7920·2261·6964·6522·0a0a·656c·7365·0a20··y·"aide"..else.·
 0003b6b0:·2020·2026·6774·3b26·616d·703b·3220·6563·····&gt;&amp;2·ec
 0003b6c0:·686f·2027·5265·6d65·6469·6174·696f·6e20··ho·'Remediation·
 0003b6d0:·6973·206e·6f74·2061·7070·6c69·6361·626c··is·not·applicabl
 0003b6e0:·652c·206e·6f74·6869·6e67·2077·6173·2064··e,·nothing·was·d
 0003b6f0:·6f6e·6527·0a66·690a·3c2f·636f·6465·3e3c··one'.fi.</code><
0003b580:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><0003b700:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl
0003b590:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn0003b710:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc
0003b5a0:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t0003b720:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl
0003b5b0:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"0003b730:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat
0003b5c0:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003b740:·612d·7461·7267·6574·3d22·2369·646d·3633··a-target="#idm63
0003b5d0:·646d·3633·3633·2220·7461·6269·6e64·6578··dm6363"·tabindex0003b750:·3633·2220·7461·6269·6e64·6578·3d22·3022··63"·tabindex="0"
0003b5e0:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003b760:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003b5f0:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003b770:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003b600:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003b780:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003b610:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003b790:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003b620:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003b7a0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
0003b630:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl0003b7b0:·6174·696f·6e20·416e·7369·626c·6520·736e··ation·Ansible·sn
0003b640:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a0003b7c0:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br
0003b650:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=0003b7d0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003b660:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·0003b7e0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003b670:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id0003b7f0:·6170·7365·2220·6964·3d22·6964·6d36·3336··apse"·id="idm636
0003b680:·6d36·3336·3322·3e3c·7461·626c·6520·636c··m6363"><table·cl0003b800:·3322·3e3c·7461·626c·6520·636c·6173·733d··3"><table·class=
0003b690:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table0003b810:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
0003b6a0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b0003b820:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
0003b6b0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co0003b830:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
0003b6c0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th0003b840:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
0003b6d0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th0003b850:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
0003b6e0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t0003b860:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
0003b6f0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup0003b870:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003b700:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo0003b880:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
0003b710:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><0003b890:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
0003b720:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><0003b8a0:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
0003b730:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003b740:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003b750:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003b760:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta0003b8b0:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
 0003b8c0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
 0003b8d0:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
 0003b8e0:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
0003b770:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-0003b8f0:·3c70·7265·3e3c·636f·6465·3e2d·206e·616d··<pre><code>-·nam
0003b780:·206e·616d·653a·2047·6174·6865·7220·7468···name:·Gather·th0003b900:·653a·2047·6174·6865·7220·7468·6520·7061··e:·Gather·the·pa
0003b790:·6520·7061·636b·6167·6520·6661·6374·730a··e·package·facts.0003b910:·636b·6167·6520·6661·6374·730a·2020·7061··ckage·facts.··pa
0003b7a0:·2020·7061·636b·6167·655f·6661·6374·733a····package_facts:0003b920:·636b·6167·655f·6661·6374·733a·0a20·2020··ckage_facts:.···
0003b7b0:·0a20·2020·206d·616e·6167·6572·3a20·6175··.····manager:·au0003b930:·206d·616e·6167·6572·3a20·6175·746f·0a20···manager:·auto.·
0003b7c0:·746f·0a20·2074·6167·733a·0a20·202d·2043··to.··tags:.··-·C 
0003b7d0:·4345·2d38·3332·3839·2d39·0a20·202d·2043··CE-83289-9.··-·C 
0003b7e0:·4a49·532d·352e·3130·2e31·2e33·0a20·202d··JIS-5.10.1.3.··- 
0003b7f0:·2044·4953·412d·5354·4947·2d53·4c45·532d···DISA-STIG-SLES- 
0003b800:·3135·2d30·3130·3431·390a·2020·2d20·4e49··15-010419.··-·NI 
0003b810:·5354·2d38·3030·2d35·332d·434d·2d36·2861··ST-800-53-CM-6(a 
0003b820:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re 
0003b830:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D 
0003b840:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-· 
0003b850:·656e·6162·6c65·5f73·7472·6174·6567·790a··enable_strategy. 
0003b860:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi 
0003b870:·7479·0a20·202d·206c·6f77·5f64·6973·7275··ty.··-·low_disru 
0003b880:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium 
0003b890:·5f73·6576·6572·6974·790a·2020·2d20·6e6f··_severity.··-·no 
0003b8a0:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.· 
0003b8b0:·202d·2070·6163·6b61·6765·5f61·6964·655f···-·package_aide_ 
0003b8c0:·696e·7374·616c·6c65·640a·0a2d·206e·616d··installed..-·nam 
0003b8d0:·653a·2045·6e73·7572·6520·6169·6465·2069··e:·Ensure·aide·i 
0003b8e0:·7320·696e·7374·616c·6c65·640a·2020·7061··s·installed.··pa 
0003b8f0:·636b·6167·653a·0a20·2020·206e·616d·653a··ckage:.····name: 
0003b900:·2061·6964·650a·2020·2020·7374·6174·653a···aide.····state: 
0003b910:·2070·7265·7365·6e74·0a20·2077·6865·6e3a···present.··when: 
0003b920:·2027·226b·6572·6e65·6c2d·6465·6661·756c···'"kernel-defaul 
0003b930:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
0003b940:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
0003b950:·7461·6773·3a0a·2020·2d20·4343·452d·3833··tags:.··-·CCE-830003b940:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
0003b960:·3238·392d·390a·2020·2d20·434a·4953·2d35··289-9.··-·CJIS-50003b950:·3332·3839·2d39·0a20·202d·2043·4a49·532d··3289-9.··-·CJIS-
0003b970:·2e31·302e·312e·330a·2020·2d20·4449·5341··.10.1.3.··-·DISA 
0003b980:·2d53·5449·472d·534c·4553·2d31·352d·3031··-STIG-SLES-15-01 
0003b990:·3034·3139·0a20·202d·204e·4953·542d·3830··0419.··-·NIST-80 
0003b9a0:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··-0003b960:·352e·3130·2e31·2e33·0a20·202d·2044·4953··5.10.1.3.··-·DIS
 0003b970:·412d·5354·4947·2d53·4c45·532d·3135·2d30··A-STIG-SLES-15-0
 0003b980:·3130·3431·390a·2020·2d20·4e49·5354·2d38··10419.··-·NIST-8
 0003b990:·3030·2d35·332d·434d·2d36·2861·290a·2020··00-53-CM-6(a).··
0003b9b0:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.0003b9a0:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-11
 0003b9b0:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv4
 0003b9c0:·2d31·312e·352e·320a·2020·2d20·656e·6162··-11.5.2.··-·enab
 0003b9d0:·6c65·5f73·7472·6174·6567·790a·2020·2d20··le_strategy.··-·
 0003b9e0:·6c6f·775f·636f·6d70·6c65·7869·7479·0a20··low_complexity.·
 0003b9f0:·202d·206c·6f77·5f64·6973·7275·7074·696f···-·low_disruptio
Max diff block lines reached; 20810272/20828930 bytes (99.91%) of diff not shown.
1.82 MB
html2text {}
Max HTML report size reached
8.66 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-anssi_bp28_intermediary.html
    
Offset 15162, 146 lines modifiedOffset 15162, 146 lines modified
0003b390:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b390:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b3a0:·3d22·2369·646d·3633·3632·2220·7461·6269··="#idm6362"·tabi0003b3a0:·3d22·2369·646d·3633·3632·2220·7461·6269··="#idm6362"·tabi
0003b3b0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b3b0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b3c0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b3c0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b3d0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b3d0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b3e0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b3e0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b3f0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b3f0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b400:·223e·5265·6d65·6469·6174·696f·6e20·4f53··">Remediation·OS0003b400:·223e·5265·6d65·6469·6174·696f·6e20·5368··">Remediation·Sh
0003b410:·4275·696c·6420·426c·7565·7072·696e·7420··Build·Blueprint· 
0003b420:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003b430:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b440:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b450:·6c6c·6170·7365·2220·6964·3d22·6964·6d36··llapse"·id="idm60003b410:·656c·6c20·7363·7269·7074·20e2·87b2·3c2f··ell·script·...</
 0003b420:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
 0003b430:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
 0003b440:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
 0003b450:·646d·3633·3632·223e·3c74·6162·6c65·2063··dm6362"><table·c
 0003b460:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
 0003b470:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
 0003b480:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
 0003b490:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
 0003b4a0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
 0003b4b0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003b4c0:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
 0003b4d0:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l
 0003b4e0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003b4f0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>
 0003b500:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></
 0003b510:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
 0003b520:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena
 0003b530:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t
0003b460:·3336·3222·3e3c·7072·653e·3c63·6f64·653e··362"><pre><code>0003b540:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
0003b470:·0a5b·5b70·6163·6b61·6765·735d·5d0a·6e61··.[[packages]].na 
0003b480:·6d65·203d·2022·6169·6465·220a·7665·7273··me·=·"aide".vers 
0003b490:·696f·6e20·3d20·222a·220a·3c2f·636f·6465··ion·=·"*".</code0003b550:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
 0003b560:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
 0003b570:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
 0003b580:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q
 0003b590:·7569·6574·202d·7120·6b65·726e·656c·2d64··uiet·-q·kernel-d
 0003b5a0:·6566·6175·6c74·3b20·7468·656e·0a0a·7a79··efault;·then..zy
 0003b5b0:·7070·6572·2069·6e73·7461·6c6c·202d·7920··pper·install·-y·
 0003b5c0:·2261·6964·6522·0a0a·656c·7365·0a20·2020··"aide"..else.···
 0003b5d0:·2026·6774·3b26·616d·703b·3220·6563·686f···&gt;&amp;2·echo
 0003b5e0:·2027·5265·6d65·6469·6174·696f·6e20·6973···'Remediation·is
 0003b5f0:·206e·6f74·2061·7070·6c69·6361·626c·652c···not·applicable,
 0003b600:·206e·6f74·6869·6e67·2077·6173·2064·6f6e···nothing·was·don
 0003b610:·6527·0a66·690a·3c2f·636f·6465·3e3c·2f70··e'.fi.</code></p
0003b4a0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·0003b620:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas
0003b4b0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s0003b630:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe
0003b4c0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog0003b640:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle=
0003b4d0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d0003b650:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data-
0003b4e0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003b660:·7461·7267·6574·3d22·2369·646d·3633·3633··target="#idm6363
0003b4f0:·3633·3633·2220·7461·6269·6e64·6578·3d22··6363"·tabindex="0003b670:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003b500:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003b680:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003b510:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003b690:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003b520:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003b6a0:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003b530:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003b6b0:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003b540:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003b6c0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
0003b550:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·0003b6d0:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip
0003b560:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><0003b6e0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><
0003b570:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p0003b6f0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0003b580:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co0003b700:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0003b590:·6c6c·6170·7365·2220·6964·3d22·6964·6d36··llapse"·id="idm60003b710:·7365·2220·6964·3d22·6964·6d36·3336·3322··se"·id="idm6363"
0003b5a0:·3336·3322·3e3c·7461·626c·6520·636c·6173··363"><table·clas0003b720:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
0003b5b0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s0003b730:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
0003b5c0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor0003b740:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
0003b5d0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond0003b750:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
0003b5e0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C0003b760:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
0003b5f0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><0003b770:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
0003b600:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr> 
0003b610:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti 
0003b620:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low< 
0003b630:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th 
0003b640:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td 
0003b650:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr> 
0003b660:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy 
0003b670:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable 
0003b680:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl0003b780:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003b790:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
 0003b7a0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003b7b0:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
 0003b7c0:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
 0003b7d0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
 0003b7e0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
 0003b7f0:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td
 0003b800:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0003b690:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n0003b810:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
0003b6a0:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the·0003b820:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
0003b6b0:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.··0003b830:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
0003b6c0:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.·0003b840:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
0003b6d0:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto0003b850:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
0003b6e0:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE0003b860:·6167·733a·0a20·202d·2043·4345·2d38·3332··ags:.··-·CCE-832
0003b6f0:·2d38·3332·3839·2d39·0a20·202d·2043·4a49··-83289-9.··-·CJI0003b870:·3839·2d39·0a20·202d·2043·4a49·532d·352e··89-9.··-·CJIS-5.
0003b700:·532d·352e·3130·2e31·2e33·0a20·202d·2044··S-5.10.1.3.··-·D0003b880:·3130·2e31·2e33·0a20·202d·2044·4953·412d··10.1.3.··-·DISA-
0003b710:·4953·412d·5354·4947·2d53·4c45·532d·3135··ISA-STIG-SLES-150003b890:·5354·4947·2d53·4c45·532d·3135·2d30·3130··STIG-SLES-15-010
0003b720:·2d30·3130·3431·390a·2020·2d20·4e49·5354··-010419.··-·NIST0003b8a0:·3431·390a·2020·2d20·4e49·5354·2d38·3030··419.··-·NIST-800
0003b730:·2d38·3030·2d35·332d·434d·2d36·2861·290a··-800-53-CM-6(a).0003b8b0:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-·
0003b740:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req-0003b8c0:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.5
0003b750:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS0003b8d0:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1
0003b760:·7634·2d31·312e·352e·320a·2020·2d20·656e··v4-11.5.2.··-·en0003b8e0:·312e·352e·320a·2020·2d20·656e·6162·6c65··1.5.2.··-·enable
0003b770:·6162·6c65·5f73·7472·6174·6567·790a·2020··able_strategy.··0003b8f0:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo
0003b780:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity0003b900:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-
0003b790:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt0003b910:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption.
0003b7a0:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s0003b920:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever
0003b7b0:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r0003b930:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo
0003b7c0:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-0003b940:·745f·6e65·6564·6564·0a20·202d·2070·6163··t_needed.··-·pac
0003b7d0:·2070·6163·6b61·6765·5f61·6964·655f·696e···package_aide_in0003b950:·6b61·6765·5f61·6964·655f·696e·7374·616c··kage_aide_instal
0003b7e0:·7374·616c·6c65·640a·0a2d·206e·616d·653a··stalled..-·name:0003b960:·6c65·640a·0a2d·206e·616d·653a·2045·6e73··led..-·name:·Ens
0003b7f0:·2045·6e73·7572·6520·6169·6465·2069·7320···Ensure·aide·is·0003b970:·7572·6520·6169·6465·2069·7320·696e·7374··ure·aide·is·inst
0003b800:·696e·7374·616c·6c65·640a·2020·7061·636b··installed.··pack0003b980:·616c·6c65·640a·2020·7061·636b·6167·653a··alled.··package:
0003b810:·6167·653a·0a20·2020·206e·616d·653a·2061··age:.····name:·a0003b990:·0a20·2020·206e·616d·653a·2061·6964·650a··.····name:·aide.
0003b820:·6964·650a·2020·2020·7374·6174·653a·2070··ide.····state:·p0003b9a0:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
0003b830:·7265·7365·6e74·0a20·2077·6865·6e3a·2027··resent.··when:·'0003b9b0:·6e74·0a20·2077·6865·6e3a·2027·226b·6572··nt.··when:·'"ker
0003b840:·226b·6572·6e65·6c2d·6465·6661·756c·7422··"kernel-default"0003b9c0:·6e65·6c2d·6465·6661·756c·7422·2069·6e20··nel-default"·in·
0003b850:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003b9d0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
0003b860:·732e·7061·636b·6167·6573·270a·2020·7461··s.packages'.··ta0003b9e0:·636b·6167·6573·270a·2020·7461·6773·3a0a··ckages'.··tags:.
0003b870:·6773·3a0a·2020·2d20·4343·452d·3833·3238··gs:.··-·CCE-83280003b9f0:·2020·2d20·4343·452d·3833·3238·392d·390a····-·CCE-83289-9.
0003b880:·392d·390a·2020·2d20·434a·4953·2d35·2e31··9-9.··-·CJIS-5.10003ba00:·2020·2d20·434a·4953·2d35·2e31·302e·312e····-·CJIS-5.10.1.
0003b890:·302e·312e·330a·2020·2d20·4449·5341·2d53··0.1.3.··-·DISA-S0003ba10:·330a·2020·2d20·4449·5341·2d53·5449·472d··3.··-·DISA-STIG-
0003b8a0:·5449·472d·534c·4553·2d31·352d·3031·3034··TIG-SLES-15-01040003ba20:·534c·4553·2d31·352d·3031·3034·3139·0a20··SLES-15-010419.·
0003b8b0:·3139·0a20·202d·204e·4953·542d·3830·302d··19.··-·NIST-800-0003ba30:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C
0003b8c0:·3533·2d43·4d2d·3628·6129·0a20·202d·2050··53-CM-6(a).··-·P0003ba40:·4d2d·3628·6129·0a20·202d·2050·4349·2d44··M-6(a).··-·PCI-D
0003b8d0:·4349·2d44·5353·2d52·6571·2d31·312e·350a··CI-DSS-Req-11.5.0003ba50:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·
0003b8e0:·2020·2d20·5043·492d·4453·5376·342d·3131····-·PCI-DSSv4-110003ba60:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.2
0003b8f0:·2e35·2e32·0a20·202d·2065·6e61·626c·655f··.5.2.··-·enable_0003ba70:·0a20·202d·2065·6e61·626c·655f·7374·7261··.··-·enable_stra
0003b900:·7374·7261·7465·6779·0a20·202d·206c·6f77··strategy.··-·low0003ba80:·7465·6779·0a20·202d·206c·6f77·5f63·6f6d··tegy.··-·low_com
0003b910:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·0003ba90:·706c·6578·6974·790a·2020·2d20·6c6f·775f··plexity.··-·low_
Max diff block lines reached; 8124317/8143113 bytes (99.77%) of diff not shown.
917 KB
html2text {}
    
Offset 134, 19 lines modifiedOffset 134, 27 lines modified
134 include·install_aide134 include·install_aide
  
135 class·install_aide·{135 class·install_aide·{
136 ··package·{·'aide':136 ··package·{·'aide':
137 ····ensure·=>·'installed',137 ····ensure·=>·'installed',
138 ··}138 ··}
139 }139 }
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 145 #·Remediation·is·applicable·only·in·certain·platforms
 146 if·rpm·--quiet·-q·kernel-default;·then
  
141 [[packages]] 
142 name·=·"aide" 
143 version·=·"*"147 zypper·install·-y·"aide"
  
 148 else
 149 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 150 fi
144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
145 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low152 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
146 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low153 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
147 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false154 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
148 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable155 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
149 -·name:·Gather·the·package·facts156 -·name:·Gather·the·package·facts
150 ··package_facts:157 ··package_facts:
Offset 179, 27 lines modifiedOffset 187, 19 lines modified
179 ··-·PCI-DSSv4-11.5.2187 ··-·PCI-DSSv4-11.5.2
180 ··-·enable_strategy188 ··-·enable_strategy
181 ··-·low_complexity189 ··-·low_complexity
182 ··-·low_disruption190 ··-·low_disruption
183 ··-·medium_severity191 ··-·medium_severity
184 ··-·no_reboot_needed192 ··-·no_reboot_needed
185 ··-·package_aide_installed193 ··-·package_aide_installed
 194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
187 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
188 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
189 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
190 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
191 #·Remediation·is·applicable·only·in·certain·platforms 
192 if·rpm·--quiet·-q·kernel-default;·then 
  
193 zypper·install·-y·"aide" 
  
194 else 
195 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
196 fi195 [[packages]]
 196 name·=·"aide"
 197 version·=·"*"
197 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*198 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
198 Run·the·following·command·to·generate·a·new·database:199 Run·the·following·command·to·generate·a·new·database:
199 $·sudo·/usr/bin/aide·--init200 $·sudo·/usr/bin/aide·--init
200 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the201 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the
201 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these202 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these
202 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their203 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
203 integrity.·The·newly-generated·database·can·be·installed·as·follows:204 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 227, 14 lines modifiedOffset 227, 29 lines modified
227 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5227 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
229 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010419229 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010419
230 ·············_\x8c_\x8i_\x8s············1.4.1230 ·············_\x8c_\x8i_\x8s············1.4.1
231 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79231 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
232 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2232 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255922r958794_rule233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255922r958794_rule
 234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 235 #·Remediation·is·applicable·only·in·certain·platforms
 236 if·rpm·--quiet·-q·kernel-default;·then
  
 237 zypper·-q·--no-remote·ref
  
  
 238 zypper·install·-y·"aide"
  
 239 /usr/bin/aide·--init
 240 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db
  
 241 else
 242 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 243 fi
234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8244 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
235 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low245 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
236 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low246 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
237 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false247 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
238 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict248 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
239 -·name:·Gather·the·package·facts249 -·name:·Gather·the·package·facts
240 ··package_facts:250 ··package_facts:
Offset 347, 29 lines modifiedOffset 362, 14 lines modified
347 ··-·PCI-DSSv4-11.5.2362 ··-·PCI-DSSv4-11.5.2
348 ··-·aide_build_database363 ··-·aide_build_database
349 ··-·low_complexity364 ··-·low_complexity
350 ··-·low_disruption365 ··-·low_disruption
351 ··-·medium_severity366 ··-·medium_severity
352 ··-·no_reboot_needed367 ··-·no_reboot_needed
353 ··-·restrict_strategy368 ··-·restrict_strategy
354 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
355 #·Remediation·is·applicable·only·in·certain·platforms 
356 if·rpm·--quiet·-q·kernel-default;·then 
  
357 zypper·-q·--no-remote·ref 
  
  
358 zypper·install·-y·"aide" 
  
359 /usr/bin/aide·--init 
360 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db 
  
361 else 
362 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
363 fi 
364 Group  ·Disk·Partitioning·  Group·contains·9·rules369 Group  ·Disk·Partitioning·  Group·contains·9·rules
365 _\x8[_\x8r_\x8e_\x8f_\x8]  ·To·ensure·separation·and·protection·of·data,·there·are·top-level·system·directories·which370 _\x8[_\x8r_\x8e_\x8f_\x8]  ·To·ensure·separation·and·protection·of·data,·there·are·top-level·system·directories·which
366 should·be·placed·on·their·own·physical·partition·or·logical·volume.·The·installer's·default371 should·be·placed·on·their·own·physical·partition·or·logical·volume.·The·installer's·default
367 partitioning·scheme·creates·separate·logical·volumes·for·/,·/boot,·and·swap.372 partitioning·scheme·creates·separate·logical·volumes·for·/,·/boot,·and·swap.
368 ····*·If·starting·with·any·of·the·default·layouts,·check·the·box·to·\"Review·and·modify373 ····*·If·starting·with·any·of·the·default·layouts,·check·the·box·to·\"Review·and·modify
369 ······partitioning.\"·This·allows·for·the·easy·creation·of·additional·logical·volumes·inside·the374 ······partitioning.\"·This·allows·for·the·easy·creation·of·additional·logical·volumes·inside·the
370 ······volume·group·already·created,·though·it·may·require·making·/'s·logical·volume·smaller·to·create375 ······volume·group·already·created,·though·it·may·require·making·/'s·logical·volume·smaller·to·create
Offset 511, 14 lines modifiedOffset 511, 34 lines modified
511 ············The·/tmp·directory·is·used·as·temporary·storage·by·many·programs.·Placing·/tmp·in·a·tmpfs511 ············The·/tmp·directory·is·used·as·temporary·storage·by·many·programs.·Placing·/tmp·in·a·tmpfs
512 Rationale:··filesystem·enables·the·setting·of·more·restrictive·mount·options,·which·can·help·protect512 Rationale:··filesystem·enables·the·setting·of·more·restrictive·mount·options,·which·can·help·protect
513 ············programs·which·use·it.·The·tmp.mount·unit·configures·the·tmpfs·filesystem·and·ensures·the513 ············programs·which·use·it.·The·tmp.mount·unit·configures·the·tmpfs·filesystem·and·ensures·the
514 ············/tmp·directory·is·wiped·during·reboot.514 ············/tmp·directory·is·wiped·during·reboot.
515 Severity: ··low515 Severity: ··low
516 Rule·ID:····xccdf_org.ssgproject.content_rule_systemd_tmp_mount_enabled516 Rule·ID:····xccdf_org.ssgproject.content_rule_systemd_tmp_mount_enabled
Max diff block lines reached; 933656/938805 bytes (99.45%) of diff not shown.
2.12 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-anssi_bp28_minimal.html
    
Offset 14840, 152 lines modifiedOffset 14840, 152 lines modified
00039f70:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm00039f70:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
00039f80:·3839·3137·2220·7461·6269·6e64·6578·3d22··8917"·tabindex="00039f80:·3839·3137·2220·7461·6269·6e64·6578·3d22··8917"·tabindex="
00039f90:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"00039f90:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
00039fa0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="00039fa0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
00039fb0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac00039fb0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
00039fc0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal00039fc0:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
00039fd0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme00039fd0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
00039fe0:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild·00039fe0:·6469·6174·696f·6e20·5368·656c·6c20·7363··diation·Shell·sc
00039ff0:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003a000:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003a010:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003a020:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003a030:·2220·6964·3d22·6964·6d38·3931·3722·3e3c··"·id="idm8917"><00039ff0:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
 0003a000:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
 0003a010:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
 0003a020:·7073·6522·2069·643d·2269·646d·3839·3137··pse"·id="idm8917
 0003a030:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
 0003a040:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
 0003a050:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
 0003a060:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
 0003a070:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
 0003a080:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
 0003a090:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003a0a0:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
 0003a0b0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003a0c0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
 0003a0d0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
 0003a0e0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
 0003a0f0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
 0003a100:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t
 0003a110:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
0003a040:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac0003a120:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
0003a050:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·"0003a130:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
 0003a140:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
 0003a150:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
 0003a160:·6966·2021·2028·207b·2072·706d·202d·2d71··if·!·(·{·rpm·--q
 0003a170:·7569·6574·202d·7120·6b65·726e·656c·203b··uiet·-q·kernel·;
 0003a180:·7d20·2661·6d70·3b26·616d·703b·207b·2072··}·&amp;&amp;·{·r
 0003a190:·706d·202d·2d71·7569·6574·202d·7120·7270··pm·--quiet·-q·rp
 0003a1a0:·6d2d·6f73·7472·6565·203b·7d20·2661·6d70··m-ostree·;}·&amp
 0003a1b0:·3b26·616d·703b·207b·2072·706d·202d·2d71··;&amp;·{·rpm·--q
 0003a1c0:·7569·6574·202d·7120·626f·6f74·6320·3b7d··uiet·-q·bootc·;}
 0003a1d0:·2026·616d·703b·2661·6d70·3b20·7b20·2120···&amp;&amp;·{·!·
 0003a1e0:·7270·6d20·2d2d·7175·6965·7420·2d71·206f··rpm·--quiet·-q·o
 0003a1f0:·7065·6e73·6869·6674·2d6b·7562·656c·6574··penshift-kubelet
 0003a200:·203b·7d20·293b·2074·6865·6e0a·0a7a·7970···;}·);·then..zyp
 0003a210:·7065·7220·696e·7374·616c·6c20·2d79·2022··per·install·-y·"
0003a060:·646e·662d·6175·746f·6d61·7469·6322·0a76··dnf-automatic".v0003a220:·646e·662d·6175·746f·6d61·7469·6322·0a0a··dnf-automatic"..
 0003a230:·656c·7365·0a20·2020·2026·6774·3b26·616d··else.····&gt;&am
 0003a240:·703b·3220·6563·686f·2027·5265·6d65·6469··p;2·echo·'Remedi
 0003a250:·6174·696f·6e20·6973·206e·6f74·2061·7070··ation·is·not·app
 0003a260:·6c69·6361·626c·652c·206e·6f74·6869·6e67··licable,·nothing
 0003a270:·2077·6173·2064·6f6e·6527·0a66·690a·3c2f···was·done'.fi.</
 0003a280:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div
 0003a290:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b
 0003a2a0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data
 0003a2b0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps
 0003a2c0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="
 0003a2d0:·2369·646d·3839·3138·2220·7461·6269·6e64··#idm8918"·tabind
 0003a2e0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but
 0003a2f0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand
 0003a300:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title
 0003a310:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re
 0003a320:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">
 0003a330:·5265·6d65·6469·6174·696f·6e20·416e·7369··Remediation·Ansi
 0003a340:·626c·6520·736e·6970·7065·7420·e287·b23c··ble·snippet·...<
 0003a350:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003a360:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003a370:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003a380:·6964·6d38·3931·3822·3e3c·7461·626c·6520··idm8918"><table·
 0003a390:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 0003a3a0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 0003a3b0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 0003a3c0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 0003a3d0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
 0003a3e0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003a3f0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 0003a400:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
0003a070:·6572·7369·6f6e·203d·2022·2a22·0a3c·2f63··ersion·=·"*".</c 
0003a080:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003a090:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003a0a0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003a0b0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003a0c0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003a0d0:·6964·6d38·3931·3822·2074·6162·696e·6465··idm8918"·tabinde 
0003a0e0:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003a0f0:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003a100:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003a110:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003a120:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003a130:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib 
0003a140:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</ 
0003a150:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003a160:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003a170:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003a180:·646d·3839·3138·223e·3c74·6162·6c65·2063··dm8918"><table·c 
0003a190:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl 
0003a1a0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table- 
0003a1b0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c 
0003a1c0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t 
0003a1d0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t 
0003a1e0:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003a1f0:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru 
0003a200:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l 
0003a210:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr> 
0003a220:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th> 
0003a230:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003a240:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003a250:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003a260:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t0003a410:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
0003a270:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code> 
0003a280:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t 
0003a290:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts 
0003a2a0:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts 
0003a2b0:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a 
0003a2c0:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-· 
0003a2d0:·4343·452d·3931·3136·332d·360a·2020·2d20··CCE-91163-6.··-· 
0003a2e0:·656e·6162·6c65·5f73·7472·6174·6567·790a··enable_strategy. 
0003a2f0:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi 
0003a300:·7479·0a20·202d·206c·6f77·5f64·6973·7275··ty.··-·low_disru 
0003a310:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium0003a420:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 0003a430:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 0003a440:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 0003a450:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
 0003a460:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
 0003a470:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
 0003a480:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather·
Max diff block lines reached; 2048210/2067834 bytes (99.05%) of diff not shown.
153 KB
html2text {}
    
Offset 100, 19 lines modifiedOffset 100, 28 lines modified
100 include·install_dnf-automatic100 include·install_dnf-automatic
  
101 class·install_dnf-automatic·{101 class·install_dnf-automatic·{
102 ··package·{·'dnf-automatic':102 ··package·{·'dnf-automatic':
103 ····ensure·=>·'installed',103 ····ensure·=>·'installed',
104 ··}104 ··}
105 }105 }
106 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8106 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 107 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 108 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 109 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 110 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 111 #·Remediation·is·applicable·only·in·certain·platforms
 112 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-
 113 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
107 [[packages]] 
108 name·=·"dnf-automatic" 
109 version·=·"*"114 zypper·install·-y·"dnf-automatic"
  
 115 else
 116 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 117 fi
110 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8118 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
111 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low119 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
112 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low120 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
113 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false121 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
114 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable122 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
115 -·name:·Gather·the·package·facts123 -·name:·Gather·the·package·facts
116 ··package_facts:124 ··package_facts:
Offset 139, 28 lines modifiedOffset 148, 19 lines modified
139 ··-·CCE-91163-6148 ··-·CCE-91163-6
140 ··-·enable_strategy149 ··-·enable_strategy
141 ··-·low_complexity150 ··-·low_complexity
142 ··-·low_disruption151 ··-·low_disruption
143 ··-·medium_severity152 ··-·medium_severity
144 ··-·no_reboot_needed153 ··-·no_reboot_needed
145 ··-·package_dnf-automatic_installed154 ··-·package_dnf-automatic_installed
 155 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
151 #·Remediation·is·applicable·only·in·certain·platforms 
152 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·- 
153 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then 
  
154 zypper·install·-y·"dnf-automatic" 
  
155 else 
156 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
157 fi156 [[packages]]
 157 name·=·"dnf-automatic"
 158 version·=·"*"
158 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*159 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·d\x8dn\x8nf\x8f-\x8-a\x8au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8c·t\x8to\x8o·I\x8In\x8ns\x8st\x8ta\x8al\x8ll\x8l·A\x8Av\x8va\x8ai\x8il\x8la\x8ab\x8bl\x8le\x8e·U\x8Up\x8pd\x8da\x8at\x8te\x8es\x8s·A\x8Au\x8ut\x8to\x8om\x8ma\x8at\x8ti\x8ic\x8ca\x8al\x8ll\x8ly\x8y·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
159 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically160 To·ensure·that·the·packages·comprising·the·available·updates·will·be·automatically
160 installed·by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/161 installed·by·dnf-automatic,·set·apply_updates·to·yes·under·[commands]·section·in·/etc/dnf/
161 automatic.conf.162 automatic.conf.
162 ·············Installing·software·updates·is·a·fundamental·mitigation·against·the163 ·············Installing·software·updates·is·a·fundamental·mitigation·against·the
163 ·············exploitation·of·publicly-known·vulnerabilities.·If·the·most·recent·security164 ·············exploitation·of·publicly-known·vulnerabilities.·If·the·most·recent·security
164 Rationale:···patches·and·updates·are·not·installed,·unauthorized·users·may·take·advantage165 Rationale:···patches·and·updates·are·not·installed,·unauthorized·users·may·take·advantage
Offset 171, 14 lines modifiedOffset 171, 57 lines modified
171 Rule·ID:·····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates171 Rule·ID:·····xccdf_org.ssgproject.content_rule_dnf-automatic_apply_updates
172 Identifiers:·CCE-91165-1172 Identifiers:·CCE-91165-1
173 ·············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495173 ·············_\x8i_\x8s_\x8m····0940,·1144,·1467,·1472,·1483,·1493,·1494,·1495
174 ·············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)174 ·············_\x8n_\x8i_\x8s_\x8t···SI-2(5),·CM-6(a),·SI-2(c)
175 References:··_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1175 References:··_\x8o_\x8s_\x8p_\x8p···FMT_SMF_EXT.1
176 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260176 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·SRG-OS-000805-GPOS-00260
177 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61177 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··R61
 178 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 179 #·Remediation·is·applicable·only·in·certain·platforms
 180 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-
 181 q·bootc·;}·&&·{·!·rpm·--quiet·-q·openshift-kubelet·;}·);·then
  
 182 found=false
  
 183 #·set·value·in·all·files·if·they·contain·section·or·key
 184 for·f·in·$(echo·-n·"/etc/dnf/automatic.conf");·do
 185 ····if·[·!·-e·"$f"·];·then
 186 ········continue
 187 ····fi
  
 188 ····#·find·key·in·section·and·change·value
 189 ····if·grep·-qzosP·"[[:space:]]*\[commands\]([^\n\[]*\n+)+?[[:space:]]*apply_updates"
 190 "$f";·then
  
 191 ············sed·-i·"s/apply_updates[^(\n)]*/apply_updates=yes/"·"$f"
  
 192 ············found=true
  
 193 ····#·find·section·and·add·key·=·value·to·it
 194 ····elif·grep·-qs·"[[:space:]]*\[commands\]"·"$f";·then
  
 195 ············sed·-i·"/[[:space:]]*\[commands\]/a·apply_updates=yes"·"$f"
  
 196 ············found=true
 197 ····fi
 198 done
  
 199 #·if·section·not·in·any·file,·append·section·with·key·=·value·to·FIRST·file·in·files
 200 parameter
 201 if·!·$found·;·then
 202 ····file=$(echo·"/etc/dnf/automatic.conf"·|·cut·-f1·-d·'·')
 203 ····mkdir·-p·"$(dirname·"$file")"
  
 204 ····echo·-e·"[commands]\napply_updates=yes"·>>·"$file"
  
 205 fi
  
 206 else
 207 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 208 fi
178 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8209 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
179 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low210 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
180 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium211 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
181 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false212 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
182 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···unknown213 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···unknown
183 -·name:·Gather·the·package·facts214 -·name:·Gather·the·package·facts
184 ··package_facts:215 ··package_facts:
Offset 214, 69 lines modifiedOffset 257, 69 lines modified
214 ··-·NIST-800-53-SI-2(c)257 ··-·NIST-800-53-SI-2(c)
215 ··-·dnf-automatic_apply_updates258 ··-·dnf-automatic_apply_updates
216 ··-·low_complexity259 ··-·low_complexity
217 ··-·medium_disruption260 ··-·medium_disruption
218 ··-·medium_severity261 ··-·medium_severity
219 ··-·no_reboot_needed262 ··-·no_reboot_needed
Max diff block lines reached; 151503/156434 bytes (96.85%) of diff not shown.
20.8 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-cis.html
    
Offset 15208, 146 lines modifiedOffset 15208, 146 lines modified
0003b670:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe0003b670:·6170·7365·2220·6461·7461·2d74·6172·6765··apse"·data-targe
0003b680:·743d·2223·6964·6d36·3336·3222·2074·6162··t="#idm6362"·tab0003b680:·743d·2223·6964·6d36·3336·3222·2074·6162··t="#idm6362"·tab
0003b690:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="0003b690:·696e·6465·783d·2230·2220·726f·6c65·3d22··index="0"·role="
0003b6a0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp0003b6a0:·6275·7474·6f6e·2220·6172·6961·2d65·7870··button"·aria-exp
0003b6b0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti0003b6b0:·616e·6465·643d·2266·616c·7365·2220·7469··anded="false"·ti
0003b6c0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to0003b6c0:·746c·653d·2241·6374·6976·6174·6520·746f··tle="Activate·to
0003b6d0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#0003b6d0:·2072·6576·6561·6c22·2068·7265·663d·2223···reveal"·href="#
0003b6e0:·2122·3e52·656d·6564·6961·7469·6f6e·204f··!">Remediation·O0003b6e0:·2122·3e52·656d·6564·6961·7469·6f6e·2053··!">Remediation·S
0003b6f0:·5342·7569·6c64·2042·6c75·6570·7269·6e74··SBuild·Blueprint 
0003b700:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a> 
0003b710:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
0003b720:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
0003b730:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm0003b6f0:·6865·6c6c·2073·6372·6970·7420·e287·b23c··hell·script·...<
 0003b700:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
 0003b710:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
 0003b720:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
 0003b730:·6964·6d36·3336·3222·3e3c·7461·626c·6520··idm6362"><table·
 0003b740:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab
 0003b750:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table
 0003b760:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-
 0003b770:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><
 0003b780:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</
 0003b790:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><
 0003b7a0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr
 0003b7b0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>
 0003b7c0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003b7d0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th
 0003b7e0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td><
 0003b7f0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
 0003b800:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en
 0003b810:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></
0003b740:·3633·3632·223e·3c70·7265·3e3c·636f·6465··6362"><pre><code0003b820:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
0003b750:·3e0a·5b5b·7061·636b·6167·6573·5d5d·0a6e··>.[[packages]].n 
0003b760:·616d·6520·3d20·2261·6964·6522·0a76·6572··ame·=·"aide".ver 
0003b770:·7369·6f6e·203d·2022·2a22·0a3c·2f63·6f64··sion·=·"*".</cod0003b830:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
 0003b840:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
 0003b850:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
 0003b860:·7466·6f72·6d73·0a69·6620·7270·6d20·2d2d··tforms.if·rpm·--
 0003b870:·7175·6965·7420·2d71·206b·6572·6e65·6c2d··quiet·-q·kernel-
 0003b880:·6465·6661·756c·743b·2074·6865·6e0a·0a7a··default;·then..z
 0003b890:·7970·7065·7220·696e·7374·616c·6c20·2d79··ypper·install·-y
 0003b8a0:·2022·6169·6465·220a·0a65·6c73·650a·2020···"aide"..else.··
 0003b8b0:·2020·2667·743b·2661·6d70·3b32·2065·6368····&gt;&amp;2·ech
 0003b8c0:·6f20·2752·656d·6564·6961·7469·6f6e·2069··o·'Remediation·i
 0003b8d0:·7320·6e6f·7420·6170·706c·6963·6162·6c65··s·not·applicable
 0003b8e0:·2c20·6e6f·7468·696e·6720·7761·7320·646f··,·nothing·was·do
 0003b8f0:·6e65·270a·6669·0a3c·2f63·6f64·653e·3c2f··ne'.fi.</code></
0003b780:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a0003b900:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
0003b790:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-0003b910:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
0003b7a0:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to0003b920:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
0003b7b0:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·0003b930:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
0003b7c0:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003b940:·2d74·6172·6765·743d·2223·6964·6d36·3336··-target="#idm636
0003b7d0:·6d36·3336·3322·2074·6162·696e·6465·783d··m6363"·tabindex=0003b950:·3322·2074·6162·696e·6465·783d·2230·2220··3"·tabindex="0"·
0003b7e0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003b960:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003b7f0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003b970:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003b800:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003b980:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003b810:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003b990:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003b820:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003b9a0:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003b830:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible0003b9b0:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni
0003b840:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>0003b9c0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>
0003b850:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="0003b9d0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0003b860:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c0003b9e0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0003b870:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm0003b9f0:·7073·6522·2069·643d·2269·646d·3633·3633··pse"·id="idm6363
0003b880:·3633·3633·223e·3c74·6162·6c65·2063·6c61··6363"><table·cla0003ba00:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
0003b890:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-0003ba10:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
0003b8a0:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo0003ba20:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
0003b8b0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con0003ba30:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
0003b8c0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>0003ba40:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
0003b8d0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>0003ba50:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
0003b8e0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr0003ba60:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
0003b8f0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt0003ba70:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
0003b900:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low0003ba80:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
0003b910:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003ba90:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
0003b920:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t0003baa0:·626f·6f74·3a3c·2f74·683e·3c74·643e·6661··boot:</th><td>fa
0003b930:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr 
0003b940:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
0003b950:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl 
0003b960:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab0003bab0:·6c73·653c·2f74·643e·3c2f·7472·3e3c·7472··lse</td></tr><tr
 0003bac0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
 0003bad0:·7468·3e3c·7464·3e65·6e61·626c·653c·2f74··th><td>enable</t
 0003bae0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
0003b970:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-·0003baf0:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name
0003b980:·6e61·6d65·3a20·4761·7468·6572·2074·6865··name:·Gather·the0003bb00:·3a20·4761·7468·6572·2074·6865·2070·6163··:·Gather·the·pac
0003b990:·2070·6163·6b61·6765·2066·6163·7473·0a20···package·facts.·0003bb10:·6b61·6765·2066·6163·7473·0a20·2070·6163··kage·facts.··pac
0003b9a0:·2070·6163·6b61·6765·5f66·6163·7473·3a0a···package_facts:.0003bb20:·6b61·6765·5f66·6163·7473·3a0a·2020·2020··kage_facts:.····
0003b9b0:·2020·2020·6d61·6e61·6765·723a·2061·7574······manager:·aut0003bb30:·6d61·6e61·6765·723a·2061·7574·6f0a·2020··manager:·auto.··
0003b9c0:·6f0a·2020·7461·6773·3a0a·2020·2d20·4343··o.··tags:.··-·CC 
0003b9d0:·452d·3833·3238·392d·390a·2020·2d20·434a··E-83289-9.··-·CJ 
0003b9e0:·4953·2d35·2e31·302e·312e·330a·2020·2d20··IS-5.10.1.3.··-· 
0003b9f0:·4449·5341·2d53·5449·472d·534c·4553·2d31··DISA-STIG-SLES-1 
0003ba00:·352d·3031·3034·3139·0a20·202d·204e·4953··5-010419.··-·NIS 
0003ba10:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a) 
0003ba20:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req 
0003ba30:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS 
0003ba40:·5376·342d·3131·2e35·2e32·0a20·202d·2065··Sv4-11.5.2.··-·e 
0003ba50:·6e61·626c·655f·7374·7261·7465·6779·0a20··nable_strategy.· 
0003ba60:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit 
0003ba70:·790a·2020·2d20·6c6f·775f·6469·7372·7570··y.··-·low_disrup 
0003ba80:·7469·6f6e·0a20·202d·206d·6564·6975·6d5f··tion.··-·medium_ 
0003ba90:·7365·7665·7269·7479·0a20·202d·206e·6f5f··severity.··-·no_ 
0003baa0:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.·· 
0003bab0:·2d20·7061·636b·6167·655f·6169·6465·5f69··-·package_aide_i 
0003bac0:·6e73·7461·6c6c·6564·0a0a·2d20·6e61·6d65··nstalled..-·name 
0003bad0:·3a20·456e·7375·7265·2061·6964·6520·6973··:·Ensure·aide·is 
0003bae0:·2069·6e73·7461·6c6c·6564·0a20·2070·6163···installed.··pac 
0003baf0:·6b61·6765·3a0a·2020·2020·6e61·6d65·3a20··kage:.····name:· 
0003bb00:·6169·6465·0a20·2020·2073·7461·7465·3a20··aide.····state:· 
0003bb10:·7072·6573·656e·740a·2020·7768·656e·3a20··present.··when:· 
0003bb20:·2722·6b65·726e·656c·2d64·6566·6175·6c74··'"kernel-default 
0003bb30:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
0003bb40:·7473·2e70·6163·6b61·6765·7327·0a20·2074··ts.packages'.··t 
0003bb50:·6167·733a·0a20·202d·2043·4345·2d38·3332··ags:.··-·CCE-8320003bb40:·7461·6773·3a0a·2020·2d20·4343·452d·3833··tags:.··-·CCE-83
0003bb60:·3839·2d39·0a20·202d·2043·4a49·532d·352e··89-9.··-·CJIS-5.0003bb50:·3238·392d·390a·2020·2d20·434a·4953·2d35··289-9.··-·CJIS-5
0003bb70:·3130·2e31·2e33·0a20·202d·2044·4953·412d··10.1.3.··-·DISA-0003bb60:·2e31·302e·312e·330a·2020·2d20·4449·5341··.10.1.3.··-·DISA
0003bb80:·5354·4947·2d53·4c45·532d·3135·2d30·3130··STIG-SLES-15-0100003bb70:·2d53·5449·472d·534c·4553·2d31·352d·3031··-STIG-SLES-15-01
0003bb90:·3431·390a·2020·2d20·4e49·5354·2d38·3030··419.··-·NIST-8000003bb80:·3034·3139·0a20·202d·204e·4953·542d·3830··0419.··-·NIST-80
0003bba0:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-·0003bb90:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··-
0003bbb0:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.50003bba0:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.
0003bbc0:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1 
0003bbd0:·312e·352e·320a·2020·2d20·656e·6162·6c65··1.5.2.··-·enable 
0003bbe0:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo 
0003bbf0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··- 
0003bc00:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption. 
0003bc10:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever 
0003bc20:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo0003bbb0:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-
 0003bbc0:·3131·2e35·2e32·0a20·202d·2065·6e61·626c··11.5.2.··-·enabl
 0003bbd0:·655f·7374·7261·7465·6779·0a20·202d·206c··e_strategy.··-·l
Max diff block lines reached; 19935916/19954712 bytes (99.91%) of diff not shown.
1.79 MB
html2text {}
Max HTML report size reached
9.4 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-cis_server_l1.html
    
Offset 15187, 145 lines modifiedOffset 15187, 145 lines modified
0003b520:·7267·6574·3d22·2369·646d·3633·3632·2220··rget="#idm6362"·0003b520:·7267·6574·3d22·2369·646d·3633·3632·2220··rget="#idm6362"·
0003b530:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003b530:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003b540:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003b540:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003b550:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003b550:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003b560:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003b560:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003b570:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003b570:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003b580:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003b580:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003b590:·6e20·4f53·4275·696c·6420·426c·7565·7072··n·OSBuild·Bluepr 
0003b5a0:·696e·7420·736e·6970·7065·7420·e287·b23c··int·snippet·...< 
0003b5b0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b5c0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b5d0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b5e0:·6964·6d36·3336·3222·3e3c·7072·653e·3c63··idm6362"><pre><c 
0003b5f0:·6f64·653e·0a5b·5b70·6163·6b61·6765·735d··ode>.[[packages] 
0003b600:·5d0a·6e61·6d65·203d·2022·6169·6465·220a··].name·=·"aide". 
0003b610:·7665·7273·696f·6e20·3d20·222a·220a·3c2f··version·=·"*".</0003b590:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
 0003b5a0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
 0003b5b0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
 0003b5c0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
 0003b5d0:·643d·2269·646d·3633·3632·223e·3c74·6162··d="idm6362"><tab
 0003b5e0:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 0003b5f0:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 0003b600:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 0003b610:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 0003b620:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
 0003b630:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003b640:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003b650:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
 0003b660:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003b670:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003b680:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
 0003b690:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 0003b6a0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003b6b0:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr
 0003b6c0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
 0003b6d0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
 0003b6e0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
 0003b6f0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
 0003b700:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm
 0003b710:·202d·2d71·7569·6574·202d·7120·6b65·726e···--quiet·-q·kern
 0003b720:·656c·2d64·6566·6175·6c74·3b20·7468·656e··el-default;·then
 0003b730:·0a0a·7a79·7070·6572·2069·6e73·7461·6c6c··..zypper·install
 0003b740:·202d·7920·2261·6964·6522·0a0a·656c·7365···-y·"aide"..else
 0003b750:·0a20·2020·2026·6774·3b26·616d·703b·3220··.····&gt;&amp;2·
 0003b760:·6563·686f·2027·5265·6d65·6469·6174·696f··echo·'Remediatio
 0003b770:·6e20·6973·206e·6f74·2061·7070·6c69·6361··n·is·not·applica
 0003b780:·626c·652c·206e·6f74·6869·6e67·2077·6173··ble,·nothing·was
 0003b790:·2064·6f6e·6527·0a66·690a·3c2f·636f·6465···done'.fi.</code
0003b620:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div0003b7a0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
0003b630:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b0003b7b0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
0003b640:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data0003b7c0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
0003b650:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps0003b7d0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
0003b660:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003b7e0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b670:·2369·646d·3633·3633·2220·7461·6269·6e64··#idm6363"·tabind0003b7f0:·3633·3633·2220·7461·6269·6e64·6578·3d22··6363"·tabindex="
0003b680:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003b800:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b690:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003b810:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b6a0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003b820:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b6b0:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003b830:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003b6c0:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003b840:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003b6d0:·5265·6d65·6469·6174·696f·6e20·416e·7369··Remediation·Ansi0003b850:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·
0003b6e0:·626c·6520·736e·6970·7065·7420·e287·b23c··ble·snippet·...<0003b860:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
0003b6f0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003b870:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003b700:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003b880:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003b710:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003b890:·6c6c·6170·7365·2220·6964·3d22·6964·6d36··llapse"·id="idm6
0003b720:·6964·6d36·3336·3322·3e3c·7461·626c·6520··idm6363"><table·0003b8a0:·3336·3322·3e3c·7461·626c·6520·636c·6173··363"><table·clas
0003b730:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003b8b0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003b740:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003b8c0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003b750:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003b8d0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003b760:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003b8e0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003b770:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003b8f0:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003b780:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><0003b900:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
0003b790:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr0003b910:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
0003b7a0:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>0003b920:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
0003b7b0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr0003b930:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003b7c0:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th0003b940:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
0003b7d0:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003b7e0:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003b7f0:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003b800:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></0003b950:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
 0003b960:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
 0003b970:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable
0003b810:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b820:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather· 
0003b830:·7468·6520·7061·636b·6167·6520·6661·6374··the·package·fact 
0003b840:·730a·2020·7061·636b·6167·655f·6661·6374··s.··package_fact 
0003b850:·733a·0a20·2020·206d·616e·6167·6572·3a20··s:.····manager:· 
0003b860:·6175·746f·0a20·2074·6167·733a·0a20·202d··auto.··tags:.··- 
0003b870:·2043·4345·2d38·3332·3839·2d39·0a20·202d···CCE-83289-9.··- 
0003b880:·2043·4a49·532d·352e·3130·2e31·2e33·0a20···CJIS-5.10.1.3.· 
0003b890:·202d·2044·4953·412d·5354·4947·2d53·4c45···-·DISA-STIG-SLE 
0003b8a0:·532d·3135·2d30·3130·3431·390a·2020·2d20··S-15-010419.··-· 
0003b8b0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6 
0003b8c0:·2861·290a·2020·2d20·5043·492d·4453·532d··(a).··-·PCI-DSS- 
0003b8d0:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI 
0003b8e0:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.·· 
0003b8f0:·2d20·656e·6162·6c65·5f73·7472·6174·6567··-·enable_strateg 
0003b900:·790a·2020·2d20·6c6f·775f·636f·6d70·6c65··y.··-·low_comple 
0003b910:·7869·7479·0a20·202d·206c·6f77·5f64·6973··xity.··-·low_dis 
0003b920:·7275·7074·696f·6e0a·2020·2d20·6d65·6469··ruption.··-·medi 
0003b930:·756d·5f73·6576·6572·6974·790a·2020·2d20··um_severity.··-· 
0003b940:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed 
0003b950:·0a20·202d·2070·6163·6b61·6765·5f61·6964··.··-·package_aid 
0003b960:·655f·696e·7374·616c·6c65·640a·0a2d·206e··e_installed..-·n 
0003b970:·616d·653a·2045·6e73·7572·6520·6169·6465··ame:·Ensure·aide 
0003b980:·2069·7320·696e·7374·616c·6c65·640a·2020···is·installed.·· 
0003b990:·7061·636b·6167·653a·0a20·2020·206e·616d··package:.····nam 
0003b9a0:·653a·2061·6964·650a·2020·2020·7374·6174··e:·aide.····stat 
0003b9b0:·653a·2070·7265·7365·6e74·0a20·2077·6865··e:·present.··whe 
0003b9c0:·6e3a·2027·226b·6572·6e65·6c2d·6465·6661··n:·'"kernel-defa 
0003b9d0:·756c·7422·2069·6e20·616e·7369·626c·655f··ult"·in·ansible_ 
0003b9e0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
0003b9f0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE- 
0003ba00:·3833·3238·392d·390a·2020·2d20·434a·4953··83289-9.··-·CJIS 
0003ba10:·2d35·2e31·302e·312e·330a·2020·2d20·4449··-5.10.1.3.··-·DI 
0003ba20:·5341·2d53·5449·472d·534c·4553·2d31·352d··SA-STIG-SLES-15- 
0003ba30:·3031·3034·3139·0a20·202d·204e·4953·542d··010419.··-·NIST- 
0003ba40:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).· 
0003ba50:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1 
0003ba60:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv 
0003ba70:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena 
0003ba80:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··- 
0003ba90:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity. 
0003baa0:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti 
0003bab0:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se 
0003bac0:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re 
0003bad0:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-· 
0003bae0:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins 
Max diff block lines reached; 8798651/8817309 bytes (99.79%) of diff not shown.
1020 KB
html2text {}
    
Offset 137, 19 lines modifiedOffset 137, 27 lines modified
137 include·install_aide137 include·install_aide
  
138 class·install_aide·{138 class·install_aide·{
139 ··package·{·'aide':139 ··package·{·'aide':
140 ····ensure·=>·'installed',140 ····ensure·=>·'installed',
141 ··}141 ··}
142 }142 }
143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8143 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 144 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 145 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 146 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 147 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 148 #·Remediation·is·applicable·only·in·certain·platforms
 149 if·rpm·--quiet·-q·kernel-default;·then
  
144 [[packages]] 
145 name·=·"aide" 
146 version·=·"*"150 zypper·install·-y·"aide"
  
 151 else
 152 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 153 fi
147 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8154 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
148 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low155 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
149 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low156 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
150 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false157 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
151 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable158 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
152 -·name:·Gather·the·package·facts159 -·name:·Gather·the·package·facts
153 ··package_facts:160 ··package_facts:
Offset 182, 27 lines modifiedOffset 190, 19 lines modified
182 ··-·PCI-DSSv4-11.5.2190 ··-·PCI-DSSv4-11.5.2
183 ··-·enable_strategy191 ··-·enable_strategy
184 ··-·low_complexity192 ··-·low_complexity
185 ··-·low_disruption193 ··-·low_disruption
186 ··-·medium_severity194 ··-·medium_severity
187 ··-·no_reboot_needed195 ··-·no_reboot_needed
188 ··-·package_aide_installed196 ··-·package_aide_installed
 197 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
190 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
191 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
192 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
193 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
194 #·Remediation·is·applicable·only·in·certain·platforms 
195 if·rpm·--quiet·-q·kernel-default;·then 
  
196 zypper·install·-y·"aide" 
  
197 else 
198 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
199 fi198 [[packages]]
 199 name·=·"aide"
 200 version·=·"*"
200 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*201 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
201 Run·the·following·command·to·generate·a·new·database:202 Run·the·following·command·to·generate·a·new·database:
202 $·sudo·/usr/bin/aide·--init203 $·sudo·/usr/bin/aide·--init
203 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the204 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the
204 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure205 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure
205 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-206 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-
206 generated·database·can·be·installed·as·follows:207 generated·database·can·be·installed·as·follows:
Offset 230, 14 lines modifiedOffset 230, 29 lines modified
230 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5230 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
231 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199231 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
232 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010419232 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010419
233 ·············_\x8c_\x8i_\x8s············1.4.1233 ·············_\x8c_\x8i_\x8s············1.4.1
234 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79234 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
235 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2235 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
236 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255922r958794_rule236 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255922r958794_rule
 237 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 238 #·Remediation·is·applicable·only·in·certain·platforms
 239 if·rpm·--quiet·-q·kernel-default;·then
  
 240 zypper·-q·--no-remote·ref
  
  
 241 zypper·install·-y·"aide"
  
 242 /usr/bin/aide·--init
 243 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db
  
 244 else
 245 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 246 fi
237 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8247 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
238 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low248 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
239 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low249 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
240 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false250 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
241 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict251 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
242 -·name:·Gather·the·package·facts252 -·name:·Gather·the·package·facts
243 ··package_facts:253 ··package_facts:
Offset 350, 29 lines modifiedOffset 365, 14 lines modified
350 ··-·PCI-DSSv4-11.5.2365 ··-·PCI-DSSv4-11.5.2
351 ··-·aide_build_database366 ··-·aide_build_database
352 ··-·low_complexity367 ··-·low_complexity
353 ··-·low_disruption368 ··-·low_disruption
354 ··-·medium_severity369 ··-·medium_severity
355 ··-·no_reboot_needed370 ··-·no_reboot_needed
356 ··-·restrict_strategy371 ··-·restrict_strategy
357 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
358 #·Remediation·is·applicable·only·in·certain·platforms 
359 if·rpm·--quiet·-q·kernel-default;·then 
  
360 zypper·-q·--no-remote·ref 
  
  
361 zypper·install·-y·"aide" 
  
362 /usr/bin/aide·--init 
363 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db 
  
364 else 
365 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
366 fi 
367 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8md\x8d·T\x8Ti\x8im\x8me\x8er\x8r·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*372 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8md\x8d·T\x8Ti\x8im\x8me\x8er\x8r·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
368 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·systemd·service·and·a·timer373 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·systemd·service·and·a·timer
369 unit·to·run·the·service·periodically:·For·example,·if·a·systemd·timer·is·expected·to·be·started·every·day374 unit·to·run·the·service·periodically:·For·example,·if·a·systemd·timer·is·expected·to·be·started·every·day
370 at·5AM375 at·5AM
371 OnCalendar=*-*-*·05:00:0376 OnCalendar=*-*-*·05:00:0
372 [Timer]377 [Timer]
373 section·in·the·timer·unit·and·a·Unit·section·starting·the·AIDE·check·service·unit·should·be·referred.378 section·in·the·timer·unit·and·a·Unit·section·starting·the·AIDE·check·service·unit·should·be·referred.
Offset 398, 14 lines modifiedOffset 398, 58 lines modified
398 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5398 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
399 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-00201399 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-00201
400 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010570400 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010570
401 ·············_\x8c_\x8i_\x8s············1.4.2401 ·············_\x8c_\x8i_\x8s············1.4.2
402 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76402 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76
403 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2403 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
Max diff block lines reached; 1035733/1040746 bytes (99.52%) of diff not shown.
9.15 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-cis_workstation_l1.html
    
Offset 15173, 145 lines modifiedOffset 15173, 145 lines modified
0003b440:·7461·7267·6574·3d22·2369·646d·3633·3632··target="#idm63620003b440:·7461·7267·6574·3d22·2369·646d·3633·3632··target="#idm6362
0003b450:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r0003b450:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003b460:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari0003b460:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003b470:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals0003b470:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003b480:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa0003b480:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003b490:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr0003b490:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003b4a0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat0003b4a0:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
0003b4b0:·696f·6e20·4f53·4275·696c·6420·426c·7565··ion·OSBuild·Blue 
0003b4c0:·7072·696e·7420·736e·6970·7065·7420·e287··print·snippet·.. 
0003b4d0:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl 
0003b4e0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla 
0003b4f0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id 
0003b500:·3d22·6964·6d36·3336·3222·3e3c·7072·653e··="idm6362"><pre> 
0003b510:·3c63·6f64·653e·0a5b·5b70·6163·6b61·6765··<code>.[[package 
0003b520:·735d·5d0a·6e61·6d65·203d·2022·6169·6465··s]].name·=·"aide 
0003b530:·220a·7665·7273·696f·6e20·3d20·222a·220a··".version·=·"*".0003b4b0:·696f·6e20·5368·656c·6c20·7363·7269·7074··ion·Shell·script
 0003b4c0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
 0003b4d0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
 0003b4e0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
 0003b4f0:·2069·643d·2269·646d·3633·3632·223e·3c74···id="idm6362"><t
 0003b500:·6162·6c65·2063·6c61·7373·3d22·7461·626c··able·class="tabl
 0003b510:·6520·7461·626c·652d·7374·7269·7065·6420··e·table-striped·
 0003b520:·7461·626c·652d·626f·7264·6572·6564·2074··table-bordered·t
 0003b530:·6162·6c65·2d63·6f6e·6465·6e73·6564·223e··able-condensed">
 0003b540:·3c74·723e·3c74·683e·436f·6d70·6c65·7869··<tr><th>Complexi
 0003b550:·7479·3a3c·2f74·683e·3c74·643e·6c6f·773c··ty:</th><td>low<
 0003b560:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b570:·3e44·6973·7275·7074·696f·6e3a·3c2f·7468··>Disruption:</th
 0003b580:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003b590:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot
 0003b5a0:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<
 0003b5b0:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
 0003b5c0:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
 0003b5d0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></
 0003b5e0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
 0003b5f0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
 0003b600:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
 0003b610:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
 0003b620:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r
 0003b630:·706d·202d·2d71·7569·6574·202d·7120·6b65··pm·--quiet·-q·ke
 0003b640:·726e·656c·2d64·6566·6175·6c74·3b20·7468··rnel-default;·th
 0003b650:·656e·0a0a·7a79·7070·6572·2069·6e73·7461··en..zypper·insta
 0003b660:·6c6c·202d·7920·2261·6964·6522·0a0a·656c··ll·-y·"aide"..el
 0003b670:·7365·0a20·2020·2026·6774·3b26·616d·703b··se.····&gt;&amp;
 0003b680:·3220·6563·686f·2027·5265·6d65·6469·6174··2·echo·'Remediat
 0003b690:·696f·6e20·6973·206e·6f74·2061·7070·6c69··ion·is·not·appli
 0003b6a0:·6361·626c·652c·206e·6f74·6869·6e67·2077··cable,·nothing·w
 0003b6b0:·6173·2064·6f6e·6527·0a66·690a·3c2f·636f··as·done'.fi.</co
0003b540:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d0003b6c0:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
0003b550:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn0003b6d0:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
0003b560:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da0003b6e0:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
0003b570:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla0003b6f0:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
0003b580:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b700:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
0003b590:·3d22·2369·646d·3633·3633·2220·7461·6269··="#idm6363"·tabi0003b710:·646d·3633·3633·2220·7461·6269·6e64·6578··dm6363"·tabindex
0003b5a0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b720:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto
0003b5b0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b730:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded
0003b5c0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b740:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="
0003b5d0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b750:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve
0003b5e0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b760:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re
0003b5f0:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An0003b770:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl
0003b600:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..0003b780:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a
0003b610:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl0003b790:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003b620:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla0003b7a0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003b630:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id0003b7b0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003b640:·3d22·6964·6d36·3336·3322·3e3c·7461·626c··="idm6363"><tabl0003b7c0:·6d36·3336·3322·3e3c·7461·626c·6520·636c··m6363"><table·cl
0003b650:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t0003b7d0:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
0003b660:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab0003b7e0:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003b670:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl0003b7f0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
0003b680:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr0003b800:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
0003b690:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:0003b810:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003b6a0:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td0003b820:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
0003b6b0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di0003b830:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
0003b6c0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003b840:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
0003b6d0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><0003b850:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
0003b6e0:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</0003b860:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
0003b6f0:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td0003b870:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
0003b700:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St0003b880:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
0003b710:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>0003b890:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab
0003b720:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr> 
0003b730:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co 
0003b740:·6465·3e2d·206e·616d·653a·2047·6174·6865··de>-·name:·Gathe 
0003b750:·7220·7468·6520·7061·636b·6167·6520·6661··r·the·package·fa 
0003b760:·6374·730a·2020·7061·636b·6167·655f·6661··cts.··package_fa 
0003b770:·6374·733a·0a20·2020·206d·616e·6167·6572··cts:.····manager 
0003b780:·3a20·6175·746f·0a20·2074·6167·733a·0a20··:·auto.··tags:.· 
0003b790:·202d·2043·4345·2d38·3332·3839·2d39·0a20···-·CCE-83289-9.· 
0003b7a0:·202d·2043·4a49·532d·352e·3130·2e31·2e33···-·CJIS-5.10.1.3 
0003b7b0:·0a20·202d·2044·4953·412d·5354·4947·2d53··.··-·DISA-STIG-S 
0003b7c0:·4c45·532d·3135·2d30·3130·3431·390a·2020··LES-15-010419.·· 
0003b7d0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM 
0003b7e0:·2d36·2861·290a·2020·2d20·5043·492d·4453··-6(a).··-·PCI-DS 
0003b7f0:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P 
0003b800:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2. 
0003b810:·2020·2d20·656e·6162·6c65·5f73·7472·6174····-·enable_strat 
0003b820:·6567·790a·2020·2d20·6c6f·775f·636f·6d70··egy.··-·low_comp 
0003b830:·6c65·7869·7479·0a20·202d·206c·6f77·5f64··lexity.··-·low_d 
0003b840:·6973·7275·7074·696f·6e0a·2020·2d20·6d65··isruption.··-·me 
0003b850:·6469·756d·5f73·6576·6572·6974·790a·2020··dium_severity.·· 
0003b860:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need 
0003b870:·6564·0a20·202d·2070·6163·6b61·6765·5f61··ed.··-·package_a 
0003b880:·6964·655f·696e·7374·616c·6c65·640a·0a2d··ide_installed..- 
0003b890:·206e·616d·653a·2045·6e73·7572·6520·6169···name:·Ensure·ai 
0003b8a0:·6465·2069·7320·696e·7374·616c·6c65·640a··de·is·installed. 
0003b8b0:·2020·7061·636b·6167·653a·0a20·2020·206e····package:.····n 
0003b8c0:·616d·653a·2061·6964·650a·2020·2020·7374··ame:·aide.····st 
0003b8d0:·6174·653a·2070·7265·7365·6e74·0a20·2077··ate:·present.··w 
0003b8e0:·6865·6e3a·2027·226b·6572·6e65·6c2d·6465··hen:·'"kernel-de 
0003b8f0:·6661·756c·7422·2069·6e20·616e·7369·626c··fault"·in·ansibl 
0003b900:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
0003b910:·270a·2020·7461·6773·3a0a·2020·2d20·4343··'.··tags:.··-·CC 
0003b920:·452d·3833·3238·392d·390a·2020·2d20·434a··E-83289-9.··-·CJ 
0003b930:·4953·2d35·2e31·302e·312e·330a·2020·2d20··IS-5.10.1.3.··-· 
0003b940:·4449·5341·2d53·5449·472d·534c·4553·2d31··DISA-STIG-SLES-1 
0003b950:·352d·3031·3034·3139·0a20·202d·204e·4953··5-010419.··-·NIS 
0003b960:·542d·3830·302d·3533·2d43·4d2d·3628·6129··T-800-53-CM-6(a) 
0003b970:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req 
0003b980:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS 
0003b990:·5376·342d·3131·2e35·2e32·0a20·202d·2065··Sv4-11.5.2.··-·e 
0003b9a0:·6e61·626c·655f·7374·7261·7465·6779·0a20··nable_strategy.· 
0003b9b0:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit 
0003b9c0:·790a·2020·2d20·6c6f·775f·6469·7372·7570··y.··-·low_disrup 
0003b9d0:·7469·6f6e·0a20·202d·206d·6564·6975·6d5f··tion.··-·medium_ 
0003b9e0:·7365·7665·7269·7479·0a20·202d·206e·6f5f··severity.··-·no_ 
0003b9f0:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.·· 
0003ba00:·2d20·7061·636b·6167·655f·6169·6465·5f69··-·package_aide_i 
0003ba10:·6e73·7461·6c6c·6564·0a3c·2f63·6f64·653e··nstalled.</code> 
0003ba20:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
Max diff block lines reached; 8565297/8583955 bytes (99.78%) of diff not shown.
991 KB
html2text {}
    
Offset 134, 19 lines modifiedOffset 134, 27 lines modified
134 include·install_aide134 include·install_aide
  
135 class·install_aide·{135 class·install_aide·{
136 ··package·{·'aide':136 ··package·{·'aide':
137 ····ensure·=>·'installed',137 ····ensure·=>·'installed',
138 ··}138 ··}
139 }139 }
140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8140 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 141 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 142 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 143 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 144 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 145 #·Remediation·is·applicable·only·in·certain·platforms
 146 if·rpm·--quiet·-q·kernel-default;·then
  
141 [[packages]] 
142 name·=·"aide" 
143 version·=·"*"147 zypper·install·-y·"aide"
  
 148 else
 149 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 150 fi
144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8151 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
145 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low152 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
146 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low153 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
147 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false154 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
148 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable155 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
149 -·name:·Gather·the·package·facts156 -·name:·Gather·the·package·facts
150 ··package_facts:157 ··package_facts:
Offset 179, 27 lines modifiedOffset 187, 19 lines modified
179 ··-·PCI-DSSv4-11.5.2187 ··-·PCI-DSSv4-11.5.2
180 ··-·enable_strategy188 ··-·enable_strategy
181 ··-·low_complexity189 ··-·low_complexity
182 ··-·low_disruption190 ··-·low_disruption
183 ··-·medium_severity191 ··-·medium_severity
184 ··-·no_reboot_needed192 ··-·no_reboot_needed
185 ··-·package_aide_installed193 ··-·package_aide_installed
 194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
186 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
187 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
188 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
189 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
190 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
191 #·Remediation·is·applicable·only·in·certain·platforms 
192 if·rpm·--quiet·-q·kernel-default;·then 
  
193 zypper·install·-y·"aide" 
  
194 else 
195 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
196 fi195 [[packages]]
 196 name·=·"aide"
 197 version·=·"*"
197 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*198 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
198 Run·the·following·command·to·generate·a·new·database:199 Run·the·following·command·to·generate·a·new·database:
199 $·sudo·/usr/bin/aide·--init200 $·sudo·/usr/bin/aide·--init
200 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the201 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the
201 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure202 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure
202 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-203 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-
203 generated·database·can·be·installed·as·follows:204 generated·database·can·be·installed·as·follows:
Offset 227, 14 lines modifiedOffset 227, 29 lines modified
227 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5227 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199228 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
229 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010419229 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010419
230 ·············_\x8c_\x8i_\x8s············1.4.1230 ·············_\x8c_\x8i_\x8s············1.4.1
231 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79231 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
232 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2232 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255922r958794_rule233 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255922r958794_rule
 234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 235 #·Remediation·is·applicable·only·in·certain·platforms
 236 if·rpm·--quiet·-q·kernel-default;·then
  
 237 zypper·-q·--no-remote·ref
  
  
 238 zypper·install·-y·"aide"
  
 239 /usr/bin/aide·--init
 240 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db
  
 241 else
 242 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 243 fi
234 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8244 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
235 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low245 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
236 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low246 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
237 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false247 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
238 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict248 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
239 -·name:·Gather·the·package·facts249 -·name:·Gather·the·package·facts
240 ··package_facts:250 ··package_facts:
Offset 347, 29 lines modifiedOffset 362, 14 lines modified
347 ··-·PCI-DSSv4-11.5.2362 ··-·PCI-DSSv4-11.5.2
348 ··-·aide_build_database363 ··-·aide_build_database
349 ··-·low_complexity364 ··-·low_complexity
350 ··-·low_disruption365 ··-·low_disruption
351 ··-·medium_severity366 ··-·medium_severity
352 ··-·no_reboot_needed367 ··-·no_reboot_needed
353 ··-·restrict_strategy368 ··-·restrict_strategy
354 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
355 #·Remediation·is·applicable·only·in·certain·platforms 
356 if·rpm·--quiet·-q·kernel-default;·then 
  
357 zypper·-q·--no-remote·ref 
  
  
358 zypper·install·-y·"aide" 
  
359 /usr/bin/aide·--init 
360 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db 
  
361 else 
362 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
363 fi 
364 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8md\x8d·T\x8Ti\x8im\x8me\x8er\x8r·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*369 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8md\x8d·T\x8Ti\x8im\x8me\x8er\x8r·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
365 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·systemd·service·and·a·timer370 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·systemd·service·and·a·timer
366 unit·to·run·the·service·periodically:·For·example,·if·a·systemd·timer·is·expected·to·be·started·every·day371 unit·to·run·the·service·periodically:·For·example,·if·a·systemd·timer·is·expected·to·be·started·every·day
367 at·5AM372 at·5AM
368 OnCalendar=*-*-*·05:00:0373 OnCalendar=*-*-*·05:00:0
369 [Timer]374 [Timer]
370 section·in·the·timer·unit·and·a·Unit·section·starting·the·AIDE·check·service·unit·should·be·referred.375 section·in·the·timer·unit·and·a·Unit·section·starting·the·AIDE·check·service·unit·should·be·referred.
Offset 395, 14 lines modifiedOffset 395, 58 lines modified
395 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5395 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
396 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-00201396 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-00201
397 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010570397 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010570
398 ·············_\x8c_\x8i_\x8s············1.4.2398 ·············_\x8c_\x8i_\x8s············1.4.2
399 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76399 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76
400 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2400 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
Max diff block lines reached; 1009761/1014774 bytes (99.51%) of diff not shown.
20.7 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-cis_workstation_l2.html
    
Offset 15200, 145 lines modifiedOffset 15200, 145 lines modified
0003b5f0:·6765·743d·2223·6964·6d36·3336·3222·2074··get="#idm6362"·t0003b5f0:·6765·743d·2223·6964·6d36·3336·3222·2074··get="#idm6362"·t
0003b600:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role0003b600:·6162·696e·6465·783d·2230·2220·726f·6c65··abindex="0"·role
0003b610:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e0003b610:·3d22·6275·7474·6f6e·2220·6172·6961·2d65··="button"·aria-e
0003b620:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·0003b620:·7870·616e·6465·643d·2266·616c·7365·2220··xpanded="false"·
0003b630:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·0003b630:·7469·746c·653d·2241·6374·6976·6174·6520··title="Activate·
0003b640:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=0003b640:·746f·2072·6576·6561·6c22·2068·7265·663d··to·reveal"·href=
0003b650:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation0003b650:·2223·2122·3e52·656d·6564·6961·7469·6f6e··"#!">Remediation
0003b660:·204f·5342·7569·6c64·2042·6c75·6570·7269···OSBuild·Bluepri0003b660:·2053·6865·6c6c·2073·6372·6970·7420·e287···Shell·script·..
 0003b670:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
 0003b680:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
 0003b690:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
 0003b6a0:·3d22·6964·6d36·3336·3222·3e3c·7461·626c··="idm6362"><tabl
 0003b6b0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
 0003b6c0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
 0003b6d0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
 0003b6e0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
 0003b6f0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
 0003b700:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
 0003b710:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di
 0003b720:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t
 0003b730:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
 0003b740:·7472·3e3c·7468·3e52·6562·6f6f·743a·3c2f··tr><th>Reboot:</
 0003b750:·7468·3e3c·7464·3e66·616c·7365·3c2f·7464··th><td>false</td
 0003b760:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
 0003b770:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
 0003b780:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr>
 0003b790:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
 0003b7a0:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
 0003b7b0:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
 0003b7c0:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
 0003b7d0:·6c61·7466·6f72·6d73·0a69·6620·7270·6d20··latforms.if·rpm·
 0003b7e0:·2d2d·7175·6965·7420·2d71·206b·6572·6e65··--quiet·-q·kerne
 0003b7f0:·6c2d·6465·6661·756c·743b·2074·6865·6e0a··l-default;·then.
 0003b800:·0a7a·7970·7065·7220·696e·7374·616c·6c20··.zypper·install·
 0003b810:·2d79·2022·6169·6465·220a·0a65·6c73·650a··-y·"aide"..else.
 0003b820:·2020·2020·2667·743b·2661·6d70·3b32·2065······&gt;&amp;2·e
 0003b830:·6368·6f20·2752·656d·6564·6961·7469·6f6e··cho·'Remediation
 0003b840:·2069·7320·6e6f·7420·6170·706c·6963·6162···is·not·applicab
 0003b850:·6c65·2c20·6e6f·7468·696e·6720·7761·7320··le,·nothing·was·
 0003b860:·646f·6e65·270a·6669·0a3c·2f63·6f64·653e··done'.fi.</code>
 0003b870:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
 0003b880:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
 0003b890:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
 0003b8a0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
 0003b8b0:·7461·2d74·6172·6765·743d·2223·6964·6d36··ta-target="#idm6
 0003b8c0:·3336·3322·2074·6162·696e·6465·783d·2230··363"·tabindex="0
 0003b8d0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
 0003b8e0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
 0003b8f0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
 0003b900:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
 0003b910:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
 0003b920:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s
0003b670:·6e74·2073·6e69·7070·6574·20e2·87b2·3c2f··nt·snippet·...</0003b930:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b
0003b680:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0003b940:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
0003b690:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0003b950:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
0003b6a0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0003b960:·6c61·7073·6522·2069·643d·2269·646d·3633··lapse"·id="idm63
0003b6b0:·646d·3633·3632·223e·3c70·7265·3e3c·636f··dm6362"><pre><co 
0003b6c0:·6465·3e0a·5b5b·7061·636b·6167·6573·5d5d··de>.[[packages]] 
0003b6d0:·0a6e·616d·6520·3d20·2261·6964·6522·0a76··.name·=·"aide".v 
0003b6e0:·6572·7369·6f6e·203d·2022·2a22·0a3c·2f63··ersion·=·"*".</c 
0003b6f0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b700:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b710:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b720:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b730:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b740:·6964·6d36·3336·3322·2074·6162·696e·6465··idm6363"·tabinde 
0003b750:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b760:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b770:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b780:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b790:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b7a0:·656d·6564·6961·7469·6f6e·2041·6e73·6962··emediation·Ansib 
0003b7b0:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</ 
0003b7c0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class 
0003b7d0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse 
0003b7e0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i 
0003b7f0:·646d·3633·3633·223e·3c74·6162·6c65·2063··dm6363"><table·c0003b970:·3633·223e·3c74·6162·6c65·2063·6c61·7373··63"><table·class
0003b800:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl0003b980:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st
0003b810:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-0003b990:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord
0003b820:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c0003b9a0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde
0003b830:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t0003b9b0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co
0003b840:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t0003b9c0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t
0003b850:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></0003b9d0:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
0003b860:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru0003b9e0:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio
0003b870:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l0003b9f0:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</
0003b880:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>0003ba00:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
0003b890:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>0003ba10:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>
0003b8a0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></ 
0003b8b0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat 
0003b8c0:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena 
0003b8d0:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t0003ba20:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr><
 0003ba30:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
 0003ba40:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable<
 0003ba50:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
0003b8e0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>0003ba60:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na
0003b8f0:·2d20·6e61·6d65·3a20·4761·7468·6572·2074··-·name:·Gather·t0003ba70:·6d65·3a20·4761·7468·6572·2074·6865·2070··me:·Gather·the·p
0003b900:·6865·2070·6163·6b61·6765·2066·6163·7473··he·package·facts0003ba80:·6163·6b61·6765·2066·6163·7473·0a20·2070··ackage·facts.··p
0003b910:·0a20·2070·6163·6b61·6765·5f66·6163·7473··.··package_facts0003ba90:·6163·6b61·6765·5f66·6163·7473·3a0a·2020··ackage_facts:.··
0003b920:·3a0a·2020·2020·6d61·6e61·6765·723a·2061··:.····manager:·a0003baa0:·2020·6d61·6e61·6765·723a·2061·7574·6f0a····manager:·auto.
0003b930:·7574·6f0a·2020·7461·6773·3a0a·2020·2d20··uto.··tags:.··-·0003bab0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
0003b940:·4343·452d·3833·3238·392d·390a·2020·2d20··CCE-83289-9.··-·0003bac0:·3833·3238·392d·390a·2020·2d20·434a·4953··83289-9.··-·CJIS
0003b950:·434a·4953·2d35·2e31·302e·312e·330a·2020··CJIS-5.10.1.3.··0003bad0:·2d35·2e31·302e·312e·330a·2020·2d20·4449··-5.10.1.3.··-·DI
0003b960:·2d20·4449·5341·2d53·5449·472d·534c·4553··-·DISA-STIG-SLES0003bae0:·5341·2d53·5449·472d·534c·4553·2d31·352d··SA-STIG-SLES-15-
0003b970:·2d31·352d·3031·3034·3139·0a20·202d·204e··-15-010419.··-·N0003baf0:·3031·3034·3139·0a20·202d·204e·4953·542d··010419.··-·NIST-
0003b980:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(0003bb00:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·
0003b990:·6129·0a20·202d·2050·4349·2d44·5353·2d52··a).··-·PCI-DSS-R0003bb10:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1
0003b9a0:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI-0003bb20:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv
0003b9b0:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··-0003bb30:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena
0003b9c0:·2065·6e61·626c·655f·7374·7261·7465·6779···enable_strategy0003bb40:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··-
0003b9d0:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex0003bb50:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity.
0003b9e0:·6974·790a·2020·2d20·6c6f·775f·6469·7372··ity.··-·low_disr0003bb60:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti
0003b9f0:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu0003bb70:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se
0003ba00:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n0003bb80:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re
0003ba10:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003bb90:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·
0003ba20:·2020·2d20·7061·636b·6167·655f·6169·6465····-·package_aide0003bba0:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins
0003ba30:·5f69·6e73·7461·6c6c·6564·0a0a·2d20·6e61··_installed..-·na0003bbb0:·7461·6c6c·6564·0a0a·2d20·6e61·6d65·3a20··talled..-·name:·
0003ba40:·6d65·3a20·456e·7375·7265·2061·6964·6520··me:·Ensure·aide·0003bbc0:·456e·7375·7265·2061·6964·6520·6973·2069··Ensure·aide·is·i
0003ba50:·6973·2069·6e73·7461·6c6c·6564·0a20·2070··is·installed.··p0003bbd0:·6e73·7461·6c6c·6564·0a20·2070·6163·6b61··nstalled.··packa
0003ba60:·6163·6b61·6765·3a0a·2020·2020·6e61·6d65··ackage:.····name0003bbe0:·6765·3a0a·2020·2020·6e61·6d65·3a20·6169··ge:.····name:·ai
0003ba70:·3a20·6169·6465·0a20·2020·2073·7461·7465··:·aide.····state0003bbf0:·6465·0a20·2020·2073·7461·7465·3a20·7072··de.····state:·pr
0003ba80:·3a20·7072·6573·656e·740a·2020·7768·656e··:·present.··when0003bc00:·6573·656e·740a·2020·7768·656e·3a20·2722··esent.··when:·'"
0003ba90:·3a20·2722·6b65·726e·656c·2d64·6566·6175··:·'"kernel-defau 
0003baa0:·6c74·2220·696e·2061·6e73·6962·6c65·5f66··lt"·in·ansible_f 
0003bab0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
0003bac0:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8 
0003bad0:·3332·3839·2d39·0a20·202d·2043·4a49·532d··3289-9.··-·CJIS- 
0003bae0:·352e·3130·2e31·2e33·0a20·202d·2044·4953··5.10.1.3.··-·DIS 
Max diff block lines reached; 19861276/19879934 bytes (99.91%) of diff not shown.
1.79 MB
html2text {}
Max HTML report size reached
16.5 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-hipaa.html
    
Offset 15209, 415 lines modifiedOffset 15209, 415 lines modified
0003b680:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id0003b680:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003b690:·6d36·3032·3022·2074·6162·696e·6465·783d··m6020"·tabindex=0003b690:·6d36·3032·3022·2074·6162·696e·6465·783d··m6020"·tabindex=
0003b6a0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button0003b6a0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003b6b0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=0003b6b0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003b6c0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A0003b6c0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003b6d0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea0003b6d0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
Diff chunk too large, falling back to line-by-line diff (401 lines added, 401 lines removed)
0003b6e0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem0003b6e0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
0003b6f0:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible0003b6f0:·6564·6961·7469·6f6e·2053·6865·6c6c·2073··ediation·Shell·s
0003b700:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>0003b700:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br
0003b710:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="0003b710:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003b720:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c0003b720:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003b730:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm0003b730:·6170·7365·2220·6964·3d22·6964·6d36·3032··apse"·id="idm602
0003b740:·3630·3230·223e·3c74·6162·6c65·2063·6c61··6020"><table·cla0003b740:·3022·3e3c·7072·653e·3c63·6f64·653e·2320··0"><pre><code>#·
0003b750:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-0003b750:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
0003b760:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo0003b760:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
0003b770:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con0003b770:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
0003b780:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>0003b780:·726d·730a·6966·2021·2028·207b·2072·706d··rms.if·!·(·{·rpm
0003b790:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>0003b790:·202d·2d71·7569·6574·202d·7120·6b65·726e···--quiet·-q·kern
0003b7a0:·3c74·643e·6869·6768·3c2f·7464·3e3c·2f74··<td>high</td></t0003b7a0:·656c·203b·7d20·2661·6d70·3b26·616d·703b··el·;}·&amp;&amp;
0003b7b0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup0003b7b0:·207b·2072·706d·202d·2d71·7569·6574·202d···{·rpm·--quiet·-
0003b7c0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6d65··tion:</th><td>me0003b7c0:·7120·7270·6d2d·6f73·7472·6565·203b·7d20··q·rpm-ostree·;}·
0003b7d0:·6469·756d·3c2f·7464·3e3c·2f74·723e·3c74··dium</td></tr><t0003b7d0:·2661·6d70·3b26·616d·703b·207b·2072·706d··&amp;&amp;·{·rpm
0003b7e0:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t0003b7e0:·202d·2d71·7569·6574·202d·7120·626f·6f74···--quiet·-q·boot
0003b7f0:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>0003b7f0:·6320·3b7d·2026·616d·703b·2661·6d70·3b20··c·;}·&amp;&amp;·
0003b800:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str0003b800:·7b20·2120·7270·6d20·2d2d·7175·6965·7420··{·!·rpm·--quiet·
0003b810:·6174·6567·793a·3c2f·7468·3e3c·7464·3e72··ategy:</th><td>r0003b810:·2d71·206f·7065·6e73·6869·6674·2d6b·7562··-q·openshift-kub
0003b820:·6573·7472·6963·743c·2f74·643e·3c2f·7472··estrict</td></tr0003b820:·656c·6574·203b·7d20·293b·2074·6865·6e0a··elet·;}·);·then.
0003b830:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c0003b830:·0a23·2046·696e·6420·7768·6963·6820·6669··.#·Find·which·fi
0003b840:·6f64·653e·2d20·6e61·6d65·3a20·4761·7468··ode>-·name:·Gath0003b840:·6c65·7320·6861·7665·2069·6e63·6f72·7265··les·have·incorre
0003b850:·6572·2074·6865·2070·6163·6b61·6765·2066··er·the·package·f0003b850:·6374·2068·6173·6820·286e·6f74·2069·6e20··ct·hash·(not·in·
0003b860:·6163·7473·0a20·2070·6163·6b61·6765·5f66··acts.··package_f0003b860:·2f65·7463·2c20·6265·6361·7573·6520·6f66··/etc,·because·of
0003b870:·6163·7473·3a0a·2020·2020·6d61·6e61·6765··acts:.····manage0003b870:·2074·6865·2073·7973·7465·6d20·7265·6c61···the·system·rela
0003b880:·723a·2061·7574·6f0a·2020·7461·6773·3a0a··r:·auto.··tags:.0003b880:·7465·6420·636f·6e66·6967·2066·696c·6573··ted·config·files
0003b890:·2020·2d20·4343·452d·3835·3738·382d·380a····-·CCE-85788-8.0003b890:·2920·616e·6420·7468·656e·2067·6574·2066··)·and·then·get·f
0003b8a0:·2020·2d20·434a·4953·2d35·2e31·302e·342e····-·CJIS-5.10.4.0003b8a0:·696c·6573·206e·616d·6573·0a66·696c·6573··iles·names.files
0003b8b0:·310a·2020·2d20·4e49·5354·2d38·3030·2d31··1.··-·NIST-800-10003b8b0:·5f77·6974·685f·696e·636f·7272·6563·745f··_with_incorrect_
0003b8c0:·3731·2d33·2e33·2e38·0a20·202d·204e·4953··71-3.3.8.··-·NIS0003b8c0:·6861·7368·3d22·2428·7270·6d20·2d56·6120··hash="$(rpm·-Va·
0003b8d0:·542d·3830·302d·3137·312d·332e·342e·310a··T-800-171-3.4.1.0003b8d0:·2d2d·6e6f·636f·6e66·6967·207c·2067·7265··--noconfig·|·gre
0003b8e0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b8e0:·7020·2d45·2027·5e2e·2e35·2720·7c20·6177··p·-E·'^..5'·|·aw
0003b8f0:·4155·2d39·2833·290a·2020·2d20·4e49·5354··AU-9(3).··-·NIST0003b8f0:·6b20·277b·7072·696e·7420·244e·467d·2720··k·'{print·$NF}'·
0003b900:·2d38·3030·2d35·332d·434d·2d36·2863·290a··-800-53-CM-6(c).0003b900:·2922·0a0a·6966·205b·202d·6e20·2224·6669··)"..if·[·-n·"$fi
0003b910:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003b910:·6c65·735f·7769·7468·5f69·6e63·6f72·7265··les_with_incorre
0003b920:·434d·2d36·2864·290a·2020·2d20·4e49·5354··CM-6(d).··-·NIST0003b920:·6374·5f68·6173·6822·205d·3b20·7468·656e··ct_hash"·];·then
0003b930:·2d38·3030·2d35·332d·5349·2d37·0a20·202d··-800-53-SI-7.··-0003b930:·0a20·2020·2023·2046·726f·6d20·6669·6c65··.····#·From·file
0003b940:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003b940:·7320·6e61·6d65·7320·6765·7420·7061·636b··s·names·get·pack
0003b950:·3728·3129·0a20·202d·204e·4953·542d·3830··7(1).··-·NIST-800003b950:·6167·6520·6e61·6d65·7320·616e·6420·6368··age·names·and·ch
0003b960:·302d·3533·2d53·492d·3728·3629·0a20·202d··0-53-SI-7(6).··-0003b960:·616e·6765·206e·6577·6c69·6e65·2074·6f20··ange·newline·to·
0003b970:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.0003b970:·7370·6163·652c·2062·6563·6175·7365·2072··space,·because·r
0003b980:·350a·2020·2d20·5043·492d·4453·5376·342d··5.··-·PCI-DSSv4-0003b980:·706d·2077·7269·7465·7320·6561·6368·2070··pm·writes·each·p
0003b990:·3131·2e35·2e32·0a20·202d·2068·6967·685f··11.5.2.··-·high_0003b990:·6163·6b61·6765·2074·6f20·6e65·7720·6c69··ackage·to·new·li
0003b9a0:·636f·6d70·6c65·7869·7479·0a20·202d·2068··complexity.··-·h0003b9a0:·6e65·0a20·2020·2070·6163·6b61·6765·735f··ne.····packages_
0003b9b0:·6967·685f·7365·7665·7269·7479·0a20·202d··igh_severity.··-0003b9b0:·746f·5f72·6569·6e73·7461·6c6c·3d22·2428··to_reinstall="$(
0003b9c0:·206d·6564·6975·6d5f·6469·7372·7570·7469···medium_disrupti0003b9c0:·7270·6d20·2d71·6620·2466·696c·6573·5f77··rpm·-qf·$files_w
0003b9d0:·6f6e·0a20·202d·206e·6f5f·7265·626f·6f74··on.··-·no_reboot0003b9d0:·6974·685f·696e·636f·7272·6563·745f·6861··ith_incorrect_ha
0003b9e0:·5f6e·6565·6465·640a·2020·2d20·7265·7374··_needed.··-·rest0003b9e0:·7368·207c·2074·7220·275c·6e27·2027·2027··sh·|·tr·'\n'·'·'
0003b9f0:·7269·6374·5f73·7472·6174·6567·790a·2020··rict_strategy.··0003b9f0:·2922·0a0a·2020·2020·0a20·2020·207a·7970··)"..····.····zyp
0003ba00:·2d20·7270·6d5f·7665·7269·6679·5f68·6173··-·rpm_verify_has0003ba00:·7065·7220·696e·7374·616c·6c20·2d66·202d··per·install·-f·-
0003ba10:·6865·730a·0a2d·206e·616d·653a·2027·5365··hes..-·name:·'Se0003ba10:·7920·2470·6163·6b61·6765·735f·746f·5f72··y·$packages_to_r
0003ba20:·7420·6661·6374·3a20·5061·636b·6167·6520··t·fact:·Package·0003ba20:·6569·6e73·7461·6c6c·0a20·2020·200a·6669··einstall.····.fi
0003ba30:·6d61·6e61·6765·7220·7265·696e·7374·616c··manager·reinstal0003ba30:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
0003ba40:·6c20·636f·6d6d·616e·6427·0a20·2073·6574··l·command'.··set0003ba40:·616d·703b·3220·6563·686f·2027·5265·6d65··amp;2·echo·'Reme
0003ba50:·5f66·6163·743a·0a20·2020·2070·6163·6b61··_fact:.····packa0003ba50:·6469·6174·696f·6e20·6973·206e·6f74·2061··diation·is·not·a
0003ba60:·6765·5f6d·616e·6167·6572·5f72·6569·6e73··ge_manager_reins0003ba60:·7070·6c69·6361·626c·652c·206e·6f74·6869··pplicable,·nothi
0003ba70:·7461·6c6c·5f63·6d64·3a20·7a79·7070·6572··tall_cmd:·zypper0003ba70:·6e67·2077·6173·2064·6f6e·6527·0a66·690a··ng·was·done'.fi.
0003ba80:·2072·6569·6e73·7461·6c6c·202d·790a·2020···reinstall·-y.··0003ba80:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
0003ba90:·7768·656e·3a0a·2020·2d20·6e6f·7420·2820··when:.··-·not·(·0003ba90:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
0003baa0:·226b·6572·6e65·6c22·2069·6e20·616e·7369··"kernel"·in·ansi0003baa0:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
0003bab0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0003bab0:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
0003bac0:·6573·2061·6e64·2022·7270·6d2d·6f73·7472··es·and·"rpm-ostr0003bac0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003bad0:·6565·2220·696e·2061·6e73·6962·6c65·5f66··ee"·in·ansible_f0003bad0:·3d22·2369·646d·3630·3231·2220·7461·6269··="#idm6021"·tabi
0003bae0:·6163·7473·2e70·6163·6b61·6765·730a·2020··acts.packages.··0003bae0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003baf0:·2020·616e·6420·2262·6f6f·7463·2220·696e····and·"bootc"·in0003baf0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003bb00:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p0003bb00:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003bb10:·6163·6b61·6765·7320·616e·6420·6e6f·7420··ackages·and·not·0003bb10:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003bb20:·226f·7065·6e73·6869·6674·2d6b·7562·656c··"openshift-kubel0003bb20:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003bb30:·6574·2220·696e·2061·6e73·6962·6c65·5f66··et"·in·ansible_f0003bb30:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An
0003bb40:·6163·7473·2e70·6163·6b61·6765·730a·2020··acts.packages.··0003bb40:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..
0003bb50:·2020·290a·2020·2d20·616e·7369·626c·655f····).··-·ansible_0003bb50:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003bb60:·6469·7374·7269·6275·7469·6f6e·2069·6e20··distribution·in·0003bb60:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
0003bb70:·5b20·2246·6564·6f72·6122·2c20·2252·6564··[·"Fedora",·"Red0003bb70:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
0003bb80:·4861·7422·2c20·2243·656e·744f·5322·2c20··Hat",·"CentOS",·0003bb80:·3d22·6964·6d36·3032·3122·3e3c·7461·626c··="idm6021"><tabl
0003bb90:·224f·7261·636c·654c·696e·7578·2220·5d0a··"OracleLinux"·].0003bb90:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
0003bba0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-0003bba0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
0003bbb0:·3835·3738·382d·380a·2020·2d20·434a·4953··85788-8.··-·CJIS0003bbb0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
0003bbc0:·2d35·2e31·302e·342e·310a·2020·2d20·4e49··-5.10.4.1.··-·NI0003bbc0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
0003bbd0:·5354·2d38·3030·2d31·3731·2d33·2e33·2e38··ST-800-171-3.3.80003bbd0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
0003bbe0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170003bbe0:·3c2f·7468·3e3c·7464·3e68·6967·683c·2f74··</th><td>high</t
0003bbf0:·312d·332e·342e·310a·2020·2d20·4e49·5354··1-3.4.1.··-·NIST0003bbf0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
0003bc00:·2d38·3030·2d35·332d·4155·2d39·2833·290a··-800-53-AU-9(3).0003bc00:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
0003bc10:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003bc10:·7464·3e6d·6564·6975·6d3c·2f74·643e·3c2f··td>medium</td></
0003bc20:·434d·2d36·2863·290a·2020·2d20·4e49·5354··CM-6(c).··-·NIST0003bc20:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo
0003bc30:·2d38·3030·2d35·332d·434d·2d36·2864·290a··-800-53-CM-6(d).0003bc30:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false
0003bc40:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0003bc40:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003bc50:·5349·2d37·0a20·202d·204e·4953·542d·3830··SI-7.··-·NIST-800003bc50:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
0003bc60:·302d·3533·2d53·492d·3728·3129·0a20·202d··0-53-SI-7(1).··-0003bc60:·3c74·643e·7265·7374·7269·6374·3c2f·7464··<td>restrict</td
0003bc70:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-0003bc70:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0003bc80:·3728·3629·0a20·202d·2050·4349·2d44·5353··7(6).··-·PCI-DSS0003bc80:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
0003bc90:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC0003bc90:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
0003bca0:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.·0003bca0:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
0003bcb0:·202d·2068·6967·685f·636f·6d70·6c65·7869···-·high_complexi0003bcb0:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
0003bcc0:·7479·0a20·202d·2068·6967·685f·7365·7665··ty.··-·high_seve0003bcc0:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
0003bcd0:·7269·7479·0a20·202d·206d·6564·6975·6d5f··rity.··-·medium_0003bcd0:·6167·733a·0a20·202d·2043·4345·2d38·3537··ags:.··-·CCE-857
0003bce0:·6469·7372·7570·7469·6f6e·0a20·202d·206e··disruption.··-·n0003bce0:·3838·2d38·0a20·202d·2043·4a49·532d·352e··88-8.··-·CJIS-5.
0003bcf0:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.0003bcf0:·3130·2e34·2e31·0a20·202d·204e·4953·542d··10.4.1.··-·NIST-
0003bd00:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str0003bd00:·3830·302d·3137·312d·332e·332e·380a·2020··800-171-3.3.8.··
0003bd10:·6174·6567·790a·2020·2d20·7270·6d5f·7665··ategy.··-·rpm_ve0003bd10:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0003bd20:·7269·6679·5f68·6173·6865·730a·0a2d·206e··rify_hashes..-·n0003bd20:·2e34·2e31·0a20·202d·204e·4953·542d·3830··.4.1.··-·NIST-80
0003bd30:·616d·653a·2027·5365·7420·6661·6374·3a20··ame:·'Set·fact:·0003bd30:·302d·3533·2d41·552d·3928·3329·0a20·202d··0-53-AU-9(3).··-
0003bd40:·5061·636b·6167·6520·6d61·6e61·6765·7220··Package·manager·0003bd40:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
0003bd50:·7265·696e·7374·616c·6c20·636f·6d6d·616e··reinstall·comman0003bd50:·3628·6329·0a20·202d·204e·4953·542d·3830··6(c).··-·NIST-80
0003bd60:·6420·287a·7970·7065·7229·270a·2020·7365··d·(zypper)'.··se0003bd60:·302d·3533·2d43·4d2d·3628·6429·0a20·202d··0-53-CM-6(d).··-
0003bd70:·745f·6661·6374·3a0a·2020·2020·7061·636b··t_fact:.····pack0003bd70:·204e·4953·542d·3830·302d·3533·2d53·492d···NIST-800-53-SI-
0003bd80:·6167·655f·6d61·6e61·6765·725f·7265·696e··age_manager_rein0003bd80:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
0003bd90:·7374·616c·6c5f·636d·643a·207a·7970·7065··stall_cmd:·zyppe0003bd90:·332d·5349·2d37·2831·290a·2020·2d20·4e49··3-SI-7(1).··-·NI
0003bda0:·7220·696e·202d·6620·2d79·0a20·2077·6865··r·in·-f·-y.··whe0003bda0:·5354·2d38·3030·2d35·332d·5349·2d37·2836··ST-800-53-SI-7(6
0003bdb0:·6e3a·0a20·202d·206e·6f74·2028·2022·6b65··n:.··-·not·(·"ke0003bdb0:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re
0003bdc0:·726e·656c·2220·696e·2061·6e73·6962·6c65··rnel"·in·ansible0003bdc0:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D
0003bdd0:·5f66·6163·7473·2e70·6163·6b61·6765·7320··_facts.packages·0003bdd0:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-·
0003bde0:·616e·6420·2272·706d·2d6f·7374·7265·6522··and·"rpm-ostree"0003bde0:·6869·6768·5f63·6f6d·706c·6578·6974·790a··high_complexity.
0003bdf0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003bdf0:·2020·2d20·6869·6768·5f73·6576·6572·6974····-·high_severit
0003be00:·732e·7061·636b·6167·6573·0a20·2020·2061··s.packages.····a0003be00:·790a·2020·2d20·6d65·6469·756d·5f64·6973··y.··-·medium_dis
0003be10:·6e64·2022·626f·6f74·6322·2069·6e20·616e··nd·"bootc"·in·an0003be10:·7275·7074·696f·6e0a·2020·2d20·6e6f·5f72··ruption.··-·no_r
0003be20:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0003be20:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-
0003be30:·6167·6573·2061·6e64·206e·6f74·2022·6f70··ages·and·not·"op0003be30:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate
0003be40:·656e·7368·6966·742d·6b75·6265·6c65·7422··enshift-kubelet"0003be40:·6779·0a20·202d·2072·706d·5f76·6572·6966··gy.··-·rpm_verif
0003be50:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0003be50:·795f·6861·7368·6573·0a0a·2d20·6e61·6d65··y_hashes..-·name
Max diff block lines reached; 16029357/16085275 bytes (99.65%) of diff not shown.
1.12 MB
html2text {}
    
Offset 135, 14 lines modifiedOffset 135, 36 lines modified
135 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,135 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,
136 ····························A.14.2.3,·A.14.2.4136 ····························A.14.2.3,·A.14.2.4
137 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)137 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
138 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1138 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
139 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5139 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
140 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227140 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
141 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2141 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 143 #·Remediation·is·applicable·only·in·certain·platforms
 144 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm
 145 --quiet·-q·openshift-kubelet·;}·);·then
  
 146 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then
 147 get·files·names
 148 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 149 if·[·-n·"$files_with_incorrect_hash"·];·then
 150 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to
 151 new·line
 152 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 153 ····zypper·install·-f·-y·$packages_to_reinstall
  
 154 fi
  
 155 else
 156 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 157 fi
142 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8158 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
143 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high159 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
144 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium160 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
145 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false161 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
146 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict162 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
147 -·name:·Gather·the·package·facts163 -·name:·Gather·the·package·facts
148 ··package_facts:164 ··package_facts:
Offset 315, 36 lines modifiedOffset 337, 14 lines modified
315 ··-·PCI-DSSv4-11.5.2337 ··-·PCI-DSSv4-11.5.2
316 ··-·high_complexity338 ··-·high_complexity
317 ··-·high_severity339 ··-·high_severity
318 ··-·medium_disruption340 ··-·medium_disruption
319 ··-·no_reboot_needed341 ··-·no_reboot_needed
320 ··-·restrict_strategy342 ··-·restrict_strategy
321 ··-·rpm_verify_hashes343 ··-·rpm_verify_hashes
322 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
323 #·Remediation·is·applicable·only·in·certain·platforms 
324 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm 
325 --quiet·-q·openshift-kubelet·;}·);·then 
  
326 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then 
327 get·files·names 
328 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
329 if·[·-n·"$files_with_incorrect_hash"·];·then 
330 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to 
331 new·line 
332 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
333 ····zypper·install·-f·-y·$packages_to_reinstall 
  
334 fi 
  
335 else 
336 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
337 fi 
338 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*344 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·F\x8Fi\x8il\x8le\x8e·P\x8Pe\x8er\x8rm\x8mi\x8is\x8ss\x8si\x8io\x8on\x8ns\x8s·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
339 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,345 The·RPM·package·management·system·can·check·file·access·permissions·of·installed·software·packages,
340 including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and346 including·many·that·are·important·to·system·security.·Verify·that·the·file·permissions·of·system·files·and
341 commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:347 commands·match·vendor·values.·Check·the·file·permissions·with·the·following·command:
342 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'348 $·sudo·rpm·-Va·|·awk·'{·if·(substr($0,2,1)=="M")·print·$NF·}'
343 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,349 Output·indicates·files·that·do·not·match·vendor·defaults.·After·locating·a·file·with·incorrect·permissions,
344 run·the·following·command·to·determine·which·package·owns·it:350 run·the·following·command·to·determine·which·package·owns·it:
Offset 384, 14 lines modifiedOffset 384, 53 lines modified
384 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)384 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
385 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1385 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
386 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5386 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
387 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,387 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,
388 ····························SRG-OS-000278-GPOS-00108388 ····························SRG-OS-000278-GPOS-00108
389 ·············_\x8c_\x8i_\x8s············6.1.1389 ·············_\x8c_\x8i_\x8s············6.1.1
390 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2390 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 391 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 392 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 393 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 394 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 395 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 396 #·Remediation·is·applicable·only·in·certain·platforms
 397 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm
 398 --quiet·-q·openshift-kubelet·;}·);·then
  
 399 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 400 declare·-A·SETPERMS_RPM_DICT
  
 401 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 402 #·is·expected·by·the·RPM·database
 403 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print
 404 $NF·}')
  
 405 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 406 do
 407 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 408 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 409 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 410 ········do
 411 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about
 412 duplicates.
 413 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 414 ········done
 415 done
  
 416 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 417 #·correct·values
 418 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 419 do
 420 »       rpm·--restore·"${RPM_PACKAGE}"
 421 done
  
 422 else
 423 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 424 fi
391 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8425 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
392 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high426 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
393 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium427 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
394 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false428 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
395 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict429 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
396 -·name:·Gather·the·package·facts430 -·name:·Gather·the·package·facts
397 ··package_facts:431 ··package_facts:
Max diff block lines reached; 1169777/1175582 bytes (99.51%) of diff not shown.
15.4 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-pci-dss-4.html
    
Offset 15196, 415 lines modifiedOffset 15196, 415 lines modified
0003b5b0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003b5b0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b5c0:·2223·6964·6d36·3032·3022·2074·6162·696e··"#idm6020"·tabin0003b5c0:·2223·6964·6d36·3032·3022·2074·6162·696e··"#idm6020"·tabin
0003b5d0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003b5d0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b5e0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b5e0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b5f0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b5f0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b600:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b600:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
Diff chunk too large, falling back to line-by-line diff (401 lines added, 401 lines removed)
0003b610:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b610:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b620:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003b620:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
0003b630:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...0003b630:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
0003b640:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003b640:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
0003b650:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003b650:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
0003b660:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003b660:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
0003b670:·2269·646d·3630·3230·223e·3c74·6162·6c65··"idm6020"><table0003b670:·6d36·3032·3022·3e3c·7072·653e·3c63·6f64··m6020"><pre><cod
0003b680:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003b680:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
0003b690:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003b690:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
0003b6a0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003b6a0:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
0003b6b0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003b6b0:·6174·666f·726d·730a·6966·2021·2028·207b··atforms.if·!·(·{
0003b6c0:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003b6c0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b6d0:·2f74·683e·3c74·643e·6869·6768·3c2f·7464··/th><td>high</td0003b6d0:·6b65·726e·656c·203b·7d20·2661·6d70·3b26··kernel·;}·&amp;&
0003b6e0:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di0003b6e0:·616d·703b·207b·2072·706d·202d·2d71·7569··amp;·{·rpm·--qui
0003b6f0:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t0003b6f0:·6574·202d·7120·7270·6d2d·6f73·7472·6565··et·-q·rpm-ostree
0003b700:·643e·6d65·6469·756d·3c2f·7464·3e3c·2f74··d>medium</td></t0003b700:·203b·7d20·2661·6d70·3b26·616d·703b·207b···;}·&amp;&amp;·{
0003b710:·723e·3c74·723e·3c74·683e·5265·626f·6f74··r><tr><th>Reboot0003b710:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
0003b720:·3a3c·2f74·683e·3c74·643e·6661·6c73·653c··:</th><td>false<0003b720:·626f·6f74·6320·3b7d·2026·616d·703b·2661··bootc·;}·&amp;&a
0003b730:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th0003b730:·6d70·3b20·7b20·2120·7270·6d20·2d2d·7175··mp;·{·!·rpm·--qu
0003b740:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><0003b740:·6965·7420·2d71·206f·7065·6e73·6869·6674··iet·-q·openshift
0003b750:·7464·3e72·6573·7472·6963·743c·2f74·643e··td>restrict</td>0003b750:·2d6b·7562·656c·6574·203b·7d20·293b·2074··-kubelet·;}·);·t
0003b760:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr0003b760:·6865·6e0a·0a23·2046·696e·6420·7768·6963··hen..#·Find·whic
0003b770:·653e·3c63·6f64·653e·2d20·6e61·6d65·3a20··e><code>-·name:·0003b770:·6820·6669·6c65·7320·6861·7665·2069·6e63··h·files·have·inc
0003b780:·4761·7468·6572·2074·6865·2070·6163·6b61··Gather·the·packa0003b780:·6f72·7265·6374·2068·6173·6820·286e·6f74··orrect·hash·(not
0003b790:·6765·2066·6163·7473·0a20·2070·6163·6b61··ge·facts.··packa0003b790:·2069·6e20·2f65·7463·2c20·6265·6361·7573···in·/etc,·becaus
0003b7a0:·6765·5f66·6163·7473·3a0a·2020·2020·6d61··ge_facts:.····ma0003b7a0:·6520·6f66·2074·6865·2073·7973·7465·6d20··e·of·the·system·
0003b7b0:·6e61·6765·723a·2061·7574·6f0a·2020·7461··nager:·auto.··ta0003b7b0:·7265·6c61·7465·6420·636f·6e66·6967·2066··related·config·f
0003b7c0:·6773·3a0a·2020·2d20·4343·452d·3835·3738··gs:.··-·CCE-85780003b7c0:·696c·6573·2920·616e·6420·7468·656e·2067··iles)·and·then·g
0003b7d0:·382d·380a·2020·2d20·434a·4953·2d35·2e31··8-8.··-·CJIS-5.10003b7d0:·6574·2066·696c·6573·206e·616d·6573·0a66··et·files·names.f
0003b7e0:·302e·342e·310a·2020·2d20·4e49·5354·2d38··0.4.1.··-·NIST-80003b7e0:·696c·6573·5f77·6974·685f·696e·636f·7272··iles_with_incorr
0003b7f0:·3030·2d31·3731·2d33·2e33·2e38·0a20·202d··00-171-3.3.8.··-0003b7f0:·6563·745f·6861·7368·3d22·2428·7270·6d20··ect_hash="$(rpm·
0003b800:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0003b800:·2d56·6120·2d2d·6e6f·636f·6e66·6967·207c··-Va·--noconfig·|
0003b810:·342e·310a·2020·2d20·4e49·5354·2d38·3030··4.1.··-·NIST-8000003b810:·2067·7265·7020·2d45·2027·5e2e·2e35·2720···grep·-E·'^..5'·
0003b820:·2d35·332d·4155·2d39·2833·290a·2020·2d20··-53-AU-9(3).··-·0003b820:·7c20·6177·6b20·277b·7072·696e·7420·244e··|·awk·'{print·$N
0003b830:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003b830:·467d·2720·2922·0a0a·6966·205b·202d·6e20··F}'·)"..if·[·-n·
0003b840:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-8000003b840:·2224·6669·6c65·735f·7769·7468·5f69·6e63··"$files_with_inc
0003b850:·2d35·332d·434d·2d36·2864·290a·2020·2d20··-53-CM-6(d).··-·0003b850:·6f72·7265·6374·5f68·6173·6822·205d·3b20··orrect_hash"·];·
0003b860:·4e49·5354·2d38·3030·2d35·332d·5349·2d37··NIST-800-53-SI-70003b860:·7468·656e·0a20·2020·2023·2046·726f·6d20··then.····#·From·
0003b870:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003b870:·6669·6c65·7320·6e61·6d65·7320·6765·7420··files·names·get·
0003b880:·2d53·492d·3728·3129·0a20·202d·204e·4953··-SI-7(1).··-·NIS0003b880:·7061·636b·6167·6520·6e61·6d65·7320·616e··package·names·an
0003b890:·542d·3830·302d·3533·2d53·492d·3728·3629··T-800-53-SI-7(6)0003b890:·6420·6368·616e·6765·206e·6577·6c69·6e65··d·change·newline
0003b8a0:·0a20·202d·2050·4349·2d44·5353·2d52·6571··.··-·PCI-DSS-Req0003b8a0:·2074·6f20·7370·6163·652c·2062·6563·6175···to·space,·becau
0003b8b0:·2d31·312e·350a·2020·2d20·5043·492d·4453··-11.5.··-·PCI-DS0003b8b0:·7365·2072·706d·2077·7269·7465·7320·6561··se·rpm·writes·ea
0003b8c0:·5376·342d·3131·2e35·2e32·0a20·202d·2068··Sv4-11.5.2.··-·h0003b8c0:·6368·2070·6163·6b61·6765·2074·6f20·6e65··ch·package·to·ne
0003b8d0:·6967·685f·636f·6d70·6c65·7869·7479·0a20··igh_complexity.·0003b8d0:·7720·6c69·6e65·0a20·2020·2070·6163·6b61··w·line.····packa
0003b8e0:·202d·2068·6967·685f·7365·7665·7269·7479···-·high_severity0003b8e0:·6765·735f·746f·5f72·6569·6e73·7461·6c6c··ges_to_reinstall
0003b8f0:·0a20·202d·206d·6564·6975·6d5f·6469·7372··.··-·medium_disr0003b8f0:·3d22·2428·7270·6d20·2d71·6620·2466·696c··="$(rpm·-qf·$fil
0003b900:·7570·7469·6f6e·0a20·202d·206e·6f5f·7265··uption.··-·no_re0003b900:·6573·5f77·6974·685f·696e·636f·7272·6563··es_with_incorrec
0003b910:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·0003b910:·745f·6861·7368·207c·2074·7220·275c·6e27··t_hash·|·tr·'\n'
0003b920:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0003b920:·2027·2027·2922·0a0a·2020·2020·0a20·2020···'·')"..····.···
0003b930:·790a·2020·2d20·7270·6d5f·7665·7269·6679··y.··-·rpm_verify0003b930:·207a·7970·7065·7220·696e·7374·616c·6c20···zypper·install·
0003b940:·5f68·6173·6865·730a·0a2d·206e·616d·653a··_hashes..-·name:0003b940:·2d66·202d·7920·2470·6163·6b61·6765·735f··-f·-y·$packages_
0003b950:·2027·5365·7420·6661·6374·3a20·5061·636b···'Set·fact:·Pack0003b950:·746f·5f72·6569·6e73·7461·6c6c·0a20·2020··to_reinstall.···
0003b960:·6167·6520·6d61·6e61·6765·7220·7265·696e··age·manager·rein0003b960:·200a·6669·0a0a·656c·7365·0a20·2020·2026···.fi..else.····&
0003b970:·7374·616c·6c20·636f·6d6d·616e·6427·0a20··stall·command'.·0003b970:·6774·3b26·616d·703b·3220·6563·686f·2027··gt;&amp;2·echo·'
0003b980:·2073·6574·5f66·6163·743a·0a20·2020·2070···set_fact:.····p0003b980:·5265·6d65·6469·6174·696f·6e20·6973·206e··Remediation·is·n
0003b990:·6163·6b61·6765·5f6d·616e·6167·6572·5f72··ackage_manager_r0003b990:·6f74·2061·7070·6c69·6361·626c·652c·206e··ot·applicable,·n
0003b9a0:·6569·6e73·7461·6c6c·5f63·6d64·3a20·7a79··einstall_cmd:·zy0003b9a0:·6f74·6869·6e67·2077·6173·2064·6f6e·6527··othing·was·done'
0003b9b0:·7070·6572·2072·6569·6e73·7461·6c6c·202d··pper·reinstall·-0003b9b0:·0a66·690a·3c2f·636f·6465·3e3c·2f70·7265··.fi.</code></pre
0003b9c0:·790a·2020·7768·656e·3a0a·2020·2d20·6e6f··y.··when:.··-·no0003b9c0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class=
0003b9d0:·7420·2820·226b·6572·6e65·6c22·2069·6e20··t·(·"kernel"·in·0003b9d0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success
0003b9e0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0003b9e0:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c
0003b9f0:·636b·6167·6573·2061·6e64·2022·7270·6d2d··ckages·and·"rpm-0003b9f0:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta
0003ba00:·6f73·7472·6565·2220·696e·2061·6e73·6962··ostree"·in·ansib0003ba00:·7267·6574·3d22·2369·646d·3630·3231·2220··rget="#idm6021"·
0003ba10:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003ba10:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003ba20:·730a·2020·2020·616e·6420·2262·6f6f·7463··s.····and·"bootc0003ba20:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003ba30:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac0003ba30:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003ba40:·7473·2e70·6163·6b61·6765·7320·616e·6420··ts.packages·and·0003ba40:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003ba50:·6e6f·7420·226f·7065·6e73·6869·6674·2d6b··not·"openshift-k0003ba50:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003ba60:·7562·656c·6574·2220·696e·2061·6e73·6962··ubelet"·in·ansib0003ba60:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003ba70:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0003ba70:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe
0003ba80:·730a·2020·2020·290a·2020·2d20·616e·7369··s.····).··-·ansi0003ba80:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
0003ba90:·626c·655f·6469·7374·7269·6275·7469·6f6e··ble_distribution0003ba90:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
0003baa0:·2069·6e20·5b20·2246·6564·6f72·6122·2c20···in·[·"Fedora",·0003baa0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
0003bab0:·2252·6564·4861·7422·2c20·2243·656e·744f··"RedHat",·"CentO0003bab0:·2220·6964·3d22·6964·6d36·3032·3122·3e3c··"·id="idm6021"><
0003bac0:·5322·2c20·224f·7261·636c·654c·696e·7578··S",·"OracleLinux0003bac0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
0003bad0:·2220·5d0a·2020·7461·6773·3a0a·2020·2d20··"·].··tags:.··-·0003bad0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
0003bae0:·4343·452d·3835·3738·382d·380a·2020·2d20··CCE-85788-8.··-·0003bae0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
0003baf0:·434a·4953·2d35·2e31·302e·342e·310a·2020··CJIS-5.10.4.1.··0003baf0:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
0003bb00:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30003bb00:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
0003bb10:·2e33·2e38·0a20·202d·204e·4953·542d·3830··.3.8.··-·NIST-800003bb10:·6974·793a·3c2f·7468·3e3c·7464·3e68·6967··ity:</th><td>hig
0003bb20:·302d·3137·312d·332e·342e·310a·2020·2d20··0-171-3.4.1.··-·0003bb20:·683c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··h</td></tr><tr><
0003bb30:·4e49·5354·2d38·3030·2d35·332d·4155·2d39··NIST-800-53-AU-90003bb30:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
0003bb40:·2833·290a·2020·2d20·4e49·5354·2d38·3030··(3).··-·NIST-8000003bb40:·7468·3e3c·7464·3e6d·6564·6975·6d3c·2f74··th><td>medium</t
0003bb50:·2d35·332d·434d·2d36·2863·290a·2020·2d20··-53-CM-6(c).··-·0003bb50:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
0003bb60:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-60003bb60:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
0003bb70:·2864·290a·2020·2d20·4e49·5354·2d38·3030··(d).··-·NIST-8000003bb70:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
0003bb80:·2d35·332d·5349·2d37·0a20·202d·204e·4953··-53-SI-7.··-·NIS0003bb80:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0003bb90:·542d·3830·302d·3533·2d53·492d·3728·3129··T-800-53-SI-7(1)0003bb90:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict
0003bba0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530003bba0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
0003bbb0:·2d53·492d·3728·3629·0a20·202d·2050·4349··-SI-7(6).··-·PCI0003bbb0:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n
0003bbc0:·2d44·5353·2d52·6571·2d31·312e·350a·2020··-DSS-Req-11.5.··0003bbc0:·616d·653a·2047·6174·6865·7220·7468·6520··ame:·Gather·the·
0003bbd0:·2d20·5043·492d·4453·5376·342d·3131·2e35··-·PCI-DSSv4-11.50003bbd0:·7061·636b·6167·6520·6661·6374·730a·2020··package·facts.··
0003bbe0:·2e32·0a20·202d·2068·6967·685f·636f·6d70··.2.··-·high_comp0003bbe0:·7061·636b·6167·655f·6661·6374·733a·0a20··package_facts:.·
0003bbf0:·6c65·7869·7479·0a20·202d·2068·6967·685f··lexity.··-·high_0003bbf0:·2020·206d·616e·6167·6572·3a20·6175·746f·····manager:·auto
0003bc00:·7365·7665·7269·7479·0a20·202d·206d·6564··severity.··-·med0003bc00:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE
0003bc10:·6975·6d5f·6469·7372·7570·7469·6f6e·0a20··ium_disruption.·0003bc10:·2d38·3537·3838·2d38·0a20·202d·2043·4a49··-85788-8.··-·CJI
0003bc20:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee0003bc20:·532d·352e·3130·2e34·2e31·0a20·202d·204e··S-5.10.4.1.··-·N
0003bc30:·6465·640a·2020·2d20·7265·7374·7269·6374··ded.··-·restrict0003bc30:·4953·542d·3830·302d·3137·312d·332e·332e··IST-800-171-3.3.
0003bc40:·5f73·7472·6174·6567·790a·2020·2d20·7270··_strategy.··-·rp0003bc40:·380a·2020·2d20·4e49·5354·2d38·3030·2d31··8.··-·NIST-800-1
0003bc50:·6d5f·7665·7269·6679·5f68·6173·6865·730a··m_verify_hashes.0003bc50:·3731·2d33·2e34·2e31·0a20·202d·204e·4953··71-3.4.1.··-·NIS
0003bc60:·0a2d·206e·616d·653a·2027·5365·7420·6661··.-·name:·'Set·fa0003bc60:·542d·3830·302d·3533·2d41·552d·3928·3329··T-800-53-AU-9(3)
0003bc70:·6374·3a20·5061·636b·6167·6520·6d61·6e61··ct:·Package·mana0003bc70:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bc80:·6765·7220·7265·696e·7374·616c·6c20·636f··ger·reinstall·co0003bc80:·2d43·4d2d·3628·6329·0a20·202d·204e·4953··-CM-6(c).··-·NIS
0003bc90:·6d6d·616e·6420·287a·7970·7065·7229·270a··mmand·(zypper)'.0003bc90:·542d·3830·302d·3533·2d43·4d2d·3628·6429··T-800-53-CM-6(d)
0003bca0:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····0003bca0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
0003bcb0:·7061·636b·6167·655f·6d61·6e61·6765·725f··package_manager_0003bcb0:·2d53·492d·370a·2020·2d20·4e49·5354·2d38··-SI-7.··-·NIST-8
0003bcc0:·7265·696e·7374·616c·6c5f·636d·643a·207a··reinstall_cmd:·z0003bcc0:·3030·2d35·332d·5349·2d37·2831·290a·2020··00-53-SI-7(1).··
0003bcd0:·7970·7065·7220·696e·202d·6620·2d79·0a20··ypper·in·-f·-y.·0003bcd0:·2d20·4e49·5354·2d38·3030·2d35·332d·5349··-·NIST-800-53-SI
0003bce0:·2077·6865·6e3a·0a20·202d·206e·6f74·2028···when:.··-·not·(0003bce0:·2d37·2836·290a·2020·2d20·5043·492d·4453··-7(6).··-·PCI-DS
0003bcf0:·2022·6b65·726e·656c·2220·696e·2061·6e73···"kernel"·in·ans0003bcf0:·532d·5265·712d·3131·2e35·0a20·202d·2050··S-Req-11.5.··-·P
0003bd00:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0003bd00:·4349·2d44·5353·7634·2d31·312e·352e·320a··CI-DSSv4-11.5.2.
0003bd10:·6765·7320·616e·6420·2272·706d·2d6f·7374··ges·and·"rpm-ost0003bd10:·2020·2d20·6869·6768·5f63·6f6d·706c·6578····-·high_complex
0003bd20:·7265·6522·2069·6e20·616e·7369·626c·655f··ree"·in·ansible_0003bd20:·6974·790a·2020·2d20·6869·6768·5f73·6576··ity.··-·high_sev
0003bd30:·6661·6374·732e·7061·636b·6167·6573·0a20··facts.packages.·0003bd30:·6572·6974·790a·2020·2d20·6d65·6469·756d··erity.··-·medium
0003bd40:·2020·2061·6e64·2022·626f·6f74·6322·2069·····and·"bootc"·i0003bd40:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·
0003bd50:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0003bd50:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed
0003bd60:·7061·636b·6167·6573·2061·6e64·206e·6f74··packages·and·not0003bd60:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st
0003bd70:·2022·6f70·656e·7368·6966·742d·6b75·6265···"openshift-kube0003bd70:·7261·7465·6779·0a20·202d·2072·706d·5f76··rategy.··-·rpm_v
0003bd80:·6c65·7422·2069·6e20·616e·7369·626c·655f··let"·in·ansible_0003bd80:·6572·6966·795f·6861·7368·6573·0a0a·2d20··erify_hashes..-·
Max diff block lines reached; 14684387/14740305 bytes (99.62%) of diff not shown.
1.34 MB
html2text {}
    
Offset 130, 14 lines modifiedOffset 130, 36 lines modified
130 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,130 ·············_\x8i_\x8s_\x8o_\x82_\x87_\x80_\x80_\x81_\x8-_\x82_\x80_\x81_\x83··A.11.2.4,·A.12.1.2,·A.12.2.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,
131 ····························A.14.2.3,·A.14.2.4131 ····························A.14.2.3,·A.14.2.4
132 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)132 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3)
133 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1133 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.DS-6,·PR.DS-8,·PR.IP-1
134 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5134 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
135 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227135 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
136 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2136 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 137 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 138 #·Remediation·is·applicable·only·in·certain·platforms
 139 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm
 140 --quiet·-q·openshift-kubelet·;}·);·then
  
 141 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then
 142 get·files·names
 143 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)"
  
 144 if·[·-n·"$files_with_incorrect_hash"·];·then
 145 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to
 146 new·line
 147 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')"
  
  
 148 ····zypper·install·-f·-y·$packages_to_reinstall
  
 149 fi
  
 150 else
 151 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 152 fi
137 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8153 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
138 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high154 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
139 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium155 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
140 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false156 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
141 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict157 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
142 -·name:·Gather·the·package·facts158 -·name:·Gather·the·package·facts
143 ··package_facts:159 ··package_facts:
Offset 310, 36 lines modifiedOffset 332, 14 lines modified
310 ··-·PCI-DSSv4-11.5.2332 ··-·PCI-DSSv4-11.5.2
311 ··-·high_complexity333 ··-·high_complexity
312 ··-·high_severity334 ··-·high_severity
313 ··-·medium_disruption335 ··-·medium_disruption
314 ··-·no_reboot_needed336 ··-·no_reboot_needed
315 ··-·restrict_strategy337 ··-·restrict_strategy
316 ··-·rpm_verify_hashes338 ··-·rpm_verify_hashes
317 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
318 #·Remediation·is·applicable·only·in·certain·platforms 
319 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm 
320 --quiet·-q·openshift-kubelet·;}·);·then 
  
321 #·Find·which·files·have·incorrect·hash·(not·in·/etc,·because·of·the·system·related·config·files)·and·then 
322 get·files·names 
323 files_with_incorrect_hash="$(rpm·-Va·--noconfig·|·grep·-E·'^..5'·|·awk·'{print·$NF}'·)" 
  
324 if·[·-n·"$files_with_incorrect_hash"·];·then 
325 ····#·From·files·names·get·package·names·and·change·newline·to·space,·because·rpm·writes·each·package·to 
326 new·line 
327 ····packages_to_reinstall="$(rpm·-qf·$files_with_incorrect_hash·|·tr·'\n'·'·')" 
  
  
328 ····zypper·install·-f·-y·$packages_to_reinstall 
  
329 fi 
  
330 else 
331 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
332 fi 
333 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*339 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·a\x8an\x8nd\x8d·C\x8Co\x8or\x8rr\x8re\x8ec\x8ct\x8t·O\x8Ow\x8wn\x8ne\x8er\x8rs\x8sh\x8hi\x8ip\x8p·w\x8wi\x8it\x8th\x8h·R\x8RP\x8PM\x8M·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
334 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,340 The·RPM·package·management·system·can·check·file·ownership·permissions·of·installed·software·packages,
335 including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,341 including·many·that·are·important·to·system·security.·After·locating·a·file·with·incorrect·permissions,
336 which·can·be·found·with:342 which·can·be·found·with:
337 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'343 rpm·-Va·|·awk·'{·if·(substr($0,6,1)=="U"·||·substr($0,7,1)=="G")·print·$NF·}'
338 run·the·following·command·to·determine·which·package·owns·it:344 run·the·following·command·to·determine·which·package·owns·it:
339 $·rpm·-qf·FILENAME345 $·rpm·-qf·FILENAME
Offset 421, 14 lines modifiedOffset 421, 53 lines modified
421 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)421 ·············_\x8n_\x8i_\x8s_\x8t···········CM-6(d),·CM-6(c),·SI-7,·SI-7(1),·SI-7(6),·AU-9(3),·CM-6(a)
422 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1422 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-4,·PR.DS-5,·PR.IP-1,·PR.PT-1
423 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5423 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
424 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,424 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000256-GPOS-00097,·SRG-OS-000257-GPOS-00098,·SRG-OS-000258-GPOS-00099,
425 ····························SRG-OS-000278-GPOS-00108425 ····························SRG-OS-000278-GPOS-00108
426 ·············_\x8c_\x8i_\x8s············6.1.1426 ·············_\x8c_\x8i_\x8s············6.1.1
427 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2427 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
 428 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 429 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
 430 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
 431 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 432 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 433 #·Remediation·is·applicable·only·in·certain·platforms
 434 if·!·(·{·rpm·--quiet·-q·kernel·;}·&&·{·rpm·--quiet·-q·rpm-ostree·;}·&&·{·rpm·--quiet·-q·bootc·;}·&&·{·!·rpm
 435 --quiet·-q·openshift-kubelet·;}·);·then
  
 436 #·Declare·array·to·hold·set·of·RPM·packages·we·need·to·correct·permissions·for
 437 declare·-A·SETPERMS_RPM_DICT
  
 438 #·Create·a·list·of·files·on·the·system·having·permissions·different·from·what
 439 #·is·expected·by·the·RPM·database
 440 readarray·-t·FILES_WITH_INCORRECT_PERMS·<·<(rpm·-Va·--nofiledigest·|·awk·'{·if·(substr($0,2,1)=="M")·print
 441 $NF·}')
  
 442 for·FILE_PATH·in·"${FILES_WITH_INCORRECT_PERMS[@]}"
 443 do
 444 ········#·NOTE:·some·files·maybe·controlled·by·more·then·one·package
 445 ········readarray·-t·RPM_PACKAGES·<·<(rpm·-qf·"${FILE_PATH}")
 446 ········for·RPM_PACKAGE·in·"${RPM_PACKAGES[@]}"
 447 ········do
 448 ················#·Use·an·associative·array·to·store·packages·as·it's·keys,·not·having·to·care·about
 449 duplicates.
 450 ················SETPERMS_RPM_DICT["$RPM_PACKAGE"]=1
 451 ········done
 452 done
  
 453 #·For·each·of·the·RPM·packages·left·in·the·list·--·reset·its·permissions·to·the
 454 #·correct·values
 455 for·RPM_PACKAGE·in·"${!SETPERMS_RPM_DICT[@]}"
 456 do
 457 »       rpm·--restore·"${RPM_PACKAGE}"
 458 done
  
 459 else
 460 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 461 fi
428 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8462 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
429 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high463 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·high
430 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium464 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·medium
431 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false465 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
432 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict466 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
433 -·name:·Gather·the·package·facts467 -·name:·Gather·the·package·facts
434 ··package_facts:468 ··package_facts:
Max diff block lines reached; 1397589/1403242 bytes (99.60%) of diff not shown.
23.4 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-pcs-hardening-sap.html
    
Offset 15134, 146 lines modifiedOffset 15134, 146 lines modified
0003b1d0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003b1d0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b1e0:·3633·3632·2220·7461·6269·6e64·6578·3d22··6362"·tabindex="0003b1e0:·3633·3632·2220·7461·6269·6e64·6578·3d22··6362"·tabindex="
0003b1f0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003b1f0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b200:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003b200:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b210:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003b210:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b220:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003b220:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003b230:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003b230:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003b240:·6469·6174·696f·6e20·4f53·4275·696c·6420··diation·OSBuild·0003b240:·6469·6174·696f·6e20·5368·656c·6c20·7363··diation·Shell·sc
 0003b250:·7269·7074·20e2·87b2·3c2f·613e·3c62·723e··ript·...</a><br>
 0003b260:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
 0003b270:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
 0003b280:·7073·6522·2069·643d·2269·646d·3633·3632··pse"·id="idm6362
 0003b290:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
 0003b2a0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
 0003b2b0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
 0003b2c0:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
 0003b2d0:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
 0003b2e0:·6c65·7869·7479·3a3c·2f74·683e·3c74·643e··lexity:</th><td>
 0003b2f0:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr
 0003b300:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
0003b250:·426c·7565·7072·696e·7420·736e·6970·7065··Blueprint·snippe 
0003b260:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b270:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b280:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b290:·2220·6964·3d22·6964·6d36·3336·3222·3e3c··"·id="idm6362">< 
0003b2a0:·7072·653e·3c63·6f64·653e·0a5b·5b70·6163··pre><code>.[[pac 
0003b2b0:·6b61·6765·735d·5d0a·6e61·6d65·203d·2022··kages]].name·=·" 
0003b2c0:·6169·6465·220a·7665·7273·696f·6e20·3d20··aide".version·=· 
0003b2d0:·222a·220a·3c2f·636f·6465·3e3c·2f70·7265··"*".</code></pre 
0003b2e0:·3e3c·2f64·6976·3e3c·6120·636c·6173·733d··></div><a·class= 
0003b2f0:·2262·746e·2062·746e·2d73·7563·6365·7373··"btn·btn-success 
0003b300:·2220·6461·7461·2d74·6f67·676c·653d·2263··"·data-toggle="c 
0003b310:·6f6c·6c61·7073·6522·2064·6174·612d·7461··ollapse"·data-ta 
0003b320:·7267·6574·3d22·2369·646d·3633·3633·2220··rget="#idm6363"· 
0003b330:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol 
0003b340:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria- 
0003b350:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false" 
0003b360:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate 
0003b370:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href 
0003b380:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio 
0003b390:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe 
0003b3a0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di 
0003b3b0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c 
0003b3c0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse 
0003b3d0:·2220·6964·3d22·6964·6d36·3336·3322·3e3c··"·id="idm6363">< 
0003b3e0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab 
0003b3f0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped 
0003b400:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered· 
0003b410:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed" 
0003b420:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex 
0003b430:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low0003b310:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
0003b440:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t0003b320:·3e3c·2f74·723e·3c74·723e·3c74·683e·5265··></tr><tr><th>Re
0003b450:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t 
0003b460:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></ 
0003b470:·7472·3e3c·7472·3e3c·7468·3e52·6562·6f6f··tr><tr><th>Reboo 
0003b480:·743a·3c2f·7468·3e3c·7464·3e66·616c·7365··t:</th><td>false 
0003b490:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t 
0003b4a0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th> 
0003b4b0:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td>< 
0003b4c0:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre 
0003b4d0:·3e3c·636f·6465·3e2d·206e·616d·653a·2047··><code>-·name:·G 
0003b4e0:·6174·6865·7220·7468·6520·7061·636b·6167··ather·the·packag 
0003b4f0:·6520·6661·6374·730a·2020·7061·636b·6167··e·facts.··packag 
0003b500:·655f·6661·6374·733a·0a20·2020·206d·616e··e_facts:.····man 
0003b510:·6167·6572·3a20·6175·746f·0a20·2074·6167··ager:·auto.··tag 
0003b520:·733a·0a20·202d·2043·4345·2d38·3332·3839··s:.··-·CCE-83289 
0003b530:·2d39·0a20·202d·2043·4a49·532d·352e·3130··-9.··-·CJIS-5.10 
0003b540:·2e31·2e33·0a20·202d·2044·4953·412d·5354··.1.3.··-·DISA-ST 
0003b550:·4947·2d53·4c45·532d·3135·2d30·3130·3431··IG-SLES-15-01041 
0003b560:·390a·2020·2d20·4e49·5354·2d38·3030·2d35··9.··-·NIST-800-5 
0003b570:·332d·434d·2d36·2861·290a·2020·2d20·5043··3-CM-6(a).··-·PC 
0003b580:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.· 
0003b590:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11. 
0003b5a0:·352e·320a·2020·2d20·656e·6162·6c65·5f73··5.2.··-·enable_s 
0003b5b0:·7472·6174·6567·790a·2020·2d20·6c6f·775f··trategy.··-·low_ 
0003b5c0:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l 
0003b5d0:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.·· 
0003b5e0:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit 
0003b5f0:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_ 
0003b600:·6e65·6564·6564·0a20·202d·2070·6163·6b61··needed.··-·packa 
0003b610:·6765·5f61·6964·655f·696e·7374·616c·6c65··ge_aide_installe 
0003b620:·640a·0a2d·206e·616d·653a·2045·6e73·7572··d..-·name:·Ensur 
0003b630:·6520·6169·6465·2069·7320·696e·7374·616c··e·aide·is·instal 
0003b640:·6c65·640a·2020·7061·636b·6167·653a·0a20··led.··package:.· 
0003b650:·2020·206e·616d·653a·2061·6964·650a·2020·····name:·aide.·· 
0003b660:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present 
0003b670:·0a20·2077·6865·6e3a·2027·226b·6572·6e65··.··when:·'"kerne 
0003b680:·6c2d·6465·6661·756c·7422·2069·6e20·616e··l-default"·in·an 
0003b690:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
0003b6a0:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.·· 
0003b6b0:·2d20·4343·452d·3833·3238·392d·390a·2020··-·CCE-83289-9.·· 
0003b6c0:·2d20·434a·4953·2d35·2e31·302e·312e·330a··-·CJIS-5.10.1.3. 
0003b6d0:·2020·2d20·4449·5341·2d53·5449·472d·534c····-·DISA-STIG-SL 
0003b6e0:·4553·2d31·352d·3031·3034·3139·0a20·202d··ES-15-010419.··- 
0003b6f0:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM- 
0003b700:·3628·6129·0a20·202d·2050·4349·2d44·5353··6(a).··-·PCI-DSS 
0003b710:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC 
0003b720:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.· 
0003b730:·202d·2065·6e61·626c·655f·7374·7261·7465···-·enable_strate 
0003b740:·6779·0a20·202d·206c·6f77·5f63·6f6d·706c··gy.··-·low_compl 
0003b750:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di 
0003b760:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med 
0003b770:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··- 
0003b780:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede 
0003b790:·640a·2020·2d20·7061·636b·6167·655f·6169··d.··-·package_ai 
0003b7a0:·6465·5f69·6e73·7461·6c6c·6564·0a3c·2f63··de_installed.</c 
0003b7b0:·6f64·653e·3c2f·7072·653e·3c2f·6469·763e··ode></pre></div> 
0003b7c0:·3c61·2063·6c61·7373·3d22·6274·6e20·6274··<a·class="btn·bt 
0003b7d0:·6e2d·7375·6363·6573·7322·2064·6174·612d··n-success"·data- 
0003b7e0:·746f·6767·6c65·3d22·636f·6c6c·6170·7365··toggle="collapse 
0003b7f0:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="# 
0003b800:·6964·6d36·3336·3422·2074·6162·696e·6465··idm6364"·tabinde 
0003b810:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt 
0003b820:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande 
0003b830:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title= 
0003b840:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev 
0003b850:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R 
0003b860:·656d·6564·6961·7469·6f6e·2053·6865·6c6c··emediation·Shell 
0003b870:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a>< 
0003b880:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b890:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b8a0:·6c6c·6170·7365·2220·6964·3d22·6964·6d36··llapse"·id="idm6 
0003b8b0:·3336·3422·3e3c·7461·626c·6520·636c·6173··364"><table·clas 
0003b8c0:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s 
0003b8d0:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor 
0003b8e0:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond 
0003b8f0:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C 
Max diff block lines reached; 22733465/22752261 bytes (99.92%) of diff not shown.
1.65 MB
html2text {}
Max HTML report size reached
21.5 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-pcs-hardening.html
    
Offset 15010, 361 lines modifiedOffset 15010, 361 lines modified
0003aa10:·6172·6765·743d·2223·6964·6d36·3437·3422··arget="#idm6474"0003aa10:·6172·6765·743d·2223·6964·6d36·3437·3422··arget="#idm6474"
0003aa20:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003aa20:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003aa30:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003aa30:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003aa40:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003aa40:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003aa50:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003aa50:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003aa60:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003aa60:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003aa70:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003aa70:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
 0003aa80:·6f6e·2053·6865·6c6c·2073·6372·6970·7420··on·Shell·script·
 0003aa90:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
 0003aaa0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
0003aa80:·6f6e·2041·6e73·6962·6c65·2073·6e69·7070··on·Ansible·snipp 
0003aa90:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d 
0003aaa0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel- 
0003aab0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps 
0003aac0:·6522·2069·643d·2269·646d·3634·3734·223e··e"·id="idm6474"> 
0003aad0:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta 
0003aae0:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe 
0003aaf0:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered 
0003ab00:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed 
0003ab10:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple 
0003ab20:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo 
0003ab30:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr>< 
0003ab40:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</ 
0003ab50:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td>< 
0003ab60:·2f74·723e·3c74·723e·3c74·683e·5265·626f··/tr><tr><th>Rebo 
0003ab70:·6f74·3a3c·2f74·683e·3c74·643e·6661·6c73··ot:</th><td>fals 
0003ab80:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr>< 
0003ab90:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th 
0003aba0:·3e3c·7464·3e72·6573·7472·6963·743c·2f74··><td>restrict</t 
0003abb0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
0003abc0:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name 
0003abd0:·3a20·4761·7468·6572·2074·6865·2070·6163··:·Gather·the·pac 
0003abe0:·6b61·6765·2066·6163·7473·0a20·2070·6163··kage·facts.··pac 
0003abf0:·6b61·6765·5f66·6163·7473·3a0a·2020·2020··kage_facts:.···· 
0003ac00:·6d61·6e61·6765·723a·2061·7574·6f0a·2020··manager:·auto.·· 
0003ac10:·7461·6773·3a0a·2020·2d20·4343·452d·3835··tags:.··-·CCE-85 
0003ac20:·3631·302d·340a·2020·2d20·4449·5341·2d53··610-4.··-·DISA-S 
0003ac30:·5449·472d·534c·4553·2d31·352d·3033·3036··TIG-SLES-15-0306 
0003ac40:·3330·0a20·202d·204e·4953·542d·3830·302d··30.··-·NIST-800- 
0003ac50:·3533·2d41·552d·3928·3329·0a20·202d·204e··53-AU-9(3).··-·N 
0003ac60:·4953·542d·3830·302d·3533·2d41·552d·3928··IST-800-53-AU-9( 
0003ac70:·3329·2e31·0a20·202d·2061·6964·655f·6368··3).1.··-·aide_ch 
0003ac80:·6563·6b5f·6175·6469·745f·746f·6f6c·730a··eck_audit_tools. 
0003ac90:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi 
0003aca0:·7479·0a20·202d·206c·6f77·5f64·6973·7275··ty.··-·low_disru 
0003acb0:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium 
0003acc0:·5f73·6576·6572·6974·790a·2020·2d20·6e6f··_severity.··-·no 
0003acd0:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.· 
0003ace0:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra 
0003acf0:·7465·6779·0a0a·2d20·6e61·6d65·3a20·436f··tegy..-·name:·Co 
0003ad00:·6e66·6967·7572·6520·4149·4445·2074·6f20··nfigure·AIDE·to· 
0003ad10:·5665·7269·6679·2074·6865·2041·7564·6974··Verify·the·Audit 
0003ad20:·2054·6f6f·6c73·202d·2047·6174·6865·7220···Tools·-·Gather· 
0003ad30:·4c69·7374·206f·6620·5061·636b·6167·6573··List·of·Packages 
0003ad40:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE 
0003ad50:·2d38·3536·3130·2d34·0a20·202d·2044·4953··-85610-4.··-·DIS 
0003ad60:·412d·5354·4947·2d53·4c45·532d·3135·2d30··A-STIG-SLES-15-0 
0003ad70:·3330·3633·300a·2020·2d20·4e49·5354·2d38··30630.··-·NIST-8 
0003ad80:·3030·2d35·332d·4155·2d39·2833·290a·2020··00-53-AU-9(3).·· 
0003ad90:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU 
0003ada0:·2d39·2833·292e·310a·2020·2d20·6169·6465··-9(3).1.··-·aide 
0003adb0:·5f63·6865·636b·5f61·7564·6974·5f74·6f6f··_check_audit_too 
0003adc0:·6c73·0a20·202d·2061·6964·655f·6368·6563··ls.··-·aide_chec 
0003add0:·6b5f·6175·6469·745f·746f·6f6c·730a·2020··k_audit_tools.·· 
0003ade0:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity 
0003adf0:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt 
0003ae00:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s 
0003ae10:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r 
0003ae20:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··- 
0003ae30:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate 
0003ae40:·6779·0a20·2061·6e73·6962·6c65·2e62·7569··gy.··ansible.bui 
0003ae50:·6c74·696e·2e70·6163·6b61·6765·5f66·6163··ltin.package_fac 
0003ae60:·7473·3a0a·2020·2020·6d61·6e61·6765·723a··ts:.····manager: 
0003ae70:·2061·7574·6f0a·2020·7768·656e·3a20·2722···auto.··when:·'" 
0003ae80:·6b65·726e·656c·2d64·6566·6175·6c74·2220··kernel-default"· 
0003ae90:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
0003aea0:·2e70·6163·6b61·6765·7327·0a0a·2d20·6e61··.packages'..-·na 
0003aeb0:·6d65·3a20·456e·7375·7265·2061·6964·6520··me:·Ensure·aide· 
0003aec0:·6973·2069·6e73·7461·6c6c·6564·0a20·2070··is·installed.··p 
0003aed0:·6163·6b61·6765·3a0a·2020·2020·6e61·6d65··ackage:.····name 
0003aee0:·3a20·277b·7b20·6974·656d·207d·7d27·0a20··:·'{{·item·}}'.· 
0003aef0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen 
0003af00:·740a·2020·7769·7468·5f69·7465·6d73·3a0a··t.··with_items:. 
0003af10:·2020·2d20·6169·6465·0a20·2077·6865·6e3a····-·aide.··when: 
0003af20:·2027·226b·6572·6e65·6c2d·6465·6661·756c···'"kernel-defaul 
0003af30:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
0003af40:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
0003af50:·7461·6773·3a0a·2020·2d20·4343·452d·3835··tags:.··-·CCE-85 
0003af60:·3631·302d·340a·2020·2d20·4449·5341·2d53··610-4.··-·DISA-S 
0003af70:·5449·472d·534c·4553·2d31·352d·3033·3036··TIG-SLES-15-0306 
0003af80:·3330·0a20·202d·204e·4953·542d·3830·302d··30.··-·NIST-800- 
0003af90:·3533·2d41·552d·3928·3329·0a20·202d·204e··53-AU-9(3).··-·N 
0003afa0:·4953·542d·3830·302d·3533·2d41·552d·3928··IST-800-53-AU-9( 
0003afb0:·3329·2e31·0a20·202d·2061·6964·655f·6368··3).1.··-·aide_ch 
0003afc0:·6563·6b5f·6175·6469·745f·746f·6f6c·730a··eck_audit_tools. 
0003afd0:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi 
0003afe0:·7479·0a20·202d·206c·6f77·5f64·6973·7275··ty.··-·low_disru 
0003aff0:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium 
0003b000:·5f73·6576·6572·6974·790a·2020·2d20·6e6f··_severity.··-·no 
0003b010:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.· 
0003b020:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra 
0003b030:·7465·6779·0a0a·2d20·6e61·6d65·3a20·5365··tegy..-·name:·Se 
0003b040:·7420·6175·6469·745f·746f·6f6c·7320·6661··t·audit_tools·fa 
0003b050:·6374·0a20·2073·6574·5f66·6163·743a·0a20··ct.··set_fact:.· 
0003b060:·2020·2061·7564·6974·5f74·6f6f·6c73·3a0a·····audit_tools:. 
0003b070:·2020·2020·2d20·2f75·7372·2f73·6269·6e2f······-·/usr/sbin/ 
0003b080:·6175·6469·7370·640a·2020·2020·2d20·2f75··audispd.····-·/u 
0003b090:·7372·2f73·6269·6e2f·6175·6469·7463·746c··sr/sbin/auditctl 
0003b0a0:·0a20·2020·202d·202f·7573·722f·7362·696e··.····-·/usr/sbin 
0003b0b0:·2f61·7564·6974·640a·2020·2020·2d20·2f75··/auditd.····-·/u 
0003b0c0:·7372·2f73·6269·6e2f·6175·6765·6e72·756c··sr/sbin/augenrul 
0003b0d0:·6573·0a20·2020·202d·202f·7573·722f·7362··es.····-·/usr/sb 
0003b0e0:·696e·2f61·7572·6570·6f72·740a·2020·2020··in/aureport.···· 
0003b0f0:·2d20·2f75·7372·2f73·6269·6e2f·6175·7365··-·/usr/sbin/ause 
0003b100:·6172·6368·0a20·2020·202d·202f·7573·722f··arch.····-·/usr/ 
0003b110:·7362·696e·2f61·7574·7261·6365·0a20·2077··sbin/autrace.··w 
0003b120:·6865·6e3a·2027·226b·6572·6e65·6c2d·6465··hen:·'"kernel-de 
0003b130:·6661·756c·7422·2069·6e20·616e·7369·626c··fault"·in·ansibl 
0003b140:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
0003b150:·270a·2020·7461·6773·3a0a·2020·2d20·4343··'.··tags:.··-·CC 
0003b160:·452d·3835·3631·302d·340a·2020·2d20·4449··E-85610-4.··-·DI 
0003b170:·5341·2d53·5449·472d·534c·4553·2d31·352d··SA-STIG-SLES-15- 
0003b180:·3033·3036·3330·0a20·202d·204e·4953·542d··030630.··-·NIST- 
0003b190:·3830·302d·3533·2d41·552d·3928·3329·0a20··800-53-AU-9(3).· 
0003b1a0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A 
0003b1b0:·552d·3928·3329·2e31·0a20·202d·2061·6964··U-9(3).1.··-·aid 
0003b1c0:·655f·6368·6563·6b5f·6175·6469·745f·746f··e_check_audit_to 
Max diff block lines reached; 20975476/21023942 bytes (99.77%) of diff not shown.
1.42 MB
html2text {}
    
Offset 101, 14 lines modifiedOffset 101, 82 lines modified
101 Rule·ID:·····xccdf_org.ssgproject.content_rule_aide_check_audit_tools101 Rule·ID:·····xccdf_org.ssgproject.content_rule_aide_check_audit_tools
102 Identifiers:·CCE-85610-4102 Identifiers:·CCE-85610-4
103 ·············_\x8d_\x8i_\x8s_\x8a····CCI-001496,·CCI-001494,·CCI-001495,·CCI-001493103 ·············_\x8d_\x8i_\x8s_\x8a····CCI-001496,·CCI-001494,·CCI-001495,·CCI-001493
104 ·············_\x8n_\x8i_\x8s_\x8t····AU-9(3),·AU-9(3).1104 ·············_\x8n_\x8i_\x8s_\x8t····AU-9(3),·AU-9(3).1
105 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000278-GPOS-00108105 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000278-GPOS-00108
106 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··SLES-15-030630106 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··SLES-15-030630
107 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-234962r991567_rule107 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-234962r991567_rule
 108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
 113 #·Remediation·is·applicable·only·in·certain·platforms
 114 if·rpm·--quiet·-q·kernel-default;·then
  
 115 zypper·install·-y·"aide"
  
  
  
  
  
  
  
  
  
  
 116 if·grep·-i·'^.*/usr/sbin/auditctl.*$'·/etc/aide.conf;·then
 117 sed·-i·"s#.*/usr/sbin/auditctl.*#/usr/sbin/auditctl·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512#"·/etc/
 118 aide.conf
 119 else
 120 echo·"/usr/sbin/auditctl·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512"·>>·/etc/aide.conf
 121 fi
  
 122 if·grep·-i·'^.*/usr/sbin/auditd.*$'·/etc/aide.conf;·then
 123 sed·-i·"s#.*/usr/sbin/auditd.*#/usr/sbin/auditd·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512#"·/etc/aide.conf
 124 else
 125 echo·"/usr/sbin/auditd·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512"·>>·/etc/aide.conf
 126 fi
  
 127 if·grep·-i·'^.*/usr/sbin/ausearch.*$'·/etc/aide.conf;·then
 128 sed·-i·"s#.*/usr/sbin/ausearch.*#/usr/sbin/ausearch·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512#"·/etc/
 129 aide.conf
 130 else
 131 echo·"/usr/sbin/ausearch·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512"·>>·/etc/aide.conf
 132 fi
  
 133 if·grep·-i·'^.*/usr/sbin/aureport.*$'·/etc/aide.conf;·then
 134 sed·-i·"s#.*/usr/sbin/aureport.*#/usr/sbin/aureport·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512#"·/etc/
 135 aide.conf
 136 else
 137 echo·"/usr/sbin/aureport·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512"·>>·/etc/aide.conf
 138 fi
  
 139 if·grep·-i·'^.*/usr/sbin/autrace.*$'·/etc/aide.conf;·then
 140 sed·-i·"s#.*/usr/sbin/autrace.*#/usr/sbin/autrace·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512#"·/etc/aide.conf
 141 else
 142 echo·"/usr/sbin/autrace·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512"·>>·/etc/aide.conf
 143 fi
  
 144 if·grep·-i·'^.*/usr/sbin/augenrules.*$'·/etc/aide.conf;·then
 145 sed·-i·"s#.*/usr/sbin/augenrules.*#/usr/sbin/augenrules·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512#"·/etc/
 146 aide.conf
 147 else
 148 echo·"/usr/sbin/augenrules·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512"·>>·/etc/aide.conf
 149 fi
  
 150 if·grep·-i·'^.*/usr/sbin/audispd.*$'·/etc/aide.conf;·then
 151 sed·-i·"s#.*/usr/sbin/audispd.*#/usr/sbin/audispd·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512#"·/etc/aide.conf
 152 else
 153 echo·"/usr/sbin/audispd·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512"·>>·/etc/aide.conf
 154 fi
  
 155 else
 156 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 157 fi
108 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8158 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
109 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low159 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
110 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low160 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
111 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false161 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
112 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict162 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
113 -·name:·Gather·the·package·facts163 -·name:·Gather·the·package·facts
114 ··package_facts:164 ··package_facts:
Offset 216, 82 lines modifiedOffset 284, 14 lines modified
216 ··-·NIST-800-53-AU-9(3).1284 ··-·NIST-800-53-AU-9(3).1
217 ··-·aide_check_audit_tools285 ··-·aide_check_audit_tools
218 ··-·low_complexity286 ··-·low_complexity
219 ··-·low_disruption287 ··-·low_disruption
220 ··-·medium_severity288 ··-·medium_severity
221 ··-·no_reboot_needed289 ··-·no_reboot_needed
222 ··-·restrict_strategy290 ··-·restrict_strategy
223 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
224 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
225 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
226 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
227 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict 
228 #·Remediation·is·applicable·only·in·certain·platforms 
229 if·rpm·--quiet·-q·kernel-default;·then 
  
230 zypper·install·-y·"aide" 
  
  
  
  
  
  
  
  
  
  
231 if·grep·-i·'^.*/usr/sbin/auditctl.*$'·/etc/aide.conf;·then 
232 sed·-i·"s#.*/usr/sbin/auditctl.*#/usr/sbin/auditctl·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512#"·/etc/ 
233 aide.conf 
234 else 
235 echo·"/usr/sbin/auditctl·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512"·>>·/etc/aide.conf 
236 fi 
  
237 if·grep·-i·'^.*/usr/sbin/auditd.*$'·/etc/aide.conf;·then 
238 sed·-i·"s#.*/usr/sbin/auditd.*#/usr/sbin/auditd·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512#"·/etc/aide.conf 
239 else 
240 echo·"/usr/sbin/auditd·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512"·>>·/etc/aide.conf 
241 fi 
  
242 if·grep·-i·'^.*/usr/sbin/ausearch.*$'·/etc/aide.conf;·then 
243 sed·-i·"s#.*/usr/sbin/ausearch.*#/usr/sbin/ausearch·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512#"·/etc/ 
244 aide.conf 
245 else 
246 echo·"/usr/sbin/ausearch·p+i+n+u+g+s+b+acl+selinux+xattrs+sha512"·>>·/etc/aide.conf 
Max diff block lines reached; 1483025/1488731 bytes (99.62%) of diff not shown.
9.73 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-standard.html
    
Offset 16817, 96 lines modifiedOffset 16817, 96 lines modified
00041b00:·612d·7461·7267·6574·3d22·2369·646d·3933··a-target="#idm9300041b00:·612d·7461·7267·6574·3d22·2369·646d·3933··a-target="#idm93
00041b10:·3839·2220·7461·6269·6e64·6578·3d22·3022··89"·tabindex="0"00041b10:·3839·2220·7461·6269·6e64·6578·3d22·3022··89"·tabindex="0"
00041b20:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a00041b20:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
00041b30:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa00041b30:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
00041b40:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti00041b40:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
00041b50:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·00041b50:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
00041b60:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi00041b60:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
 00041b70:·6174·696f·6e20·5368·656c·6c20·7363·7269··ation·Shell·scri
 00041b80:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
 00041b90:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
 00041ba0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
 00041bb0:·6522·2069·643d·2269·646d·3933·3839·223e··e"·id="idm9389">
 00041bc0:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
 00041bd0:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
00041b70:·6174·696f·6e20·416e·7369·626c·6520·736e··ation·Ansible·sn 
00041b80:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br 
00041b90:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
00041ba0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
00041bb0:·6170·7365·2220·6964·3d22·6964·6d39·3338··apse"·id="idm938 
00041bc0:·3922·3e3c·7461·626c·6520·636c·6173·733d··9"><table·class= 
00041bd0:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str 
00041be0:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde 
00041bf0:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden00041be0:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
 00041bf0:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
 00041c00:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
00041c00:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com 
00041c10:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td 
00041c20:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
00041c30:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption 
00041c40:·3a3c·2f74·683e·3c74·643e·6869·6768·3c2f··:</th><td>high</ 
00041c50:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
00041c60:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td>00041c10:·7869·7479·3a3c·2f74·683e·3c74·643e·6c6f··xity:</th><td>lo
00041c70:·7472·7565·3c2f·7464·3e3c·2f74·723e·3c74··true</td></tr><t 
00041c80:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:< 
00041c90:·2f74·683e·3c74·643e·7061·7463·683c·2f74··/th><td>patch</t 
00041ca0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table>< 
00041cb0:·7072·653e·3c63·6f64·653e·2d20·6e61·6d65··pre><code>-·name 
00041cc0:·3a20·5365·6375·7269·7479·2070·6174·6368··:·Security·patch 
00041cd0:·6573·2061·7265·2075·7020·746f·2064·6174··es·are·up·to·dat 
00041ce0:·650a·2020·7061·636b·6167·653a·0a20·2020··e.··package:.··· 
00041cf0:·206e·616d·653a·2027·2a27·0a20·2020·2073···name:·'*'.····s 
00041d00:·7461·7465·3a20·6c61·7465·7374·0a20·2074··tate:·latest.··t 
00041d10:·6167·733a·0a20·202d·2043·4345·2d38·3332··ags:.··-·CCE-832 
00041d20:·3631·2d38·0a20·202d·2043·4a49·532d·352e··61-8.··-·CJIS-5. 
00041d30:·3130·2e34·2e31·0a20·202d·2044·4953·412d··10.4.1.··-·DISA- 
00041d40:·5354·4947·2d53·4c45·532d·3135·2d30·3130··STIG-SLES-15-010 
00041d50:·3031·300a·2020·2d20·4e49·5354·2d38·3030··010.··-·NIST-800 
00041d60:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-· 
00041d70:·4e49·5354·2d38·3030·2d35·332d·5349·2d32··NIST-800-53-SI-2 
00041d80:·2835·290a·2020·2d20·4e49·5354·2d38·3030··(5).··-·NIST-800 
00041d90:·2d35·332d·5349·2d32·2863·290a·2020·2d20··-53-SI-2(c).··-· 
00041da0:·5043·492d·4453·532d·5265·712d·362e·320a··PCI-DSS-Req-6.2. 
00041db0:·2020·2d20·5043·492d·4453·5376·342d·362e····-·PCI-DSSv4-6. 
00041dc0:·330a·2020·2d20·5043·492d·4453·5376·342d··3.··-·PCI-DSSv4- 
00041dd0:·362e·332e·330a·2020·2d20·6869·6768·5f64··6.3.3.··-·high_d 
00041de0:·6973·7275·7074·696f·6e0a·2020·2d20·6c6f··isruption.··-·lo 
00041df0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··- 
00041e00:·206d·6564·6975·6d5f·7365·7665·7269·7479···medium_severity 
00041e10:·0a20·202d·2070·6174·6368·5f73·7472·6174··.··-·patch_strat 
00041e20:·6567·790a·2020·2d20·7265·626f·6f74·5f72··egy.··-·reboot_r 
00041e30:·6571·7569·7265·640a·2020·2d20·7365·6375··equired.··-·secu 
00041e40:·7269·7479·5f70·6174·6368·6573·5f75·705f··rity_patches_up_ 
00041e50:·746f·5f64·6174·650a·2020·2d20·736b·6970··to_date.··-·skip 
00041e60:·5f61·6e73·6962·6c65·5f6c·696e·740a·3c2f··_ansible_lint.</ 
00041e70:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div 
00041e80:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b 
00041e90:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data 
00041ea0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps 
00041eb0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target=" 
00041ec0:·2369·646d·3933·3930·2220·7461·6269·6e64··#idm9390"·tabind 
00041ed0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but 
00041ee0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand 
00041ef0:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title 
00041f00:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re 
00041f10:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!"> 
00041f20:·5265·6d65·6469·6174·696f·6e20·5368·656c··Remediation·Shel 
00041f30:·6c20·7363·7269·7074·20e2·87b2·3c2f·613e··l·script·...</a> 
00041f40:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class=" 
00041f50:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c 
00041f60:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm 
00041f70:·3933·3930·223e·3c74·6162·6c65·2063·6c61··9390"><table·cla 
00041f80:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table- 
00041f90:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo 
00041fa0:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con 
00041fb0:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th> 
00041fc0:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th> 
00041fd0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
00041fe0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt 
00041ff0:·696f·6e3a·3c2f·7468·3e3c·7464·3e68·6967··ion:</th><td>hig 
00042000:·683c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··h</td></tr><tr><00041c20:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
00042010:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th>< 
00042020:·7464·3e74·7275·653c·2f74·643e·3c2f·7472··td>true</td></tr 
00042030:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg 
00042040:·793a·3c2f·7468·3e3c·7464·3e70·6174·6368··y:</th><td>patch 
00042050:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl 
00042060:·653e·3c70·7265·3e3c·636f·6465·3e0a·0a7a··e><pre><code>..z 
00042070:·7970·7065·7220·7061·7463·6820·2d67·2073··ypper·patch·-g·s 
00042080:·6563·7572·6974·7920·2d79·0a3c·2f63·6f64··ecurity·-y.</cod00041c30:·7468·3e44·6973·7275·7074·696f·6e3a·3c2f··th>Disruption:</
 00041c40:·7468·3e3c·7464·3e68·6967·683c·2f74·643e··th><td>high</td>
 00041c50:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
 00041c60:·6f6f·743a·3c2f·7468·3e3c·7464·3e74·7275··oot:</th><td>tru
 00041c70:·653c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··e</td></tr><tr><
 00041c80:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
 00041c90:·3e3c·7464·3e70·6174·6368·3c2f·7464·3e3c··><td>patch</td><
 00041ca0:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
 00041cb0:·3e3c·636f·6465·3e0a·0a7a·7970·7065·7220··><code>..zypper·
 00041cc0:·7061·7463·6820·2d67·2073·6563·7572·6974··patch·-g·securit
 00041cd0:·7920·2d79·0a3c·2f63·6f64·653e·3c2f·7072··y·-y.</code></pr
 00041ce0:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class
 00041cf0:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes
 00041d00:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="
 00041d10:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t
 00041d20:·6172·6765·743d·2223·6964·6d39·3339·3022··arget="#idm9390"
 00041d30:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
 00041d40:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
 00041d50:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
 00041d60:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
 00041d70:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
 00041d80:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
 00041d90:·6f6e·2041·6e73·6962·6c65·2073·6e69·7070··on·Ansible·snipp
 00041da0:·6574·20e2·87b2·3c2f·613e·3c62·723e·3c64··et·...</a><br><d
 00041db0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
 00041dc0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
 00041dd0:·6522·2069·643d·2269·646d·3933·3930·223e··e"·id="idm9390">
 00041de0:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
 00041df0:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
 00041e00:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
Max diff block lines reached; 9273274/9285168 bytes (99.87%) of diff not shown.
891 KB
html2text {}
    
Offset 276, 14 lines modifiedOffset 276, 22 lines modified
276 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-6.2276 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-6.2
277 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227277 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
278 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010010278 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010010
279 ·············_\x8c_\x8i_\x8s············1.9279 ·············_\x8c_\x8i_\x8s············1.9
280 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R61280 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R61
281 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········6.3.3,·6.3281 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········6.3.3,·6.3
282 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-234802r991589_rule282 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-234802r991589_rule
 283 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 284 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 285 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·high
 286 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
 287 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···patch
  
  
 288 zypper·patch·-g·security·-y
283 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8289 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
284 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low290 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
285 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·high291 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·high
286 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true292 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true
287 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···patch293 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···patch
288 -·name:·Security·patches·are·up·to·date294 -·name:·Security·patches·are·up·to·date
289 ··package:295 ··package:
Offset 302, 22 lines modifiedOffset 310, 14 lines modified
302 ··-·high_disruption310 ··-·high_disruption
303 ··-·low_complexity311 ··-·low_complexity
304 ··-·medium_severity312 ··-·medium_severity
305 ··-·patch_strategy313 ··-·patch_strategy
306 ··-·reboot_required314 ··-·reboot_required
307 ··-·security_patches_up_to_date315 ··-·security_patches_up_to_date
308 ··-·skip_ansible_lint316 ··-·skip_ansible_lint
309 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
310 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
311 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·high 
312 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····true 
313 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···patch 
  
  
314 zypper·patch·-g·security·-y 
315 Group  ·Account·and·Access·Control·  Group·contains·6·groups·and·7·rules317 Group  ·Account·and·Access·Control·  Group·contains·6·groups·and·7·rules
316 _\x8[_\x8r_\x8e_\x8f_\x8]  ·In·traditional·Unix·security,·if·an·attacker·gains·shell·access·to·a·certain·login·account,318 _\x8[_\x8r_\x8e_\x8f_\x8]  ·In·traditional·Unix·security,·if·an·attacker·gains·shell·access·to·a·certain·login·account,
317 they·can·perform·any·action·or·access·any·file·to·which·that·account·has·access.·Therefore,·making·it319 they·can·perform·any·action·or·access·any·file·to·which·that·account·has·access.·Therefore,·making·it
318 more·difficult·for·unauthorized·people·to·gain·shell·access·to·accounts,·particularly·to·privileged320 more·difficult·for·unauthorized·people·to·gain·shell·access·to·accounts,·particularly·to·privileged
319 accounts,·is·a·necessary·part·of·securing·a·system.·This·section·introduces·mechanisms·for321 accounts,·is·a·necessary·part·of·securing·a·system.·This·section·introduces·mechanisms·for
320 restricting·access·to·accounts·under·SUSE·Linux·Enterprise·15.322 restricting·access·to·accounts·under·SUSE·Linux·Enterprise·15.
321 Group  ·Protect·Accounts·by·Configuring·PAM·  Group·contains·2·groups·and·2·rules323 Group  ·Protect·Accounts·by·Configuring·PAM·  Group·contains·2·groups·and·2·rules
Offset 526, 14 lines modifiedOffset 526, 344 lines modified
526 ·············_\x8n_\x8i_\x8s_\x8t···········AC-9,·AC-9(1)526 ·············_\x8n_\x8i_\x8s_\x8t···········AC-9,·AC-9(1)
527 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-7527 ·············_\x8n_\x8i_\x8s_\x8t_\x8-_\x8c_\x8s_\x8f·······PR.AC-7
528 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.2.4528 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-10.2.4
529 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227529 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000480-GPOS-00227
530 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-020080530 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-020080
531 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.2.1.4,·10.2.1,·10.2531 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········10.2.1.4,·10.2.1,·10.2
532 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-234873r991589_rule532 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-234873r991589_rule
 533 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 534 #·Remediation·is·applicable·only·in·certain·platforms
 535 if·rpm·--quiet·-q·pam;·then
  
 536 if·[·-f·/usr/bin/authselect·];·then
 537 ····if·authselect·list-features·sssd·|·grep·-q·with-silent-lastlog;·then
 538 ········if·!·authselect·check;·then
 539 ········echo·"
 540 ········authselect·integrity·check·failed.·Remediation·aborted!
 541 ········This·remediation·could·not·be·applied·because·an·authselect·profile·was·not·selected·or·the
 542 selected·profile·is·not·intact.
 543 ········It·is·not·recommended·to·manually·edit·the·PAM·files·when·authselect·tool·is·available.
 544 ········In·cases·where·the·default·authselect·profile·does·not·cover·a·specific·demand,·a·custom
 545 authselect·profile·is·recommended."
 546 ········exit·1
 547 ········fi
 548 ········authselect·disable-feature·with-silent-lastlog
  
 549 ········authselect·apply-changes·-b
 550 ····else
  
 551 ········if·!·authselect·check;·then
 552 ········echo·"
 553 ········authselect·integrity·check·failed.·Remediation·aborted!
 554 ········This·remediation·could·not·be·applied·because·an·authselect·profile·was·not·selected·or·the
 555 selected·profile·is·not·intact.
 556 ········It·is·not·recommended·to·manually·edit·the·PAM·files·when·authselect·tool·is·available.
 557 ········In·cases·where·the·default·authselect·profile·does·not·cover·a·specific·demand,·a·custom
 558 authselect·profile·is·recommended."
 559 ········exit·1
 560 ········fi
  
 561 ········CURRENT_PROFILE=$(authselect·current·-r·|·awk·'{·print·$1·}')
 562 ········#·If·not·already·in·use,·a·custom·profile·is·created·preserving·the·enabled·features.
 563 ········if·[[·!·$CURRENT_PROFILE·==·custom/*·]];·then
 564 ············ENABLED_FEATURES=$(authselect·current·|·tail·-n+3·|·awk·'{·print·$2·}')
 565 ············#·The·"local"·profile·does·not·contain·essential·security·features·required·by·multiple
 566 Benchmarks.
 567 ············#·If·currently·used,·it·is·replaced·by·"sssd",·which·is·the·best·option·in·this·case.
 568 ············if·[[·$CURRENT_PROFILE·==·local·]];·then
 569 ················CURRENT_PROFILE="sssd"
 570 ············fi
 571 ············authselect·create-profile·hardening·-b·$CURRENT_PROFILE
 572 ············CURRENT_PROFILE="custom/hardening"
  
 573 ············authselect·apply-changes·-b·--backup=before-hardening-custom-profile
 574 ············authselect·select·$CURRENT_PROFILE
 575 ············for·feature·in·$ENABLED_FEATURES;·do
 576 ················authselect·enable-feature·$feature;
 577 ············done
  
 578 ············authselect·apply-changes·-b·--backup=after-hardening-custom-profile
 579 ········fi
 580 ········PAM_FILE_NAME=$(basename·"/etc/pam.d/login")
 581 ········PAM_FILE_PATH="/etc/authselect/$CURRENT_PROFILE/$PAM_FILE_NAME"
  
 582 ········authselect·apply-changes·-b
 583 ········if·[·-e·"$PAM_FILE_PATH"·]·;·then
 584 ············PAM_FILE_PATH="$PAM_FILE_PATH"
 585 ············if·[·-f·/usr/bin/authselect·];·then
  
 586 ················if·!·authselect·check;·then
 587 ················echo·"
 588 ················authselect·integrity·check·failed.·Remediation·aborted!
 589 ················This·remediation·could·not·be·applied·because·an·authselect·profile·was·not·selected
 590 or·the·selected·profile·is·not·intact.
 591 ················It·is·not·recommended·to·manually·edit·the·PAM·files·when·authselect·tool·is
 592 available.
 593 ················In·cases·where·the·default·authselect·profile·does·not·cover·a·specific·demand,·a
 594 custom·authselect·profile·is·recommended."
 595 ················exit·1
 596 ················fi
  
 597 ················CURRENT_PROFILE=$(authselect·current·-r·|·awk·'{·print·$1·}')
Max diff block lines reached; 894571/912547 bytes (98.03%) of diff not shown.
21.6 MB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-stig.html
    
Offset 15145, 145 lines modifiedOffset 15145, 145 lines modified
0003b280:·7267·6574·3d22·2369·646d·3633·3632·2220··rget="#idm6362"·0003b280:·7267·6574·3d22·2369·646d·3633·3632·2220··rget="#idm6362"·
0003b290:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol0003b290:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
0003b2a0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-0003b2a0:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
0003b2b0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"0003b2b0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
0003b2c0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate0003b2c0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
0003b2d0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href0003b2d0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
0003b2e0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio0003b2e0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
0003b2f0:·6e20·4f53·4275·696c·6420·426c·7565·7072··n·OSBuild·Bluepr 
0003b300:·696e·7420·736e·6970·7065·7420·e287·b23c··int·snippet·...< 
0003b310:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas 
0003b320:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps 
0003b330:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id=" 
0003b340:·6964·6d36·3336·3222·3e3c·7072·653e·3c63··idm6362"><pre><c 
0003b350:·6f64·653e·0a5b·5b70·6163·6b61·6765·735d··ode>.[[packages] 
0003b360:·5d0a·6e61·6d65·203d·2022·6169·6465·220a··].name·=·"aide". 
0003b370:·7665·7273·696f·6e20·3d20·222a·220a·3c2f··version·=·"*".</0003b2f0:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
 0003b300:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
 0003b310:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
 0003b320:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
 0003b330:·643d·2269·646d·3633·3632·223e·3c74·6162··d="idm6362"><tab
 0003b340:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
 0003b350:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
 0003b360:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
 0003b370:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
 0003b380:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
 0003b390:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
 0003b3a0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e44··d></tr><tr><th>D
 0003b3b0:·6973·7275·7074·696f·6e3a·3c2f·7468·3e3c··isruption:</th><
 0003b3c0:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
 0003b3d0:·3c74·723e·3c74·683e·5265·626f·6f74·3a3c··<tr><th>Reboot:<
 0003b3e0:·2f74·683e·3c74·643e·6661·6c73·653c·2f74··/th><td>false</t
 0003b3f0:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
 0003b400:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
 0003b410:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr
 0003b420:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
 0003b430:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
 0003b440:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
 0003b450:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
 0003b460:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm
 0003b470:·202d·2d71·7569·6574·202d·7120·6b65·726e···--quiet·-q·kern
 0003b480:·656c·2d64·6566·6175·6c74·3b20·7468·656e··el-default;·then
 0003b490:·0a0a·7a79·7070·6572·2069·6e73·7461·6c6c··..zypper·install
 0003b4a0:·202d·7920·2261·6964·6522·0a0a·656c·7365···-y·"aide"..else
 0003b4b0:·0a20·2020·2026·6774·3b26·616d·703b·3220··.····&gt;&amp;2·
 0003b4c0:·6563·686f·2027·5265·6d65·6469·6174·696f··echo·'Remediatio
 0003b4d0:·6e20·6973·206e·6f74·2061·7070·6c69·6361··n·is·not·applica
 0003b4e0:·626c·652c·206e·6f74·6869·6e67·2077·6173··ble,·nothing·was
 0003b4f0:·2064·6f6e·6527·0a66·690a·3c2f·636f·6465···done'.fi.</code
0003b380:·636f·6465·3e3c·2f70·7265·3e3c·2f64·6976··code></pre></div0003b500:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
0003b390:·3e3c·6120·636c·6173·733d·2262·746e·2062··><a·class="btn·b0003b510:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
0003b3a0:·746e·2d73·7563·6365·7373·2220·6461·7461··tn-success"·data0003b520:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
0003b3b0:·2d74·6f67·676c·653d·2263·6f6c·6c61·7073··-toggle="collaps0003b530:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
0003b3c0:·6522·2064·6174·612d·7461·7267·6574·3d22··e"·data-target="0003b540:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm
0003b3d0:·2369·646d·3633·3633·2220·7461·6269·6e64··#idm6363"·tabind0003b550:·3633·3633·2220·7461·6269·6e64·6578·3d22··6363"·tabindex="
0003b3e0:·6578·3d22·3022·2072·6f6c·653d·2262·7574··ex="0"·role="but0003b560:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"
0003b3f0:·746f·6e22·2061·7269·612d·6578·7061·6e64··ton"·aria-expand0003b570:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="
0003b400:·6564·3d22·6661·6c73·6522·2074·6974·6c65··ed="false"·title0003b580:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac
0003b410:·3d22·4163·7469·7661·7465·2074·6f20·7265··="Activate·to·re0003b590:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal
0003b420:·7665·616c·2220·6872·6566·3d22·2321·223e··veal"·href="#!">0003b5a0:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme
0003b430:·5265·6d65·6469·6174·696f·6e20·416e·7369··Remediation·Ansi0003b5b0:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·
0003b440:·626c·6520·736e·6970·7065·7420·e287·b23c··ble·snippet·...<0003b5c0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a><
0003b450:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0003b5d0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
0003b460:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0003b5e0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
0003b470:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0003b5f0:·6c6c·6170·7365·2220·6964·3d22·6964·6d36··llapse"·id="idm6
0003b480:·6964·6d36·3336·3322·3e3c·7461·626c·6520··idm6363"><table·0003b600:·3336·3322·3e3c·7461·626c·6520·636c·6173··363"><table·clas
0003b490:·636c·6173·733d·2274·6162·6c65·2074·6162··class="table·tab0003b610:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
0003b4a0:·6c65·2d73·7472·6970·6564·2074·6162·6c65··le-striped·table0003b620:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
0003b4b0:·2d62·6f72·6465·7265·6420·7461·626c·652d··-bordered·table-0003b630:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
0003b4c0:·636f·6e64·656e·7365·6422·3e3c·7472·3e3c··condensed"><tr><0003b640:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
0003b4d0:·7468·3e43·6f6d·706c·6578·6974·793a·3c2f··th>Complexity:</0003b650:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003b4e0:·7468·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c··th><td>low</td><0003b660:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
0003b4f0:·2f74·723e·3c74·723e·3c74·683e·4469·7372··/tr><tr><th>Disr0003b670:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
0003b500:·7570·7469·6f6e·3a3c·2f74·683e·3c74·643e··uption:</th><td>0003b680:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
0003b510:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··low</td></tr><tr0003b690:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
0003b520:·3e3c·7468·3e52·6562·6f6f·743a·3c2f·7468··><th>Reboot:</th0003b6a0:·3e52·6562·6f6f·743a·3c2f·7468·3e3c·7464··>Reboot:</th><td
0003b530:·3e3c·7464·3e66·616c·7365·3c2f·7464·3e3c··><td>false</td>< 
0003b540:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra 
0003b550:·7465·6779·3a3c·2f74·683e·3c74·643e·656e··tegy:</th><td>en 
0003b560:·6162·6c65·3c2f·7464·3e3c·2f74·723e·3c2f··able</td></tr></0003b6b0:·3e66·616c·7365·3c2f·7464·3e3c·2f74·723e··>false</td></tr>
 0003b6c0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
 0003b6d0:·3a3c·2f74·683e·3c74·643e·656e·6162·6c65··:</th><td>enable
0003b570:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code 
0003b580:·3e2d·206e·616d·653a·2047·6174·6865·7220··>-·name:·Gather· 
0003b590:·7468·6520·7061·636b·6167·6520·6661·6374··the·package·fact 
0003b5a0:·730a·2020·7061·636b·6167·655f·6661·6374··s.··package_fact 
0003b5b0:·733a·0a20·2020·206d·616e·6167·6572·3a20··s:.····manager:· 
0003b5c0:·6175·746f·0a20·2074·6167·733a·0a20·202d··auto.··tags:.··- 
0003b5d0:·2043·4345·2d38·3332·3839·2d39·0a20·202d···CCE-83289-9.··- 
0003b5e0:·2043·4a49·532d·352e·3130·2e31·2e33·0a20···CJIS-5.10.1.3.· 
0003b5f0:·202d·2044·4953·412d·5354·4947·2d53·4c45···-·DISA-STIG-SLE 
0003b600:·532d·3135·2d30·3130·3431·390a·2020·2d20··S-15-010419.··-· 
0003b610:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6 
0003b620:·2861·290a·2020·2d20·5043·492d·4453·532d··(a).··-·PCI-DSS- 
0003b630:·5265·712d·3131·2e35·0a20·202d·2050·4349··Req-11.5.··-·PCI 
0003b640:·2d44·5353·7634·2d31·312e·352e·320a·2020··-DSSv4-11.5.2.·· 
0003b650:·2d20·656e·6162·6c65·5f73·7472·6174·6567··-·enable_strateg 
0003b660:·790a·2020·2d20·6c6f·775f·636f·6d70·6c65··y.··-·low_comple 
0003b670:·7869·7479·0a20·202d·206c·6f77·5f64·6973··xity.··-·low_dis 
0003b680:·7275·7074·696f·6e0a·2020·2d20·6d65·6469··ruption.··-·medi 
0003b690:·756d·5f73·6576·6572·6974·790a·2020·2d20··um_severity.··-· 
0003b6a0:·6e6f·5f72·6562·6f6f·745f·6e65·6564·6564··no_reboot_needed 
0003b6b0:·0a20·202d·2070·6163·6b61·6765·5f61·6964··.··-·package_aid 
0003b6c0:·655f·696e·7374·616c·6c65·640a·0a2d·206e··e_installed..-·n 
0003b6d0:·616d·653a·2045·6e73·7572·6520·6169·6465··ame:·Ensure·aide 
0003b6e0:·2069·7320·696e·7374·616c·6c65·640a·2020···is·installed.·· 
0003b6f0:·7061·636b·6167·653a·0a20·2020·206e·616d··package:.····nam 
0003b700:·653a·2061·6964·650a·2020·2020·7374·6174··e:·aide.····stat 
0003b710:·653a·2070·7265·7365·6e74·0a20·2077·6865··e:·present.··whe 
0003b720:·6e3a·2027·226b·6572·6e65·6c2d·6465·6661··n:·'"kernel-defa 
0003b730:·756c·7422·2069·6e20·616e·7369·626c·655f··ult"·in·ansible_ 
0003b740:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
0003b750:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE- 
0003b760:·3833·3238·392d·390a·2020·2d20·434a·4953··83289-9.··-·CJIS 
0003b770:·2d35·2e31·302e·312e·330a·2020·2d20·4449··-5.10.1.3.··-·DI 
0003b780:·5341·2d53·5449·472d·534c·4553·2d31·352d··SA-STIG-SLES-15- 
0003b790:·3031·3034·3139·0a20·202d·204e·4953·542d··010419.··-·NIST- 
0003b7a0:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).· 
0003b7b0:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1 
0003b7c0:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv 
0003b7d0:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena 
0003b7e0:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··- 
0003b7f0:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity. 
0003b800:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti 
0003b810:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se 
0003b820:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re 
0003b830:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-· 
0003b840:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins 
Max diff block lines reached; 21034591/21053249 bytes (99.91%) of diff not shown.
1.54 MB
html2text {}
    
Offset 118, 19 lines modifiedOffset 118, 27 lines modified
118 include·install_aide118 include·install_aide
  
119 class·install_aide·{119 class·install_aide·{
120 ··package·{·'aide':120 ··package·{·'aide':
121 ····ensure·=>·'installed',121 ····ensure·=>·'installed',
122 ··}122 ··}
123 }123 }
124 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8124 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 125 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 126 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 127 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 128 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 129 #·Remediation·is·applicable·only·in·certain·platforms
 130 if·rpm·--quiet·-q·kernel-default;·then
  
125 [[packages]] 
126 name·=·"aide" 
127 version·=·"*"131 zypper·install·-y·"aide"
  
 132 else
 133 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 134 fi
128 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
129 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
130 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
131 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
132 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
133 -·name:·Gather·the·package·facts140 -·name:·Gather·the·package·facts
134 ··package_facts:141 ··package_facts:
Offset 163, 27 lines modifiedOffset 171, 19 lines modified
163 ··-·PCI-DSSv4-11.5.2171 ··-·PCI-DSSv4-11.5.2
164 ··-·enable_strategy172 ··-·enable_strategy
165 ··-·low_complexity173 ··-·low_complexity
166 ··-·low_disruption174 ··-·low_disruption
167 ··-·medium_severity175 ··-·medium_severity
168 ··-·no_reboot_needed176 ··-·no_reboot_needed
169 ··-·package_aide_installed177 ··-·package_aide_installed
 178 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
170 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
171 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
172 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
173 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
174 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
175 #·Remediation·is·applicable·only·in·certain·platforms 
176 if·rpm·--quiet·-q·kernel-default;·then 
  
177 zypper·install·-y·"aide" 
  
178 else 
179 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
180 fi179 [[packages]]
 180 name·=·"aide"
 181 version·=·"*"
181 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*182 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
182 Run·the·following·command·to·generate·a·new·database:183 Run·the·following·command·to·generate·a·new·database:
183 $·sudo·/usr/bin/aide·--init184 $·sudo·/usr/bin/aide·--init
184 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/185 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/
185 aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database186 aide·(or·hashes·of·these·files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-generated·database
186 can·be·installed·as·follows:187 can·be·installed·as·follows:
187 $·sudo·cp·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db188 $·sudo·cp·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db
Offset 208, 14 lines modifiedOffset 208, 29 lines modified
208 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5208 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
209 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199209 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
210 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010419210 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLES-15-010419
211 ·············_\x8c_\x8i_\x8s············1.4.1211 ·············_\x8c_\x8i_\x8s············1.4.1
212 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79212 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
213 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2213 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
214 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255922r958794_rule214 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-255922r958794_rule
 215 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 216 #·Remediation·is·applicable·only·in·certain·platforms
 217 if·rpm·--quiet·-q·kernel-default;·then
  
 218 zypper·-q·--no-remote·ref
  
  
 219 zypper·install·-y·"aide"
  
 220 /usr/bin/aide·--init
 221 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db
  
 222 else
 223 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 224 fi
215 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8225 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
216 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low226 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
217 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low227 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
218 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false228 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
219 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict229 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
220 -·name:·Gather·the·package·facts230 -·name:·Gather·the·package·facts
221 ··package_facts:231 ··package_facts:
Offset 328, 29 lines modifiedOffset 343, 14 lines modified
328 ··-·PCI-DSSv4-11.5.2343 ··-·PCI-DSSv4-11.5.2
329 ··-·aide_build_database344 ··-·aide_build_database
330 ··-·low_complexity345 ··-·low_complexity
331 ··-·low_disruption346 ··-·low_disruption
332 ··-·medium_severity347 ··-·medium_severity
333 ··-·no_reboot_needed348 ··-·no_reboot_needed
334 ··-·restrict_strategy349 ··-·restrict_strategy
335 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
336 #·Remediation·is·applicable·only·in·certain·platforms 
337 if·rpm·--quiet·-q·kernel-default;·then 
  
338 zypper·-q·--no-remote·ref 
  
  
339 zypper·install·-y·"aide" 
  
340 /usr/bin/aide·--init 
341 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db 
  
342 else 
343 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
344 fi 
345 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·A\x8AI\x8ID\x8DE\x8E·t\x8to\x8o·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·t\x8th\x8he\x8e·A\x8Au\x8ud\x8di\x8it\x8t·T\x8To\x8oo\x8ol\x8ls\x8s·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*350 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·A\x8AI\x8ID\x8DE\x8E·t\x8to\x8o·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·t\x8th\x8he\x8e·A\x8Au\x8ud\x8di\x8it\x8t·T\x8To\x8oo\x8ol\x8ls\x8s·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
346 The·operating·system·file·integrity·tool·must·be·configured·to·protect·the·integrity·of·the·audit·tools.351 The·operating·system·file·integrity·tool·must·be·configured·to·protect·the·integrity·of·the·audit·tools.
347 ·············Protecting·the·integrity·of·the·tools·used·for·auditing·purposes·is·a·critical·step·toward·ensuring·the·integrity·of·audit·information.·Audit·information352 ·············Protecting·the·integrity·of·the·tools·used·for·auditing·purposes·is·a·critical·step·toward·ensuring·the·integrity·of·audit·information.·Audit·information
348 ·············includes·all·information·(e.g.,·audit·records,·audit·settings,·and·audit·reports)·needed·to·successfully·audit·information·system·activity.·Audit·tools353 ·············includes·all·information·(e.g.,·audit·records,·audit·settings,·and·audit·reports)·needed·to·successfully·audit·information·system·activity.·Audit·tools
349 ·············include·but·are·not·limited·to·vendor-provided·and·open-source·audit·tools·needed·to·successfully·view·and·manipulate·audit·information·system·activity354 ·············include·but·are·not·limited·to·vendor-provided·and·open-source·audit·tools·needed·to·successfully·view·and·manipulate·audit·information·system·activity
350 Rationale:···and·records.·Audit·tools·include·custom·queries·and·report·generators.·It·is·not·uncommon·for·attackers·to·replace·the·audit·tools·or·inject·code·into·the355 Rationale:···and·records.·Audit·tools·include·custom·queries·and·report·generators.·It·is·not·uncommon·for·attackers·to·replace·the·audit·tools·or·inject·code·into·the
351 ·············existing·tools·to·provide·the·capability·to·hide·or·erase·system·activity·from·the·audit·logs.·To·address·this·risk,·audit·tools·must·be·cryptographically356 ·············existing·tools·to·provide·the·capability·to·hide·or·erase·system·activity·from·the·audit·logs.·To·address·this·risk,·audit·tools·must·be·cryptographically
Offset 360, 14 lines modifiedOffset 360, 78 lines modified
360 Rule·ID:·····xccdf_org.ssgproject.content_rule_aide_check_audit_tools360 Rule·ID:·····xccdf_org.ssgproject.content_rule_aide_check_audit_tools
361 Identifiers:·CCE-85610-4361 Identifiers:·CCE-85610-4
362 ·············_\x8d_\x8i_\x8s_\x8a····CCI-001496,·CCI-001494,·CCI-001495,·CCI-001493362 ·············_\x8d_\x8i_\x8s_\x8a····CCI-001496,·CCI-001494,·CCI-001495,·CCI-001493
363 ·············_\x8n_\x8i_\x8s_\x8t····AU-9(3),·AU-9(3).1363 ·············_\x8n_\x8i_\x8s_\x8t····AU-9(3),·AU-9(3).1
364 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000278-GPOS-00108364 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000278-GPOS-00108
365 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··SLES-15-030630365 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··SLES-15-030630
Max diff block lines reached; 1611761/1617378 bytes (99.65%) of diff not shown.
18.5 MB
./usr/share/doc/ssg-nondebian/ssg-slmicro5-guide-cis.html
    
Offset 15232, 145 lines modifiedOffset 15232, 145 lines modified
0003b7f0:·6574·3d22·2369·646d·3238·3731·2220·7461··et="#idm2871"·ta0003b7f0:·6574·3d22·2369·646d·3238·3731·2220·7461··et="#idm2871"·ta
0003b800:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=0003b800:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role=
0003b810:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex0003b810:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex
0003b820:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t0003b820:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t
0003b830:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t0003b830:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t
0003b840:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="0003b840:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href="
0003b850:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·0003b850:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation·
0003b860:·4f53·4275·696c·6420·426c·7565·7072·696e··OSBuild·Blueprin 
0003b870:·7420·736e·6970·7065·7420·e287·b23c·2f61··t·snippet·...</a 
0003b880:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class= 
0003b890:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse· 
0003b8a0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id 
0003b8b0:·6d32·3837·3122·3e3c·7072·653e·3c63·6f64··m2871"><pre><cod 
0003b8c0:·653e·0a5b·5b70·6163·6b61·6765·735d·5d0a··e>.[[packages]]. 
0003b8d0:·6e61·6d65·203d·2022·6169·6465·220a·7665··name·=·"aide".ve 
0003b8e0:·7273·696f·6e20·3d20·222a·220a·3c2f·636f··rsion·=·"*".</co0003b860:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·...
 0003b870:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
 0003b880:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
 0003b890:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
 0003b8a0:·2269·646d·3238·3731·223e·3c74·6162·6c65··"idm2871"><table
 0003b8b0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
 0003b8c0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
 0003b8d0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
 0003b8e0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
 0003b8f0:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
 0003b900:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003b910:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
 0003b920:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
 0003b930:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
 0003b940:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t
 0003b950:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td>
 0003b960:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
 0003b970:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e
 0003b980:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><
 0003b990:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
 0003b9a0:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
 0003b9b0:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
 0003b9c0:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
 0003b9d0:·6174·666f·726d·730a·6966·2072·706d·202d··atforms.if·rpm·-
 0003b9e0:·2d71·7569·6574·202d·7120·6b65·726e·656c··-quiet·-q·kernel
 0003b9f0:·2d64·6566·6175·6c74·3b20·7468·656e·0a0a··-default;·then..
 0003ba00:·7a79·7070·6572·2069·6e73·7461·6c6c·202d··zypper·install·-
 0003ba10:·7920·2261·6964·6522·0a0a·656c·7365·0a20··y·"aide"..else.·
 0003ba20:·2020·2026·6774·3b26·616d·703b·3220·6563·····&gt;&amp;2·ec
 0003ba30:·686f·2027·5265·6d65·6469·6174·696f·6e20··ho·'Remediation·
 0003ba40:·6973·206e·6f74·2061·7070·6c69·6361·626c··is·not·applicabl
 0003ba50:·652c·206e·6f74·6869·6e67·2077·6173·2064··e,·nothing·was·d
 0003ba60:·6f6e·6527·0a66·690a·3c2f·636f·6465·3e3c··one'.fi.</code><
0003b8f0:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><0003ba70:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl
0003b900:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn0003ba80:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc
0003b910:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t0003ba90:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl
0003b920:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"0003baa0:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat
0003b930:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i0003bab0:·612d·7461·7267·6574·3d22·2369·646d·3238··a-target="#idm28
0003b940:·646d·3238·3732·2220·7461·6269·6e64·6578··dm2872"·tabindex0003bac0:·3732·2220·7461·6269·6e64·6578·3d22·3022··72"·tabindex="0"
0003b950:·3d22·3022·2072·6f6c·653d·2262·7574·746f··="0"·role="butto0003bad0:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003b960:·6e22·2061·7269·612d·6578·7061·6e64·6564··n"·aria-expanded0003bae0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003b970:·3d22·6661·6c73·6522·2074·6974·6c65·3d22··="false"·title="0003baf0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003b980:·4163·7469·7661·7465·2074·6f20·7265·7665··Activate·to·reve0003bb00:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003b990:·616c·2220·6872·6566·3d22·2321·223e·5265··al"·href="#!">Re0003bb10:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
0003b9a0:·6d65·6469·6174·696f·6e20·416e·7369·626c··mediation·Ansibl0003bb20:·6174·696f·6e20·416e·7369·626c·6520·736e··ation·Ansible·sn
0003b9b0:·6520·736e·6970·7065·7420·e287·b23c·2f61··e·snippet·...</a0003bb30:·6970·7065·7420·e287·b23c·2f61·3e3c·6272··ippet·...</a><br
0003b9c0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=0003bb40:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
0003b9d0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·0003bb50:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
0003b9e0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id0003bb60:·6170·7365·2220·6964·3d22·6964·6d32·3837··apse"·id="idm287
0003b9f0:·6d32·3837·3222·3e3c·7461·626c·6520·636c··m2872"><table·cl0003bb70:·3222·3e3c·7461·626c·6520·636c·6173·733d··2"><table·class=
0003ba00:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table0003bb80:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
0003ba10:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b0003bb90:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
0003ba20:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co0003bba0:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
0003ba30:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th0003bbb0:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
0003ba40:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th0003bbc0:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
0003ba50:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t0003bbd0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
0003ba60:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup0003bbe0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
0003ba70:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo0003bbf0:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
0003ba80:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><0003bc00:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e52··d></tr><tr><th>R
0003ba90:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><0003bc10:·6562·6f6f·743a·3c2f·7468·3e3c·7464·3e66··eboot:</th><td>f
0003baa0:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t 
0003bab0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate 
0003bac0:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab 
0003bad0:·6c65·3c2f·7464·3e3c·2f74·723e·3c2f·7461··le</td></tr></ta0003bc20:·616c·7365·3c2f·7464·3e3c·2f74·723e·3c74··alse</td></tr><t
 0003bc30:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
 0003bc40:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
 0003bc50:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
0003bae0:·626c·653e·3c70·7265·3e3c·636f·6465·3e2d··ble><pre><code>-0003bc60:·3c70·7265·3e3c·636f·6465·3e2d·206e·616d··<pre><code>-·nam
0003baf0:·206e·616d·653a·2047·6174·6865·7220·7468···name:·Gather·th0003bc70:·653a·2047·6174·6865·7220·7468·6520·7061··e:·Gather·the·pa
0003bb00:·6520·7061·636b·6167·6520·6661·6374·730a··e·package·facts.0003bc80:·636b·6167·6520·6661·6374·730a·2020·7061··ckage·facts.··pa
0003bb10:·2020·7061·636b·6167·655f·6661·6374·733a····package_facts:0003bc90:·636b·6167·655f·6661·6374·733a·0a20·2020··ckage_facts:.···
0003bb20:·0a20·2020·206d·616e·6167·6572·3a20·6175··.····manager:·au0003bca0:·206d·616e·6167·6572·3a20·6175·746f·0a20···manager:·auto.·
0003bb30:·746f·0a20·2074·6167·733a·0a20·202d·2043··to.··tags:.··-·C 
0003bb40:·4345·2d39·3337·3538·2d31·0a20·202d·2043··CE-93758-1.··-·C 
0003bb50:·4a49·532d·352e·3130·2e31·2e33·0a20·202d··JIS-5.10.1.3.··- 
0003bb60:·2044·4953·412d·5354·4947·2d53·4c45·4d2d···DISA-STIG-SLEM- 
0003bb70:·3035·2d36·3531·3031·300a·2020·2d20·4e49··05-651010.··-·NI 
0003bb80:·5354·2d38·3030·2d35·332d·434d·2d36·2861··ST-800-53-CM-6(a 
0003bb90:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re 
0003bba0:·712d·3131·2e35·0a20·202d·2050·4349·2d44··q-11.5.··-·PCI-D 
0003bbb0:·5353·7634·2d31·312e·352e·320a·2020·2d20··SSv4-11.5.2.··-· 
0003bbc0:·656e·6162·6c65·5f73·7472·6174·6567·790a··enable_strategy. 
0003bbd0:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi 
0003bbe0:·7479·0a20·202d·206c·6f77·5f64·6973·7275··ty.··-·low_disru 
0003bbf0:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium 
0003bc00:·5f73·6576·6572·6974·790a·2020·2d20·6e6f··_severity.··-·no 
0003bc10:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.· 
0003bc20:·202d·2070·6163·6b61·6765·5f61·6964·655f···-·package_aide_ 
0003bc30:·696e·7374·616c·6c65·640a·0a2d·206e·616d··installed..-·nam 
0003bc40:·653a·2045·6e73·7572·6520·6169·6465·2069··e:·Ensure·aide·i 
0003bc50:·7320·696e·7374·616c·6c65·640a·2020·7061··s·installed.··pa 
0003bc60:·636b·6167·653a·0a20·2020·206e·616d·653a··ckage:.····name: 
0003bc70:·2061·6964·650a·2020·2020·7374·6174·653a···aide.····state: 
0003bc80:·2070·7265·7365·6e74·0a20·2077·6865·6e3a···present.··when: 
0003bc90:·2027·226b·6572·6e65·6c2d·6465·6661·756c···'"kernel-defaul 
0003bca0:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
0003bcb0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
0003bcc0:·7461·6773·3a0a·2020·2d20·4343·452d·3933··tags:.··-·CCE-930003bcb0:·2074·6167·733a·0a20·202d·2043·4345·2d39···tags:.··-·CCE-9
0003bcd0:·3735·382d·310a·2020·2d20·434a·4953·2d35··758-1.··-·CJIS-50003bcc0:·3337·3538·2d31·0a20·202d·2043·4a49·532d··3758-1.··-·CJIS-
0003bce0:·2e31·302e·312e·330a·2020·2d20·4449·5341··.10.1.3.··-·DISA 
0003bcf0:·2d53·5449·472d·534c·454d·2d30·352d·3635··-STIG-SLEM-05-65 
0003bd00:·3130·3130·0a20·202d·204e·4953·542d·3830··1010.··-·NIST-80 
0003bd10:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··-0003bcd0:·352e·3130·2e31·2e33·0a20·202d·2044·4953··5.10.1.3.··-·DIS
 0003bce0:·412d·5354·4947·2d53·4c45·4d2d·3035·2d36··A-STIG-SLEM-05-6
 0003bcf0:·3531·3031·300a·2020·2d20·4e49·5354·2d38··51010.··-·NIST-8
 0003bd00:·3030·2d35·332d·434d·2d36·2861·290a·2020··00-53-CM-6(a).··
0003bd20:·2050·4349·2d44·5353·2d52·6571·2d31·312e···PCI-DSS-Req-11.0003bd10:·2d20·5043·492d·4453·532d·5265·712d·3131··-·PCI-DSS-Req-11
 0003bd20:·2e35·0a20·202d·2050·4349·2d44·5353·7634··.5.··-·PCI-DSSv4
 0003bd30:·2d31·312e·352e·320a·2020·2d20·656e·6162··-11.5.2.··-·enab
 0003bd40:·6c65·5f73·7472·6174·6567·790a·2020·2d20··le_strategy.··-·
 0003bd50:·6c6f·775f·636f·6d70·6c65·7869·7479·0a20··low_complexity.·
 0003bd60:·202d·206c·6f77·5f64·6973·7275·7074·696f···-·low_disruptio
Max diff block lines reached; 17747019/17765677 bytes (99.89%) of diff not shown.
1.58 MB
html2text {}
Max HTML report size reached
7.72 MB
./usr/share/doc/ssg-nondebian/ssg-slmicro5-guide-cis_server_l1.html
    
Offset 15224, 145 lines modifiedOffset 15224, 145 lines modified
0003b770:·612d·7461·7267·6574·3d22·2369·646d·3238··a-target="#idm280003b770:·612d·7461·7267·6574·3d22·2369·646d·3238··a-target="#idm28
0003b780:·3731·2220·7461·6269·6e64·6578·3d22·3022··71"·tabindex="0"0003b780:·3731·2220·7461·6269·6e64·6578·3d22·3022··71"·tabindex="0"
0003b790:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a0003b790:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
0003b7a0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa0003b7a0:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
0003b7b0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti0003b7b0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
0003b7c0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·0003b7c0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
0003b7d0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi0003b7d0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
 0003b7e0:·6174·696f·6e20·5368·656c·6c20·7363·7269··ation·Shell·scri
 0003b7f0:·7074·20e2·87b2·3c2f·613e·3c62·723e·3c64··pt·...</a><br><d
 0003b800:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
 0003b810:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
 0003b820:·6522·2069·643d·2269·646d·3238·3731·223e··e"·id="idm2871">
 0003b830:·3c74·6162·6c65·2063·6c61·7373·3d22·7461··<table·class="ta
 0003b840:·626c·6520·7461·626c·652d·7374·7269·7065··ble·table-stripe
0003b7e0:·6174·696f·6e20·4f53·4275·696c·6420·426c··ation·OSBuild·Bl 
0003b7f0:·7565·7072·696e·7420·736e·6970·7065·7420··ueprint·snippet· 
0003b800:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003b810:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003b820:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003b830:·6964·3d22·6964·6d32·3837·3122·3e3c·7072··id="idm2871"><pr 
0003b840:·653e·3c63·6f64·653e·0a5b·5b70·6163·6b61··e><code>.[[packa 
0003b850:·6765·735d·5d0a·6e61·6d65·203d·2022·6169··ges]].name·=·"ai 
0003b860:·6465·220a·7665·7273·696f·6e20·3d20·222a··de".version·=·"* 
0003b870:·220a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··".</code></pre>< 
0003b880:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003b890:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003b8a0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003b8b0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003b8c0:·6574·3d22·2369·646d·3238·3732·2220·7461··et="#idm2872"·ta 
0003b8d0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003b8e0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003b8f0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003b900:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003b910:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003b920:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003b930:·416e·7369·626c·6520·736e·6970·7065·7420··Ansible·snippet· 
0003b940:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div· 
0003b950:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col 
0003b960:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"· 
0003b970:·6964·3d22·6964·6d32·3837·3222·3e3c·7461··id="idm2872"><ta 
0003b980:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table 
0003b990:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t 
0003b9a0:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta 
0003b9b0:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed">< 
0003b9c0:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit 
0003b9d0:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</ 
0003b9e0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b9f0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th> 
0003ba00:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr 
0003ba10:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot: 
0003ba20:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</ 
0003ba30:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003ba40:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t 
0003ba50:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t 
0003ba60:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre>< 
0003ba70:·636f·6465·3e2d·206e·616d·653a·2047·6174··code>-·name:·Gat 
0003ba80:·6865·7220·7468·6520·7061·636b·6167·6520··her·the·package· 
0003ba90:·6661·6374·730a·2020·7061·636b·6167·655f··facts.··package_ 
0003baa0:·6661·6374·733a·0a20·2020·206d·616e·6167··facts:.····manag 
0003bab0:·6572·3a20·6175·746f·0a20·2074·6167·733a··er:·auto.··tags: 
0003bac0:·0a20·202d·2043·4345·2d39·3337·3538·2d31··.··-·CCE-93758-1 
0003bad0:·0a20·202d·2043·4a49·532d·352e·3130·2e31··.··-·CJIS-5.10.1 
0003bae0:·2e33·0a20·202d·2044·4953·412d·5354·4947··.3.··-·DISA-STIG 
0003baf0:·2d53·4c45·4d2d·3035·2d36·3531·3031·300a··-SLEM-05-651010. 
0003bb00:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53- 
0003bb10:·434d·2d36·2861·290a·2020·2d20·5043·492d··CM-6(a).··-·PCI- 
0003bb20:·4453·532d·5265·712d·3131·2e35·0a20·202d··DSS-Req-11.5.··- 
0003bb30:·2050·4349·2d44·5353·7634·2d31·312e·352e···PCI-DSSv4-11.5. 
0003bb40:·320a·2020·2d20·656e·6162·6c65·5f73·7472··2.··-·enable_str 
0003bb50:·6174·6567·790a·2020·2d20·6c6f·775f·636f··ategy.··-·low_co 
0003bb60:·6d70·6c65·7869·7479·0a20·202d·206c·6f77··mplexity.··-·low 
0003bb70:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-· 
0003bb80:·6d65·6469·756d·5f73·6576·6572·6974·790a··medium_severity. 
0003bb90:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne 
0003bba0:·6564·6564·0a20·202d·2070·6163·6b61·6765··eded.··-·package 
0003bbb0:·5f61·6964·655f·696e·7374·616c·6c65·640a··_aide_installed. 
0003bbc0:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure· 
0003bbd0:·6169·6465·2069·7320·696e·7374·616c·6c65··aide·is·installe 
0003bbe0:·640a·2020·7061·636b·6167·653a·0a20·2020··d.··package:.··· 
0003bbf0:·206e·616d·653a·2061·6964·650a·2020·2020···name:·aide.···· 
0003bc00:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.· 
0003bc10:·2077·6865·6e3a·2027·226b·6572·6e65·6c2d···when:·'"kernel- 
0003bc20:·6465·6661·756c·7422·2069·6e20·616e·7369··default"·in·ansi 
0003bc30:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
0003bc40:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-· 
0003bc50:·4343·452d·3933·3735·382d·310a·2020·2d20··CCE-93758-1.··-· 
0003bc60:·434a·4953·2d35·2e31·302e·312e·330a·2020··CJIS-5.10.1.3.·· 
0003bc70:·2d20·4449·5341·2d53·5449·472d·534c·454d··-·DISA-STIG-SLEM 
0003bc80:·2d30·352d·3635·3130·3130·0a20·202d·204e··-05-651010.··-·N 
0003bc90:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6( 
0003bca0:·6129·0a20·202d·2050·4349·2d44·5353·2d52··a).··-·PCI-DSS-R 
0003bcb0:·6571·2d31·312e·350a·2020·2d20·5043·492d··eq-11.5.··-·PCI- 
0003bcc0:·4453·5376·342d·3131·2e35·2e32·0a20·202d··DSSv4-11.5.2.··- 
0003bcd0:·2065·6e61·626c·655f·7374·7261·7465·6779···enable_strategy 
0003bce0:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex 
0003bcf0:·6974·790a·2020·2d20·6c6f·775f·6469·7372··ity.··-·low_disr 
0003bd00:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu 
0003bd10:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n 
0003bd20:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed. 
0003bd30:·2020·2d20·7061·636b·6167·655f·6169·6465····-·package_aide 
0003bd40:·5f69·6e73·7461·6c6c·6564·0a3c·2f63·6f64··_installed.</cod 
0003bd50:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a 
0003bd60:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn- 
0003bd70:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to 
0003bd80:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"· 
0003bd90:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id 
0003bda0:·6d32·3837·3322·2074·6162·696e·6465·783d··m2873"·tabindex= 
0003bdb0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button 
0003bdc0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded= 
0003bdd0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A 
0003bde0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea 
0003bdf0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem 
0003be00:·6564·6961·7469·6f6e·2053·6865·6c6c·2073··ediation·Shell·s 
0003be10:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br 
0003be20:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan 
0003be30:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll 
0003be40:·6170·7365·2220·6964·3d22·6964·6d32·3837··apse"·id="idm287 
0003be50:·3322·3e3c·7461·626c·6520·636c·6173·733d··3"><table·class= 
0003be60:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str 
0003be70:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde 
0003be80:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden0003b850:·6420·7461·626c·652d·626f·7264·6572·6564··d·table-bordered
 0003b860:·2074·6162·6c65·2d63·6f6e·6465·6e73·6564···table-condensed
 0003b870:·223e·3c74·723e·3c74·683e·436f·6d70·6c65··"><tr><th>Comple
0003be90:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com 
0003bea0:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td 
0003beb0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t 
0003bec0:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption 
Max diff block lines reached; 7200349/7219007 bytes (99.74%) of diff not shown.
853 KB
html2text {}
    
Offset 142, 19 lines modifiedOffset 142, 27 lines modified
142 include·install_aide142 include·install_aide
  
143 class·install_aide·{143 class·install_aide·{
144 ··package·{·'aide':144 ··package·{·'aide':
145 ····ensure·=>·'installed',145 ····ensure·=>·'installed',
146 ··}146 ··}
147 }147 }
148 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8148 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 149 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 150 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 151 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 152 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 153 #·Remediation·is·applicable·only·in·certain·platforms
 154 if·rpm·--quiet·-q·kernel-default;·then
  
149 [[packages]] 
150 name·=·"aide" 
151 version·=·"*"155 zypper·install·-y·"aide"
  
 156 else
 157 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 158 fi
152 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8159 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
153 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low160 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
154 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low161 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
155 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false162 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
156 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable163 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
157 -·name:·Gather·the·package·facts164 -·name:·Gather·the·package·facts
158 ··package_facts:165 ··package_facts:
Offset 187, 27 lines modifiedOffset 195, 19 lines modified
187 ··-·PCI-DSSv4-11.5.2195 ··-·PCI-DSSv4-11.5.2
188 ··-·enable_strategy196 ··-·enable_strategy
189 ··-·low_complexity197 ··-·low_complexity
190 ··-·low_disruption198 ··-·low_disruption
191 ··-·medium_severity199 ··-·medium_severity
192 ··-·no_reboot_needed200 ··-·no_reboot_needed
193 ··-·package_aide_installed201 ··-·package_aide_installed
 202 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
194 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
195 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
196 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
197 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
198 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
199 #·Remediation·is·applicable·only·in·certain·platforms 
200 if·rpm·--quiet·-q·kernel-default;·then 
  
201 zypper·install·-y·"aide" 
  
202 else 
203 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
204 fi203 [[packages]]
 204 name·=·"aide"
 205 version·=·"*"
205 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*206 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
206 Run·the·following·command·to·generate·a·new·database:207 Run·the·following·command·to·generate·a·new·database:
207 $·sudo·/usr/bin/aide·--init208 $·sudo·/usr/bin/aide·--init
208 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the209 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the
209 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure210 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure
210 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-211 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-
211 generated·database·can·be·installed·as·follows:212 generated·database·can·be·installed·as·follows:
Offset 235, 14 lines modifiedOffset 235, 26 lines modified
235 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5235 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
236 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199236 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
237 ·············_\x8c_\x8i_\x8s············1.4.1237 ·············_\x8c_\x8i_\x8s············1.4.1
238 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79238 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
239 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2239 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
240 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLEM-05-651010240 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLEM-05-651010
241 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-261403r996627_rule241 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-261403r996627_rule
 242 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 243 #·Remediation·is·applicable·only·in·certain·platforms
 244 if·rpm·--quiet·-q·kernel-default;·then
  
 245 zypper·install·-y·"aide"
  
 246 /usr/bin/aide·--init
 247 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db
  
 248 else
 249 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 250 fi
242 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8251 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
243 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low252 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
244 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low253 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
245 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false254 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
246 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict255 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
247 -·name:·Gather·the·package·facts256 -·name:·Gather·the·package·facts
248 ··package_facts:257 ··package_facts:
Offset 355, 26 lines modifiedOffset 367, 14 lines modified
355 ··-·PCI-DSSv4-11.5.2367 ··-·PCI-DSSv4-11.5.2
356 ··-·aide_build_database368 ··-·aide_build_database
357 ··-·low_complexity369 ··-·low_complexity
358 ··-·low_disruption370 ··-·low_disruption
359 ··-·medium_severity371 ··-·medium_severity
360 ··-·no_reboot_needed372 ··-·no_reboot_needed
361 ··-·restrict_strategy373 ··-·restrict_strategy
362 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
363 #·Remediation·is·applicable·only·in·certain·platforms 
364 if·rpm·--quiet·-q·kernel-default;·then 
  
365 zypper·install·-y·"aide" 
  
366 /usr/bin/aide·--init 
367 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db 
  
368 else 
369 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
370 fi 
371 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8md\x8d·T\x8Ti\x8im\x8me\x8er\x8r·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*374 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8md\x8d·T\x8Ti\x8im\x8me\x8er\x8r·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
372 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·systemd·service·and·a·timer375 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·systemd·service·and·a·timer
373 unit·to·run·the·service·periodically:·For·example,·if·a·systemd·timer·is·expected·to·be·started·every·day376 unit·to·run·the·service·periodically:·For·example,·if·a·systemd·timer·is·expected·to·be·started·every·day
374 at·5AM377 at·5AM
375 OnCalendar=*-*-*·05:00:0378 OnCalendar=*-*-*·05:00:0
376 [Timer]379 [Timer]
377 section·in·the·timer·unit·and·a·Unit·section·starting·the·AIDE·check·service·unit·should·be·referred.380 section·in·the·timer·unit·and·a·Unit·section·starting·the·AIDE·check·service·unit·should·be·referred.
Offset 400, 14 lines modifiedOffset 400, 58 lines modified
400 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5400 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
401 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-00201401 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-00201
402 ·············_\x8c_\x8i_\x8s············1.4.2402 ·············_\x8c_\x8i_\x8s············1.4.2
403 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76403 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76
404 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2404 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
405 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLEM-05-651030405 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLEM-05-651030
406 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-261407r996637_rule406 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-261407r996637_rule
 407 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 408 #·Remediation·is·applicable·only·in·certain·platforms
 409 if·rpm·--quiet·-q·kernel-default·&&·{·(·rpm·--quiet·-q·aide·&&·rpm·--quiet·-q·systemd·);·};·then
  
 410 zypper·install·-y·"aide"
Max diff block lines reached; 866903/873137 bytes (99.29%) of diff not shown.
7.47 MB
./usr/share/doc/ssg-nondebian/ssg-slmicro5-guide-cis_workstation_l1.html
    
Offset 15210, 146 lines modifiedOffset 15210, 146 lines modified
0003b690:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003b690:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003b6a0:·2223·6964·6d32·3837·3122·2074·6162·696e··"#idm2871"·tabin0003b6a0:·2223·6964·6d32·3837·3122·2074·6162·696e··"#idm2871"·tabin
0003b6b0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003b6b0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003b6c0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b6c0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003b6d0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b6d0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003b6e0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b6e0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003b6f0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b6f0:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003b700:·3e52·656d·6564·6961·7469·6f6e·204f·5342··>Remediation·OSB0003b700:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
 0003b710:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
 0003b720:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
 0003b730:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
 0003b740:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
 0003b750:·6d32·3837·3122·3e3c·7461·626c·6520·636c··m2871"><table·cl
 0003b760:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
 0003b770:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
0003b710:·7569·6c64·2042·6c75·6570·7269·6e74·2073··uild·Blueprint·s 
0003b720:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003b730:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003b740:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003b750:·6c61·7073·6522·2069·643d·2269·646d·3238··lapse"·id="idm28 
0003b760:·3731·223e·3c70·7265·3e3c·636f·6465·3e0a··71"><pre><code>. 
0003b770:·5b5b·7061·636b·6167·6573·5d5d·0a6e·616d··[[packages]].nam 
0003b780:·6520·3d20·2261·6964·6522·0a76·6572·7369··e·=·"aide".versi 
0003b790:·6f6e·203d·2022·2a22·0a3c·2f63·6f64·653e··on·=·"*".</code> 
0003b7a0:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c 
0003b7b0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su 
0003b7c0:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg 
0003b7d0:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da 
0003b7e0:·7461·2d74·6172·6765·743d·2223·6964·6d32··ta-target="#idm2 
0003b7f0:·3837·3222·2074·6162·696e·6465·783d·2230··872"·tabindex="0 
0003b800:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"· 
0003b810:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f 
0003b820:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act 
0003b830:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal" 
0003b840:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed 
0003b850:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s 
0003b860:·6e69·7070·6574·20e2·87b2·3c2f·613e·3c62··nippet·...</a><b 
0003b870:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa 
0003b880:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col 
0003b890:·6c61·7073·6522·2069·643d·2269·646d·3238··lapse"·id="idm28 
0003b8a0:·3732·223e·3c74·6162·6c65·2063·6c61·7373··72"><table·class 
0003b8b0:·3d22·7461·626c·6520·7461·626c·652d·7374··="table·table-st 
0003b8c0:·7269·7065·6420·7461·626c·652d·626f·7264··riped·table-bord0003b780:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
0003b8d0:·6572·6564·2074·6162·6c65·2d63·6f6e·6465··ered·table-conde 
0003b8e0:·6e73·6564·223e·3c74·723e·3c74·683e·436f··nsed"><tr><th>Co 
0003b8f0:·6d70·6c65·7869·7479·3a3c·2f74·683e·3c74··mplexity:</th><t0003b790:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
 0003b7a0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
 0003b7b0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
 0003b7c0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
 0003b7d0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
0003b900:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><0003b7e0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
 0003b7f0:·7468·3e52·6562·6f6f·743a·3c2f·7468·3e3c··th>Reboot:</th><
 0003b800:·7464·3e66·616c·7365·3c2f·7464·3e3c·2f74··td>false</td></t
 0003b810:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
 0003b820:·6779·3a3c·2f74·683e·3c74·643e·656e·6162··gy:</th><td>enab
0003b910:·7472·3e3c·7468·3e44·6973·7275·7074·696f··tr><th>Disruptio 
0003b920:·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··n:</th><td>low</ 
0003b930:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th> 
0003b940:·5265·626f·6f74·3a3c·2f74·683e·3c74·643e··Reboot:</th><td> 
0003b950:·6661·6c73·653c·2f74·643e·3c2f·7472·3e3c··false</td></tr>< 
0003b960:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy: 
0003b970:·3c2f·7468·3e3c·7464·3e65·6e61·626c·653c··</th><td>enable< 
0003b980:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table 
0003b990:·3e3c·7072·653e·3c63·6f64·653e·2d20·6e61··><pre><code>-·na 
0003b9a0:·6d65·3a20·4761·7468·6572·2074·6865·2070··me:·Gather·the·p 
0003b9b0:·6163·6b61·6765·2066·6163·7473·0a20·2070··ackage·facts.··p 
0003b9c0:·6163·6b61·6765·5f66·6163·7473·3a0a·2020··ackage_facts:.·· 
0003b9d0:·2020·6d61·6e61·6765·723a·2061·7574·6f0a····manager:·auto. 
0003b9e0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE- 
0003b9f0:·3933·3735·382d·310a·2020·2d20·434a·4953··93758-1.··-·CJIS 
0003ba00:·2d35·2e31·302e·312e·330a·2020·2d20·4449··-5.10.1.3.··-·DI 
0003ba10:·5341·2d53·5449·472d·534c·454d·2d30·352d··SA-STIG-SLEM-05- 
0003ba20:·3635·3130·3130·0a20·202d·204e·4953·542d··651010.··-·NIST- 
0003ba30:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).· 
0003ba40:·202d·2050·4349·2d44·5353·2d52·6571·2d31···-·PCI-DSS-Req-1 
0003ba50:·312e·350a·2020·2d20·5043·492d·4453·5376··1.5.··-·PCI-DSSv 
0003ba60:·342d·3131·2e35·2e32·0a20·202d·2065·6e61··4-11.5.2.··-·ena 
0003ba70:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··- 
0003ba80:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity. 
0003ba90:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti 
0003baa0:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se 
0003bab0:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re 
0003bac0:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-· 
0003bad0:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins 
0003bae0:·7461·6c6c·6564·0a0a·2d20·6e61·6d65·3a20··talled..-·name:· 
0003baf0:·456e·7375·7265·2061·6964·6520·6973·2069··Ensure·aide·is·i 
0003bb00:·6e73·7461·6c6c·6564·0a20·2070·6163·6b61··nstalled.··packa 
0003bb10:·6765·3a0a·2020·2020·6e61·6d65·3a20·6169··ge:.····name:·ai 
0003bb20:·6465·0a20·2020·2073·7461·7465·3a20·7072··de.····state:·pr 
0003bb30:·6573·656e·740a·2020·7768·656e·3a20·2722··esent.··when:·'" 
0003bb40:·6b65·726e·656c·2d64·6566·6175·6c74·2220··kernel-default"· 
0003bb50:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
0003bb60:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag 
0003bb70:·733a·0a20·202d·2043·4345·2d39·3337·3538··s:.··-·CCE-93758 
0003bb80:·2d31·0a20·202d·2043·4a49·532d·352e·3130··-1.··-·CJIS-5.10 
0003bb90:·2e31·2e33·0a20·202d·2044·4953·412d·5354··.1.3.··-·DISA-ST 
0003bba0:·4947·2d53·4c45·4d2d·3035·2d36·3531·3031··IG-SLEM-05-65101 
0003bbb0:·300a·2020·2d20·4e49·5354·2d38·3030·2d35··0.··-·NIST-800-5 
0003bbc0:·332d·434d·2d36·2861·290a·2020·2d20·5043··3-CM-6(a).··-·PC 
0003bbd0:·492d·4453·532d·5265·712d·3131·2e35·0a20··I-DSS-Req-11.5.· 
0003bbe0:·202d·2050·4349·2d44·5353·7634·2d31·312e···-·PCI-DSSv4-11. 
0003bbf0:·352e·320a·2020·2d20·656e·6162·6c65·5f73··5.2.··-·enable_s 
0003bc00:·7472·6174·6567·790a·2020·2d20·6c6f·775f··trategy.··-·low_ 
0003bc10:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l 
0003bc20:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.·· 
0003bc30:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit 
0003bc40:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_ 
0003bc50:·6e65·6564·6564·0a20·202d·2070·6163·6b61··needed.··-·packa 
0003bc60:·6765·5f61·6964·655f·696e·7374·616c·6c65··ge_aide_installe 
0003bc70:·640a·3c2f·636f·6465·3e3c·2f70·7265·3e3c··d.</code></pre>< 
0003bc80:·2f64·6976·3e3c·6120·636c·6173·733d·2262··/div><a·class="b 
0003bc90:·746e·2062·746e·2d73·7563·6365·7373·2220··tn·btn-success"· 
0003bca0:·6461·7461·2d74·6f67·676c·653d·2263·6f6c··data-toggle="col 
0003bcb0:·6c61·7073·6522·2064·6174·612d·7461·7267··lapse"·data-targ 
0003bcc0:·6574·3d22·2369·646d·3238·3733·2220·7461··et="#idm2873"·ta 
0003bcd0:·6269·6e64·6578·3d22·3022·2072·6f6c·653d··bindex="0"·role= 
0003bce0:·2262·7574·746f·6e22·2061·7269·612d·6578··"button"·aria-ex 
0003bcf0:·7061·6e64·6564·3d22·6661·6c73·6522·2074··panded="false"·t 
0003bd00:·6974·6c65·3d22·4163·7469·7661·7465·2074··itle="Activate·t 
0003bd10:·6f20·7265·7665·616c·2220·6872·6566·3d22··o·reveal"·href=" 
0003bd20:·2321·223e·5265·6d65·6469·6174·696f·6e20··#!">Remediation· 
0003bd30:·5368·656c·6c20·7363·7269·7074·20e2·87b2··Shell·script·... 
0003bd40:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003bd50:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003bd60:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003bd70:·2269·646d·3238·3733·223e·3c74·6162·6c65··"idm2873"><table 
0003bd80:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta 
Max diff block lines reached; 6967687/6986483 bytes (99.73%) of diff not shown.
829 KB
html2text {}
    
Offset 139, 19 lines modifiedOffset 139, 27 lines modified
139 include·install_aide139 include·install_aide
  
140 class·install_aide·{140 class·install_aide·{
141 ··package·{·'aide':141 ··package·{·'aide':
142 ····ensure·=>·'installed',142 ····ensure·=>·'installed',
143 ··}143 ··}
144 }144 }
145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8145 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 146 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 147 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 148 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 149 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 150 #·Remediation·is·applicable·only·in·certain·platforms
 151 if·rpm·--quiet·-q·kernel-default;·then
  
146 [[packages]] 
147 name·=·"aide" 
148 version·=·"*"152 zypper·install·-y·"aide"
  
 153 else
 154 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 155 fi
149 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8156 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
150 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low157 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
151 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low158 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
152 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false159 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
153 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable160 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
154 -·name:·Gather·the·package·facts161 -·name:·Gather·the·package·facts
155 ··package_facts:162 ··package_facts:
Offset 184, 27 lines modifiedOffset 192, 19 lines modified
184 ··-·PCI-DSSv4-11.5.2192 ··-·PCI-DSSv4-11.5.2
185 ··-·enable_strategy193 ··-·enable_strategy
186 ··-·low_complexity194 ··-·low_complexity
187 ··-·low_disruption195 ··-·low_disruption
188 ··-·medium_severity196 ··-·medium_severity
189 ··-·no_reboot_needed197 ··-·no_reboot_needed
190 ··-·package_aide_installed198 ··-·package_aide_installed
 199 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
191 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
192 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
193 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
194 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
195 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
196 #·Remediation·is·applicable·only·in·certain·platforms 
197 if·rpm·--quiet·-q·kernel-default;·then 
  
198 zypper·install·-y·"aide" 
  
199 else 
200 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
201 fi200 [[packages]]
 201 name·=·"aide"
 202 version·=·"*"
202 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*203 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
203 Run·the·following·command·to·generate·a·new·database:204 Run·the·following·command·to·generate·a·new·database:
204 $·sudo·/usr/bin/aide·--init205 $·sudo·/usr/bin/aide·--init
205 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the206 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the·database,·the
206 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure207 configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these·files),·in·a·secure
207 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-208 location·(such·as·on·read-only·media)·provides·additional·assurance·about·their·integrity.·The·newly-
208 generated·database·can·be·installed·as·follows:209 generated·database·can·be·installed·as·follows:
Offset 232, 14 lines modifiedOffset 232, 26 lines modified
232 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5232 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
233 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199233 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
234 ·············_\x8c_\x8i_\x8s············1.4.1234 ·············_\x8c_\x8i_\x8s············1.4.1
235 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79235 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
236 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2236 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
237 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLEM-05-651010237 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLEM-05-651010
238 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-261403r996627_rule238 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-261403r996627_rule
 239 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 240 #·Remediation·is·applicable·only·in·certain·platforms
 241 if·rpm·--quiet·-q·kernel-default;·then
  
 242 zypper·install·-y·"aide"
  
 243 /usr/bin/aide·--init
 244 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db
  
 245 else
 246 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 247 fi
239 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8248 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
240 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low249 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
241 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low250 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
242 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false251 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
243 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict252 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
244 -·name:·Gather·the·package·facts253 -·name:·Gather·the·package·facts
245 ··package_facts:254 ··package_facts:
Offset 352, 26 lines modifiedOffset 364, 14 lines modified
352 ··-·PCI-DSSv4-11.5.2364 ··-·PCI-DSSv4-11.5.2
353 ··-·aide_build_database365 ··-·aide_build_database
354 ··-·low_complexity366 ··-·low_complexity
355 ··-·low_disruption367 ··-·low_disruption
356 ··-·medium_severity368 ··-·medium_severity
357 ··-·no_reboot_needed369 ··-·no_reboot_needed
358 ··-·restrict_strategy370 ··-·restrict_strategy
359 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
360 #·Remediation·is·applicable·only·in·certain·platforms 
361 if·rpm·--quiet·-q·kernel-default;·then 
  
362 zypper·install·-y·"aide" 
  
363 /usr/bin/aide·--init 
364 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db 
  
365 else 
366 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
367 fi 
368 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8md\x8d·T\x8Ti\x8im\x8me\x8er\x8r·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*371 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·S\x8Sy\x8ys\x8st\x8te\x8em\x8md\x8d·T\x8Ti\x8im\x8me\x8er\x8r·E\x8Ex\x8xe\x8ec\x8cu\x8ut\x8ti\x8io\x8on\x8n·o\x8of\x8f·A\x8AI\x8ID\x8DE\x8E·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
369 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·systemd·service·and·a·timer372 At·a·minimum,·AIDE·should·be·configured·to·run·a·weekly·scan.·To·implement·a·systemd·service·and·a·timer
370 unit·to·run·the·service·periodically:·For·example,·if·a·systemd·timer·is·expected·to·be·started·every·day373 unit·to·run·the·service·periodically:·For·example,·if·a·systemd·timer·is·expected·to·be·started·every·day
371 at·5AM374 at·5AM
372 OnCalendar=*-*-*·05:00:0375 OnCalendar=*-*-*·05:00:0
373 [Timer]376 [Timer]
374 section·in·the·timer·unit·and·a·Unit·section·starting·the·AIDE·check·service·unit·should·be·referred.377 section·in·the·timer·unit·and·a·Unit·section·starting·the·AIDE·check·service·unit·should·be·referred.
Offset 397, 14 lines modifiedOffset 397, 58 lines modified
397 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5397 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
398 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-00201398 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-00201
399 ·············_\x8c_\x8i_\x8s············1.4.2399 ·············_\x8c_\x8i_\x8s············1.4.2
400 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76400 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76
401 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2401 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
402 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLEM-05-651030402 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLEM-05-651030
403 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-261407r996637_rule403 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-261407r996637_rule
 404 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 405 #·Remediation·is·applicable·only·in·certain·platforms
 406 if·rpm·--quiet·-q·kernel-default·&&·{·(·rpm·--quiet·-q·aide·&&·rpm·--quiet·-q·systemd·);·};·then
  
 407 zypper·install·-y·"aide"
Max diff block lines reached; 842360/848594 bytes (99.27%) of diff not shown.
18.4 MB
./usr/share/doc/ssg-nondebian/ssg-slmicro5-guide-cis_workstation_l2.html
    
Offset 15223, 146 lines modifiedOffset 15223, 146 lines modified
0003b760:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target0003b760:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003b770:·3d22·2369·646d·3238·3731·2220·7461·6269··="#idm2871"·tabi0003b770:·3d22·2369·646d·3238·3731·2220·7461·6269··="#idm2871"·tabi
0003b780:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b0003b780:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003b790:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa0003b790:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003b7a0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit0003b7a0:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003b7b0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·0003b7b0:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003b7c0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!0003b7c0:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003b7d0:·223e·5265·6d65·6469·6174·696f·6e20·4f53··">Remediation·OS0003b7d0:·223e·5265·6d65·6469·6174·696f·6e20·5368··">Remediation·Sh
0003b7e0:·4275·696c·6420·426c·7565·7072·696e·7420··Build·Blueprint· 
0003b7f0:·736e·6970·7065·7420·e287·b23c·2f61·3e3c··snippet·...</a>< 
0003b800:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p 
0003b810:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co 
0003b820:·6c6c·6170·7365·2220·6964·3d22·6964·6d32··llapse"·id="idm20003b7e0:·656c·6c20·7363·7269·7074·20e2·87b2·3c2f··ell·script·...</
 0003b7f0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
 0003b800:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
 0003b810:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
 0003b820:·646d·3238·3731·223e·3c74·6162·6c65·2063··dm2871"><table·c
 0003b830:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
 0003b840:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
 0003b850:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
 0003b860:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
 0003b870:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
 0003b880:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
 0003b890:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
 0003b8a0:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l
 0003b8b0:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003b8c0:·3c74·683e·5265·626f·6f74·3a3c·2f74·683e··<th>Reboot:</th>
 0003b8d0:·3c74·643e·6661·6c73·653c·2f74·643e·3c2f··<td>false</td></
 0003b8e0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
 0003b8f0:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena
 0003b900:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t
0003b830:·3837·3122·3e3c·7072·653e·3c63·6f64·653e··871"><pre><code>0003b910:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
0003b840:·0a5b·5b70·6163·6b61·6765·735d·5d0a·6e61··.[[packages]].na 
0003b850:·6d65·203d·2022·6169·6465·220a·7665·7273··me·=·"aide".vers 
0003b860:·696f·6e20·3d20·222a·220a·3c2f·636f·6465··ion·=·"*".</code0003b920:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
 0003b930:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
 0003b940:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
 0003b950:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q
 0003b960:·7569·6574·202d·7120·6b65·726e·656c·2d64··uiet·-q·kernel-d
 0003b970:·6566·6175·6c74·3b20·7468·656e·0a0a·7a79··efault;·then..zy
 0003b980:·7070·6572·2069·6e73·7461·6c6c·202d·7920··pper·install·-y·
 0003b990:·2261·6964·6522·0a0a·656c·7365·0a20·2020··"aide"..else.···
 0003b9a0:·2026·6774·3b26·616d·703b·3220·6563·686f···&gt;&amp;2·echo
 0003b9b0:·2027·5265·6d65·6469·6174·696f·6e20·6973···'Remediation·is
 0003b9c0:·206e·6f74·2061·7070·6c69·6361·626c·652c···not·applicable,
 0003b9d0:·206e·6f74·6869·6e67·2077·6173·2064·6f6e···nothing·was·don
 0003b9e0:·6527·0a66·690a·3c2f·636f·6465·3e3c·2f70··e'.fi.</code></p
0003b870:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·0003b9f0:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas
0003b880:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s0003ba00:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe
0003b890:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog0003ba10:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle=
0003b8a0:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d0003ba20:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data-
0003b8b0:·6174·612d·7461·7267·6574·3d22·2369·646d··ata-target="#idm0003ba30:·7461·7267·6574·3d22·2369·646d·3238·3732··target="#idm2872
0003b8c0:·3238·3732·2220·7461·6269·6e64·6578·3d22··2872"·tabindex="0003ba40:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
0003b8d0:·3022·2072·6f6c·653d·2262·7574·746f·6e22··0"·role="button"0003ba50:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
0003b8e0:·2061·7269·612d·6578·7061·6e64·6564·3d22···aria-expanded="0003ba60:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
0003b8f0:·6661·6c73·6522·2074·6974·6c65·3d22·4163··false"·title="Ac0003ba70:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
0003b900:·7469·7661·7465·2074·6f20·7265·7665·616c··tivate·to·reveal0003ba80:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
0003b910:·2220·6872·6566·3d22·2321·223e·5265·6d65··"·href="#!">Reme0003ba90:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
0003b920:·6469·6174·696f·6e20·416e·7369·626c·6520··diation·Ansible·0003baa0:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip
 0003bab0:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><
 0003bac0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
 0003bad0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
 0003bae0:·7365·2220·6964·3d22·6964·6d32·3837·3222··se"·id="idm2872"
 0003baf0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
 0003bb00:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
 0003bb10:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
 0003bb20:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
 0003bb30:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
 0003bb40:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
 0003bb50:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
 0003bb60:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
 0003bb70:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
 0003bb80:·3c2f·7472·3e3c·7472·3e3c·7468·3e52·6562··</tr><tr><th>Reb
 0003bb90:·6f6f·743a·3c2f·7468·3e3c·7464·3e66·616c··oot:</th><td>fal
 0003bba0:·7365·3c2f·7464·3e3c·2f74·723e·3c74·723e··se</td></tr><tr>
 0003bbb0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
 0003bbc0:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td
 0003bbd0:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
 0003bbe0:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
 0003bbf0:·2047·6174·6865·7220·7468·6520·7061·636b···Gather·the·pack
 0003bc00:·6167·6520·6661·6374·730a·2020·7061·636b··age·facts.··pack
 0003bc10:·6167·655f·6661·6374·733a·0a20·2020·206d··age_facts:.····m
 0003bc20:·616e·6167·6572·3a20·6175·746f·0a20·2074··anager:·auto.··t
 0003bc30:·6167·733a·0a20·202d·2043·4345·2d39·3337··ags:.··-·CCE-937
 0003bc40:·3538·2d31·0a20·202d·2043·4a49·532d·352e··58-1.··-·CJIS-5.
 0003bc50:·3130·2e31·2e33·0a20·202d·2044·4953·412d··10.1.3.··-·DISA-
 0003bc60:·5354·4947·2d53·4c45·4d2d·3035·2d36·3531··STIG-SLEM-05-651
 0003bc70:·3031·300a·2020·2d20·4e49·5354·2d38·3030··010.··-·NIST-800
 0003bc80:·2d35·332d·434d·2d36·2861·290a·2020·2d20··-53-CM-6(a).··-·
 0003bc90:·5043·492d·4453·532d·5265·712d·3131·2e35··PCI-DSS-Req-11.5
 0003bca0:·0a20·202d·2050·4349·2d44·5353·7634·2d31··.··-·PCI-DSSv4-1
 0003bcb0:·312e·352e·320a·2020·2d20·656e·6162·6c65··1.5.2.··-·enable
 0003bcc0:·5f73·7472·6174·6567·790a·2020·2d20·6c6f··_strategy.··-·lo
 0003bcd0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-
 0003bce0:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption.
 0003bcf0:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever
 0003bd00:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo
 0003bd10:·745f·6e65·6564·6564·0a20·202d·2070·6163··t_needed.··-·pac
 0003bd20:·6b61·6765·5f61·6964·655f·696e·7374·616c··kage_aide_instal
 0003bd30:·6c65·640a·0a2d·206e·616d·653a·2045·6e73··led..-·name:·Ens
 0003bd40:·7572·6520·6169·6465·2069·7320·696e·7374··ure·aide·is·inst
 0003bd50:·616c·6c65·640a·2020·7061·636b·6167·653a··alled.··package:
 0003bd60:·0a20·2020·206e·616d·653a·2061·6964·650a··.····name:·aide.
 0003bd70:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
 0003bd80:·6e74·0a20·2077·6865·6e3a·2027·226b·6572··nt.··when:·'"ker
 0003bd90:·6e65·6c2d·6465·6661·756c·7422·2069·6e20··nel-default"·in·
 0003bda0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 0003bdb0:·636b·6167·6573·270a·2020·7461·6773·3a0a··ckages'.··tags:.
 0003bdc0:·2020·2d20·4343·452d·3933·3735·382d·310a····-·CCE-93758-1.
 0003bdd0:·2020·2d20·434a·4953·2d35·2e31·302e·312e····-·CJIS-5.10.1.
 0003bde0:·330a·2020·2d20·4449·5341·2d53·5449·472d··3.··-·DISA-STIG-
 0003bdf0:·534c·454d·2d30·352d·3635·3130·3130·0a20··SLEM-05-651010.·
 0003be00:·202d·204e·4953·542d·3830·302d·3533·2d43···-·NIST-800-53-C
 0003be10:·4d2d·3628·6129·0a20·202d·2050·4349·2d44··M-6(a).··-·PCI-D
 0003be20:·5353·2d52·6571·2d31·312e·350a·2020·2d20··SS-Req-11.5.··-·
 0003be30:·5043·492d·4453·5376·342d·3131·2e35·2e32··PCI-DSSv4-11.5.2
 0003be40:·0a20·202d·2065·6e61·626c·655f·7374·7261··.··-·enable_stra
 0003be50:·7465·6779·0a20·202d·206c·6f77·5f63·6f6d··tegy.··-·low_com
 0003be60:·706c·6578·6974·790a·2020·2d20·6c6f·775f··plexity.··-·low_
 0003be70:·6469·7372·7570·7469·6f6e·0a20·202d·206d··disruption.··-·m
 0003be80:·6564·6975·6d5f·7365·7665·7269·7479·0a20··edium_severity.·
 0003be90:·202d·206e·6f5f·7265·626f·6f74·5f6e·6565···-·no_reboot_nee
 0003bea0:·6465·640a·2020·2d20·7061·636b·6167·655f··ded.··-·package_
 0003beb0:·6169·6465·5f69·6e73·7461·6c6c·6564·0a3c··aide_installed.<
 0003bec0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
 0003bed0:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
 0003bee0:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
Max diff block lines reached; 17671068/17689864 bytes (99.89%) of diff not shown.
1.57 MB
html2text {}
Max HTML report size reached
14.2 MB
./usr/share/doc/ssg-nondebian/ssg-slmicro5-guide-pcs-hardening.html
    
Offset 15149, 145 lines modifiedOffset 15149, 145 lines modified
0003b2c0:·6172·6765·743d·2223·6964·6d32·3837·3122··arget="#idm2871"0003b2c0:·6172·6765·743d·2223·6964·6d32·3837·3122··arget="#idm2871"
0003b2d0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003b2d0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003b2e0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003b2e0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003b2f0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003b2f0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003b300:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003b300:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003b310:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003b310:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003b320:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003b320:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003b330:·6f6e·204f·5342·7569·6c64·2042·6c75·6570··on·OSBuild·Bluep0003b330:·6f6e·2053·6865·6c6c·2073·6372·6970·7420··on·Shell·script·
 0003b340:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
 0003b350:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
 0003b360:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
 0003b370:·6964·3d22·6964·6d32·3837·3122·3e3c·7461··id="idm2871"><ta
 0003b380:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
 0003b390:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
 0003b3a0:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
 0003b3b0:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
 0003b3c0:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
 0003b3d0:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</
 0003b3e0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003b3f0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th>
 0003b400:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
 0003b410:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:
 0003b420:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</
 0003b430:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003b440:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
 0003b450:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t
 0003b460:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 0003b470:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
 0003b480:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
 0003b490:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
 0003b4a0:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
 0003b4b0:·6d20·2d2d·7175·6965·7420·2d71·206b·6572··m·--quiet·-q·ker
 0003b4c0:·6e65·6c2d·6465·6661·756c·743b·2074·6865··nel-default;·the
 0003b4d0:·6e0a·0a7a·7970·7065·7220·696e·7374·616c··n..zypper·instal
 0003b4e0:·6c20·2d79·2022·6169·6465·220a·0a65·6c73··l·-y·"aide"..els
 0003b4f0:·650a·2020·2020·2667·743b·2661·6d70·3b32··e.····&gt;&amp;2
 0003b500:·2065·6368·6f20·2752·656d·6564·6961·7469···echo·'Remediati
 0003b510:·6f6e·2069·7320·6e6f·7420·6170·706c·6963··on·is·not·applic
 0003b520:·6162·6c65·2c20·6e6f·7468·696e·6720·7761··able,·nothing·wa
 0003b530:·7320·646f·6e65·270a·6669·0a3c·2f63·6f64··s·done'.fi.</cod
 0003b540:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a
 0003b550:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-
 0003b560:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to
 0003b570:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·
 0003b580:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
 0003b590:·6d32·3837·3222·2074·6162·696e·6465·783d··m2872"·tabindex=
 0003b5a0:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
 0003b5b0:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
 0003b5c0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
 0003b5d0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
 0003b5e0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
 0003b5f0:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible
0003b340:·7269·6e74·2073·6e69·7070·6574·20e2·87b2··rint·snippet·...0003b600:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>
0003b350:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003b610:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003b360:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003b620:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003b370:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003b630:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003b380:·2269·646d·3238·3731·223e·3c70·7265·3e3c··"idm2871"><pre>< 
0003b390:·636f·6465·3e0a·5b5b·7061·636b·6167·6573··code>.[[packages 
0003b3a0:·5d5d·0a6e·616d·6520·3d20·2261·6964·6522··]].name·=·"aide" 
0003b3b0:·0a76·6572·7369·6f6e·203d·2022·2a22·0a3c··.version·=·"*".< 
0003b3c0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di 
0003b3d0:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn· 
0003b3e0:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat 
0003b3f0:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap 
0003b400:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target= 
0003b410:·2223·6964·6d32·3837·3222·2074·6162·696e··"#idm2872"·tabin 
0003b420:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu 
0003b430:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan 
0003b440:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl 
0003b450:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r 
0003b460:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!" 
0003b470:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans 
0003b480:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·... 
0003b490:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003b4a0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003b4b0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003b4c0:·2269·646d·3238·3732·223e·3c74·6162·6c65··"idm2872"><table0003b640:·3238·3732·223e·3c74·6162·6c65·2063·6c61··2872"><table·cla
0003b4d0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003b650:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
0003b4e0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003b660:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
0003b4f0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003b670:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
0003b500:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003b680:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
0003b510:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003b690:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003b520:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>0003b6a0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
0003b530:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis0003b6b0:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
0003b540:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td0003b6c0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low
0003b550:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t0003b6d0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003b560:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t0003b6e0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
0003b570:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003b580:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003b590:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e 
0003b5a0:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><0003b6f0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
 0003b700:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
 0003b710:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl
0003b5b0:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod 
0003b5c0:·653e·2d20·6e61·6d65·3a20·4761·7468·6572··e>-·name:·Gather 
0003b5d0:·2074·6865·2070·6163·6b61·6765·2066·6163···the·package·fac 
0003b5e0:·7473·0a20·2070·6163·6b61·6765·5f66·6163··ts.··package_fac 
0003b5f0:·7473·3a0a·2020·2020·6d61·6e61·6765·723a··ts:.····manager: 
0003b600:·2061·7574·6f0a·2020·7461·6773·3a0a·2020···auto.··tags:.·· 
0003b610:·2d20·4343·452d·3933·3735·382d·310a·2020··-·CCE-93758-1.·· 
0003b620:·2d20·434a·4953·2d35·2e31·302e·312e·330a··-·CJIS-5.10.1.3. 
0003b630:·2020·2d20·4449·5341·2d53·5449·472d·534c····-·DISA-STIG-SL 
0003b640:·454d·2d30·352d·3635·3130·3130·0a20·202d··EM-05-651010.··- 
0003b650:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM- 
0003b660:·3628·6129·0a20·202d·2050·4349·2d44·5353··6(a).··-·PCI-DSS 
0003b670:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC 
0003b680:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.· 
0003b690:·202d·2065·6e61·626c·655f·7374·7261·7465···-·enable_strate 
0003b6a0:·6779·0a20·202d·206c·6f77·5f63·6f6d·706c··gy.··-·low_compl 
0003b6b0:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di 
0003b6c0:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med 
0003b6d0:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··- 
0003b6e0:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede 
0003b6f0:·640a·2020·2d20·7061·636b·6167·655f·6169··d.··-·package_ai 
0003b700:·6465·5f69·6e73·7461·6c6c·6564·0a0a·2d20··de_installed..-· 
0003b710:·6e61·6d65·3a20·456e·7375·7265·2061·6964··name:·Ensure·aid 
0003b720:·6520·6973·2069·6e73·7461·6c6c·6564·0a20··e·is·installed.· 
0003b730:·2070·6163·6b61·6765·3a0a·2020·2020·6e61···package:.····na 
0003b740:·6d65·3a20·6169·6465·0a20·2020·2073·7461··me:·aide.····sta 
0003b750:·7465·3a20·7072·6573·656e·740a·2020·7768··te:·present.··wh 
0003b760:·656e·3a20·2722·6b65·726e·656c·2d64·6566··en:·'"kernel-def 
0003b770:·6175·6c74·2220·696e·2061·6e73·6962·6c65··ault"·in·ansible 
0003b780:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
0003b790:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE 
0003b7a0:·2d39·3337·3538·2d31·0a20·202d·2043·4a49··-93758-1.··-·CJI 
0003b7b0:·532d·352e·3130·2e31·2e33·0a20·202d·2044··S-5.10.1.3.··-·D 
0003b7c0:·4953·412d·5354·4947·2d53·4c45·4d2d·3035··ISA-STIG-SLEM-05 
Max diff block lines reached; 13642212/13660870 bytes (99.86%) of diff not shown.
1.19 MB
html2text {}
    
Offset 127, 19 lines modifiedOffset 127, 27 lines modified
127 include·install_aide127 include·install_aide
  
128 class·install_aide·{128 class·install_aide·{
129 ··package·{·'aide':129 ··package·{·'aide':
130 ····ensure·=>·'installed',130 ····ensure·=>·'installed',
131 ··}131 ··}
132 }132 }
133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8133 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 134 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 135 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 136 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 137 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 138 #·Remediation·is·applicable·only·in·certain·platforms
 139 if·rpm·--quiet·-q·kernel-default;·then
  
134 [[packages]] 
135 name·=·"aide" 
136 version·=·"*"140 zypper·install·-y·"aide"
  
 141 else
 142 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 143 fi
137 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8144 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
138 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low145 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
139 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low146 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
140 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false147 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
141 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable148 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
142 -·name:·Gather·the·package·facts149 -·name:·Gather·the·package·facts
143 ··package_facts:150 ··package_facts:
Offset 172, 27 lines modifiedOffset 180, 19 lines modified
172 ··-·PCI-DSSv4-11.5.2180 ··-·PCI-DSSv4-11.5.2
173 ··-·enable_strategy181 ··-·enable_strategy
174 ··-·low_complexity182 ··-·low_complexity
175 ··-·low_disruption183 ··-·low_disruption
176 ··-·medium_severity184 ··-·medium_severity
177 ··-·no_reboot_needed185 ··-·no_reboot_needed
178 ··-·package_aide_installed186 ··-·package_aide_installed
 187 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
179 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
180 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
181 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
182 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
183 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
184 #·Remediation·is·applicable·only·in·certain·platforms 
185 if·rpm·--quiet·-q·kernel-default;·then 
  
186 zypper·install·-y·"aide" 
  
187 else 
188 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
189 fi188 [[packages]]
 189 name·=·"aide"
 190 version·=·"*"
190 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*191 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
191 Run·the·following·command·to·generate·a·new·database:192 Run·the·following·command·to·generate·a·new·database:
192 $·sudo·/usr/bin/aide·--init193 $·sudo·/usr/bin/aide·--init
193 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the194 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the
194 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these195 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these
195 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about196 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about
196 their·integrity.·The·newly-generated·database·can·be·installed·as·follows:197 their·integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 220, 14 lines modifiedOffset 220, 26 lines modified
220 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5220 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
221 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199221 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
222 ·············_\x8c_\x8i_\x8s············1.4.1222 ·············_\x8c_\x8i_\x8s············1.4.1
223 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79223 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
224 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2224 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
225 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLEM-05-651010225 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLEM-05-651010
226 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-261403r996627_rule226 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-261403r996627_rule
 227 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 228 #·Remediation·is·applicable·only·in·certain·platforms
 229 if·rpm·--quiet·-q·kernel-default;·then
  
 230 zypper·install·-y·"aide"
  
 231 /usr/bin/aide·--init
 232 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db
  
 233 else
 234 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 235 fi
227 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8236 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
228 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low237 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
229 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low238 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
230 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false239 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
231 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict240 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
232 -·name:·Gather·the·package·facts241 -·name:·Gather·the·package·facts
233 ··package_facts:242 ··package_facts:
Offset 340, 26 lines modifiedOffset 352, 14 lines modified
340 ··-·PCI-DSSv4-11.5.2352 ··-·PCI-DSSv4-11.5.2
341 ··-·aide_build_database353 ··-·aide_build_database
342 ··-·low_complexity354 ··-·low_complexity
343 ··-·low_disruption355 ··-·low_disruption
344 ··-·medium_severity356 ··-·medium_severity
345 ··-·no_reboot_needed357 ··-·no_reboot_needed
346 ··-·restrict_strategy358 ··-·restrict_strategy
347 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
348 #·Remediation·is·applicable·only·in·certain·platforms 
349 if·rpm·--quiet·-q·kernel-default;·then 
  
350 zypper·install·-y·"aide" 
  
351 /usr/bin/aide·--init 
352 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db 
  
353 else 
354 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
355 fi 
356 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·A\x8AI\x8ID\x8DE\x8E·t\x8to\x8o·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·t\x8th\x8he\x8e·A\x8Au\x8ud\x8di\x8it\x8t·T\x8To\x8oo\x8ol\x8ls\x8s·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*359 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·A\x8AI\x8ID\x8DE\x8E·t\x8to\x8o·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·t\x8th\x8he\x8e·A\x8Au\x8ud\x8di\x8it\x8t·T\x8To\x8oo\x8ol\x8ls\x8s·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
357 The·operating·system·file·integrity·tool·must·be·configured·to·protect·the·integrity·of·the·audit360 The·operating·system·file·integrity·tool·must·be·configured·to·protect·the·integrity·of·the·audit
358 tools.361 tools.
359 ·············Protecting·the·integrity·of·the·tools·used·for·auditing·purposes·is·a·critical·step362 ·············Protecting·the·integrity·of·the·tools·used·for·auditing·purposes·is·a·critical·step
360 ·············toward·ensuring·the·integrity·of·audit·information.·Audit·information·includes·all363 ·············toward·ensuring·the·integrity·of·audit·information.·Audit·information·includes·all
361 ·············information·(e.g.,·audit·records,·audit·settings,·and·audit·reports)·needed·to364 ·············information·(e.g.,·audit·records,·audit·settings,·and·audit·reports)·needed·to
362 ·············successfully·audit·information·system·activity.·Audit·tools·include·but·are·not365 ·············successfully·audit·information·system·activity.·Audit·tools·include·but·are·not
Offset 375, 14 lines modifiedOffset 375, 85 lines modified
375 Rule·ID:·····xccdf_org.ssgproject.content_rule_aide_check_audit_tools375 Rule·ID:·····xccdf_org.ssgproject.content_rule_aide_check_audit_tools
376 Identifiers:·CCE-93703-7376 Identifiers:·CCE-93703-7
377 ·············_\x8d_\x8i_\x8s_\x8a····CCI-001496,·CCI-001494,·CCI-001495,·CCI-001493377 ·············_\x8d_\x8i_\x8s_\x8a····CCI-001496,·CCI-001494,·CCI-001495,·CCI-001493
378 ·············_\x8n_\x8i_\x8s_\x8t····AU-9(3),·AU-9(3).1378 ·············_\x8n_\x8i_\x8s_\x8t····AU-9(3),·AU-9(3).1
379 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000278-GPOS-00108379 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000278-GPOS-00108
380 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··SLEM-05-651025380 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··SLEM-05-651025
381 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-261406r996634_rule381 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-261406r996634_rule
 382 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 383 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 384 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 385 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 386 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1238806/1246259 bytes (99.40%) of diff not shown.
15.2 MB
./usr/share/doc/ssg-nondebian/ssg-slmicro5-guide-stig.html
    
Offset 15163, 145 lines modifiedOffset 15163, 145 lines modified
0003b3a0:·6172·6765·743d·2223·6964·6d32·3837·3122··arget="#idm2871"0003b3a0:·6172·6765·743d·2223·6964·6d32·3837·3122··arget="#idm2871"
0003b3b0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro0003b3b0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003b3c0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria0003b3c0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003b3d0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false0003b3d0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003b3e0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat0003b3e0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003b3f0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre0003b3f0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003b400:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati0003b400:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003b410:·6f6e·204f·5342·7569·6c64·2042·6c75·6570··on·OSBuild·Bluep 
0003b420:·7269·6e74·2073·6e69·7070·6574·20e2·87b2··rint·snippet·... 
0003b430:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla 
0003b440:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap 
0003b450:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id= 
0003b460:·2269·646d·3238·3731·223e·3c70·7265·3e3c··"idm2871"><pre>< 
0003b470:·636f·6465·3e0a·5b5b·7061·636b·6167·6573··code>.[[packages 
0003b480:·5d5d·0a6e·616d·6520·3d20·2261·6964·6522··]].name·=·"aide" 
0003b490:·0a76·6572·7369·6f6e·203d·2022·2a22·0a3c··.version·=·"*".<0003b410:·6f6e·2053·6865·6c6c·2073·6372·6970·7420··on·Shell·script·
 0003b420:·e287·b23c·2f61·3e3c·6272·3e3c·6469·7620··...</a><br><div·
 0003b430:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
 0003b440:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
 0003b450:·6964·3d22·6964·6d32·3837·3122·3e3c·7461··id="idm2871"><ta
 0003b460:·626c·6520·636c·6173·733d·2274·6162·6c65··ble·class="table
 0003b470:·2074·6162·6c65·2d73·7472·6970·6564·2074···table-striped·t
 0003b480:·6162·6c65·2d62·6f72·6465·7265·6420·7461··able-bordered·ta
 0003b490:·626c·652d·636f·6e64·656e·7365·6422·3e3c··ble-condensed"><
 0003b4a0:·7472·3e3c·7468·3e43·6f6d·706c·6578·6974··tr><th>Complexit
 0003b4b0:·793a·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f··y:</th><td>low</
 0003b4c0:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003b4d0:·4469·7372·7570·7469·6f6e·3a3c·2f74·683e··Disruption:</th>
 0003b4e0:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
 0003b4f0:·3e3c·7472·3e3c·7468·3e52·6562·6f6f·743a··><tr><th>Reboot:
 0003b500:·3c2f·7468·3e3c·7464·3e66·616c·7365·3c2f··</th><td>false</
 0003b510:·7464·3e3c·2f74·723e·3c74·723e·3c74·683e··td></tr><tr><th>
 0003b520:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
 0003b530:·643e·656e·6162·6c65·3c2f·7464·3e3c·2f74··d>enable</td></t
 0003b540:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
 0003b550:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
 0003b560:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
 0003b570:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
 0003b580:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
 0003b590:·6d20·2d2d·7175·6965·7420·2d71·206b·6572··m·--quiet·-q·ker
 0003b5a0:·6e65·6c2d·6465·6661·756c·743b·2074·6865··nel-default;·the
 0003b5b0:·6e0a·0a7a·7970·7065·7220·696e·7374·616c··n..zypper·instal
 0003b5c0:·6c20·2d79·2022·6169·6465·220a·0a65·6c73··l·-y·"aide"..els
 0003b5d0:·650a·2020·2020·2667·743b·2661·6d70·3b32··e.····&gt;&amp;2
 0003b5e0:·2065·6368·6f20·2752·656d·6564·6961·7469···echo·'Remediati
 0003b5f0:·6f6e·2069·7320·6e6f·7420·6170·706c·6963··on·is·not·applic
 0003b600:·6162·6c65·2c20·6e6f·7468·696e·6720·7761··able,·nothing·wa
 0003b610:·7320·646f·6e65·270a·6669·0a3c·2f63·6f64··s·done'.fi.</cod
0003b4a0:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di0003b620:·653e·3c2f·7072·653e·3c2f·6469·763e·3c61··e></pre></div><a
0003b4b0:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·0003b630:·2063·6c61·7373·3d22·6274·6e20·6274·6e2d···class="btn·btn-
0003b4c0:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat0003b640:·7375·6363·6573·7322·2064·6174·612d·746f··success"·data-to
0003b4d0:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap0003b650:·6767·6c65·3d22·636f·6c6c·6170·7365·2220··ggle="collapse"·
0003b4e0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=0003b660:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003b4f0:·2223·6964·6d32·3837·3222·2074·6162·696e··"#idm2872"·tabin0003b670:·6d32·3837·3222·2074·6162·696e·6465·783d··m2872"·tabindex=
0003b500:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu0003b680:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003b510:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan0003b690:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003b520:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl0003b6a0:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003b530:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r0003b6b0:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
0003b540:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"0003b6c0:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
0003b550:·3e52·656d·6564·6961·7469·6f6e·2041·6e73··>Remediation·Ans0003b6d0:·6564·6961·7469·6f6e·2041·6e73·6962·6c65··ediation·Ansible
0003b560:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...0003b6e0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>
0003b570:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0003b6f0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003b580:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0003b700:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003b590:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0003b710:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003b5a0:·2269·646d·3238·3732·223e·3c74·6162·6c65··"idm2872"><table0003b720:·3238·3732·223e·3c74·6162·6c65·2063·6c61··2872"><table·cla
0003b5b0:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta0003b730:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
0003b5c0:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl0003b740:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
0003b5d0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table0003b750:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
0003b5e0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>0003b760:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
0003b5f0:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<0003b770:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003b600:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>0003b780:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
0003b610:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis0003b790:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
0003b620:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td0003b7a0:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low
0003b630:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t0003b7b0:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
0003b640:·723e·3c74·683e·5265·626f·6f74·3a3c·2f74··r><th>Reboot:</t0003b7c0:·683e·5265·626f·6f74·3a3c·2f74·683e·3c74··h>Reboot:</th><t
0003b650:·683e·3c74·643e·6661·6c73·653c·2f74·643e··h><td>false</td> 
0003b660:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str 
0003b670:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e 
0003b680:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><0003b7d0:·643e·6661·6c73·653c·2f74·643e·3c2f·7472··d>false</td></tr
 0003b7e0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
 0003b7f0:·793a·3c2f·7468·3e3c·7464·3e65·6e61·626c··y:</th><td>enabl
0003b690:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod 
0003b6a0:·653e·2d20·6e61·6d65·3a20·4761·7468·6572··e>-·name:·Gather 
0003b6b0:·2074·6865·2070·6163·6b61·6765·2066·6163···the·package·fac 
0003b6c0:·7473·0a20·2070·6163·6b61·6765·5f66·6163··ts.··package_fac 
0003b6d0:·7473·3a0a·2020·2020·6d61·6e61·6765·723a··ts:.····manager: 
0003b6e0:·2061·7574·6f0a·2020·7461·6773·3a0a·2020···auto.··tags:.·· 
0003b6f0:·2d20·4343·452d·3933·3735·382d·310a·2020··-·CCE-93758-1.·· 
0003b700:·2d20·434a·4953·2d35·2e31·302e·312e·330a··-·CJIS-5.10.1.3. 
0003b710:·2020·2d20·4449·5341·2d53·5449·472d·534c····-·DISA-STIG-SL 
0003b720:·454d·2d30·352d·3635·3130·3130·0a20·202d··EM-05-651010.··- 
0003b730:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM- 
0003b740:·3628·6129·0a20·202d·2050·4349·2d44·5353··6(a).··-·PCI-DSS 
0003b750:·2d52·6571·2d31·312e·350a·2020·2d20·5043··-Req-11.5.··-·PC 
0003b760:·492d·4453·5376·342d·3131·2e35·2e32·0a20··I-DSSv4-11.5.2.· 
0003b770:·202d·2065·6e61·626c·655f·7374·7261·7465···-·enable_strate 
0003b780:·6779·0a20·202d·206c·6f77·5f63·6f6d·706c··gy.··-·low_compl 
0003b790:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di 
0003b7a0:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med 
0003b7b0:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··- 
0003b7c0:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede 
0003b7d0:·640a·2020·2d20·7061·636b·6167·655f·6169··d.··-·package_ai 
0003b7e0:·6465·5f69·6e73·7461·6c6c·6564·0a0a·2d20··de_installed..-· 
0003b7f0:·6e61·6d65·3a20·456e·7375·7265·2061·6964··name:·Ensure·aid 
0003b800:·6520·6973·2069·6e73·7461·6c6c·6564·0a20··e·is·installed.· 
0003b810:·2070·6163·6b61·6765·3a0a·2020·2020·6e61···package:.····na 
0003b820:·6d65·3a20·6169·6465·0a20·2020·2073·7461··me:·aide.····sta 
0003b830:·7465·3a20·7072·6573·656e·740a·2020·7768··te:·present.··wh 
0003b840:·656e·3a20·2722·6b65·726e·656c·2d64·6566··en:·'"kernel-def 
0003b850:·6175·6c74·2220·696e·2061·6e73·6962·6c65··ault"·in·ansible 
0003b860:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
0003b870:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE 
0003b880:·2d39·3337·3538·2d31·0a20·202d·2043·4a49··-93758-1.··-·CJI 
0003b890:·532d·352e·3130·2e31·2e33·0a20·202d·2044··S-5.10.1.3.··-·D 
0003b8a0:·4953·412d·5354·4947·2d53·4c45·4d2d·3035··ISA-STIG-SLEM-05 
0003b8b0:·2d36·3531·3031·300a·2020·2d20·4e49·5354··-651010.··-·NIST 
0003b8c0:·2d38·3030·2d35·332d·434d·2d36·2861·290a··-800-53-CM-6(a). 
0003b8d0:·2020·2d20·5043·492d·4453·532d·5265·712d····-·PCI-DSS-Req- 
0003b8e0:·3131·2e35·0a20·202d·2050·4349·2d44·5353··11.5.··-·PCI-DSS 
0003b8f0:·7634·2d31·312e·352e·320a·2020·2d20·656e··v4-11.5.2.··-·en 
0003b900:·6162·6c65·5f73·7472·6174·6567·790a·2020··able_strategy.·· 
0003b910:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity 
0003b920:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt 
0003b930:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s 
0003b940:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r 
0003b950:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··- 
0003b960:·2070·6163·6b61·6765·5f61·6964·655f·696e···package_aide_in 
Max diff block lines reached; 14566482/14585140 bytes (99.87%) of diff not shown.
1.28 MB
html2text {}
    
Offset 129, 19 lines modifiedOffset 129, 27 lines modified
129 include·install_aide129 include·install_aide
  
130 class·install_aide·{130 class·install_aide·{
131 ··package·{·'aide':131 ··package·{·'aide':
132 ····ensure·=>·'installed',132 ····ensure·=>·'installed',
133 ··}133 ··}
134 }134 }
135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_.S_.B_.u_.i_.l_.d_.·_.B_.l_.u_.e_.p_.r_.i_.n_.t_.·_.s_.n_.i_.p_.p_.e_\x8t_\x8·_\x8135 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_.h_.e_.l_.l_.·_.s_.c_.r_.i_.p_\x8t_\x8·_\x8
 136 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 137 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 138 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 139 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
 140 #·Remediation·is·applicable·only·in·certain·platforms
 141 if·rpm·--quiet·-q·kernel-default;·then
  
136 [[packages]] 
137 name·=·"aide" 
138 version·=·"*"142 zypper·install·-y·"aide"
  
 143 else
 144 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 145 fi
139 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8146 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
140 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low147 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
141 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low148 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
142 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false149 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
143 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable150 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable
144 -·name:·Gather·the·package·facts151 -·name:·Gather·the·package·facts
145 ··package_facts:152 ··package_facts:
Offset 174, 27 lines modifiedOffset 182, 19 lines modified
174 ··-·PCI-DSSv4-11.5.2182 ··-·PCI-DSSv4-11.5.2
175 ··-·enable_strategy183 ··-·enable_strategy
176 ··-·low_complexity184 ··-·low_complexity
177 ··-·low_disruption185 ··-·low_disruption
178 ··-·medium_severity186 ··-·medium_severity
179 ··-·no_reboot_needed187 ··-·no_reboot_needed
180 ··-·package_aide_installed188 ··-·package_aide_installed
 189 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8O_\x8S_\x8B_\x8u_\x8i_\x8l_\x8d_\x8·_\x8B_\x8l_\x8u_\x8e_\x8p_\x8r_\x8i_\x8n_\x8t_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
181 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
182 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low 
183 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low 
184 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false 
185 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···enable 
186 #·Remediation·is·applicable·only·in·certain·platforms 
187 if·rpm·--quiet·-q·kernel-default;·then 
  
188 zypper·install·-y·"aide" 
  
189 else 
190 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
191 fi190 [[packages]]
 191 name·=·"aide"
 192 version·=·"*"
192 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*193 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·B\x8Bu\x8ui\x8il\x8ld\x8d·a\x8an\x8nd\x8d·T\x8Te\x8es\x8st\x8t·A\x8AI\x8ID\x8DE\x8E·D\x8Da\x8at\x8ta\x8ab\x8ba\x8as\x8se\x8e·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
193 Run·the·following·command·to·generate·a·new·database:194 Run·the·following·command·to·generate·a·new·database:
194 $·sudo·/usr/bin/aide·--init195 $·sudo·/usr/bin/aide·--init
195 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the196 By·default,·the·database·will·be·written·to·the·file·/var/lib/aide/aide.db.new.·Storing·the
196 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these197 database,·the·configuration·file·/etc/aide.conf,·and·the·binary·/usr/bin/aide·(or·hashes·of·these
197 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their198 files),·in·a·secure·location·(such·as·on·read-only·media)·provides·additional·assurance·about·their
198 integrity.·The·newly-generated·database·can·be·installed·as·follows:199 integrity.·The·newly-generated·database·can·be·installed·as·follows:
Offset 222, 14 lines modifiedOffset 222, 26 lines modified
222 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5222 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s·········Req-11.5
223 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199223 ·············_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g·········SRG-OS-000445-GPOS-00199
224 ·············_\x8c_\x8i_\x8s············1.4.1224 ·············_\x8c_\x8i_\x8s············1.4.1
225 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79225 ·············_\x8a_\x8n_\x8s_\x8s_\x8i··········R76,·R79
226 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2226 ·············_\x8p_\x8c_\x8i_\x8d_\x8s_\x8s_\x84········11.5.2
227 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLEM-05-651010227 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d·········SLEM-05-651010
228 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-261403r996627_rule228 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f········SV-261403r996627_rule
 229 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 230 #·Remediation·is·applicable·only·in·certain·platforms
 231 if·rpm·--quiet·-q·kernel-default;·then
  
 232 zypper·install·-y·"aide"
  
 233 /usr/bin/aide·--init
 234 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db
  
 235 else
 236 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
 237 fi
229 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8238 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8A_\x8n_\x8s_\x8i_\x8b_\x8l_\x8e_\x8·_\x8s_\x8n_\x8i_\x8p_\x8p_\x8e_\x8t_\x8·_\x8
230 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low239 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
231 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low240 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
232 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false241 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
233 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict242 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
234 -·name:·Gather·the·package·facts243 -·name:·Gather·the·package·facts
235 ··package_facts:244 ··package_facts:
Offset 342, 26 lines modifiedOffset 354, 14 lines modified
342 ··-·PCI-DSSv4-11.5.2354 ··-·PCI-DSSv4-11.5.2
343 ··-·aide_build_database355 ··-·aide_build_database
344 ··-·low_complexity356 ··-·low_complexity
345 ··-·low_disruption357 ··-·low_disruption
346 ··-·medium_severity358 ··-·medium_severity
347 ··-·no_reboot_needed359 ··-·no_reboot_needed
348 ··-·restrict_strategy360 ··-·restrict_strategy
349 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8 
350 #·Remediation·is·applicable·only·in·certain·platforms 
351 if·rpm·--quiet·-q·kernel-default;·then 
  
352 zypper·install·-y·"aide" 
  
353 /usr/bin/aide·--init 
354 /bin/cp·-p·/var/lib/aide/aide.db.new·/var/lib/aide/aide.db 
  
355 else 
356 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done' 
357 fi 
358 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·A\x8AI\x8ID\x8DE\x8E·t\x8to\x8o·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·t\x8th\x8he\x8e·A\x8Au\x8ud\x8di\x8it\x8t·T\x8To\x8oo\x8ol\x8ls\x8s·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*361 *\x8**\x8**\x8*·R\x8Ru\x8ul\x8le\x8e?\x8 ?\x8 ·C\x8Co\x8on\x8nf\x8fi\x8ig\x8gu\x8ur\x8re\x8e·A\x8AI\x8ID\x8DE\x8E·t\x8to\x8o·V\x8Ve\x8er\x8ri\x8if\x8fy\x8y·t\x8th\x8he\x8e·A\x8Au\x8ud\x8di\x8it\x8t·T\x8To\x8oo\x8ol\x8ls\x8s·?\x8 ?\x8 _\x8[\x8[_\x8r\x8r_\x8e\x8e_\x8f\x8f_\x8]\x8]·*\x8**\x8**\x8*
359 The·operating·system·file·integrity·tool·must·be·configured·to·protect·the·integrity·of·the·audit362 The·operating·system·file·integrity·tool·must·be·configured·to·protect·the·integrity·of·the·audit
360 tools.363 tools.
361 ·············Protecting·the·integrity·of·the·tools·used·for·auditing·purposes·is·a·critical·step364 ·············Protecting·the·integrity·of·the·tools·used·for·auditing·purposes·is·a·critical·step
362 ·············toward·ensuring·the·integrity·of·audit·information.·Audit·information·includes·all365 ·············toward·ensuring·the·integrity·of·audit·information.·Audit·information·includes·all
363 ·············information·(e.g.,·audit·records,·audit·settings,·and·audit·reports)·needed·to366 ·············information·(e.g.,·audit·records,·audit·settings,·and·audit·reports)·needed·to
364 ·············successfully·audit·information·system·activity.·Audit·tools·include·but·are·not·limited367 ·············successfully·audit·information·system·activity.·Audit·tools·include·but·are·not·limited
Offset 377, 14 lines modifiedOffset 377, 85 lines modified
377 Rule·ID:·····xccdf_org.ssgproject.content_rule_aide_check_audit_tools377 Rule·ID:·····xccdf_org.ssgproject.content_rule_aide_check_audit_tools
378 Identifiers:·CCE-93703-7378 Identifiers:·CCE-93703-7
379 ·············_\x8d_\x8i_\x8s_\x8a····CCI-001496,·CCI-001494,·CCI-001495,·CCI-001493379 ·············_\x8d_\x8i_\x8s_\x8a····CCI-001496,·CCI-001494,·CCI-001495,·CCI-001493
380 ·············_\x8n_\x8i_\x8s_\x8t····AU-9(3),·AU-9(3).1380 ·············_\x8n_\x8i_\x8s_\x8t····AU-9(3),·AU-9(3).1
381 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000278-GPOS-00108381 References:··_\x8o_\x8s_\x8-_\x8s_\x8r_\x8g··SRG-OS-000278-GPOS-00108
382 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··SLEM-05-651025382 ·············_\x8s_\x8t_\x8i_\x8g_\x8i_\x8d··SLEM-05-651025
383 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-261406r996634_rule383 ·············_\x8s_\x8t_\x8i_\x8g_\x8r_\x8e_\x8f·SV-261406r996634_rule
 384 _\x8R_\x8e_\x8m_\x8e_\x8d_\x8i_\x8a_\x8t_\x8i_\x8o_\x8n_\x8·_\x8S_\x8h_\x8e_\x8l_\x8l_\x8·_\x8s_\x8c_\x8r_\x8i_\x8p_\x8t_\x8·_\x8
 385 C\x8Co\x8om\x8mp\x8pl\x8le\x8ex\x8xi\x8it\x8ty\x8y:\x8:·low
 386 D\x8Di\x8is\x8sr\x8ru\x8up\x8pt\x8ti\x8io\x8on\x8n:\x8:·low
 387 R\x8Re\x8eb\x8bo\x8oo\x8ot\x8t:\x8:·····false
 388 S\x8St\x8tr\x8ra\x8at\x8te\x8eg\x8gy\x8y:\x8:···restrict
Max diff block lines reached; 1330444/1337905 bytes (99.44%) of diff not shown.
3.56 MB
./usr/share/doc/ssg-nondebian/table-ol7-anssirefs.html
    
Offset 63, 280 lines modifiedOffset 63, 280 lines modified
000003e0:·2054·6974·6c65·3c2f·7468·3e0a·2020·2020···Title</th>.····000003e0:·2054·6974·6c65·3c2f·7468·3e0a·2020·2020···Title</th>.····
000003f0:·3c74·683e·4465·7363·7269·7074·696f·6e3c··<th>Description<000003f0:·3c74·683e·4465·7363·7269·7074·696f·6e3c··<th>Description<
00000400:·2f74·683e·0a20·2020·203c·7468·3e52·6174··/th>.····<th>Rat00000400:·2f74·683e·0a20·2020·203c·7468·3e52·6174··/th>.····<th>Rat
00000410:·696f·6e61·6c65·3c2f·7468·3e0a·2020·3c2f··ionale</th>.··</00000410:·696f·6e61·6c65·3c2f·7468·3e0a·2020·3c2f··ionale</th>.··</
00000420:·7468·6561·643e·0a20·203c·7462·6f64·793e··thead>.··<tbody>00000420:·7468·6561·643e·0a20·203c·7462·6f64·793e··thead>.··<tbody>
00000430:·0a20·203c·7472·3e0a·2020·2020·2020·3c74··.··<tr>.······<t00000430:·0a20·203c·7472·3e0a·2020·2020·2020·3c74··.··<tr>.······<t
00000440:·643e·5231·3c2f·7464·3e0a·2020·2020·2020··d>R1</td>.······00000440:·643e·5231·3c2f·7464·3e0a·2020·2020·2020··d>R1</td>.······
00000450:·3c74·643e·496e·7374·616c·6c20·5041·4520··<td>Install·PAE· 
00000460:·4b65·726e·656c·206f·6e20·5375·7070·6f72··Kernel·on·Suppor 
00000470:·7465·6420·3332·2d62·6974·2078·3836·2053··ted·32-bit·x86·S 
00000480:·7973·7465·6d73·3c2f·7464·3e0a·2020·2020··ystems</td>.···· 
00000490:·2020·3c74·6420·786d·6c3a·6c61·6e67·3d22····<td·xml:lang=" 
000004a0:·656e·2d55·5322·3e0a·2020·2020·2020·2020··en-US">.········ 
000004b0:·5379·7374·656d·7320·7468·6174·2061·7265··Systems·that·are 
000004c0:·2075·7369·6e67·2074·6865·2036·342d·6269···using·the·64-bi 
000004d0:·7420·7838·3620·6b65·726e·656c·2070·6163··t·x86·kernel·pac 
000004e0:·6b61·6765·0a64·6f20·6e6f·7420·6e65·6564··kage.do·not·need 
000004f0:·2074·6f20·696e·7374·616c·6c20·7468·6520···to·install·the· 
00000500:·6b65·726e·656c·2d50·4145·2070·6163·6b61··kernel-PAE·packa 
00000510:·6765·2062·6563·6175·7365·2074·6865·2036··ge·because·the·6 
00000520:·342d·6269·740a·7838·3620·6b65·726e·656c··4-bit.x86·kernel 
00000530:·2061·6c72·6561·6479·2069·6e63·6c75·6465···already·include 
00000540:·7320·7468·6973·2073·7570·706f·7274·2e20··s·this·support.· 
00000550:·486f·7765·7665·722c·2069·6620·7468·6520··However,·if·the· 
00000560:·7379·7374·656d·2069·730a·3332·2d62·6974··system·is.32-bit 
00000570:·2061·6e64·2061·6c73·6f20·7375·7070·6f72···and·also·suppor 
00000580:·7473·2074·6865·2050·4145·2061·6e64·204e··ts·the·PAE·and·N 
00000590:·5820·6665·6174·7572·6573·2061·730a·6465··X·features·as.de 
000005a0:·7465·726d·696e·6564·2069·6e20·7468·6520··termined·in·the· 
000005b0:·7072·6576·696f·7573·2073·6563·7469·6f6e··previous·section 
000005c0:·2c20·7468·6520·6b65·726e·656c·2d50·4145··,·the·kernel-PAE 
000005d0:·2070·6163·6b61·6765·2073·686f·756c·640a···package·should. 
000005e0:·6265·2069·6e73·7461·6c6c·6564·2074·6f20··be·installed·to· 
000005f0:·656e·6162·6c65·2058·4420·6f72·204e·5820··enable·XD·or·NX· 
00000600:·7375·7070·6f72·742e·0a54·6865·203c·636f··support..The·<co 
00000610:·6465·3e6b·6572·6e65·6c2d·5041·453c·2f63··de>kernel-PAE</c 
00000620:·6f64·653e·2070·6163·6b61·6765·2063·616e··ode>·package·can 
00000630:·2062·6520·696e·7374·616c·6c65·6420·7769···be·installed·wi 
00000640:·7468·2074·6865·2066·6f6c·6c6f·7769·6e67··th·the·following 
00000650:·2063·6f6d·6d61·6e64·3a0a·3c70·7265·3e0a···command:.<pre>. 
00000660:·2420·7375·646f·2079·756d·2069·6e73·7461··$·sudo·yum·insta 
00000670:·6c6c·206b·6572·6e65·6c2d·5041·453c·2f70··ll·kernel-PAE</p 
00000680:·7265·3e0a·5468·6520·696e·7374·616c·6c61··re>.The·installa 
00000690:·7469·6f6e·2070·726f·6365·7373·2073·686f··tion·process·sho 
000006a0:·756c·6420·616c·736f·2068·6176·6520·636f··uld·also·have·co 
000006b0:·6e66·6967·7572·6564·2074·6865·0a62·6f6f··nfigured·the.boo 
000006c0:·746c·6f61·6465·7220·746f·206c·6f61·6420··tloader·to·load· 
000006d0:·7468·6520·6e65·7720·6b65·726e·656c·2061··the·new·kernel·a 
000006e0:·7420·626f·6f74·2e20·5665·7269·6679·2074··t·boot.·Verify·t 
000006f0:·6869·7320·6166·7465·7220·7265·626f·6f74··his·after·reboot 
00000700:·0a61·6e64·206d·6f64·6966·7920·3c74·743e··.and·modify·<tt> 
00000710:·2f65·7463·2f64·6566·6175·6c74·2f67·7275··/etc/default/gru 
00000720:·623c·2f74·743e·2069·6620·6e65·6365·7373··b</tt>·if·necess 
00000730:·6172·792e·0a20·2020·2020·203c·2f74·643e··ary..······</td> 
00000740:·0a20·2020·2020·203c·7464·2078·6d6c·3a6c··.······<td·xml:l 
00000750:·616e·673d·2265·6e2d·5553·223e·0a20·2020··ang="en-US">.··· 
00000760:·2020·2020·204f·6e20·3332·2d62·6974·2073·······On·32-bit·s 
00000770:·7973·7465·6d73·2074·6861·7420·7375·7070··ystems·that·supp 
00000780:·6f72·7420·7468·6520·5844·206f·7220·4e58··ort·the·XD·or·NX 
00000790:·2062·6974·2c20·7468·6520·7665·6e64·6f72···bit,·the·vendor 
000007a0:·2d73·7570·706c·6965·640a·5041·4520·6b65··-supplied.PAE·ke 
000007b0:·726e·656c·2069·7320·7265·7175·6972·6564··rnel·is·required 
000007c0:·2074·6f20·656e·6162·6c65·2065·6974·6865···to·enable·eithe 
000007d0:·7220·4578·6563·7574·6520·4469·7361·626c··r·Execute·Disabl 
000007e0:·6520·2858·4429·206f·7220·4e6f·2045·7865··e·(XD)·or·No·Exe 
000007f0:·6375·7465·2028·4e58·2920·7375·7070·6f72··cute·(NX)·suppor 
00000800:·742e·0a20·2020·2020·203c·2f74·643e·0a20··t..······</td>.· 
00000810:·2020·203c·2f74·723e·0a20·2020·203c·7472·····</tr>.····<tr 
00000820:·3e0a·2020·2020·2020·3c74·643e·5231·3c2f··>.······<td>R1</ 
00000830:·7464·3e0a·2020·2020·2020·3c74·643e·456e··td>.······<td>En 
00000840:·7375·7265·2053·4d41·5020·6973·206e·6f74··sure·SMAP·is·not 
00000850:·2064·6973·6162·6c65·6420·6475·7269·6e67···disabled·during 
00000860:·2062·6f6f·743c·2f74·643e·0a20·2020·2020···boot</td>.····· 
00000870:·203c·7464·2078·6d6c·3a6c·616e·673d·2265···<td·xml:lang="e 
00000880:·6e2d·5553·223e·0a20·2020·2020·2020·2054··n-US">.········T 
00000890:·6865·2053·4d41·5020·6973·2075·7365·6420··he·SMAP·is·used· 
000008a0:·746f·2070·7265·7665·6e74·2074·6865·2073··to·prevent·the·s 
000008b0:·7570·6572·7669·736f·7220·6d6f·6465·2066··upervisor·mode·f 
000008c0:·726f·6d20·756e·696e·7465·6e74·696f·6e61··rom·unintentiona 
000008d0:·6c6c·7920·7265·6164·696e·672f·7772·6974··lly·reading/writ 
000008e0:·696e·6720·696e·746f·0a6d·656d·6f72·7920··ing·into.memory· 
000008f0:·7061·6765·7320·696e·2074·6865·2075·7365··pages·in·the·use 
00000900:·7220·7370·6163·652c·2069·7420·6973·2065··r·space,·it·is·e 
00000910:·6e61·626c·6564·2062·7920·6465·6661·756c··nabled·by·defaul 
00000920:·7420·7369·6e63·6520·4c69·6e75·7820·6b65··t·since·Linux·ke 
00000930:·726e·656c·2033·2e37·2e0a·4275·7420·6974··rnel·3.7..But·it 
00000940:·2063·6f75·6c64·2062·6520·6469·7361·626c···could·be·disabl 
00000950:·6564·2074·6872·6f75·6768·206b·6572·6e65··ed·through·kerne 
00000960:·6c20·626f·6f74·2070·6172·616d·6574·6572··l·boot·parameter 
00000970:·732e·0a0a·456e·7375·7265·2074·6861·7420··s...Ensure·that· 
00000980:·5375·7065·7276·6973·6f72·204d·6f64·6520··Supervisor·Mode· 
00000990:·4163·6365·7373·2050·7265·7665·6e74·696f··Access·Preventio 
000009a0:·6e20·2853·4d41·5029·2069·7320·6e6f·7420··n·(SMAP)·is·not· 
000009b0:·6469·7361·626c·6564·2062·790a·7468·6520··disabled·by.the· 
000009c0:·3c74·743e·6e6f·736d·6170·3c2f·7474·3e20··<tt>nosmap</tt>· 
000009d0:·626f·6f74·2070·6172·616d·656e·7465·7220··boot·paramenter· 
000009e0:·6f70·7469·6f6e·2e0a·0a43·6865·636b·2074··option...Check·t 
000009f0:·6861·7420·7468·6520·6c69·6e65·203c·7072··hat·the·line·<pr 
00000a00:·653e·4752·5542·5f43·4d44·4c49·4e45·5f4c··e>GRUB_CMDLINE_L 
00000a10:·494e·5558·3d22·2e2e·2e22·3c2f·7072·653e··INUX="..."</pre> 
00000a20:·2077·6974·6869·6e20·3c74·743e·2f65·7463···within·<tt>/etc 
00000a30:·2f64·6566·6175·6c74·2f67·7275·623c·2f74··/default/grub</t 
00000a40:·743e·0a64·6f65·736e·2774·2063·6f6e·7461··t>.doesn't·conta 
00000a50:·696e·2074·6865·2061·7267·756d·656e·7420··in·the·argument· 
00000a60:·3c74·743e·6e6f·736d·6170·3c2f·7474·3e2e··<tt>nosmap</tt>. 
00000a70:·0a52·756e·2074·6865·2066·6f6c·6c6f·7769··.Run·the·followi 
00000a80:·6e67·2063·6f6d·6d61·6e64·2074·6f20·7570··ng·command·to·up 
00000a90:·6461·7465·2063·6f6d·6d61·6e64·206c·696e··date·command·lin 
00000aa0:·6520·666f·7220·616c·7265·6164·7920·696e··e·for·already·in 
00000ab0:·7374·616c·6c65·6420·6b65·726e·656c·733a··stalled·kernels: 
00000ac0:·0a3c·7072·653e·2320·6772·7562·6279·202d··.<pre>#·grubby·- 
00000ad0:·2d75·7064·6174·652d·6b65·726e·656c·3d41··-update-kernel=A 
00000ae0:·4c4c·202d·2d72·656d·6f76·652d·6172·6773··LL·--remove-args 
00000af0:·3d22·6e6f·736d·6170·223c·2f70·7265·3e0a··="nosmap"</pre>. 
00000b00:·2020·2020·2020·3c2f·7464·3e0a·2020·2020········</td>.···· 
00000b10:·2020·3c74·6420·786d·6c3a·6c61·6e67·3d22····<td·xml:lang=" 
00000b20:·656e·2d55·5322·3e0a·2020·2020·2020·2020··en-US">.········ 
00000b30:·4469·7361·626c·696e·6720·534d·4150·2063··Disabling·SMAP·c 
00000b40:·616e·2066·6163·696c·6974·6174·6520·6578··an·facilitate·ex 
00000b50:·706c·6f69·7461·7469·6f6e·206f·6620·7675··ploitation·of·vu 
00000b60:·6c6e·6572·6162·696c·6974·6965·7320·6361··lnerabilities·ca 
00000b70:·7573·6564·2062·7920·756e·696e·7465·6e64··used·by·unintend 
00000b80:·6564·2061·6363·6573·7320·616e·640a·6d61··ed·access·and.ma 
00000b90:·6e69·7075·6c61·7469·6f6e·206f·6620·6461··nipulation·of·da 
00000ba0:·7461·2069·6e20·7468·6520·7573·6572·2073··ta·in·the·user·s 
00000bb0:·7061·6365·2e0a·2020·2020·2020·3c2f·7464··pace..······</td 
00000bc0:·3e0a·2020·2020·3c2f·7472·3e0a·2020·2020··>.····</tr>.···· 
Max diff block lines reached; 3005646/3042100 bytes (98.80%) of diff not shown.
671 KB
html2text {}
    
Offset 1, 13 lines modifiedOffset 1, 35 lines modified
  
  
1 Rules·with·ANSSI·Reference·in·Guide·to·the·Secure·Configuration·of·Oracle·Linux1 Rules·with·ANSSI·Reference·in·Guide·to·the·Secure·Configuration·of·Oracle·Linux
2 72 7
  
  
 3 ······························The·SMEP·is·used·to·prevent·the·supervisor
 4 ······························mode·from·executing·user·space·code,·it·is
 5 ······························enabled·by·default·since·Linux·kernel·3.0.
 6 ······························But·it·could·be·disabled·through·kernel·boot
 7 ······························parameters.·Ensure·that·Supervisor·Mode
 8 ······························Execution·Prevention·(SMEP)·is·not·disabled··Disabling·SMEP·can·facilitate
 9 ····Ensure·SMEP·is·not········by·the·nosmep·boot·paramenter·option.·Check··exploitation·of·certain
 10 R1··disabled·during·boot······that·the·line································vulnerabilities·because·it·allows·the
 11 ······························GRUB_CMDLINE_LINUX="..."·····················kernel·to·unintentionally·execute·code
 12 ······························within·/etc/default/grub·doesn't·contain·the·in·less·privileged·memory·space.
 13 ······························argument·nosmep.·Run·the·following·command
 14 ······························to·update·command·line·for·already·installed
 15 ······························kernels:
 16 ······························#·grubby·--update-kernel=ALL·--remove-
 17 ······························args="nosmep"
 18 ···········································································Use·of·a·64-bit·operating·system
 19 ···········································································offers·a·few·advantages,·like·a·larger
 20 ····Prefer·to·use·a·64-bit····Prefer·installation·of·64-bit·operating······address·space·range·for·Address·Space
 21 R1··Operating·System·when·····systems·when·the·CPU·supports·it.············Layout·Randomization·(ASLR)·and
 22 ····supported······························································systematic·presence·of·No·eXecute·and
 23 ···········································································Execute·Disable·(NX/XD)·protection
 24 ···········································································bits.
3 ······························Systems·that·are·using·the·64-bit·x86·kernel25 ······························Systems·that·are·using·the·64-bit·x86·kernel
4 ······························package·do·not·need·to·install·the·kernel-26 ······························package·do·not·need·to·install·the·kernel-
5 ······························PAE·package·because·the·64-bit·x86·kernel27 ······························PAE·package·because·the·64-bit·x86·kernel
6 ······························already·includes·this·support.·However,·if28 ······························already·includes·this·support.·However,·if
7 ······························the·system·is·32-bit·and·also·supports·the29 ······························the·system·is·32-bit·and·also·supports·the
8 ······························PAE·and·NX·features·as·determined·in·the·····On·32-bit·systems·that·support·the·XD30 ······························PAE·and·NX·features·as·determined·in·the·····On·32-bit·systems·that·support·the·XD
9 ····Install·PAE·Kernel·on·····previous·section,·the·kernel-PAE·package·····or·NX·bit,·the·vendor-supplied·PAE31 ····Install·PAE·Kernel·on·····previous·section,·the·kernel-PAE·package·····or·NX·bit,·the·vendor-supplied·PAE
Offset 40, 53 lines modifiedOffset 62, 31 lines modified
40 ······························Advanced·Encryption·Standard·(AES)·or·New····utilizing·encryption·to·protect·data.62 ······························Advanced·Encryption·Standard·(AES)·or·New····utilizing·encryption·to·protect·data.
41 ····Install·the·dracut-fips-··Instructions·(AES-NI)·engine,·the·system·····The·operating·system·must·implement63 ····Install·the·dracut-fips-··Instructions·(AES-NI)·engine,·the·system·····The·operating·system·must·implement
42 R1··aesni·Package·············requires·that·the·dracut-fips-aesni·package··cryptographic·modules·adhering·to·the64 R1··aesni·Package·············requires·that·the·dracut-fips-aesni·package··cryptographic·modules·adhering·to·the
43 ······························be·installed.·The·dracut-fips-aesni·package··higher·standards·approved·by·the65 ······························be·installed.·The·dracut-fips-aesni·package··higher·standards·approved·by·the
44 ······························can·be·installed·with·the·following·command:·federal·government·since·this·provides66 ······························can·be·installed·with·the·following·command:·federal·government·since·this·provides
45 ······························$·sudo·yum·install·dracut-fips-aesni·········assurance·they·have·been·tested·and67 ······························$·sudo·yum·install·dracut-fips-aesni·········assurance·they·have·been·tested·and
46 ···········································································validated.68 ···········································································validated.
47 ······························The·SMEP·is·used·to·prevent·the·supervisor 
48 ······························mode·from·executing·user·space·code,·it·is 
49 ······························enabled·by·default·since·Linux·kernel·3.0. 
50 ······························But·it·could·be·disabled·through·kernel·boot 
51 ······························parameters.·Ensure·that·Supervisor·Mode 
52 ······························Execution·Prevention·(SMEP)·is·not·disabled··Disabling·SMEP·can·facilitate 
53 ····Ensure·SMEP·is·not········by·the·nosmep·boot·paramenter·option.·Check··exploitation·of·certain 
54 R1··disabled·during·boot······that·the·line································vulnerabilities·because·it·allows·the 
55 ······························GRUB_CMDLINE_LINUX="..."·····················kernel·to·unintentionally·execute·code 
56 ······························within·/etc/default/grub·doesn't·contain·the·in·less·privileged·memory·space. 
57 ······························argument·nosmep.·Run·the·following·command 
58 ······························to·update·command·line·for·already·installed 
59 ······························kernels: 
60 ······························#·grubby·--update-kernel=ALL·--remove- 
61 ······························args="nosmep" 
62 ···········································································Use·of·a·64-bit·operating·system 
63 ···········································································offers·a·few·advantages,·like·a·larger 
64 ····Prefer·to·use·a·64-bit····Prefer·installation·of·64-bit·operating······address·space·range·for·Address·Space 
65 R1··Operating·System·when·····systems·when·the·CPU·supports·it.············Layout·Randomization·(ASLR)·and 
66 ····supported······························································systematic·presence·of·No·eXecute·and 
67 ···········································································Execute·Disable·(NX/XD)·protection 
68 ···········································································bits. 
69 ······························The·grub2·boot·loader·should·have·a69 ······························The·grub2·boot·loader·should·have·a
70 ······························superuser·account·and·password·protection70 ······························superuser·account·and·password·protection
71 ······························enabled·to·protect·boot-time·settings.·······Password·protection·on·the·boot·loader71 ······························enabled·to·protect·boot-time·settings.·······Password·protection·on·the·boot·loader
72 ···········································································configuration·ensures·users·with72 ···········································································configuration·ensures·users·with
73 ····Set·the·UEFI·Boot·Loader··Since·plaintext·passwords·are·a·security·····physical·access·cannot·trivially·alter73 ····Set·Boot·Loader·Password··Since·plaintext·passwords·are·a·security·····physical·access·cannot·trivially·alter
74 R5··Password··················risk,·generate·a·hash·for·the·password·by····important·bootloader·settings.·These74 R5··in·grub2··················risk,·generate·a·hash·for·the·password·by····important·bootloader·settings.·These
75 ······························running·the·following·command:···············include·which·kernel·to·use,·and75 ······························running·the·following·command:···············include·which·kernel·to·use,·and
76 ······························#·grub2-setpassword··························whether·to·enter·single-user·mode.76 ······························#·grub2-setpassword··························whether·to·enter·single-user·mode.
77 ······························When·prompted,·enter·the·password·that·was77 ······························When·prompted,·enter·the·password·that·was
78 ······························selected.78 ······························selected.
  
79 ······························The·grub2·boot·loader·should·have·a79 ······························The·grub2·boot·loader·should·have·a
80 ······························superuser·account·and·password·protection80 ······························superuser·account·and·password·protection
81 ······························enabled·to·protect·boot-time·settings.·······Password·protection·on·the·boot·loader81 ······························enabled·to·protect·boot-time·settings.·······Password·protection·on·the·boot·loader
82 ···········································································configuration·ensures·users·with82 ···········································································configuration·ensures·users·with
83 ····Set·Boot·Loader·Password··Since·plaintext·passwords·are·a·security·····physical·access·cannot·trivially·alter83 ····Set·the·UEFI·Boot·Loader··Since·plaintext·passwords·are·a·security·····physical·access·cannot·trivially·alter
84 R5··in·grub2··················risk,·generate·a·hash·for·the·password·by····important·bootloader·settings.·These84 R5··Password··················risk,·generate·a·hash·for·the·password·by····important·bootloader·settings.·These
85 ······························running·the·following·command:···············include·which·kernel·to·use,·and85 ······························running·the·following·command:···············include·which·kernel·to·use,·and
86 ······························#·grub2-setpassword··························whether·to·enter·single-user·mode.86 ······························#·grub2-setpassword··························whether·to·enter·single-user·mode.
87 ······························When·prompted,·enter·the·password·that·was87 ······························When·prompted,·enter·the·password·that·was
88 ······························selected.88 ······························selected.
  
89 ······························On·x86·architecture·supporting·VT-d,·the89 ······························On·x86·architecture·supporting·VT-d,·the
90 ······························IOMMU·manages·the·access·control·policy90 ······························IOMMU·manages·the·access·control·policy
Offset 99, 14 lines modifiedOffset 99, 77 lines modified
99 ······························systems.·Modify·the·line·within·/etc/········hardware·devices.99 ······························systems.·Modify·the·line·within·/etc/········hardware·devices.
100 ······························default/grub·as·shown·below:100 ······························default/grub·as·shown·below:
101 ······························GRUB_CMDLINE_LINUX="...·iommu=force·..."101 ······························GRUB_CMDLINE_LINUX="...·iommu=force·..."
102 ······························Run·the·following·command·to·update·command102 ······························Run·the·following·command·to·update·command
103 ······························line·for·already·installed·kernels:103 ······························line·for·already·installed·kernels:
104 ······························#·grubby·--update-kernel=ALL·--104 ······························#·grubby·--update-kernel=ALL·--
105 ······························args="iommu=force"105 ······························args="iommu=force"
 106 ······························To·enable·poisoning·of·SLUB/SLAB·objects,
 107 ······························add·the·argument·slub_debug=P·to·the·default
 108 ······························GRUB·2·command·line·for·the·Linux·operating··Poisoning·writes·an·arbitrary·value·to
 109 ······························system.·To·ensure·that·slub_debug=P·is·added·freed·objects,·so·any·modification·or
 110 ······························as·a·kernel·command·line·argument·to·newly···reference·to·that·object·after·being
 111 ······························installed·kernels,·add·slub_debug=P·to·the···freed·or·before·being·initialized·will
 112 R8··Enable·SLUB/SLAB··········default·Grub2·command·line·for·Linux·········be·detected·and·prevented.·This
 113 ····allocator·poisoning·······operating·systems.·Modify·the·line·within·/··prevents·many·types·of·use-after-free
 114 ······························etc/default/grub·as·shown·below:·············vulnerabilities·at·little·performance
 115 ······························GRUB_CMDLINE_LINUX="...·slub_debug=P·..."····cost.·Also·prevents·leak·of·data·and
 116 ······························Run·the·following·command·to·update·command··detection·of·corrupted·memory.
 117 ······························line·for·already·installed·kernels:
 118 ······························#·grubby·--update-kernel=ALL·--
 119 ······························args="slub_debug=P"
 120 ······························L1·Terminal·Fault·(L1TF)·is·a·hardware
 121 ······························vulnerability·which·allows·unprivileged
 122 ······························speculative·access·to·data·which·is
 123 ······························available·in·the·Level·1·Data·Cache·when·the
 124 ······························page·table·entry·isn't·present.·Select·the
 125 ······························appropriate·mitigation·by·adding·the
 126 ······························argument·l1tf=flush·to·the·default·GRUB·2
 127 ······························command·line·for·the·Linux·operating·system.
 128 ······························To·ensure·that·l1tf=flush·is·added·as·a······The·L1TF·vulnerability·allows·an
 129 ······························kernel·command·line·argument·to·newly········attacker·to·bypass·memory·access
 130 ····Configure·L1·Terminal·····installed·kernels,·add·l1tf=flush·to·the·····security·controls·imposed·by·the
 131 R8··Fault·mitigations·········default·Grub2·command·line·for·Linux·········system·or·hypervisor.·The·L1TF
 132 ······························operating·systems.·Modify·the·line·within·/··vulnerability·allows·read·access·to
 133 ······························etc/default/grub·as·shown·below:·············any·physical·memory·location·that·is
 134 ······························GRUB_CMDLINE_LINUX="...·l1tf=flush·..."······cached·in·the·L1·Data·Cache.
 135 ······························Run·the·following·command·to·update·command
Max diff block lines reached; 672389/686934 bytes (97.88%) of diff not shown.
1.25 MB
./usr/share/doc/ssg-nondebian/table-ol7-cuirefs.html
Ordering differences only
    
Offset 40, 14 lines modifiedOffset 40, 90 lines modified
40 ····<th>Mapping</th>40 ····<th>Mapping</th>
41 ····<th>Rule·Title</th>41 ····<th>Rule·Title</th>
42 ····<th>Description</th>42 ····<th>Description</th>
43 ····<th>Rationale</th>43 ····<th>Rationale</th>
44 ··</thead>44 ··</thead>
45 ··<tbody>45 ··<tbody>
46 ··<tr>46 ··<tr>
 47 ······<td>3.1.1<br/>3.1.5</td>
 48 ······<td>Verify·Only·Root·Has·UID·0</td>
 49 ······<td·xml:lang="en-US">
 50 ········If·any·account·other·than·root·has·a·UID·of·0,·this·misconfiguration·should
 51 be·investigated·and·the·accounts·other·than·root·should·be·removed·or·have
 52 their·UID·changed.
 53 <br·/>
 54 If·the·account·is·associated·with·system·commands·or·applications·the·UID
 55 should·be·changed·to·one·greater·than·"0"·but·less·than·"1000."
 56 Otherwise·assign·a·UID·greater·than·"1000"·that·has·not·already·been
 57 assigned.
 58 ······</td>
 59 ······<td·xml:lang="en-US">
 60 ········An·account·has·root·authority·if·it·has·a·UID·of·0.·Multiple·accounts
 61 with·a·UID·of·0·afford·more·opportunity·for·potential·intruders·to
 62 guess·a·password·for·a·privileged·account.·Proper·configuration·of
 63 sudo·is·recommended·to·afford·multiple·system·administrators
 64 access·to·root·privileges·in·an·accountable·manner.
 65 ······</td>
 66 ····</tr>
 67 ····<tr>
 68 ······<td>3.1.1<br/>3.1.5</td>
 69 ······<td>Disable·SSH·Root·Login</td>
 70 ······<td·xml:lang="en-US">
 71 ········The·root·user·should·never·be·allowed·to·login·to·a
 72 system·directly·over·a·network.
 73 To·disable·root·login·via·SSH,·add·or·correct·the·following·line·in
  
  
 74 <tt>/etc/ssh/sshd_config</tt>:
  
 75 <pre>PermitRootLogin·no</pre>
 76 ······</td>
 77 ······<td·xml:lang="en-US">
 78 ········Even·though·the·communications·channel·may·be·encrypted,·an·additional·layer·of
 79 security·is·gained·by·extending·the·policy·of·not·logging·directly·on·as·root.
 80 In·addition,·logging·in·with·a·user-specific·account·provides·individual
 81 accountability·of·actions·performed·on·the·system·and·also·helps·to·minimize
 82 direct·attack·attempts·on·root's·password.
 83 ······</td>
 84 ····</tr>
 85 ····<tr>
 86 ······<td>3.1.1<br/>3.4.5</td>
 87 ······<td>Require·Authentication·for·Emergency·Systemd·Target</td>
 88 ······<td·xml:lang="en-US">
 89 ········Emergency·mode·is·intended·as·a·system·recovery
 90 method,·providing·a·single·user·root·access·to·the·system
 91 during·a·failed·boot·sequence.
 92 <br·/><br·/>
 93 By·default,·Emergency·mode·is·protected·by·requiring·a·password·and·is·set
 94 in·<tt>/usr/lib/systemd/system/emergency.service</tt>.
 95 ······</td>
 96 ······<td·xml:lang="en-US">
 97 ········This·prevents·attackers·with·physical·access·from·trivially·bypassing·security
 98 on·the·machine·and·gaining·root·access.·Such·accesses·are·further·prevented
 99 by·configuring·the·bootloader·password.
 100 ······</td>
 101 ····</tr>
 102 ····<tr>
 103 ······<td>3.1.1</td>
 104 ······<td>Disable·GDM·Automatic·Login</td>
 105 ······<td·xml:lang="en-US">
 106 ········The·GNOME·Display·Manager·(GDM)·can·allow·users·to·automatically·login·without
 107 user·interaction·or·credentials.·User·should·always·be·required·to·authenticate·themselves
 108 to·the·system·that·they·are·authorized·to·use.·To·disable·user·ability·to·automatically
 109 login·to·the·system,·set·the·<tt>AutomaticLoginEnable</tt>·to·<tt>false</tt>·in·the
 110 <tt>[daemon]</tt>·section·in·<tt>/etc/gdm/custom.conf</tt>.·For·example:
 111 <pre>[daemon]
 112 AutomaticLoginEnable=false</pre>
 113 ······</td>
 114 ······<td·xml:lang="en-US">
 115 ········Failure·to·restrict·system·access·to·authenticated·users·negatively·impacts·operating
 116 system·security.
 117 ······</td>
 118 ····</tr>
 119 ····<tr>
47 ······<td>3.1.1</td>120 ······<td>3.1.1</td>
48 ······<td>Disable·GDM·Guest·Login</td>121 ······<td>Disable·GDM·Guest·Login</td>
49 ······<td·xml:lang="en-US">122 ······<td·xml:lang="en-US">
50 ········The·GNOME·Display·Manager·(GDM)·can·allow·users·to·login·without·credentials123 ········The·GNOME·Display·Manager·(GDM)·can·allow·users·to·login·without·credentials
51 which·can·be·useful·for·public·kiosk·scenarios.·Allowing·users·to·login·without·credentials124 which·can·be·useful·for·public·kiosk·scenarios.·Allowing·users·to·login·without·credentials
52 or·"guest"·account·access·has·inherent·security·risks·and·should·be·disabled.·To·do·disable125 or·"guest"·account·access·has·inherent·security·risks·and·should·be·disabled.·To·do·disable
53 timed·logins·or·guest·account·access,·set·the·<tt>TimedLoginEnable</tt>·to·<tt>false</tt>·in126 timed·logins·or·guest·account·access,·set·the·<tt>TimedLoginEnable</tt>·to·<tt>false</tt>·in
Offset 77, 57 lines modifiedOffset 153, 14 lines modified
77 ······<td·xml:lang="en-US">153 ······<td·xml:lang="en-US">
78 ········If·an·account·has·an·empty·password,·anyone·could·log·in·and154 ········If·an·account·has·an·empty·password,·anyone·could·log·in·and
79 run·commands·with·the·privileges·of·that·account.·Accounts·with155 run·commands·with·the·privileges·of·that·account.·Accounts·with
80 empty·passwords·should·never·be·used·in·operational·environments.156 empty·passwords·should·never·be·used·in·operational·environments.
81 ······</td>157 ······</td>
82 ····</tr>158 ····</tr>
83 ····<tr>159 ····<tr>
84 ······<td>3.1.1<br/>3.1.6</td> 
85 ······<td>Direct·root·Logins·Not·Allowed</td> 
86 ······<td·xml:lang="en-US"> 
87 ········To·further·limit·access·to·the·<tt>root</tt>·account,·administrators 
88 can·disable·root·logins·at·the·console·by·editing·the·<tt>/etc/securetty</tt>·file. 
89 This·file·lists·all·devices·the·root·user·is·allowed·to·login·to.·If·the·file·does 
90 not·exist·at·all,·the·root·user·can·login·through·any·communication·device·on·the 
91 system,·whether·via·the·console·or·via·a·raw·network·interface.·This·is·dangerous 
92 as·user·can·login·to·the·system·as·root·via·Telnet,·which·sends·the·password·in 
93 plain·text·over·the·network.·By·default,·Oracle·Linux·7's 
94 <tt>/etc/securetty</tt>·file·only·allows·the·root·user·to·login·at·the·console 
95 physically·attached·to·the·system.·To·prevent·root·from·logging·in,·remove·the 
96 contents·of·this·file.·To·prevent·direct·root·logins,·remove·the·contents·of·this 
97 file·by·typing·the·following·command: 
98 <pre> 
99 $·sudo·echo·&gt;·/etc/securetty 
100 </pre> 
101 ······</td> 
102 ······<td·xml:lang="en-US"> 
103 ········Disabling·direct·root·logins·ensures·proper·accountability·and·multifactor 
104 authentication·to·privileged·accounts.·Users·will·first·login,·then·escalate 
105 to·privileged·(root)·access·via·su·/·sudo.·This·is·required·for·FISMA·Low 
106 and·FISMA·Moderate·systems. 
107 ······</td> 
108 ····</tr> 
109 ····<tr> 
110 ······<td>3.1.1<br/>3.1.5</td> 
111 ······<td>Restrict·Virtual·Console·Root·Logins</td> 
112 ······<td·xml:lang="en-US"> 
Max diff block lines reached; 462795/468738 bytes (98.73%) of diff not shown.
818 KB
html2text {}
    
Offset 1, 13 lines modifiedOffset 1, 73 lines modified
  
  
1 Rules·with·NIST-800-171·Reference·in·Guide·to·the·Secure·Configuration·of1 Rules·with·NIST-800-171·Reference·in·Guide·to·the·Secure·Configuration·of
2 Oracle·Linux·72 Oracle·Linux·7
  
  
 3 ······························································································An·account·has·root
 4 ······························································································authority·if·it·has
 5 ······························································································a·UID·of·0.·Multiple
 6 ······························································································accounts·with·a·UID
 7 ·······································If·any·account·other·than·root·has·a·UID·of·0,·this····of·0·afford·more
 8 ·······································misconfiguration·should·be·investigated·and·the········opportunity·for
 9 ·······································accounts·other·than·root·should·be·removed·or·have·····potential·intruders
 10 ·······································their·UID·changed.·····································to·guess·a·password
 11 3.1.1···Verify·Only·Root·Has·UID·0·····If·the·account·is·associated·with·system·commands·or···for·a·privileged
 12 3.1.5··································applications·the·UID·should·be·changed·to·one·greater··account.·Proper
 13 ·······································than·"0"·but·less·than·"1000."·Otherwise·assign·a·UID··configuration·of
 14 ·······································greater·than·"1000"·that·has·not·already·been··········sudo·is·recommended
 15 ·······································assigned.··············································to·afford·multiple
 16 ······························································································system
 17 ······························································································administrators
 18 ······························································································access·to·root
 19 ······························································································privileges·in·an
 20 ······························································································accountable·manner.
 21 ······························································································Even·though·the
 22 ······························································································communications
 23 ······························································································channel·may·be
 24 ······························································································encrypted,·an
 25 ······························································································additional·layer·of
 26 ······························································································security·is·gained
 27 ······························································································by·extending·the
 28 ······························································································policy·of·not
 29 ·······································The·root·user·should·never·be·allowed·to·login·to·a····logging·directly·on
 30 3.1.1··································system·directly·over·a·network.·To·disable·root·login··as·root.·In
 31 3.1.5···Disable·SSH·Root·Login·········via·SSH,·add·or·correct·the·following·line·in·/etc/····addition,·logging·in
 32 ·······································ssh/sshd_config:·······································with·a·user-specific
 33 ·······································PermitRootLogin·no·····································account·provides
 34 ······························································································individual
 35 ······························································································accountability·of
 36 ······························································································actions·performed·on
 37 ······························································································the·system·and·also
 38 ······························································································helps·to·minimize
 39 ······························································································direct·attack
 40 ······························································································attempts·on·root's
 41 ······························································································password.
 42 ······························································································This·prevents
 43 ······························································································attackers·with
 44 ·······································Emergency·mode·is·intended·as·a·system·recovery········physical·access·from
 45 ·······································method,·providing·a·single·user·root·access·to·the·····trivially·bypassing
 46 3.1.1···Require·Authentication·for·····system·during·a·failed·boot·sequence.··················security·on·the
 47 3.4.5···Emergency·Systemd·Target······························································machine·and·gaining
 48 ·······································By·default,·Emergency·mode·is·protected·by·requiring·a·root·access.·Such
 49 ·······································password·and·is·set·in·/usr/lib/systemd/system/········accesses·are·further
 50 ·······································emergency.service.·····································prevented·by
 51 ······························································································configuring·the
 52 ······························································································bootloader·password.
 53 ·······································The·GNOME·Display·Manager·(GDM)·can·allow·users·to
 54 ·······································automatically·login·without·user·interaction·or
 55 ·······································credentials.·User·should·always·be·required·to·········Failure·to·restrict
 56 ·······································authenticate·themselves·to·the·system·that·they·are····system·access·to
 57 3.1.1···Disable·GDM·Automatic·Login····authorized·to·use.·To·disable·user·ability·to··········authenticated·users
 58 ·······································automatically·login·to·the·system,·set·the·············negatively·impacts
 59 ·······································AutomaticLoginEnable·to·false·in·the·[daemon]·section··operating·system
 60 ·······································in·/etc/gdm/custom.conf.·For·example:··················security.
 61 ·······································[daemon]
 62 ·······································AutomaticLoginEnable=false
3 ·······································The·GNOME·Display·Manager·(GDM)·can·allow·users·to63 ·······································The·GNOME·Display·Manager·(GDM)·can·allow·users·to
4 ·······································login·without·credentials·which·can·be·useful·for64 ·······································login·without·credentials·which·can·be·useful·for
5 ·······································public·kiosk·scenarios.·Allowing·users·to·login········Failure·to·restrict65 ·······································public·kiosk·scenarios.·Allowing·users·to·login········Failure·to·restrict
6 ·······································without·credentials·or·"guest"·account·access·has······system·access·to66 ·······································without·credentials·or·"guest"·account·access·has······system·access·to
7 3.1.1···Disable·GDM·Guest·Login········inherent·security·risks·and·should·be·disabled.·To·do··authenticated·users67 3.1.1···Disable·GDM·Guest·Login········inherent·security·risks·and·should·be·disabled.·To·do··authenticated·users
8 ·······································disable·timed·logins·or·guest·account·access,·set·the··negatively·impacts68 ·······································disable·timed·logins·or·guest·account·access,·set·the··negatively·impacts
9 ·······································TimedLoginEnable·to·false·in·the·[daemon]·section·in·/·operating·system69 ·······································TimedLoginEnable·to·false·in·the·[daemon]·section·in·/·operating·system
Offset 21, 144 lines modifiedOffset 81, 162 lines modified
21 3.1.1···Prevent·Login·to·Accounts·With·it·may·be·possible·to·log·into·the·account·without·····with·the·privileges81 3.1.1···Prevent·Login·to·Accounts·With·it·may·be·possible·to·log·into·the·account·without·····with·the·privileges
22 3.1.5···Empty·Password·················authentication.·Remove·any·instances·of·the·nullok·in··of·that·account.82 3.1.5···Empty·Password·················authentication.·Remove·any·instances·of·the·nullok·in··of·that·account.
23 ·······································/etc/pam.d/system-auth·and·/etc/pam.d/password-auth·to·Accounts·with·empty83 ·······································/etc/pam.d/system-auth·and·/etc/pam.d/password-auth·to·Accounts·with·empty
24 ·······································prevent·logins·with·empty·passwords.···················passwords·should84 ·······································prevent·logins·with·empty·passwords.···················passwords·should
25 ······························································································never·be·used·in85 ······························································································never·be·used·in
26 ······························································································operational86 ······························································································operational
27 ······························································································environments.87 ······························································································environments.
28 ·······································To·further·limit·access·to·the·root·account, 
29 ·······································administrators·can·disable·root·logins·at·the·console··Disabling·direct 
30 ·······································by·editing·the·/etc/securetty·file.·This·file·lists····root·logins·ensures 
31 ·······································all·devices·the·root·user·is·allowed·to·login·to.·If···proper 
32 ·······································the·file·does·not·exist·at·all,·the·root·user·can······accountability·and 
33 ·······································login·through·any·communication·device·on·the·system,··multifactor 
34 ·······································whether·via·the·console·or·via·a·raw·network···········authentication·to 
35 3.1.1··································interface.·This·is·dangerous·as·user·can·login·to·the··privileged·accounts. 
36 3.1.6···Direct·root·Logins·Not·Allowed·system·as·root·via·Telnet,·which·sends·the·password·in·Users·will·first 
37 ·······································plain·text·over·the·network.·By·default,·Oracle·Linux··login,·then·escalate 
38 ·······································7's·/etc/securetty·file·only·allows·the·root·user·to···to·privileged·(root) 
39 ·······································login·at·the·console·physically·attached·to·the········access·via·su·/ 
40 ·······································system.·To·prevent·root·from·logging·in,·remove·the····sudo.·This·is 
41 ·······································contents·of·this·file.·To·prevent·direct·root·logins,··required·for·FISMA 
42 ·······································remove·the·contents·of·this·file·by·typing·the·········Low·and·FISMA 
43 ·······································following·command:·····································Moderate·systems. 
44 ·······································$·sudo·echo·>·/etc/securetty 
45 ·······································To·restrict·root·logins·through·the·(deprecated)·······Preventing·direct 
46 ·······································virtual·console·devices,·ensure·lines·of·this·form·do··root·login·to 
47 ·······································not·appear·in·/etc/securetty:··························virtual·console 
48 3.1.1···Restrict·Virtual·Console·Root··vc/1···················································devices·helps·ensure 
49 3.1.5···Logins·························vc/2···················································accountability·for 
50 ·······································vc/3···················································actions·taken·on·the 
51 ·······································vc/4···················································system·using·the 
52 ······························································································root·account. 
53 ·······································Disallow·SSH·login·with·empty·passwords.·The·default88 ·······································Disallow·SSH·login·with·empty·passwords.·The·default
54 ·······································SSH·configuration·disables·logins·with·empty···········Configuring·this89 ·······································SSH·configuration·disables·logins·with·empty···········Configuring·this
55 ·······································passwords.·The·appropriate·configuration·is·used·if·no·setting·for·the·SSH90 ·······································passwords.·The·appropriate·configuration·is·used·if·no·setting·for·the·SSH
56 ·······································value·is·set·for·PermitEmptyPasswords.·················daemon·provides91 ·······································value·is·set·for·PermitEmptyPasswords.·················daemon·provides
57 ·······································To·explicitly·disallow·SSH·login·from·accounts·with····additional·assurance92 ·······································To·explicitly·disallow·SSH·login·from·accounts·with····additional·assurance
58 3.1.1···Disable·SSH·Access·via·Empty···empty·passwords,·add·or·correct·the·following·line·in··that·remote·login93 3.1.1···Disable·SSH·Access·via·Empty···empty·passwords,·add·or·correct·the·following·line·in··that·remote·login
59 3.1.5···Passwords······················/etc/ssh/sshd_config:··································via·SSH·will·require94 3.1.5···Passwords······················/etc/ssh/sshd_config:··································via·SSH·will·require
60 ·······································PermitEmptyPasswords·no································a·password,·even·in95 ·······································PermitEmptyPasswords·no································a·password,·even·in
61 ·······································Any·accounts·with·empty·passwords·should·be·disabled···the·event·of96 ·······································Any·accounts·with·empty·passwords·should·be·disabled···the·event·of
62 ·······································immediately,·and·PAM·configuration·should·prevent······misconfiguration97 ·······································immediately,·and·PAM·configuration·should·prevent······misconfiguration
63 ·······································users·from·being·able·to·assign·themselves·empty·······elsewhere.98 ·······································users·from·being·able·to·assign·themselves·empty·······elsewhere.
64 ·······································passwords.99 ·······································passwords.
 100 ·······································To·restrict·root·logins·through·the·(deprecated)·······Preventing·direct
 101 ·······································virtual·console·devices,·ensure·lines·of·this·form·do··root·login·to
 102 ·······································not·appear·in·/etc/securetty:··························virtual·console
 103 3.1.1···Restrict·Virtual·Console·Root··vc/1···················································devices·helps·ensure
 104 3.1.5···Logins·························vc/2···················································accountability·for
65 ·······································The·GNOME·Display·Manager·(GDM)·can·allow·users·to 
66 ·······································automatically·login·without·user·interaction·or 
67 ·······································credentials.·User·should·always·be·required·to·········Failure·to·restrict 
68 ·······································authenticate·themselves·to·the·system·that·they·are····system·access·to 
Max diff block lines reached; 820936/837513 bytes (98.02%) of diff not shown.
9.68 MB
./usr/share/doc/ssg-nondebian/table-ol7-nistrefs.html
    
Offset 66, 15657 lines modifiedOffset 66, 15657 lines modified
00000410:·0a20·2020·203c·7468·3e52·6174·696f·6e61··.····<th>Rationa00000410:·0a20·2020·203c·7468·3e52·6174·696f·6e61··.····<th>Rationa
00000420:·6c65·3c2f·7468·3e0a·2020·3c2f·7468·6561··le</th>.··</thea00000420:·6c65·3c2f·7468·3e0a·2020·3c2f·7468·6561··le</th>.··</thea
00000430:·643e·0a20·203c·7462·6f64·793e·0a20·203c··d>.··<tbody>.··<00000430:·643e·0a20·203c·7462·6f64·793e·0a20·203c··d>.··<tbody>.··<
00000440:·7472·3e0a·2020·2020·2020·3c74·643e·4155··tr>.······<td>AU00000440:·7472·3e0a·2020·2020·2020·3c74·643e·4155··tr>.······<td>AU
00000450:·2d32·2861·293c·2f74·643e·0a20·2020·2020··-2(a)</td>.·····00000450:·2d32·2861·293c·2f74·643e·0a20·2020·2020··-2(a)</td>.·····
00000460:·203c·7464·3e43·6f6e·6669·6775·7265·2061···<td>Configure·a00000460:·203c·7464·3e43·6f6e·6669·6775·7265·2061···<td>Configure·a
Diff chunk too large, falling back to line-by-line diff (3732 lines added, 3732 lines removed)
00000470:·7564·6974·696e·6720·6f66·2075·6e73·7563··uditing·of·unsuc00000470:·7564·6974·696e·6720·6f66·2075·6e73·7563··uditing·of·unsuc
00000480:·6365·7373·6675·6c20·6669·6c65·206d·6f64··cessful·file·mod00000480:·6365·7373·6675·6c20·6669·6c65·2061·6363··cessful·file·acc
00000490:·6966·6963·6174·696f·6e73·3c2f·7464·3e0a··ifications</td>.00000490:·6573·7365·733c·2f74·643e·0a20·2020·2020··esses</td>.·····
000004a0:·2020·2020·2020·3c74·6420·786d·6c3a·6c61········<td·xml:la000004a0:·203c·7464·2078·6d6c·3a6c·616e·673d·2265···<td·xml:lang="e
000004b0:·6e67·3d22·656e·2d55·5322·3e0a·2020·2020··ng="en-US">.····000004b0:·6e2d·5553·223e·0a20·2020·2020·2020·2045··n-US">.········E
000004c0:·2020·2020·456e·7375·7265·2074·6861·7420······Ensure·that·000004c0:·6e73·7572·6520·7468·6174·2075·6e73·7563··nsure·that·unsuc
000004d0:·756e·7375·6363·6573·7366·756c·2061·7474··unsuccessful·att000004d0:·6365·7373·6675·6c20·6174·7465·6d70·7473··cessful·attempts
000004e0:·656d·7074·7320·746f·206d·6f64·6966·7920··empts·to·modify·000004e0:·2074·6f20·6163·6365·7373·2061·2066·696c···to·access·a·fil
000004f0:·6120·6669·6c65·2061·7265·2061·7564·6974··a·file·are·audit000004f0:·6520·6172·6520·6175·6469·7465·642e·0a0a··e·are·audited...
00000500:·6564·2e0a·0a54·6865·2066·6f6c·6c6f·7769··ed...The·followi00000500:·5468·6520·666f·6c6c·6f77·696e·6720·7275··The·following·ru
00000510:·6e67·2072·756c·6573·2063·6f6e·6669·6775··ng·rules·configu00000510:·6c65·7320·636f·6e66·6967·7572·6520·6175··les·configure·au
00000520:·7265·2061·7564·6974·2061·7320·6465·7363··re·audit·as·desc00000520:·6469·7420·6173·2064·6573·6372·6962·6564··dit·as·described
00000530:·7269·6265·6420·6162·6f76·653a·0a3c·7072··ribed·above:.<pr00000530:·2061·626f·7665·3a0a·3c70·7265·3e23·2320···above:.<pre>##·
00000540:·653e·2323·2055·6e73·7563·6365·7373·6675··e>##·Unsuccessfu00000540:·556e·7375·6363·6573·7366·756c·2066·696c··Unsuccessful·fil
00000550:·6c20·6669·6c65·206d·6f64·6966·6963·6174··l·file·modificat00000550:·6520·6163·6365·7373·2028·616e·7920·6f74··e·access·(any·ot
00000560:·696f·6e73·2028·6f70·656e·2066·6f72·2077··ions·(open·for·w00000560:·6865·7220·6f70·656e·7329·2054·6869·7320··her·opens)·This·
00000570:·7269·7465·206f·7220·7472·756e·6361·7465··rite·or·truncate00000570:·6861·7320·746f·2067·6f20·6c61·7374·2e0a··has·to·go·last..
00000580:·290a·2d61·2061·6c77·6179·732c·6578·6974··).-a·always,exit00000580:·2d61·2061·6c77·6179·732c·6578·6974·202d··-a·always,exit·-
00000590:·202d·4620·6172·6368·3d62·3332·202d·5320···-F·arch=b32·-S·00000590:·4620·6172·6368·3d62·3332·202d·5320·6f70··F·arch=b32·-S·op
000005a0:·6f70·656e·6174·2c6f·7065·6e5f·6279·5f68··openat,open_by_h000005a0:·656e·2c6f·7065·6e61·742c·6f70·656e·6174··en,openat,openat
000005b0:·616e·646c·655f·6174·202d·4620·6132·2661··andle_at·-F·a2&a000005b0:·322c·6f70·656e·5f62·795f·6861·6e64·6c65··2,open_by_handle
000005c0:·6d70·3b30·3130·3033·202d·4620·6578·6974··mp;01003·-F·exit000005c0:·5f61·7420·2d46·2065·7869·743d·2d45·4143··_at·-F·exit=-EAC
000005d0:·3d2d·4541·4343·4553·202d·4620·6175·6964··=-EACCES·-F·auid000005d0:·4345·5320·2d46·2061·7569·643e·3d31·3030··CES·-F·auid>=100
000005e0:·2667·743b·3d31·3030·3020·2d46·2061·7569··&gt;=1000·-F·aui000005e0:·3020·2d46·2061·7569·6421·3d75·6e73·6574··0·-F·auid!=unset
000005f0:·6421·3d75·6e73·6574·202d·4620·6b65·793d··d!=unset·-F·key=000005f0:·202d·4620·6b65·793d·756e·7375·6363·6573···-F·key=unsucces
00000600:·756e·7375·6363·6573·7366·756c·2d6d·6f64··unsuccessful-mod00000600:·7366·756c·2d61·6363·6573·730a·2d61·2061··sful-access.-a·a
00000610:·6966·6963·6174·696f·6e0a·2d61·2061·6c77··ification.-a·alw00000610:·6c77·6179·732c·6578·6974·202d·4620·6172··lways,exit·-F·ar
00000620:·6179·732c·6578·6974·202d·4620·6172·6368··ays,exit·-F·arch00000620:·6368·3d62·3634·202d·5320·6f70·656e·2c6f··ch=b64·-S·open,o
00000630:·3d62·3634·202d·5320·6f70·656e·6174·2c6f··=b64·-S·openat,o00000630:·7065·6e61·742c·6f70·656e·6174·322c·6f70··penat,openat2,op
00000640:·7065·6e5f·6279·5f68·616e·646c·655f·6174··pen_by_handle_at00000640:·656e·5f62·795f·6861·6e64·6c65·5f61·7420··en_by_handle_at·
00000650:·202d·4620·6132·2661·6d70·3b30·3130·3033···-F·a2&amp;0100300000650:·2d46·2065·7869·743d·2d45·4143·4345·5320··-F·exit=-EACCES·
00000660:·202d·4620·6578·6974·3d2d·4541·4343·4553···-F·exit=-EACCES00000660:·2d46·2061·7569·643e·3d31·3030·3020·2d46··-F·auid>=1000·-F
00000670:·202d·4620·6175·6964·2667·743b·3d31·3030···-F·auid&gt;=10000000670:·2061·7569·6421·3d75·6e73·6574·202d·4620···auid!=unset·-F·
00000680:·3020·2d46·2061·7569·6421·3d75·6e73·6574··0·-F·auid!=unset00000680:·6b65·793d·756e·7375·6363·6573·7366·756c··key=unsuccessful
00000690:·202d·4620·6b65·793d·756e·7375·6363·6573···-F·key=unsucces00000690:·2d61·6363·6573·730a·2d61·2061·6c77·6179··-access.-a·alway
000006a0:·7366·756c·2d6d·6f64·6966·6963·6174·696f··sful-modificatio000006a0:·732c·6578·6974·202d·4620·6172·6368·3d62··s,exit·-F·arch=b
000006b0:·6e0a·2d61·2061·6c77·6179·732c·6578·6974··n.-a·always,exit000006b0:·3332·202d·5320·6f70·656e·2c6f·7065·6e61··32·-S·open,opena
000006c0:·202d·4620·6172·6368·3d62·3332·202d·5320···-F·arch=b32·-S·000006c0:·742c·6f70·656e·6174·322c·6f70·656e·5f62··t,openat2,open_b
000006d0:·6f70·656e·202d·4620·6131·2661·6d70·3b30··open·-F·a1&amp;0000006d0:·795f·6861·6e64·6c65·5f61·7420·2d46·2065··y_handle_at·-F·e
000006e0:·3130·3033·202d·4620·6578·6974·3d2d·4541··1003·-F·exit=-EA000006e0:·7869·743d·2d45·5045·524d·202d·4620·6175··xit=-EPERM·-F·au
000006f0:·4343·4553·202d·4620·6175·6964·2667·743b··CCES·-F·auid&gt;000006f0:·6964·3e3d·3130·3030·202d·4620·6175·6964··id>=1000·-F·auid
00000700:·3d31·3030·3020·2d46·2061·7569·6421·3d75··=1000·-F·auid!=u00000700:·213d·756e·7365·7420·2d46·206b·6579·3d75··!=unset·-F·key=u
00000710:·6e73·6574·202d·4620·6b65·793d·756e·7375··nset·-F·key=unsu00000710:·6e73·7563·6365·7373·6675·6c2d·6163·6365··nsuccessful-acce
00000720:·6363·6573·7366·756c·2d6d·6f64·6966·6963··ccessful-modific00000720:·7373·0a2d·6120·616c·7761·7973·2c65·7869··ss.-a·always,exi
00000730:·6174·696f·6e0a·2d61·2061·6c77·6179·732c··ation.-a·always,00000730:·7420·2d46·2061·7263·683d·6236·3420·2d53··t·-F·arch=b64·-S
00000740:·6578·6974·202d·4620·6172·6368·3d62·3634··exit·-F·arch=b6400000740:·206f·7065·6e2c·6f70·656e·6174·2c6f·7065···open,openat,ope
00000750:·202d·5320·6f70·656e·202d·4620·6131·2661···-S·open·-F·a1&a00000750:·6e61·7432·2c6f·7065·6e5f·6279·5f68·616e··nat2,open_by_han
00000760:·6d70·3b30·3130·3033·202d·4620·6578·6974··mp;01003·-F·exit00000760:·646c·655f·6174·202d·4620·6578·6974·3d2d··dle_at·-F·exit=-
00000770:·3d2d·4541·4343·4553·202d·4620·6175·6964··=-EACCES·-F·auid00000770:·4550·4552·4d20·2d46·2061·7569·643e·3d31··EPERM·-F·auid>=1
00000780:·2667·743b·3d31·3030·3020·2d46·2061·7569··&gt;=1000·-F·aui00000780:·3030·3020·2d46·2061·7569·6421·3d75·6e73··000·-F·auid!=uns
00000790:·6421·3d75·6e73·6574·202d·4620·6b65·793d··d!=unset·-F·key=00000790:·6574·202d·4620·6b65·793d·756e·7375·6363··et·-F·key=unsucc
000007a0:·756e·7375·6363·6573·7366·756c·2d6d·6f64··unsuccessful-mod000007a0:·6573·7366·756c·2d61·6363·6573·7320·2020··essful-access···
000007b0:·6966·6963·6174·696f·6e0a·2d61·2061·6c77··ification.-a·alw000007b0:·203c·2f70·7265·3e0a·0a4c·6f61·6420·6e65···</pre>..Load·ne
000007c0:·6179·732c·6578·6974·202d·4620·6172·6368··ays,exit·-F·arch000007c0:·7720·4175·6469·7420·7275·6c65·7320·696e··w·Audit·rules·in
000007d0:·3d62·3332·202d·5320·7472·756e·6361·7465··=b32·-S·truncate000007d0:·746f·206b·6572·6e65·6c20·6279·2072·756e··to·kernel·by·run
000007e0:·2c66·7472·756e·6361·7465·202d·4620·6578··,ftruncate·-F·ex000007e0:·6e69·6e67·3a0a·3c70·7265·3e61·7567·656e··ning:.<pre>augen
000007f0:·6974·3d2d·4541·4343·4553·202d·4620·6175··it=-EACCES·-F·au000007f0:·7275·6c65·7320·2d2d·6c6f·6164·3c2f·7072··rules·--load</pr
00000800:·6964·2667·743b·3d31·3030·3020·2d46·2061··id&gt;=1000·-F·a00000800:·653e·0a0a·4e6f·7465·3a20·5468·6973·2072··e>..Note:·This·r
00000810:·7569·6421·3d75·6e73·6574·202d·4620·6b65··uid!=unset·-F·ke00000810:·756c·6520·7573·6573·2061·2073·7065·6369··ule·uses·a·speci
00000820:·793d·756e·7375·6363·6573·7366·756c·2d6d··y=unsuccessful-m00000820:·616c·2073·6574·206f·6620·4175·6469·7420··al·set·of·Audit·
00000830:·6f64·6966·6963·6174·696f·6e0a·2d61·2061··odification.-a·a00000830:·7275·6c65·7320·746f·2063·6f6d·706c·7920··rules·to·comply·
00000840:·6c77·6179·732c·6578·6974·202d·4620·6172··lways,exit·-F·ar00000840:·7769·7468·204f·5350·5020·342e·322e·312e··with·OSPP·4.2.1.
00000850:·6368·3d62·3634·202d·5320·7472·756e·6361··ch=b64·-S·trunca00000850:·2059·6f75·206d·6179·2072·6575·7365·2074···You·may·reuse·t
00000860:·7465·2c66·7472·756e·6361·7465·202d·4620··te,ftruncate·-F·00000860:·6869·7320·7275·6c65·2069·6e20·6469·6666··his·rule·in·diff
00000870:·6578·6974·3d2d·4541·4343·4553·202d·4620··exit=-EACCES·-F·00000870:·6572·656e·7420·7072·6f66·696c·6573·2e20··erent·profiles.·
00000880:·6175·6964·2667·743b·3d31·3030·3020·2d46··auid&gt;=1000·-F00000880:·4966·2079·6f75·2064·6563·6964·6520·746f··If·you·decide·to
00000890:·2061·7569·6421·3d75·6e73·6574·202d·4620···auid!=unset·-F·00000890:·2064·6f20·736f·2c20·6974·2069·7320·7265···do·so,·it·is·re
000008a0:·6b65·793d·756e·7375·6363·6573·7366·756c··key=unsuccessful000008a0:·636f·6d6d·656e·6465·6420·7468·6174·2079··commended·that·y
000008b0:·2d6d·6f64·6966·6963·6174·696f·6e0a·2d61··-modification.-a000008b0:·6f75·2069·6e73·7065·6374·2063·6f6e·7465··ou·inspect·conte
000008c0:·2061·6c77·6179·732c·6578·6974·202d·4620···always,exit·-F·000008c0:·6e74·7320·6f66·2074·6865·2066·696c·6520··nts·of·the·file·
000008d0:·6172·6368·3d62·3332·202d·5320·6f70·656e··arch=b32·-S·open000008d0:·636c·6f73·656c·7920·616e·6420·6d61·6b65··closely·and·make
000008e0:·6174·2c6f·7065·6e5f·6279·5f68·616e·646c··at,open_by_handl000008e0:·2073·7572·6520·7468·6174·2074·6865·7920···sure·that·they·
000008f0:·655f·6174·202d·4620·6132·2661·6d70·3b30··e_at·-F·a2&amp;0000008f0:·6172·6520·616c·6c69·676e·6564·2077·6974··are·alligned·wit
00000900:·3130·3033·202d·4620·6578·6974·3d2d·4550··1003·-F·exit=-EP00000900:·6820·796f·7572·206e·6565·6473·2e0a·2020··h·your·needs..··
00000910:·4552·4d20·2d46·2061·7569·6426·6774·3b3d··ERM·-F·auid&gt;=00000910:·2020·2020·3c2f·7464·3e0a·2020·2020·2020······</td>.······
00000920:·3130·3030·202d·4620·6175·6964·213d·756e··1000·-F·auid!=un00000920:·3c74·6420·786d·6c3a·6c61·6e67·3d22·656e··<td·xml:lang="en
00000930:·7365·7420·2d46·206b·6579·3d75·6e73·7563··set·-F·key=unsuc00000930:·2d55·5322·3e0a·2020·2020·2020·2020·556e··-US">.········Un
00000940:·6365·7373·6675·6c2d·6d6f·6469·6669·6361··cessful-modifica00000940:·7375·6363·6573·7366·756c·2061·7474·656d··successful·attem
00000950:·7469·6f6e·0a2d·6120·616c·7761·7973·2c65··tion.-a·always,e00000950:·7074·7320·746f·2061·6363·6573·7320·6120··pts·to·access·a·
00000960:·7869·7420·2d46·2061·7263·683d·6236·3420··xit·-F·arch=b64·00000960:·6669·6c65·206d·6967·6874·2062·6520·7369··file·might·be·si
00000970:·2d53·206f·7065·6e61·742c·6f70·656e·5f62··-S·openat,open_b00000970:·676e·7320·6f66·206d·616c·6963·696f·7573··gns·of·malicious
00000980:·795f·6861·6e64·6c65·5f61·7420·2d46·2061··y_handle_at·-F·a00000980:·2061·6374·6976·6974·7920·6861·7070·656e···activity·happen
00000990:·3226·616d·703b·3031·3030·3320·2d46·2065··2&amp;01003·-F·e00000990:·696e·6720·7769·7468·696e·2074·6865·2073··ing·within·the·s
000009a0:·7869·743d·2d45·5045·524d·202d·4620·6175··xit=-EPERM·-F·au000009a0:·7973·7465·6d2e·2041·7564·6974·696e·6720··ystem.·Auditing·
000009b0:·6964·2667·743b·3d31·3030·3020·2d46·2061··id&gt;=1000·-F·a000009b0:·6f66·2073·7563·6820·6163·7469·7669·7469··of·such·activiti
000009c0:·7569·6421·3d75·6e73·6574·202d·4620·6b65··uid!=unset·-F·ke000009c0:·6573·2068·656c·7073·2069·6e20·7468·6569··es·helps·in·thei
000009d0:·793d·756e·7375·6363·6573·7366·756c·2d6d··y=unsuccessful-m000009d0:·7220·6d6f·6e69·746f·7269·6e67·2061·6e64··r·monitoring·and
000009e0:·6f64·6966·6963·6174·696f·6e0a·2d61·2061··odification.-a·a000009e0:·2069·6e76·6573·7469·6761·7469·6f6e·2e0a···investigation..
000009f0:·6c77·6179·732c·6578·6974·202d·4620·6172··lways,exit·-F·ar000009f0:·2020·2020·2020·3c2f·7464·3e0a·2020·2020········</td>.····
00000a00:·6368·3d62·3332·202d·5320·6f70·656e·202d··ch=b32·-S·open·-00000a00:·3c2f·7472·3e0a·2020·2020·3c74·723e·0a20··</tr>.····<tr>.·
00000a10:·4620·6131·2661·6d70·3b30·3130·3033·202d··F·a1&amp;01003·-00000a10:·2020·2020·203c·7464·3e41·552d·3228·6429·······<td>AU-2(d)
00000a20:·4620·6578·6974·3d2d·4550·4552·4d20·2d46··F·exit=-EPERM·-F00000a20:·3c62·722f·3e41·552d·3132·2863·293c·6272··<br/>AU-12(c)<br
00000a30:·2061·7569·6426·6774·3b3d·3130·3030·202d···auid&gt;=1000·-00000a30:·2f3e·434d·2d36·2861·293c·2f74·643e·0a20··/>CM-6(a)</td>.·
00000a40:·4620·6175·6964·213d·756e·7365·7420·2d46··F·auid!=unset·-F00000a40:·2020·2020·203c·7464·3e52·6563·6f72·6420·······<td>Record·
00000a50:·206b·6579·3d75·6e73·7563·6365·7373·6675···key=unsuccessfu00000a50:·556e·7375·6363·6573·7366·756c·2050·6572··Unsuccessful·Per
00000a60:·6c2d·6d6f·6469·6669·6361·7469·6f6e·0a2d··l-modification.-00000a60:·6d69·7373·696f·6e20·4368·616e·6765·7320··mission·Changes·
00000a70:·6120·616c·7761·7973·2c65·7869·7420·2d46··a·always,exit·-F00000a70:·746f·2046·696c·6573·202d·2073·6574·7861··to·Files·-·setxa
00000a80:·2061·7263·683d·6236·3420·2d53·206f·7065···arch=b64·-S·ope00000a80:·7474·723c·2f74·643e·0a20·2020·2020·203c··ttr</td>.······<
00000a90:·6e20·2d46·2061·3126·616d·703b·3031·3030··n·-F·a1&amp;010000000a90:·7464·2078·6d6c·3a6c·616e·673d·2265·6e2d··td·xml:lang="en-
00000aa0:·3320·2d46·2065·7869·743d·2d45·5045·524d··3·-F·exit=-EPERM00000aa0:·5553·223e·0a20·2020·2020·2020·2054·6865··US">.········The
00000ab0:·202d·4620·6175·6964·2667·743b·3d31·3030···-F·auid&gt;=10000000ab0:·2061·7564·6974·2073·7973·7465·6d20·7368···audit·system·sh
00000ac0:·3020·2d46·2061·7569·6421·3d75·6e73·6574··0·-F·auid!=unset00000ac0:·6f75·6c64·2063·6f6c·6c65·6374·2075·6e73··ould·collect·uns
00000ad0:·202d·4620·6b65·793d·756e·7375·6363·6573···-F·key=unsucces00000ad0:·7563·6365·7373·6675·6c20·6669·6c65·2070··uccessful·file·p
00000ae0:·7366·756c·2d6d·6f64·6966·6963·6174·696f··sful-modificatio00000ae0:·6572·6d69·7373·696f·6e20·6368·616e·6765··ermission·change
00000af0:·6e0a·2d61·2061·6c77·6179·732c·6578·6974··n.-a·always,exit00000af0:·0a61·7474·656d·7074·7320·666f·7220·616c··.attempts·for·al
00000b00:·202d·4620·6172·6368·3d62·3332·202d·5320···-F·arch=b32·-S·00000b00:·6c20·7573·6572·7320·616e·6420·726f·6f74··l·users·and·root
00000b10:·7472·756e·6361·7465·2c66·7472·756e·6361··truncate,ftrunca00000b10:·2e0a·4966·2074·6865·203c·7474·3e61·7564··..If·the·<tt>aud
00000b20:·7465·202d·4620·6578·6974·3d2d·4550·4552··te·-F·exit=-EPER00000b20:·6974·643c·2f74·743e·2064·6165·6d6f·6e20··itd</tt>·daemon·
00000b30:·4d20·2d46·2061·7569·6426·6774·3b3d·3130··M·-F·auid&gt;=1000000b30:·6973·2063·6f6e·6669·6775·7265·640a·746f··is·configured.to
00000b40:·3030·202d·4620·6175·6964·213d·756e·7365··00·-F·auid!=unse00000b40:·2075·7365·2074·6865·203c·7474·3e61·7567···use·the·<tt>aug
00000b50:·7420·2d46·206b·6579·3d75·6e73·7563·6365··t·-F·key=unsucce00000b50:·656e·7275·6c65·733c·2f74·743e·2070·726f··enrules</tt>·pro
00000b60:·7373·6675·6c2d·6d6f·6469·6669·6361·7469··ssful-modificati00000b60:·6772·616d·2074·6f20·7265·6164·2061·7564··gram·to·read·aud
00000b70:·6f6e·0a2d·6120·616c·7761·7973·2c65·7869··on.-a·always,exi00000b70:·6974·2072·756c·6573·2064·7572·696e·6720··it·rules·during·
00000b80:·7420·2d46·2061·7263·683d·6236·3420·2d53··t·-F·arch=b64·-S00000b80:·6461·656d·6f6e·0a73·7461·7274·7570·2028··daemon.startup·(
00000b90:·2074·7275·6e63·6174·652c·6674·7275·6e63···truncate,ftrunc00000b90:·7468·6520·6465·6661·756c·7429·2c20·6164··the·default),·ad
00000ba0:·6174·6520·2d46·2065·7869·743d·2d45·5045··ate·-F·exit=-EPE00000ba0:·6420·7468·6520·666f·6c6c·6f77·696e·6720··d·the·following·
00000bb0:·524d·202d·4620·6175·6964·2667·743b·3d31··RM·-F·auid&gt;=100000bb0:·6c69·6e65·7320·746f·2061·2066·696c·6520··lines·to·a·file·
00000bc0:·3030·3020·2d46·2061·7569·6421·3d75·6e73··000·-F·auid!=uns00000bc0:·7769·7468·2073·7566·6669·780a·3c74·743e··with·suffix.<tt>
00000bd0:·6574·202d·4620·6b65·793d·756e·7375·6363··et·-F·key=unsucc00000bd0:·2e72·756c·6573·3c2f·7474·3e20·696e·2074··.rules</tt>·in·t
00000be0:·6573·7366·756c·2d6d·6f64·6966·6963·6174··essful-modificat00000be0:·6865·2064·6972·6563·746f·7279·203c·7474··he·directory·<tt
Max diff block lines reached; 6974290/7489884 bytes (93.12%) of diff not shown.
2.53 MB
html2text {}
Max HTML report size reached
574 KB
./usr/share/doc/ssg-nondebian/table-ol7-ospprefs.html
Ordering differences only
    
Offset 75, 34 lines modifiedOffset 75, 14 lines modified
75 ········<tt>openscap-scanner</tt>·contains·the·<tt>oscap</tt>·command·line·tool.·This·tool·is·a75 ········<tt>openscap-scanner</tt>·contains·the·<tt>oscap</tt>·command·line·tool.·This·tool·is·a
76 configuration·and·vulnerability·scanner,·capable·of·performing·compliance·checking·using76 configuration·and·vulnerability·scanner,·capable·of·performing·compliance·checking·using
77 SCAP·content.77 SCAP·content.
78 ······</td>78 ······</td>
79 ····</tr>79 ····</tr>
80 ····<tr>80 ····<tr>
81 ······<td>AVA_VAN.1</td>81 ······<td>AVA_VAN.1</td>
82 ······<td>Configure·kernel·to·zero·out·memory·before·allocation</td> 
83 ······<td·xml:lang="en-US"> 
84 ········To·configure·the·kernel·to·zero·out·memory·before·allocating·it,·add·the 
85 <tt>init_on_alloc=1</tt>·argument·to·the·default·GRUB·2·command·line. 
86 To·ensure·that·<tt>init_on_alloc=1</tt>·is·added·as·a·kernel·command·line 
87 argument·to·newly·installed·kernels,·add·<tt>init_on_alloc=1</tt>·to·the 
88 default·Grub2·command·line·for·Linux·operating·systems.·Modify·the·line·within 
89 <tt>/etc/default/grub</tt>·as·shown·below: 
90 <pre>GRUB_CMDLINE_LINUX="...·init_on_alloc=1·..."</pre> 
91 Run·the·following·command·to·update·command·line·for·already·installed·kernels:<pre>#·grubby·--update-kernel=ALL·--args="init_on_alloc=1"</pre> 
92 ······</td> 
93 ······<td·xml:lang="en-US"> 
94 ········When·the·kernel·configuration·option·<tt>init_on_alloc</tt>·is·enabled, 
95 all·page·allocator·and·slab·allocator·memory·will·be·zeroed·when·allocated, 
96 eliminating·many·kinds·of·"uninitialized·heap·memory"·flaws,·effectively 
97 preventing·data·leaks. 
98 ······</td> 
99 ····</tr> 
100 ····<tr> 
101 ······<td>AVA_VAN.1</td> 
102 ······<td>Enable·randomization·of·the·page·allocator·in·zIPL</td>82 ······<td>Enable·randomization·of·the·page·allocator·in·zIPL</td>
103 ······<td·xml:lang="en-US">83 ······<td·xml:lang="en-US">
104 ········To·enable·the·randomization·of·the·page·allocator·in·the·kernel,·check·that84 ········To·enable·the·randomization·of·the·page·allocator·in·the·kernel,·check·that
105 all·boot·entries·in·<tt>/boot/loader/entries/*.conf</tt>·have85 all·boot·entries·in·<tt>/boot/loader/entries/*.conf</tt>·have
106 <tt>page_alloc.shuffle=1</tt>·included·in·its·options.<br·/>86 <tt>page_alloc.shuffle=1</tt>·included·in·its·options.<br·/>
  
107 To·enable·randomization·of·the·page·allocator·also·for··newly·installed87 To·enable·randomization·of·the·page·allocator·also·for··newly·installed
Offset 119, 33 lines modifiedOffset 99, 14 lines modified
119 memory·ouf·of·that·node.·The·<tt>page_alloc.shuffle=1</tt>·kernel·command99 memory·ouf·of·that·node.·The·<tt>page_alloc.shuffle=1</tt>·kernel·command
120 line·parameter·then·forces·this·functionality·irrespectively·of·memory·cache100 line·parameter·then·forces·this·functionality·irrespectively·of·memory·cache
121 architecture.101 architecture.
122 ······</td>102 ······</td>
123 ····</tr>103 ····</tr>
124 ····<tr>104 ····<tr>
125 ······<td>AVA_VAN.1</td>105 ······<td>AVA_VAN.1</td>
126 ······<td>Configure·kernel·to·zero·out·memory·before·allocation·in·zIPL</td> 
127 ······<td·xml:lang="en-US"> 
128 ········To·ensure·that·the·kernel·is·configured·to·zero·out·memory·before 
129 allocation,·check·that·all·boot·entries·in 
130 <tt>/boot/loader/entries/*.conf</tt>·have·<tt>init_on_alloc=1</tt> 
131 included·in·its·options.<br·/> 
  
132 To·ensure·that·new·kernels·and·boot·entries·continue·to·zero·out·memory 
133 before·allocation,·add·<tt>init_on_alloc=1</tt>·to·<tt>/etc/kernel/cmdline</tt>. 
134 ······</td> 
135 ······<td·xml:lang="en-US"> 
136 ········When·the·kernel·configuration·option·<tt>init_on_alloc</tt>·is·enabled, 
137 all·page·allocator·and·slab·allocator·memory·will·be·zeroed·when·allocated, 
138 eliminating·many·kinds·of·"uninitialized·heap·memory"·flaws,·effectively 
139 preventing·data·leaks. 
140 ······</td> 
141 ····</tr> 
142 ····<tr> 
143 ······<td>AVA_VAN.1</td> 
144 ······<td>Enable·randomization·of·the·page·allocator</td>106 ······<td>Enable·randomization·of·the·page·allocator</td>
145 ······<td·xml:lang="en-US">107 ······<td·xml:lang="en-US">
146 ········To·enable·randomization·of·the·page·allocator·in·the·kernel,·add·the108 ········To·enable·randomization·of·the·page·allocator·in·the·kernel,·add·the
147 <tt>page_alloc.shuffle=1</tt>·argument·to·the·default·GRUB·2·command·line.109 <tt>page_alloc.shuffle=1</tt>·argument·to·the·default·GRUB·2·command·line.
148 To·ensure·that·<tt>page_alloc.shuffle=1</tt>·is·added·as·a·kernel·command·line110 To·ensure·that·<tt>page_alloc.shuffle=1</tt>·is·added·as·a·kernel·command·line
149 argument·to·newly·installed·kernels,·add·<tt>page_alloc.shuffle=1</tt>·to·the111 argument·to·newly·installed·kernels,·add·<tt>page_alloc.shuffle=1</tt>·to·the
150 default·Grub2·command·line·for·Linux·operating·systems.·Modify·the·line·within112 default·Grub2·command·line·for·Linux·operating·systems.·Modify·the·line·within
Offset 163, 73 lines modifiedOffset 124, 50 lines modified
163 hot-pluggable·memory·node·(as·in·NUMA·node)·and·applications·allocating124 hot-pluggable·memory·node·(as·in·NUMA·node)·and·applications·allocating
164 memory·ouf·of·that·node.·The·<tt>page_alloc.shuffle=1</tt>·kernel·command125 memory·ouf·of·that·node.·The·<tt>page_alloc.shuffle=1</tt>·kernel·command
165 line·parameter·then·forces·this·functionality·irrespectively·of·memory·cache126 line·parameter·then·forces·this·functionality·irrespectively·of·memory·cache
166 architecture.127 architecture.
167 ······</td>128 ······</td>
168 ····</tr>129 ····</tr>
169 ····<tr>130 ····<tr>
170 ······<td>FAU_GEN.1</td>131 ······<td>AVA_VAN.1</td>
 132 ······<td>Configure·kernel·to·zero·out·memory·before·allocation</td>
171 ······<td>Configure·basic·parameters·of·Audit·system</td> 
172 ······<td·xml:lang="en-US"> 
173 ········Perform·basic·configuration·of·Audit·system. 
174 Make·sure·that·any·previously·defined·rules·are·cleared,·the·auditing·system·is·configured·to·handle·sudden·bursts·of·events,·and·in·cases·of·failure,·messages·are·configured·to·be·directed·to·system·log. 
  
175 The·following·rules·configure·audit·as·described·above: 
176 <pre>##·First·rule·-·delete·all 
177 -D 
  
178 ##·Increase·the·buffers·to·survive·stress·events. 
179 ##·Make·this·bigger·for·busy·systems 
180 -b·8192 
  
181 ##·This·determine·how·long·to·wait·in·burst·of·events 
182 --backlog_wait_time·60000 
  
183 ##·Set·failure·mode·to·syslog 
184 -f·1····</pre> 
  
185 Load·new·Audit·rules·into·kernel·by·running: 
186 <pre>augenrules·--load</pre> 
187 ······</td> 
188 ······<td·xml:lang="en-US"> 
189 ········Without·basic·configurations,·audit·may·not·perform·as·expected.·It·may·not·be·able·to·correctly·handle·events·under·stressful·conditions,·or·log·events·in·case·of·failure. 
190 ······</td> 
191 ····</tr> 
192 ····<tr> 
193 ······<td>FAU_GEN.1</td> 
194 ······<td>Configure·auditd·flush·priority</td> 
195 ······<td·xml:lang="en-US">133 ······<td·xml:lang="en-US">
196 ········The·<tt>auditd</tt>·service·can·be·configured·to 
197 synchronously·write·audit·event·data·to·disk.·Add·or·correct·the·following 
198 line·in·<tt>/etc/audit/auditd.conf</tt>·to·ensure·that·audit·event·data·is 
199 fully·synchronized·with·the·log·files·on·the·disk: 
200 <pre>flush·=·<abbr·title="$var_auditd_flush"><tt>data</tt></abbr></pre>134 ········To·configure·the·kernel·to·zero·out·memory·before·allocating·it,·add·the
 135 <tt>init_on_alloc=1</tt>·argument·to·the·default·GRUB·2·command·line.
 136 To·ensure·that·<tt>init_on_alloc=1</tt>·is·added·as·a·kernel·command·line
 137 argument·to·newly·installed·kernels,·add·<tt>init_on_alloc=1</tt>·to·the
 138 default·Grub2·command·line·for·Linux·operating·systems.·Modify·the·line·within
 139 <tt>/etc/default/grub</tt>·as·shown·below:
 140 <pre>GRUB_CMDLINE_LINUX="...·init_on_alloc=1·..."</pre>
 141 Run·the·following·command·to·update·command·line·for·already·installed·kernels:<pre>#·grubby·--update-kernel=ALL·--args="init_on_alloc=1"</pre>
201 ······</td>142 ······</td>
202 ······<td·xml:lang="en-US">143 ······<td·xml:lang="en-US">
203 ········Audit·data·should·be·synchronously·written·to·disk·to·ensure 
204 log·integrity.·These·parameters·assure·that·all·audit·event·data·is·fully 
205 synchronized·with·the·log·files·on·the·disk.144 ········When·the·kernel·configuration·option·<tt>init_on_alloc</tt>·is·enabled,
 145 all·page·allocator·and·slab·allocator·memory·will·be·zeroed·when·allocated,
 146 eliminating·many·kinds·of·"uninitialized·heap·memory"·flaws,·effectively
Max diff block lines reached; 220141/226460 bytes (97.21%) of diff not shown.
353 KB
html2text {}
    
Offset 34, 23 lines modifiedOffset 34, 14 lines modified
34 ·························································································································openscap-scanner·contains·the34 ·························································································································openscap-scanner·contains·the
35 ·················Install·································································································oscap·command·line·tool.·This35 ·················Install·································································································oscap·command·line·tool.·This
36 AGD_PRE.1········openscap-······The·openscap-scanner·package·can·be·installed·with·the·following·command:················tool·is·a·configuration·and36 AGD_PRE.1········openscap-······The·openscap-scanner·package·can·be·installed·with·the·following·command:················tool·is·a·configuration·and
37 AGD_OPE.1········scanner········$·sudo·yum·install·openscap-scanner······················································vulnerability·scanner,37 AGD_OPE.1········scanner········$·sudo·yum·install·openscap-scanner······················································vulnerability·scanner,
38 ·················Package·································································································capable·of·performing38 ·················Package·································································································capable·of·performing
39 ·························································································································compliance·checking·using39 ·························································································································compliance·checking·using
40 ·························································································································SCAP·content.40 ·························································································································SCAP·content.
41 ································To·configure·the·kernel·to·zero·out·memory·before·allocating·it,·add·the·init_on_alloc=1·When·the·kernel·configuration 
42 ································argument·to·the·default·GRUB·2·command·line.·To·ensure·that·init_on_alloc=1·is·added·as··option·init_on_alloc·is 
43 ·················Configure······a·kernel·command·line·argument·to·newly·installed·kernels,·add·init_on_alloc=1·to·the····enabled,·all·page·allocator 
44 ·················kernel·to·zero·default·Grub2·command·line·for·Linux·operating·systems.·Modify·the·line·within·/etc/·····and·slab·allocator·memory 
45 AVA_VAN.1········out·memory·····default/grub·as·shown·below:·····························································will·be·zeroed·when 
46 ·················before·········GRUB_CMDLINE_LINUX="...·init_on_alloc=1·..."·············································allocated,·eliminating·many 
47 ·················allocation·····Run·the·following·command·to·update·command·line·for·already·installed·kernels:··········kinds·of·"uninitialized·heap 
48 ································#·grubby·--update-kernel=ALL·--args="init_on_alloc=1"····································memory"·flaws,·effectively 
49 ·························································································································preventing·data·leaks. 
50 ·························································································································The41 ·························································································································The
51 ·························································································································CONFIG_SHUFFLE_PAGE_ALLOCATOR42 ·························································································································CONFIG_SHUFFLE_PAGE_ALLOCATOR
52 ·························································································································config·option·is·primarily43 ·························································································································config·option·is·primarily
53 ·························································································································focused·on·improving·the44 ·························································································································focused·on·improving·the
54 ·························································································································average·utilization·of·a45 ·························································································································average·utilization·of·a
55 ·························································································································direct-mapped·memory-side-46 ·························································································································direct-mapped·memory-side-
56 ·························································································································cache.·Aside·of·this47 ·························································································································cache.·Aside·of·this
Offset 68, 23 lines modifiedOffset 59, 14 lines modified
68 ·························································································································applications·allocating59 ·························································································································applications·allocating
69 ·························································································································memory·ouf·of·that·node.·The60 ·························································································································memory·ouf·of·that·node.·The
70 ·························································································································page_alloc.shuffle=1·kernel61 ·························································································································page_alloc.shuffle=1·kernel
71 ·························································································································command·line·parameter·then62 ·························································································································command·line·parameter·then
72 ·························································································································forces·this·functionality63 ·························································································································forces·this·functionality
73 ·························································································································irrespectively·of·memory64 ·························································································································irrespectively·of·memory
74 ·························································································································cache·architecture.65 ·························································································································cache·architecture.
75 ·························································································································When·the·kernel·configuration 
76 ·················Configure·······························································································option·init_on_alloc·is 
77 ·················kernel·to·zero·To·ensure·that·the·kernel·is·configured·to·zero·out·memory·before·allocation,·check·that·enabled,·all·page·allocator 
78 ·················out·memory·····all·boot·entries·in·/boot/loader/entries/*.conf·have·init_on_alloc=1·included·in·its·····and·slab·allocator·memory 
79 AVA_VAN.1········before·········options.·················································································will·be·zeroed·when 
80 ·················allocation·in··To·ensure·that·new·kernels·and·boot·entries·continue·to·zero·out·memory·before···········allocated,·eliminating·many 
81 ·················zIPL···········allocation,·add·init_on_alloc=1·to·/etc/kernel/cmdline.··································kinds·of·"uninitialized·heap 
82 ·························································································································memory"·flaws,·effectively 
83 ·························································································································preventing·data·leaks. 
84 ·························································································································The66 ·························································································································The
85 ·························································································································CONFIG_SHUFFLE_PAGE_ALLOCATOR67 ·························································································································CONFIG_SHUFFLE_PAGE_ALLOCATOR
86 ·························································································································config·option·is·primarily68 ·························································································································config·option·is·primarily
87 ·························································································································focused·on·improving·the69 ·························································································································focused·on·improving·the
88 ·························································································································average·utilization·of·a70 ·························································································································average·utilization·of·a
89 ·························································································································direct-mapped·memory-side-71 ·························································································································direct-mapped·memory-side-
90 ·························································································································cache.·Aside·of·this72 ·························································································································cache.·Aside·of·this
Offset 102, 75 lines modifiedOffset 84, 90 lines modified
102 ·························································································································applications·allocating84 ·························································································································applications·allocating
103 ·························································································································memory·ouf·of·that·node.·The85 ·························································································································memory·ouf·of·that·node.·The
104 ·························································································································page_alloc.shuffle=1·kernel86 ·························································································································page_alloc.shuffle=1·kernel
105 ·························································································································command·line·parameter·then87 ·························································································································command·line·parameter·then
106 ·························································································································forces·this·functionality88 ·························································································································forces·this·functionality
107 ·························································································································irrespectively·of·memory89 ·························································································································irrespectively·of·memory
108 ·························································································································cache·architecture.90 ·························································································································cache·architecture.
 91 ································To·configure·the·kernel·to·zero·out·memory·before·allocating·it,·add·the·init_on_alloc=1·When·the·kernel·configuration
 92 ································argument·to·the·default·GRUB·2·command·line.·To·ensure·that·init_on_alloc=1·is·added·as··option·init_on_alloc·is
 93 ·················Configure······a·kernel·command·line·argument·to·newly·installed·kernels,·add·init_on_alloc=1·to·the····enabled,·all·page·allocator
 94 ·················kernel·to·zero·default·Grub2·command·line·for·Linux·operating·systems.·Modify·the·line·within·/etc/·····and·slab·allocator·memory
 95 AVA_VAN.1········out·memory·····default/grub·as·shown·below:·····························································will·be·zeroed·when
 96 ·················before·········GRUB_CMDLINE_LINUX="...·init_on_alloc=1·..."·············································allocated,·eliminating·many
 97 ·················allocation·····Run·the·following·command·to·update·command·line·for·already·installed·kernels:··········kinds·of·"uninitialized·heap
 98 ································#·grubby·--update-kernel=ALL·--args="init_on_alloc=1"····································memory"·flaws,·effectively
109 ································Perform·basic·configuration·of·Audit·system.·Make·sure·that·any·previously·defined·rules 
110 ································are·cleared,·the·auditing·system·is·configured·to·handle·sudden·bursts·of·events,·and·in 
111 ································cases·of·failure,·messages·are·configured·to·be·directed·to·system·log.·The·following 
112 ································rules·configure·audit·as·described·above: 
113 ································##·First·rule·-·delete·all 
114 ································-D·······················································································Without·basic·configurations, 
115 ·························································································································audit·may·not·perform·as 
116 ·················Configure······##·Increase·the·buffers·to·survive·stress·events.········································expected.·It·may·not·be·able 
117 FAU_GEN.1········basic··········##·Make·this·bigger·for·busy·systems·····················································to·correctly·handle·events 
118 ·················parameters·of··-b·8192··················································································under·stressful·conditions, 
119 ·················Audit·system····························································································or·log·events·in·case·of 
120 ································##·This·determine·how·long·to·wait·in·burst·of·events····································failure. 
121 ································--backlog_wait_time·60000 
  
122 ································##·Set·failure·mode·to·syslog 
123 ································-f·1 
124 ································Load·new·Audit·rules·into·kernel·by·running: 
125 ································augenrules·--load 
126 ·························································································································Audit·data·should·be 
127 ································The·auditd·service·can·be·configured·to·synchronously·write·audit·event·data·to·disk.····synchronously·written·to·disk 
128 ·················Configure······Add·or·correct·the·following·line·in·/etc/audit/auditd.conf·to·ensure·that·audit·event···to·ensure·log·integrity. 
129 FAU_GEN.1········auditd·flush···data·is·fully·synchronized·with·the·log·files·on·the·disk:·······························These·parameters·assure·that 
130 ·················priority·······flush·=·data·············································································all·audit·event·data·is·fully 
131 ·························································································································synchronized·with·the·log 
132 ·························································································································files·on·the·disk. 
133 ·························································································································Each·process·on·the·system 
134 ·························································································································carries·an·"auditable"·flag 
135 ·························································································································which·indicates·whether·its 
136 ·················Enable·········To·ensure·all·processes·can·be·audited,·even·those·which·start·prior·to·the·audit········activities·can·be·audited. 
137 ·················Auditing·to····daemon,·check·that·all·boot·entries·in·/boot/loader/entries/*.conf·have·audit=1·included·Although·auditd·takes·care·of 
138 FAU_GEN.1········Start·Prior·to·in·its·options.··········································································enabling·this·for·all 
139 ·················the·Audit······To·ensure·that·new·kernels·and·boot·entries·continue·to·enable·audit,·add·audit=1·to·/···processes·which·launch·after 
140 ·················Daemon·in·zIPL·etc/kernel/cmdline.······································································it·does,·adding·the·kernel 
141 ·························································································································argument·ensures·it·is·set 
142 ·························································································································for·every·process·during 
143 ·························································································································boot.99 ·························································································································preventing·data·leaks.
 100 ·························································································································When·the·kernel·configuration
 101 ·················Configure·······························································································option·init_on_alloc·is
 102 ·················kernel·to·zero·To·ensure·that·the·kernel·is·configured·to·zero·out·memory·before·allocation,·check·that·enabled,·all·page·allocator
 103 ·················out·memory·····all·boot·entries·in·/boot/loader/entries/*.conf·have·init_on_alloc=1·included·in·its·····and·slab·allocator·memory
 104 AVA_VAN.1········before·········options.·················································································will·be·zeroed·when
 105 ·················allocation·in··To·ensure·that·new·kernels·and·boot·entries·continue·to·zero·out·memory·before···········allocated,·eliminating·many
 106 ·················zIPL···········allocation,·add·init_on_alloc=1·to·/etc/kernel/cmdline.··································kinds·of·"uninitialized·heap
 107 ·························································································································memory"·flaws,·effectively
 108 ·························································································································preventing·data·leaks.
144 ·························································································································Even·though·the109 ·························································································································Even·though·the
145 ·························································································································communications·channel·may·be110 ·························································································································communications·channel·may·be
146 ·························································································································encrypted,·an·additional111 ·························································································································encrypted,·an·additional
147 ·························································································································layer·of·security·is·gained112 ·························································································································layer·of·security·is·gained
148 ·························································································································by·extending·the·policy·of113 ·························································································································by·extending·the·policy·of
149 ································The·root·user·should·never·be·allowed·to·login·to·a·system·directly·over·a·network.·To···not·logging·directly·on·as114 ································The·root·user·should·never·be·allowed·to·login·to·a·system·directly·over·a·network.·To···not·logging·directly·on·as
150 FAU_GEN.1········Disable·SSH····disable·root·login·via·SSH,·add·or·correct·the·following·line·in·/etc/ssh/sshd_config:···root.·In·addition,·logging·in115 FAU_GEN.1········Disable·SSH····disable·root·login·via·SSH,·add·or·correct·the·following·line·in·/etc/ssh/sshd_config:···root.·In·addition,·logging·in
151 ·················Root·Login·····PermitRootLogin·no·······································································with·a·user-specific·account116 ·················Root·Login·····PermitRootLogin·no·······································································with·a·user-specific·account
152 ·························································································································provides·individual117 ·························································································································provides·individual
153 ·························································································································accountability·of·actions118 ·························································································································accountability·of·actions
154 ·························································································································performed·on·the·system·and119 ·························································································································performed·on·the·system·and
155 ·························································································································also·helps·to·minimize·direct120 ·························································································································also·helps·to·minimize·direct
156 ·························································································································attack·attempts·on·root's121 ·························································································································attack·attempts·on·root's
157 ·························································································································password.122 ·························································································································password.
 123 ·························································································································Audit·data·should·be
 124 ································The·auditd·service·can·be·configured·to·synchronously·write·audit·event·data·to·disk.····synchronously·written·to·disk
 125 ·················Configure······Add·or·correct·the·following·line·in·/etc/audit/auditd.conf·to·ensure·that·audit·event···to·ensure·log·integrity.
 126 FAU_GEN.1········auditd·flush···data·is·fully·synchronized·with·the·log·files·on·the·disk:·······························These·parameters·assure·that
 127 ·················priority·······flush·=·data·············································································all·audit·event·data·is·fully
Max diff block lines reached; 343165/361390 bytes (94.96%) of diff not shown.
799 KB
./usr/share/doc/ssg-nondebian/table-ol7-pcidssrefs.html
Ordering differences only
    
Offset 157, 14 lines modifiedOffset 157, 28 lines modified
157 default·zone·to·<tt>drop</tt>·implements·proper·design·for·a·firewall,·i.e.157 default·zone·to·<tt>drop</tt>·implements·proper·design·for·a·firewall,·i.e.
158 any·packets·which·are·not·explicitly·permitted·should·not·be158 any·packets·which·are·not·explicitly·permitted·should·not·be
159 accepted.159 accepted.
160 ······</td>160 ······</td>
161 ····</tr>161 ····</tr>
162 ····<tr>162 ····<tr>
163 ······<td>Req-1.4.1</td>163 ······<td>Req-1.4.1</td>
 164 ······<td>Install·iptables·Package</td>
 165 ······<td·xml:lang="en-US">
 166 ········The·<code>iptables</code>·package·can·be·installed·with·the·following·command:
 167 <pre>
 168 $·sudo·yum·install·iptables</pre>
 169 ······</td>
 170 ······<td·xml:lang="en-US">
 171 ········<tt>iptables</tt>·controls·the·Linux·kernel·network·packet·filtering
 172 code.·<tt>iptables</tt>·allows·system·operators·to·set·up·firewalls·and·IP
 173 masquerading,·etc.
 174 ······</td>
 175 ····</tr>
 176 ····<tr>
 177 ······<td>Req-1.4.1</td>
164 ······<td>Set·nftables·Configuration·for·Loopback·Traffic</td>178 ······<td>Set·nftables·Configuration·for·Loopback·Traffic</td>
165 ······<td·xml:lang="en-US">179 ······<td·xml:lang="en-US">
166 ········Configure·the·loopback·interface·to·accept·traffic.180 ········Configure·the·loopback·interface·to·accept·traffic.
167 Configure·all·other·interfaces·to·deny·traffic·to·the·loopback181 Configure·all·other·interfaces·to·deny·traffic·to·the·loopback
168 network.182 network.
169 ······</td>183 ······</td>
170 ······<td·xml:lang="en-US">184 ······<td·xml:lang="en-US">
Offset 173, 28 lines modifiedOffset 187, 14 lines modified
173 is·the·only·place·that·loopback·network·traffic·should·be·seen,187 is·the·only·place·that·loopback·network·traffic·should·be·seen,
174 all·other·interfaces·should·ignore·traffic·on·this·network·as·an188 all·other·interfaces·should·ignore·traffic·on·this·network·as·an
175 anti-spoofing·measure.189 anti-spoofing·measure.
176 ······</td>190 ······</td>
177 ····</tr>191 ····</tr>
178 ····<tr>192 ····<tr>
179 ······<td>Req-1.4.1</td>193 ······<td>Req-1.4.1</td>
180 ······<td>Install·iptables·Package</td> 
181 ······<td·xml:lang="en-US"> 
182 ········The·<code>iptables</code>·package·can·be·installed·with·the·following·command: 
183 <pre> 
184 $·sudo·yum·install·iptables</pre> 
185 ······</td> 
186 ······<td·xml:lang="en-US"> 
187 ········<tt>iptables</tt>·controls·the·Linux·kernel·network·packet·filtering 
188 code.·<tt>iptables</tt>·allows·system·operators·to·set·up·firewalls·and·IP 
189 masquerading,·etc. 
190 ······</td> 
191 ····</tr> 
192 ····<tr> 
193 ······<td>Req-1.4.1</td> 
194 ······<td>Enable·Kernel·Parameter·to·Use·TCP·Syncookies·on·Network·Interfaces</td>194 ······<td>Enable·Kernel·Parameter·to·Use·TCP·Syncookies·on·Network·Interfaces</td>
195 ······<td·xml:lang="en-US">195 ······<td·xml:lang="en-US">
196 ········To·set·the·runtime·status·of·the·<code>net.ipv4.tcp_syncookies</code>·kernel·parameter,·run·the·following·command:·<pre>$·sudo·sysctl·-w·net.ipv4.tcp_syncookies=1</pre>196 ········To·set·the·runtime·status·of·the·<code>net.ipv4.tcp_syncookies</code>·kernel·parameter,·run·the·following·command:·<pre>$·sudo·sysctl·-w·net.ipv4.tcp_syncookies=1</pre>
197 To·make·sure·that·the·setting·is·persistent,·add·the·following·line·to·a·file·in·the·directory·<tt>/etc/sysctl.d</tt>:·<pre>net.ipv4.tcp_syncookies·=·1</pre>197 To·make·sure·that·the·setting·is·persistent,·add·the·following·line·to·a·file·in·the·directory·<tt>/etc/sysctl.d</tt>:·<pre>net.ipv4.tcp_syncookies·=·1</pre>
198 ······</td>198 ······</td>
199 ······<td·xml:lang="en-US">199 ······<td·xml:lang="en-US">
200 ········A·TCP·SYN·flood·attack·can·cause·a·denial·of·service·by·filling·a200 ········A·TCP·SYN·flood·attack·can·cause·a·denial·of·service·by·filling·a
Offset 203, 35 lines modifiedOffset 203, 14 lines modified
203 verifying·the·initiator·is·attempting·a·valid·connection·and·is·not·a·flood203 verifying·the·initiator·is·attempting·a·valid·connection·and·is·not·a·flood
204 source.·This·feature·is·activated·when·a·flood·condition·is·detected,·and204 source.·This·feature·is·activated·when·a·flood·condition·is·detected,·and
205 enables·the·system·to·continue·servicing·valid·connection·requests.205 enables·the·system·to·continue·servicing·valid·connection·requests.
206 ······</td>206 ······</td>
207 ····</tr>207 ····</tr>
208 ····<tr>208 ····<tr>
209 ······<td>Req-1.4.2</td>209 ······<td>Req-1.4.2</td>
210 ······<td>Disable·DCCP·Support</td> 
211 ······<td·xml:lang="en-US"> 
212 ········The·Datagram·Congestion·Control·Protocol·(DCCP)·is·a 
213 relatively·new·transport·layer·protocol,·designed·to·support 
214 streaming·media·and·telephony. 
  
215 To·configure·the·system·to·prevent·the·<code>dccp</code> 
216 kernel·module·from·being·loaded,·add·the·following·line·to·the·file·<code>/etc/modprobe.d/dccp.conf</code>: 
217 <pre>install·dccp·/bin/false</pre> 
  
218 To·configure·the·system·to·prevent·the·<code>dccp</code>·from·being·used, 
219 add·the·following·line·to·file·<code>/etc/modprobe.d/dccp.conf</code>: 
220 <pre>blacklist·dccp</pre> 
221 ······</td> 
222 ······<td·xml:lang="en-US"> 
223 ········Disabling·DCCP·protects 
224 the·system·against·exploitation·of·any·flaws·in·its·implementation. 
225 ······</td> 
226 ····</tr> 
227 ····<tr> 
228 ······<td>Req-1.4.2</td> 
229 ······<td>Disable·SCTP·Support</td>210 ······<td>Disable·SCTP·Support</td>
230 ······<td·xml:lang="en-US">211 ······<td·xml:lang="en-US">
231 ········The·Stream·Control·Transmission·Protocol·(SCTP)·is·a212 ········The·Stream·Control·Transmission·Protocol·(SCTP)·is·a
232 transport·layer·protocol,·designed·to·support·the·idea·of213 transport·layer·protocol,·designed·to·support·the·idea·of
233 message-oriented·communication,·with·several·streams·of·messages214 message-oriented·communication,·with·several·streams·of·messages
234 within·one·connection.215 within·one·connection.
  
Offset 245, 58 lines modifiedOffset 224, 75 lines modified
245 ······</td>224 ······</td>
246 ······<td·xml:lang="en-US">225 ······<td·xml:lang="en-US">
247 ········Disabling·SCTP·protects226 ········Disabling·SCTP·protects
248 the·system·against·exploitation·of·any·flaws·in·its·implementation.227 the·system·against·exploitation·of·any·flaws·in·its·implementation.
249 ······</td>228 ······</td>
250 ····</tr>229 ····</tr>
251 ····<tr>230 ····<tr>
 231 ······<td>Req-1.4.2</td>
 232 ······<td>Disable·DCCP·Support</td>
 233 ······<td·xml:lang="en-US">
 234 ········The·Datagram·Congestion·Control·Protocol·(DCCP)·is·a
 235 relatively·new·transport·layer·protocol,·designed·to·support
 236 streaming·media·and·telephony.
  
 237 To·configure·the·system·to·prevent·the·<code>dccp</code>
 238 kernel·module·from·being·loaded,·add·the·following·line·to·the·file·<code>/etc/modprobe.d/dccp.conf</code>:
 239 <pre>install·dccp·/bin/false</pre>
  
 240 To·configure·the·system·to·prevent·the·<code>dccp</code>·from·being·used,
 241 add·the·following·line·to·file·<code>/etc/modprobe.d/dccp.conf</code>:
 242 <pre>blacklist·dccp</pre>
 243 ······</td>
 244 ······<td·xml:lang="en-US">
 245 ········Disabling·DCCP·protects
 246 the·system·against·exploitation·of·any·flaws·in·its·implementation.
 247 ······</td>
 248 ····</tr>
 249 ····<tr>
252 ······<td>Req-1.4.3</td>250 ······<td>Req-1.4.3</td>
253 ······<td>Disable·Kernel·Parameter·for·Accepting·Secure·ICMP·Redirects·on·all·IPv4·Interfaces</td>251 ······<td>Disable·Kernel·Parameter·for·Accepting·Secure·ICMP·Redirects·on·all·IPv4·Interfaces</td>
254 ······<td·xml:lang="en-US">252 ······<td·xml:lang="en-US">
255 ········To·set·the·runtime·status·of·the·<code>net.ipv4.conf.all.secure_redirects</code>·kernel·parameter,·run·the·following·command:·<pre>$·sudo·sysctl·-w·net.ipv4.conf.all.secure_redirects=0</pre>253 ········To·set·the·runtime·status·of·the·<code>net.ipv4.conf.all.secure_redirects</code>·kernel·parameter,·run·the·following·command:·<pre>$·sudo·sysctl·-w·net.ipv4.conf.all.secure_redirects=0</pre>
256 To·make·sure·that·the·setting·is·persistent,·add·the·following·line·to·a·file·in·the·directory·<tt>/etc/sysctl.d</tt>:·<pre>net.ipv4.conf.all.secure_redirects·=·0</pre>254 To·make·sure·that·the·setting·is·persistent,·add·the·following·line·to·a·file·in·the·directory·<tt>/etc/sysctl.d</tt>:·<pre>net.ipv4.conf.all.secure_redirects·=·0</pre>
Max diff block lines reached; 305966/311158 bytes (98.33%) of diff not shown.
495 KB
html2text {}
    
Offset 112, 14 lines modifiedOffset 112, 23 lines modified
112 ·········Incoming·Packets····firewalld.conf·to·be:··································drop·implements112 ·········Incoming·Packets····firewalld.conf·to·be:··································drop·implements
113 ·····························DefaultZone=drop·······································proper·design·for·a113 ·····························DefaultZone=drop·······································proper·design·for·a
114 ····················································································firewall,·i.e.·any114 ····················································································firewall,·i.e.·any
115 ····················································································packets·which·are115 ····················································································packets·which·are
116 ····················································································not·explicitly116 ····················································································not·explicitly
117 ····················································································permitted·should117 ····················································································permitted·should
118 ····················································································not·be·accepted.118 ····················································································not·be·accepted.
 119 ····················································································iptables·controls
 120 ····················································································the·Linux·kernel
 121 ····················································································network·packet
 122 Req-·····Install·iptables····The·iptables·package·can·be·installed·with·the·········filtering·code.
 123 1.4.1····Package·············following·command:·····································iptables·allows
 124 ·····························$·sudo·yum·install·iptables····························system·operators·to
 125 ····················································································set·up·firewalls
 126 ····················································································and·IP
 127 ····················································································masquerading,·etc.
119 ····················································································Loopback·traffic·is128 ····················································································Loopback·traffic·is
120 ····················································································generated·between129 ····················································································generated·between
121 ····················································································processes·on130 ····················································································processes·on
122 ····················································································machine·and·is131 ····················································································machine·and·is
123 ····················································································typically·critical132 ····················································································typically·critical
124 ····················································································to·operation·of·the133 ····················································································to·operation·of·the
125 ····················································································system.·The134 ····················································································system.·The
Offset 129, 23 lines modifiedOffset 138, 14 lines modified
129 ····················································································network·traffic138 ····················································································network·traffic
130 ····················································································should·be·seen,·all139 ····················································································should·be·seen,·all
131 ····················································································other·interfaces140 ····················································································other·interfaces
132 ····················································································should·ignore141 ····················································································should·ignore
133 ····················································································traffic·on·this142 ····················································································traffic·on·this
134 ····················································································network·as·an·anti-143 ····················································································network·as·an·anti-
135 ····················································································spoofing·measure.144 ····················································································spoofing·measure.
136 ····················································································iptables·controls 
137 ····················································································the·Linux·kernel 
138 ····················································································network·packet 
139 Req-·····Install·iptables····The·iptables·package·can·be·installed·with·the·········filtering·code. 
140 1.4.1····Package·············following·command:·····································iptables·allows 
141 ·····························$·sudo·yum·install·iptables····························system·operators·to 
142 ····················································································set·up·firewalls 
143 ····················································································and·IP 
144 ····················································································masquerading,·etc. 
145 ····················································································A·TCP·SYN·flood145 ····················································································A·TCP·SYN·flood
146 ····················································································attack·can·cause·a146 ····················································································attack·can·cause·a
147 ····················································································denial·of·service147 ····················································································denial·of·service
148 ····················································································by·filling·a148 ····················································································by·filling·a
149 ····················································································system's·TCP149 ····················································································system's·TCP
150 ····················································································connection·table150 ····················································································connection·table
151 ····················································································with·connections·in151 ····················································································with·connections·in
Offset 164, 47 lines modifiedOffset 164, 90 lines modified
164 ····················································································flood·condition·is164 ····················································································flood·condition·is
165 ····················································································detected,·and165 ····················································································detected,·and
166 ····················································································enables·the·system166 ····················································································enables·the·system
167 ····················································································to·continue167 ····················································································to·continue
168 ····················································································servicing·valid168 ····················································································servicing·valid
169 ····················································································connection169 ····················································································connection
170 ····················································································requests.170 ····················································································requests.
171 ·····························The·Datagram·Congestion·Control·Protocol·(DCCP)·is·a 
172 ·····························relatively·new·transport·layer·protocol,·designed·to 
173 ·····························support·streaming·media·and·telephony.·To·configure····Disabling·DCCP 
174 ·····························the·system·to·prevent·the·dccp·kernel·module·from······protects·the·system 
175 Req-·····Disable·DCCP········being·loaded,·add·the·following·line·to·the·file·/etc/·against 
176 1.4.2····Support·············modprobe.d/dccp.conf:··································exploitation·of·any 
177 ·····························install·dccp·/bin/false································flaws·in·its 
178 ·····························To·configure·the·system·to·prevent·the·dccp·from·being·implementation. 
179 ·····························used,·add·the·following·line·to·file·/etc/modprobe.d/ 
180 ·····························dccp.conf: 
181 ·····························blacklist·dccp 
182 ·····························The·Stream·Control·Transmission·Protocol·(SCTP)·is·a171 ·····························The·Stream·Control·Transmission·Protocol·(SCTP)·is·a
183 ·····························transport·layer·protocol,·designed·to·support·the·idea172 ·····························transport·layer·protocol,·designed·to·support·the·idea
184 ·····························of·message-oriented·communication,·with·several173 ·····························of·message-oriented·communication,·with·several
185 ·····························streams·of·messages·within·one·connection.·To··········Disabling·SCTP174 ·····························streams·of·messages·within·one·connection.·To··········Disabling·SCTP
186 ·····························configure·the·system·to·prevent·the·sctp·kernel·module·protects·the·system175 ·····························configure·the·system·to·prevent·the·sctp·kernel·module·protects·the·system
187 Req-·····Disable·SCTP········from·being·loaded,·add·the·following·line·to·the·file··against176 Req-·····Disable·SCTP········from·being·loaded,·add·the·following·line·to·the·file··against
188 1.4.2····Support·············/etc/modprobe.d/sctp.conf:·····························exploitation·of·any177 1.4.2····Support·············/etc/modprobe.d/sctp.conf:·····························exploitation·of·any
189 ·····························install·sctp·/bin/false································flaws·in·its178 ·····························install·sctp·/bin/false································flaws·in·its
190 ·····························To·configure·the·system·to·prevent·the·sctp·from·being·implementation.179 ·····························To·configure·the·system·to·prevent·the·sctp·from·being·implementation.
191 ·····························used,·add·the·following·line·to·file·/etc/modprobe.d/180 ·····························used,·add·the·following·line·to·file·/etc/modprobe.d/
192 ·····························sctp.conf:181 ·····························sctp.conf:
193 ·····························blacklist·sctp182 ·····························blacklist·sctp
 183 ·····························The·Datagram·Congestion·Control·Protocol·(DCCP)·is·a
 184 ·····························relatively·new·transport·layer·protocol,·designed·to
 185 ·····························support·streaming·media·and·telephony.·To·configure····Disabling·DCCP
 186 ·····························the·system·to·prevent·the·dccp·kernel·module·from······protects·the·system
 187 Req-·····Disable·DCCP········being·loaded,·add·the·following·line·to·the·file·/etc/·against
 188 1.4.2····Support·············modprobe.d/dccp.conf:··································exploitation·of·any
 189 ·····························install·dccp·/bin/false································flaws·in·its
 190 ·····························To·configure·the·system·to·prevent·the·dccp·from·being·implementation.
 191 ·····························used,·add·the·following·line·to·file·/etc/modprobe.d/
 192 ·····························dccp.conf:
 193 ·····························blacklist·dccp
194 ····················································································Accepting·"secure"194 ····················································································Accepting·"secure"
195 ·····························To·set·the·runtime·status·of·the·······················ICMP·redirects195 ·····························To·set·the·runtime·status·of·the·······················ICMP·redirects
196 ·········Disable·Kernel······net.ipv4.conf.all.secure_redirects·kernel·parameter,···(from·those196 ·········Disable·Kernel······net.ipv4.conf.all.secure_redirects·kernel·parameter,···(from·those
197 ·········Parameter·for·······run·the·following·command:·····························gateways·listed·as197 ·········Parameter·for·······run·the·following·command:·····························gateways·listed·as
198 Req-·····Accepting·Secure····$·sudo·sysctl·-w·net.ipv4.conf.all.secure_redirects=0··default·gateways)198 Req-·····Accepting·Secure····$·sudo·sysctl·-w·net.ipv4.conf.all.secure_redirects=0··default·gateways)
199 1.4.3····ICMP·Redirects·on···To·make·sure·that·the·setting·is·persistent,·add·the···has·few·legitimate199 1.4.3····ICMP·Redirects·on···To·make·sure·that·the·setting·is·persistent,·add·the···has·few·legitimate
200 ·········all·IPv4·Interfaces·following·line·to·a·file·in·the·directory·/etc/········uses.·It·should·be200 ·········all·IPv4·Interfaces·following·line·to·a·file·in·the·directory·/etc/········uses.·It·should·be
201 ·····························sysctl.d:··············································disabled·unless·it201 ·····························sysctl.d:··············································disabled·unless·it
202 ·····························net.ipv4.conf.all.secure_redirects·=·0·················is·absolutely202 ·····························net.ipv4.conf.all.secure_redirects·=·0·················is·absolutely
203 ····················································································required.203 ····················································································required.
 204 ····················································································Responding·to
 205 ····················································································broadcast·(ICMP)
 206 ····················································································echoes·facilitates
 207 ·····························To·set·the·runtime·status·of·the·······················network·mapping·and
 208 ·····························net.ipv4.icmp_echo_ignore_broadcasts·kernel·parameter,·provides·a·vector
 209 ·········Enable·Kernel·······run·the·following·command:·····························for·amplification
 210 ·········Parameter·to·Ignore·$·sudo·sysctl·-········································attacks.
 211 Req-·····ICMP·Broadcast·Echo·w·net.ipv4.icmp_echo_ignore_broadcasts=1···············Ignoring·ICMP·echo
 212 1.4.3····Requests·on·IPv4····To·make·sure·that·the·setting·is·persistent,·add·the···requests·(pings)
 213 ·········Interfaces··········following·line·to·a·file·in·the·directory·/etc/········sent·to·broadcast
 214 ·····························sysctl.d:··············································or·multicast
 215 ·····························net.ipv4.icmp_echo_ignore_broadcasts·=·1···············addresses·makes·the
 216 ····················································································system·slightly
 217 ····················································································more·difficult·to
 218 ····················································································enumerate·on·the
 219 ····················································································network.
 220 ····················································································Enabling·reverse
 221 ····················································································path·filtering
 222 ····················································································drops·packets·with
 223 ····················································································source·addresses
 224 ····················································································that·should·not
 225 ·····························To·set·the·runtime·status·of·the·······················have·been·able·to
 226 ·········Enable·Kernel·······net.ipv4.conf.all.rp_filter·kernel·parameter,·run·the··be·received·on·the
 227 ·········Parameter·to·Use····following·command:·····································interface·they·were
 228 Req-·····Reverse·Path········$·sudo·sysctl·-w·net.ipv4.conf.all.rp_filter=1·········received·on.·It
 229 1.4.3····Filtering·on·all····To·make·sure·that·the·setting·is·persistent,·add·the···should·not·be·used
 230 ·········IPv4·Interfaces·····following·line·to·a·file·in·the·directory·/etc/········on·systems·which
 231 ·····························sysctl.d:··············································are·routers·for
Max diff block lines reached; 493659/507340 bytes (97.30%) of diff not shown.
3.59 MB
./usr/share/doc/ssg-nondebian/table-ol8-anssirefs.html
    
Offset 63, 280 lines modifiedOffset 63, 280 lines modified
000003e0:·2054·6974·6c65·3c2f·7468·3e0a·2020·2020···Title</th>.····000003e0:·2054·6974·6c65·3c2f·7468·3e0a·2020·2020···Title</th>.····
000003f0:·3c74·683e·4465·7363·7269·7074·696f·6e3c··<th>Description<000003f0:·3c74·683e·4465·7363·7269·7074·696f·6e3c··<th>Description<
00000400:·2f74·683e·0a20·2020·203c·7468·3e52·6174··/th>.····<th>Rat00000400:·2f74·683e·0a20·2020·203c·7468·3e52·6174··/th>.····<th>Rat
00000410:·696f·6e61·6c65·3c2f·7468·3e0a·2020·3c2f··ionale</th>.··</00000410:·696f·6e61·6c65·3c2f·7468·3e0a·2020·3c2f··ionale</th>.··</
00000420:·7468·6561·643e·0a20·203c·7462·6f64·793e··thead>.··<tbody>00000420:·7468·6561·643e·0a20·203c·7462·6f64·793e··thead>.··<tbody>
00000430:·0a20·203c·7472·3e0a·2020·2020·2020·3c74··.··<tr>.······<t00000430:·0a20·203c·7472·3e0a·2020·2020·2020·3c74··.··<tr>.······<t
00000440:·643e·5231·3c2f·7464·3e0a·2020·2020·2020··d>R1</td>.······00000440:·643e·5231·3c2f·7464·3e0a·2020·2020·2020··d>R1</td>.······
00000450:·3c74·643e·496e·7374·616c·6c20·5041·4520··<td>Install·PAE· 
00000460:·4b65·726e·656c·206f·6e20·5375·7070·6f72··Kernel·on·Suppor 
00000470:·7465·6420·3332·2d62·6974·2078·3836·2053··ted·32-bit·x86·S 
00000480:·7973·7465·6d73·3c2f·7464·3e0a·2020·2020··ystems</td>.···· 
00000490:·2020·3c74·6420·786d·6c3a·6c61·6e67·3d22····<td·xml:lang=" 
000004a0:·656e·2d55·5322·3e0a·2020·2020·2020·2020··en-US">.········ 
000004b0:·5379·7374·656d·7320·7468·6174·2061·7265··Systems·that·are 
000004c0:·2075·7369·6e67·2074·6865·2036·342d·6269···using·the·64-bi 
000004d0:·7420·7838·3620·6b65·726e·656c·2070·6163··t·x86·kernel·pac 
000004e0:·6b61·6765·0a64·6f20·6e6f·7420·6e65·6564··kage.do·not·need 
000004f0:·2074·6f20·696e·7374·616c·6c20·7468·6520···to·install·the· 
00000500:·6b65·726e·656c·2d50·4145·2070·6163·6b61··kernel-PAE·packa 
00000510:·6765·2062·6563·6175·7365·2074·6865·2036··ge·because·the·6 
00000520:·342d·6269·740a·7838·3620·6b65·726e·656c··4-bit.x86·kernel 
00000530:·2061·6c72·6561·6479·2069·6e63·6c75·6465···already·include 
00000540:·7320·7468·6973·2073·7570·706f·7274·2e20··s·this·support.· 
00000550:·486f·7765·7665·722c·2069·6620·7468·6520··However,·if·the· 
00000560:·7379·7374·656d·2069·730a·3332·2d62·6974··system·is.32-bit 
00000570:·2061·6e64·2061·6c73·6f20·7375·7070·6f72···and·also·suppor 
00000580:·7473·2074·6865·2050·4145·2061·6e64·204e··ts·the·PAE·and·N 
00000590:·5820·6665·6174·7572·6573·2061·730a·6465··X·features·as.de 
000005a0:·7465·726d·696e·6564·2069·6e20·7468·6520··termined·in·the· 
000005b0:·7072·6576·696f·7573·2073·6563·7469·6f6e··previous·section 
000005c0:·2c20·7468·6520·6b65·726e·656c·2d50·4145··,·the·kernel-PAE 
000005d0:·2070·6163·6b61·6765·2073·686f·756c·640a···package·should. 
000005e0:·6265·2069·6e73·7461·6c6c·6564·2074·6f20··be·installed·to· 
000005f0:·656e·6162·6c65·2058·4420·6f72·204e·5820··enable·XD·or·NX· 
00000600:·7375·7070·6f72·742e·0a54·6865·203c·636f··support..The·<co 
00000610:·6465·3e6b·6572·6e65·6c2d·5041·453c·2f63··de>kernel-PAE</c 
00000620:·6f64·653e·2070·6163·6b61·6765·2063·616e··ode>·package·can 
00000630:·2062·6520·696e·7374·616c·6c65·6420·7769···be·installed·wi 
00000640:·7468·2074·6865·2066·6f6c·6c6f·7769·6e67··th·the·following 
00000650:·2063·6f6d·6d61·6e64·3a0a·3c70·7265·3e0a···command:.<pre>. 
00000660:·2420·7375·646f·2079·756d·2069·6e73·7461··$·sudo·yum·insta 
00000670:·6c6c·206b·6572·6e65·6c2d·5041·453c·2f70··ll·kernel-PAE</p 
00000680:·7265·3e0a·5468·6520·696e·7374·616c·6c61··re>.The·installa 
00000690:·7469·6f6e·2070·726f·6365·7373·2073·686f··tion·process·sho 
000006a0:·756c·6420·616c·736f·2068·6176·6520·636f··uld·also·have·co 
000006b0:·6e66·6967·7572·6564·2074·6865·0a62·6f6f··nfigured·the.boo 
000006c0:·746c·6f61·6465·7220·746f·206c·6f61·6420··tloader·to·load· 
000006d0:·7468·6520·6e65·7720·6b65·726e·656c·2061··the·new·kernel·a 
000006e0:·7420·626f·6f74·2e20·5665·7269·6679·2074··t·boot.·Verify·t 
000006f0:·6869·7320·6166·7465·7220·7265·626f·6f74··his·after·reboot 
00000700:·0a61·6e64·206d·6f64·6966·7920·3c74·743e··.and·modify·<tt> 
00000710:·2f65·7463·2f64·6566·6175·6c74·2f67·7275··/etc/default/gru 
00000720:·623c·2f74·743e·2069·6620·6e65·6365·7373··b</tt>·if·necess 
00000730:·6172·792e·0a20·2020·2020·203c·2f74·643e··ary..······</td> 
00000740:·0a20·2020·2020·203c·7464·2078·6d6c·3a6c··.······<td·xml:l 
00000750:·616e·673d·2265·6e2d·5553·223e·0a20·2020··ang="en-US">.··· 
00000760:·2020·2020·204f·6e20·3332·2d62·6974·2073·······On·32-bit·s 
00000770:·7973·7465·6d73·2074·6861·7420·7375·7070··ystems·that·supp 
00000780:·6f72·7420·7468·6520·5844·206f·7220·4e58··ort·the·XD·or·NX 
00000790:·2062·6974·2c20·7468·6520·7665·6e64·6f72···bit,·the·vendor 
000007a0:·2d73·7570·706c·6965·640a·5041·4520·6b65··-supplied.PAE·ke 
000007b0:·726e·656c·2069·7320·7265·7175·6972·6564··rnel·is·required 
000007c0:·2074·6f20·656e·6162·6c65·2065·6974·6865···to·enable·eithe 
000007d0:·7220·4578·6563·7574·6520·4469·7361·626c··r·Execute·Disabl 
000007e0:·6520·2858·4429·206f·7220·4e6f·2045·7865··e·(XD)·or·No·Exe 
000007f0:·6375·7465·2028·4e58·2920·7375·7070·6f72··cute·(NX)·suppor 
00000800:·742e·0a20·2020·2020·203c·2f74·643e·0a20··t..······</td>.· 
00000810:·2020·203c·2f74·723e·0a20·2020·203c·7472·····</tr>.····<tr 
00000820:·3e0a·2020·2020·2020·3c74·643e·5231·3c2f··>.······<td>R1</ 
00000830:·7464·3e0a·2020·2020·2020·3c74·643e·456e··td>.······<td>En 
00000840:·7375·7265·2053·4d41·5020·6973·206e·6f74··sure·SMAP·is·not 
00000850:·2064·6973·6162·6c65·6420·6475·7269·6e67···disabled·during 
00000860:·2062·6f6f·743c·2f74·643e·0a20·2020·2020···boot</td>.····· 
00000870:·203c·7464·2078·6d6c·3a6c·616e·673d·2265···<td·xml:lang="e 
00000880:·6e2d·5553·223e·0a20·2020·2020·2020·2054··n-US">.········T 
00000890:·6865·2053·4d41·5020·6973·2075·7365·6420··he·SMAP·is·used· 
000008a0:·746f·2070·7265·7665·6e74·2074·6865·2073··to·prevent·the·s 
000008b0:·7570·6572·7669·736f·7220·6d6f·6465·2066··upervisor·mode·f 
000008c0:·726f·6d20·756e·696e·7465·6e74·696f·6e61··rom·unintentiona 
000008d0:·6c6c·7920·7265·6164·696e·672f·7772·6974··lly·reading/writ 
000008e0:·696e·6720·696e·746f·0a6d·656d·6f72·7920··ing·into.memory· 
000008f0:·7061·6765·7320·696e·2074·6865·2075·7365··pages·in·the·use 
00000900:·7220·7370·6163·652c·2069·7420·6973·2065··r·space,·it·is·e 
00000910:·6e61·626c·6564·2062·7920·6465·6661·756c··nabled·by·defaul 
00000920:·7420·7369·6e63·6520·4c69·6e75·7820·6b65··t·since·Linux·ke 
00000930:·726e·656c·2033·2e37·2e0a·4275·7420·6974··rnel·3.7..But·it 
00000940:·2063·6f75·6c64·2062·6520·6469·7361·626c···could·be·disabl 
00000950:·6564·2074·6872·6f75·6768·206b·6572·6e65··ed·through·kerne 
00000960:·6c20·626f·6f74·2070·6172·616d·6574·6572··l·boot·parameter 
00000970:·732e·0a0a·456e·7375·7265·2074·6861·7420··s...Ensure·that· 
00000980:·5375·7065·7276·6973·6f72·204d·6f64·6520··Supervisor·Mode· 
00000990:·4163·6365·7373·2050·7265·7665·6e74·696f··Access·Preventio 
000009a0:·6e20·2853·4d41·5029·2069·7320·6e6f·7420··n·(SMAP)·is·not· 
000009b0:·6469·7361·626c·6564·2062·790a·7468·6520··disabled·by.the· 
000009c0:·3c74·743e·6e6f·736d·6170·3c2f·7474·3e20··<tt>nosmap</tt>· 
000009d0:·626f·6f74·2070·6172·616d·656e·7465·7220··boot·paramenter· 
000009e0:·6f70·7469·6f6e·2e0a·0a43·6865·636b·2074··option...Check·t 
000009f0:·6861·7420·7468·6520·6c69·6e65·203c·7072··hat·the·line·<pr 
00000a00:·653e·4752·5542·5f43·4d44·4c49·4e45·5f4c··e>GRUB_CMDLINE_L 
00000a10:·494e·5558·3d22·2e2e·2e22·3c2f·7072·653e··INUX="..."</pre> 
00000a20:·2077·6974·6869·6e20·3c74·743e·2f65·7463···within·<tt>/etc 
00000a30:·2f64·6566·6175·6c74·2f67·7275·623c·2f74··/default/grub</t 
00000a40:·743e·0a64·6f65·736e·2774·2063·6f6e·7461··t>.doesn't·conta 
00000a50:·696e·2074·6865·2061·7267·756d·656e·7420··in·the·argument· 
00000a60:·3c74·743e·6e6f·736d·6170·3c2f·7474·3e2e··<tt>nosmap</tt>. 
00000a70:·0a52·756e·2074·6865·2066·6f6c·6c6f·7769··.Run·the·followi 
00000a80:·6e67·2063·6f6d·6d61·6e64·2074·6f20·7570··ng·command·to·up 
00000a90:·6461·7465·2063·6f6d·6d61·6e64·206c·696e··date·command·lin 
00000aa0:·6520·666f·7220·616c·7265·6164·7920·696e··e·for·already·in 
00000ab0:·7374·616c·6c65·6420·6b65·726e·656c·733a··stalled·kernels: 
00000ac0:·0a3c·7072·653e·2320·6772·7562·6279·202d··.<pre>#·grubby·- 
00000ad0:·2d75·7064·6174·652d·6b65·726e·656c·3d41··-update-kernel=A 
00000ae0:·4c4c·202d·2d72·656d·6f76·652d·6172·6773··LL·--remove-args 
00000af0:·3d22·6e6f·736d·6170·223c·2f70·7265·3e0a··="nosmap"</pre>. 
00000b00:·2020·2020·2020·3c2f·7464·3e0a·2020·2020········</td>.···· 
00000b10:·2020·3c74·6420·786d·6c3a·6c61·6e67·3d22····<td·xml:lang=" 
00000b20:·656e·2d55·5322·3e0a·2020·2020·2020·2020··en-US">.········ 
00000b30:·4469·7361·626c·696e·6720·534d·4150·2063··Disabling·SMAP·c 
00000b40:·616e·2066·6163·696c·6974·6174·6520·6578··an·facilitate·ex 
00000b50:·706c·6f69·7461·7469·6f6e·206f·6620·7675··ploitation·of·vu 
00000b60:·6c6e·6572·6162·696c·6974·6965·7320·6361··lnerabilities·ca 
00000b70:·7573·6564·2062·7920·756e·696e·7465·6e64··used·by·unintend 
00000b80:·6564·2061·6363·6573·7320·616e·640a·6d61··ed·access·and.ma 
00000b90:·6e69·7075·6c61·7469·6f6e·206f·6620·6461··nipulation·of·da 
00000ba0:·7461·2069·6e20·7468·6520·7573·6572·2073··ta·in·the·user·s 
00000bb0:·7061·6365·2e0a·2020·2020·2020·3c2f·7464··pace..······</td 
00000bc0:·3e0a·2020·2020·3c2f·7472·3e0a·2020·2020··>.····</tr>.···· 
Max diff block lines reached; 3031817/3068271 bytes (98.81%) of diff not shown.
676 KB
html2text {}
    
Offset 1, 13 lines modifiedOffset 1, 35 lines modified
  
  
1 Rules·with·ANSSI·Reference·in·Guide·to·the·Secure·Configuration·of·Oracle·Linux1 Rules·with·ANSSI·Reference·in·Guide·to·the·Secure·Configuration·of·Oracle·Linux
2 82 8
  
  
 3 ······························The·SMEP·is·used·to·prevent·the·supervisor
 4 ······························mode·from·executing·user·space·code,·it·is
 5 ······························enabled·by·default·since·Linux·kernel·3.0.
 6 ······························But·it·could·be·disabled·through·kernel·boot
 7 ······························parameters.·Ensure·that·Supervisor·Mode
 8 ······························Execution·Prevention·(SMEP)·is·not·disabled··Disabling·SMEP·can·facilitate
 9 ····Ensure·SMEP·is·not········by·the·nosmep·boot·paramenter·option.·Check··exploitation·of·certain
 10 R1··disabled·during·boot······that·the·line································vulnerabilities·because·it·allows·the
 11 ······························GRUB_CMDLINE_LINUX="..."·····················kernel·to·unintentionally·execute·code
 12 ······························within·/etc/default/grub·doesn't·contain·the·in·less·privileged·memory·space.
 13 ······························argument·nosmep.·Run·the·following·command
 14 ······························to·update·command·line·for·already·installed
 15 ······························kernels:
 16 ······························#·grubby·--update-kernel=ALL·--remove-
 17 ······························args="nosmep"
 18 ···········································································Use·of·a·64-bit·operating·system
 19 ···········································································offers·a·few·advantages,·like·a·larger
 20 ····Prefer·to·use·a·64-bit····Prefer·installation·of·64-bit·operating······address·space·range·for·Address·Space
 21 R1··Operating·System·when·····systems·when·the·CPU·supports·it.············Layout·Randomization·(ASLR)·and
 22 ····supported······························································systematic·presence·of·No·eXecute·and
 23 ···········································································Execute·Disable·(NX/XD)·protection
 24 ···········································································bits.
3 ······························Systems·that·are·using·the·64-bit·x86·kernel25 ······························Systems·that·are·using·the·64-bit·x86·kernel
4 ······························package·do·not·need·to·install·the·kernel-26 ······························package·do·not·need·to·install·the·kernel-
5 ······························PAE·package·because·the·64-bit·x86·kernel27 ······························PAE·package·because·the·64-bit·x86·kernel
6 ······························already·includes·this·support.·However,·if28 ······························already·includes·this·support.·However,·if
7 ······························the·system·is·32-bit·and·also·supports·the29 ······························the·system·is·32-bit·and·also·supports·the
8 ······························PAE·and·NX·features·as·determined·in·the·····On·32-bit·systems·that·support·the·XD30 ······························PAE·and·NX·features·as·determined·in·the·····On·32-bit·systems·that·support·the·XD
9 ····Install·PAE·Kernel·on·····previous·section,·the·kernel-PAE·package·····or·NX·bit,·the·vendor-supplied·PAE31 ····Install·PAE·Kernel·on·····previous·section,·the·kernel-PAE·package·····or·NX·bit,·the·vendor-supplied·PAE
Offset 40, 53 lines modifiedOffset 62, 31 lines modified
40 ······························Advanced·Encryption·Standard·(AES)·or·New····utilizing·encryption·to·protect·data.62 ······························Advanced·Encryption·Standard·(AES)·or·New····utilizing·encryption·to·protect·data.
41 ····Install·the·dracut-fips-··Instructions·(AES-NI)·engine,·the·system·····The·operating·system·must·implement63 ····Install·the·dracut-fips-··Instructions·(AES-NI)·engine,·the·system·····The·operating·system·must·implement
42 R1··aesni·Package·············requires·that·the·dracut-fips-aesni·package··cryptographic·modules·adhering·to·the64 R1··aesni·Package·············requires·that·the·dracut-fips-aesni·package··cryptographic·modules·adhering·to·the
43 ······························be·installed.·The·dracut-fips-aesni·package··higher·standards·approved·by·the65 ······························be·installed.·The·dracut-fips-aesni·package··higher·standards·approved·by·the
44 ······························can·be·installed·with·the·following·command:·federal·government·since·this·provides66 ······························can·be·installed·with·the·following·command:·federal·government·since·this·provides
45 ······························$·sudo·yum·install·dracut-fips-aesni·········assurance·they·have·been·tested·and67 ······························$·sudo·yum·install·dracut-fips-aesni·········assurance·they·have·been·tested·and
46 ···········································································validated.68 ···········································································validated.
47 ······························The·SMEP·is·used·to·prevent·the·supervisor 
48 ······························mode·from·executing·user·space·code,·it·is 
49 ······························enabled·by·default·since·Linux·kernel·3.0. 
50 ······························But·it·could·be·disabled·through·kernel·boot 
51 ······························parameters.·Ensure·that·Supervisor·Mode 
52 ······························Execution·Prevention·(SMEP)·is·not·disabled··Disabling·SMEP·can·facilitate 
53 ····Ensure·SMEP·is·not········by·the·nosmep·boot·paramenter·option.·Check··exploitation·of·certain 
54 R1··disabled·during·boot······that·the·line································vulnerabilities·because·it·allows·the 
55 ······························GRUB_CMDLINE_LINUX="..."·····················kernel·to·unintentionally·execute·code 
56 ······························within·/etc/default/grub·doesn't·contain·the·in·less·privileged·memory·space. 
57 ······························argument·nosmep.·Run·the·following·command 
58 ······························to·update·command·line·for·already·installed 
59 ······························kernels: 
60 ······························#·grubby·--update-kernel=ALL·--remove- 
61 ······························args="nosmep" 
62 ···········································································Use·of·a·64-bit·operating·system 
63 ···········································································offers·a·few·advantages,·like·a·larger 
64 ····Prefer·to·use·a·64-bit····Prefer·installation·of·64-bit·operating······address·space·range·for·Address·Space 
65 R1··Operating·System·when·····systems·when·the·CPU·supports·it.············Layout·Randomization·(ASLR)·and 
66 ····supported······························································systematic·presence·of·No·eXecute·and 
67 ···········································································Execute·Disable·(NX/XD)·protection 
68 ···········································································bits. 
69 ······························The·grub2·boot·loader·should·have·a69 ······························The·grub2·boot·loader·should·have·a
70 ······························superuser·account·and·password·protection70 ······························superuser·account·and·password·protection
71 ······························enabled·to·protect·boot-time·settings.·······Password·protection·on·the·boot·loader71 ······························enabled·to·protect·boot-time·settings.·······Password·protection·on·the·boot·loader
72 ···········································································configuration·ensures·users·with72 ···········································································configuration·ensures·users·with
73 ····Set·the·UEFI·Boot·Loader··Since·plaintext·passwords·are·a·security·····physical·access·cannot·trivially·alter73 ····Set·Boot·Loader·Password··Since·plaintext·passwords·are·a·security·····physical·access·cannot·trivially·alter
74 R5··Password··················risk,·generate·a·hash·for·the·password·by····important·bootloader·settings.·These74 R5··in·grub2··················risk,·generate·a·hash·for·the·password·by····important·bootloader·settings.·These
75 ······························running·the·following·command:···············include·which·kernel·to·use,·and75 ······························running·the·following·command:···············include·which·kernel·to·use,·and
76 ······························#·grub2-setpassword··························whether·to·enter·single-user·mode.76 ······························#·grub2-setpassword··························whether·to·enter·single-user·mode.
77 ······························When·prompted,·enter·the·password·that·was77 ······························When·prompted,·enter·the·password·that·was
78 ······························selected.78 ······························selected.
  
79 ······························The·grub2·boot·loader·should·have·a79 ······························The·grub2·boot·loader·should·have·a
80 ······························superuser·account·and·password·protection80 ······························superuser·account·and·password·protection
81 ······························enabled·to·protect·boot-time·settings.·······Password·protection·on·the·boot·loader81 ······························enabled·to·protect·boot-time·settings.·······Password·protection·on·the·boot·loader
82 ···········································································configuration·ensures·users·with82 ···········································································configuration·ensures·users·with
83 ····Set·Boot·Loader·Password··Since·plaintext·passwords·are·a·security·····physical·access·cannot·trivially·alter83 ····Set·the·UEFI·Boot·Loader··Since·plaintext·passwords·are·a·security·····physical·access·cannot·trivially·alter
84 R5··in·grub2··················risk,·generate·a·hash·for·the·password·by····important·bootloader·settings.·These84 R5··Password··················risk,·generate·a·hash·for·the·password·by····important·bootloader·settings.·These
85 ······························running·the·following·command:···············include·which·kernel·to·use,·and85 ······························running·the·following·command:···············include·which·kernel·to·use,·and
86 ······························#·grub2-setpassword··························whether·to·enter·single-user·mode.86 ······························#·grub2-setpassword··························whether·to·enter·single-user·mode.
87 ······························When·prompted,·enter·the·password·that·was87 ······························When·prompted,·enter·the·password·that·was
88 ······························selected.88 ······························selected.
  
89 ······························On·x86·architecture·supporting·VT-d,·the89 ······························On·x86·architecture·supporting·VT-d,·the
90 ······························IOMMU·manages·the·access·control·policy90 ······························IOMMU·manages·the·access·control·policy
Offset 99, 14 lines modifiedOffset 99, 77 lines modified
99 ······························systems.·Modify·the·line·within·/etc/········hardware·devices.99 ······························systems.·Modify·the·line·within·/etc/········hardware·devices.
100 ······························default/grub·as·shown·below:100 ······························default/grub·as·shown·below:
101 ······························GRUB_CMDLINE_LINUX="...·iommu=force·..."101 ······························GRUB_CMDLINE_LINUX="...·iommu=force·..."
102 ······························Run·the·following·command·to·update·command102 ······························Run·the·following·command·to·update·command
103 ······························line·for·already·installed·kernels:103 ······························line·for·already·installed·kernels:
104 ······························#·grubby·--update-kernel=ALL·--104 ······························#·grubby·--update-kernel=ALL·--
105 ······························args="iommu=force"105 ······························args="iommu=force"
 106 ······························To·enable·poisoning·of·SLUB/SLAB·objects,
 107 ······························add·the·argument·slub_debug=P·to·the·default
 108 ······························GRUB·2·command·line·for·the·Linux·operating··Poisoning·writes·an·arbitrary·value·to
 109 ······························system.·To·ensure·that·slub_debug=P·is·added·freed·objects,·so·any·modification·or
 110 ······························as·a·kernel·command·line·argument·to·newly···reference·to·that·object·after·being
 111 ······························installed·kernels,·add·slub_debug=P·to·the···freed·or·before·being·initialized·will
 112 R8··Enable·SLUB/SLAB··········default·Grub2·command·line·for·Linux·········be·detected·and·prevented.·This
 113 ····allocator·poisoning·······operating·systems.·Modify·the·line·within·/··prevents·many·types·of·use-after-free
 114 ······························etc/default/grub·as·shown·below:·············vulnerabilities·at·little·performance
 115 ······························GRUB_CMDLINE_LINUX="...·slub_debug=P·..."····cost.·Also·prevents·leak·of·data·and
 116 ······························Run·the·following·command·to·update·command··detection·of·corrupted·memory.
 117 ······························line·for·already·installed·kernels:
 118 ······························#·grubby·--update-kernel=ALL·--
 119 ······························args="slub_debug=P"
 120 ······························L1·Terminal·Fault·(L1TF)·is·a·hardware
 121 ······························vulnerability·which·allows·unprivileged
 122 ······························speculative·access·to·data·which·is
 123 ······························available·in·the·Level·1·Data·Cache·when·the
 124 ······························page·table·entry·isn't·present.·Select·the
 125 ······························appropriate·mitigation·by·adding·the
 126 ······························argument·l1tf=flush·to·the·default·GRUB·2
 127 ······························command·line·for·the·Linux·operating·system.
 128 ······························To·ensure·that·l1tf=flush·is·added·as·a······The·L1TF·vulnerability·allows·an
 129 ······························kernel·command·line·argument·to·newly········attacker·to·bypass·memory·access
 130 ····Configure·L1·Terminal·····installed·kernels,·add·l1tf=flush·to·the·····security·controls·imposed·by·the
 131 R8··Fault·mitigations·········default·Grub2·command·line·for·Linux·········system·or·hypervisor.·The·L1TF
 132 ······························operating·systems.·Modify·the·line·within·/··vulnerability·allows·read·access·to
 133 ······························etc/default/grub·as·shown·below:·············any·physical·memory·location·that·is
 134 ······························GRUB_CMDLINE_LINUX="...·l1tf=flush·..."······cached·in·the·L1·Data·Cache.
 135 ······························Run·the·following·command·to·update·command
Max diff block lines reached; 678013/692558 bytes (97.90%) of diff not shown.
1.24 MB
./usr/share/doc/ssg-nondebian/table-ol8-cuirefs.html
Ordering differences only
    
Offset 40, 14 lines modifiedOffset 40, 90 lines modified
40 ····<th>Mapping</th>40 ····<th>Mapping</th>
41 ····<th>Rule·Title</th>41 ····<th>Rule·Title</th>
42 ····<th>Description</th>42 ····<th>Description</th>
43 ····<th>Rationale</th>43 ····<th>Rationale</th>
44 ··</thead>44 ··</thead>
45 ··<tbody>45 ··<tbody>
46 ··<tr>46 ··<tr>
 47 ······<td>3.1.1<br/>3.1.5</td>
 48 ······<td>Verify·Only·Root·Has·UID·0</td>
 49 ······<td·xml:lang="en-US">
 50 ········If·any·account·other·than·root·has·a·UID·of·0,·this·misconfiguration·should
 51 be·investigated·and·the·accounts·other·than·root·should·be·removed·or·have
 52 their·UID·changed.
 53 <br·/>
 54 If·the·account·is·associated·with·system·commands·or·applications·the·UID
 55 should·be·changed·to·one·greater·than·"0"·but·less·than·"1000."
 56 Otherwise·assign·a·UID·greater·than·"1000"·that·has·not·already·been
 57 assigned.
 58 ······</td>
 59 ······<td·xml:lang="en-US">
 60 ········An·account·has·root·authority·if·it·has·a·UID·of·0.·Multiple·accounts
 61 with·a·UID·of·0·afford·more·opportunity·for·potential·intruders·to
 62 guess·a·password·for·a·privileged·account.·Proper·configuration·of
 63 sudo·is·recommended·to·afford·multiple·system·administrators
 64 access·to·root·privileges·in·an·accountable·manner.
 65 ······</td>
 66 ····</tr>
 67 ····<tr>
 68 ······<td>3.1.1<br/>3.1.5</td>
 69 ······<td>Disable·SSH·Root·Login</td>
 70 ······<td·xml:lang="en-US">
 71 ········The·root·user·should·never·be·allowed·to·login·to·a
 72 system·directly·over·a·network.
 73 To·disable·root·login·via·SSH,·add·or·correct·the·following·line·in
  
  
 74 <tt>/etc/ssh/sshd_config</tt>:
  
 75 <pre>PermitRootLogin·no</pre>
 76 ······</td>
 77 ······<td·xml:lang="en-US">
 78 ········Even·though·the·communications·channel·may·be·encrypted,·an·additional·layer·of
 79 security·is·gained·by·extending·the·policy·of·not·logging·directly·on·as·root.
 80 In·addition,·logging·in·with·a·user-specific·account·provides·individual
 81 accountability·of·actions·performed·on·the·system·and·also·helps·to·minimize
 82 direct·attack·attempts·on·root's·password.
 83 ······</td>
 84 ····</tr>
 85 ····<tr>
 86 ······<td>3.1.1<br/>3.4.5</td>
 87 ······<td>Require·Authentication·for·Emergency·Systemd·Target</td>
 88 ······<td·xml:lang="en-US">
 89 ········Emergency·mode·is·intended·as·a·system·recovery
 90 method,·providing·a·single·user·root·access·to·the·system
 91 during·a·failed·boot·sequence.
 92 <br·/><br·/>
 93 By·default,·Emergency·mode·is·protected·by·requiring·a·password·and·is·set
 94 in·<tt>/usr/lib/systemd/system/emergency.service</tt>.
 95 ······</td>
 96 ······<td·xml:lang="en-US">
 97 ········This·prevents·attackers·with·physical·access·from·trivially·bypassing·security
 98 on·the·machine·and·gaining·root·access.·Such·accesses·are·further·prevented
 99 by·configuring·the·bootloader·password.
 100 ······</td>
 101 ····</tr>
 102 ····<tr>
 103 ······<td>3.1.1</td>
 104 ······<td>Disable·GDM·Automatic·Login</td>
 105 ······<td·xml:lang="en-US">
 106 ········The·GNOME·Display·Manager·(GDM)·can·allow·users·to·automatically·login·without
 107 user·interaction·or·credentials.·User·should·always·be·required·to·authenticate·themselves
 108 to·the·system·that·they·are·authorized·to·use.·To·disable·user·ability·to·automatically
 109 login·to·the·system,·set·the·<tt>AutomaticLoginEnable</tt>·to·<tt>false</tt>·in·the
 110 <tt>[daemon]</tt>·section·in·<tt>/etc/gdm/custom.conf</tt>.·For·example:
 111 <pre>[daemon]
 112 AutomaticLoginEnable=false</pre>
 113 ······</td>
 114 ······<td·xml:lang="en-US">
 115 ········Failure·to·restrict·system·access·to·authenticated·users·negatively·impacts·operating
 116 system·security.
 117 ······</td>
 118 ····</tr>
 119 ····<tr>
47 ······<td>3.1.1</td>120 ······<td>3.1.1</td>
48 ······<td>Disable·GDM·Guest·Login</td>121 ······<td>Disable·GDM·Guest·Login</td>
49 ······<td·xml:lang="en-US">122 ······<td·xml:lang="en-US">
50 ········The·GNOME·Display·Manager·(GDM)·can·allow·users·to·login·without·credentials123 ········The·GNOME·Display·Manager·(GDM)·can·allow·users·to·login·without·credentials
51 which·can·be·useful·for·public·kiosk·scenarios.·Allowing·users·to·login·without·credentials124 which·can·be·useful·for·public·kiosk·scenarios.·Allowing·users·to·login·without·credentials
52 or·"guest"·account·access·has·inherent·security·risks·and·should·be·disabled.·To·do·disable125 or·"guest"·account·access·has·inherent·security·risks·and·should·be·disabled.·To·do·disable
53 timed·logins·or·guest·account·access,·set·the·<tt>TimedLoginEnable</tt>·to·<tt>false</tt>·in126 timed·logins·or·guest·account·access,·set·the·<tt>TimedLoginEnable</tt>·to·<tt>false</tt>·in
Offset 77, 57 lines modifiedOffset 153, 14 lines modified
77 ······<td·xml:lang="en-US">153 ······<td·xml:lang="en-US">
78 ········If·an·account·has·an·empty·password,·anyone·could·log·in·and154 ········If·an·account·has·an·empty·password,·anyone·could·log·in·and
79 run·commands·with·the·privileges·of·that·account.·Accounts·with155 run·commands·with·the·privileges·of·that·account.·Accounts·with
80 empty·passwords·should·never·be·used·in·operational·environments.156 empty·passwords·should·never·be·used·in·operational·environments.
81 ······</td>157 ······</td>
82 ····</tr>158 ····</tr>
83 ····<tr>159 ····<tr>
84 ······<td>3.1.1<br/>3.1.6</td> 
85 ······<td>Direct·root·Logins·Not·Allowed</td> 
86 ······<td·xml:lang="en-US"> 
87 ········To·further·limit·access·to·the·<tt>root</tt>·account,·administrators 
88 can·disable·root·logins·at·the·console·by·editing·the·<tt>/etc/securetty</tt>·file. 
89 This·file·lists·all·devices·the·root·user·is·allowed·to·login·to.·If·the·file·does 
90 not·exist·at·all,·the·root·user·can·login·through·any·communication·device·on·the 
91 system,·whether·via·the·console·or·via·a·raw·network·interface.·This·is·dangerous 
92 as·user·can·login·to·the·system·as·root·via·Telnet,·which·sends·the·password·in 
93 plain·text·over·the·network.·By·default,·Oracle·Linux·8's 
94 <tt>/etc/securetty</tt>·file·only·allows·the·root·user·to·login·at·the·console 
95 physically·attached·to·the·system.·To·prevent·root·from·logging·in,·remove·the 
96 contents·of·this·file.·To·prevent·direct·root·logins,·remove·the·contents·of·this 
97 file·by·typing·the·following·command: 
98 <pre> 
99 $·sudo·echo·&gt;·/etc/securetty 
100 </pre> 
101 ······</td> 
102 ······<td·xml:lang="en-US"> 
103 ········Disabling·direct·root·logins·ensures·proper·accountability·and·multifactor 
104 authentication·to·privileged·accounts.·Users·will·first·login,·then·escalate 
105 to·privileged·(root)·access·via·su·/·sudo.·This·is·required·for·FISMA·Low 
106 and·FISMA·Moderate·systems. 
107 ······</td> 
108 ····</tr> 
109 ····<tr> 
110 ······<td>3.1.1<br/>3.1.5</td> 
111 ······<td>Restrict·Virtual·Console·Root·Logins</td> 
112 ······<td·xml:lang="en-US"> 
Max diff block lines reached; 466030/471973 bytes (98.74%) of diff not shown.
812 KB
html2text {}
    
Offset 1, 13 lines modifiedOffset 1, 73 lines modified
  
  
1 Rules·with·NIST-800-171·Reference·in·Guide·to·the·Secure·Configuration·of1 Rules·with·NIST-800-171·Reference·in·Guide·to·the·Secure·Configuration·of
2 Oracle·Linux·82 Oracle·Linux·8
  
  
 3 ······························································································An·account·has·root
 4 ······························································································authority·if·it·has
 5 ······························································································a·UID·of·0.·Multiple
 6 ······························································································accounts·with·a·UID
 7 ·······································If·any·account·other·than·root·has·a·UID·of·0,·this····of·0·afford·more
 8 ·······································misconfiguration·should·be·investigated·and·the········opportunity·for
 9 ·······································accounts·other·than·root·should·be·removed·or·have·····potential·intruders
 10 ·······································their·UID·changed.·····································to·guess·a·password
 11 3.1.1···Verify·Only·Root·Has·UID·0·····If·the·account·is·associated·with·system·commands·or···for·a·privileged
 12 3.1.5··································applications·the·UID·should·be·changed·to·one·greater··account.·Proper
 13 ·······································than·"0"·but·less·than·"1000."·Otherwise·assign·a·UID··configuration·of
 14 ·······································greater·than·"1000"·that·has·not·already·been··········sudo·is·recommended
 15 ·······································assigned.··············································to·afford·multiple
 16 ······························································································system
 17 ······························································································administrators
 18 ······························································································access·to·root
 19 ······························································································privileges·in·an
 20 ······························································································accountable·manner.
 21 ······························································································Even·though·the
 22 ······························································································communications
 23 ······························································································channel·may·be
 24 ······························································································encrypted,·an
 25 ······························································································additional·layer·of
 26 ······························································································security·is·gained
 27 ······························································································by·extending·the
 28 ······························································································policy·of·not
 29 ·······································The·root·user·should·never·be·allowed·to·login·to·a····logging·directly·on
 30 3.1.1··································system·directly·over·a·network.·To·disable·root·login··as·root.·In
 31 3.1.5···Disable·SSH·Root·Login·········via·SSH,·add·or·correct·the·following·line·in·/etc/····addition,·logging·in
 32 ·······································ssh/sshd_config:·······································with·a·user-specific
 33 ·······································PermitRootLogin·no·····································account·provides
 34 ······························································································individual
 35 ······························································································accountability·of
 36 ······························································································actions·performed·on
 37 ······························································································the·system·and·also
 38 ······························································································helps·to·minimize
 39 ······························································································direct·attack
 40 ······························································································attempts·on·root's
 41 ······························································································password.
 42 ······························································································This·prevents
 43 ······························································································attackers·with
 44 ·······································Emergency·mode·is·intended·as·a·system·recovery········physical·access·from
 45 ·······································method,·providing·a·single·user·root·access·to·the·····trivially·bypassing
 46 3.1.1···Require·Authentication·for·····system·during·a·failed·boot·sequence.··················security·on·the
 47 3.4.5···Emergency·Systemd·Target······························································machine·and·gaining
 48 ·······································By·default,·Emergency·mode·is·protected·by·requiring·a·root·access.·Such
 49 ·······································password·and·is·set·in·/usr/lib/systemd/system/········accesses·are·further
 50 ·······································emergency.service.·····································prevented·by
 51 ······························································································configuring·the
 52 ······························································································bootloader·password.
 53 ·······································The·GNOME·Display·Manager·(GDM)·can·allow·users·to
 54 ·······································automatically·login·without·user·interaction·or
 55 ·······································credentials.·User·should·always·be·required·to·········Failure·to·restrict
 56 ·······································authenticate·themselves·to·the·system·that·they·are····system·access·to
 57 3.1.1···Disable·GDM·Automatic·Login····authorized·to·use.·To·disable·user·ability·to··········authenticated·users
 58 ·······································automatically·login·to·the·system,·set·the·············negatively·impacts
 59 ·······································AutomaticLoginEnable·to·false·in·the·[daemon]·section··operating·system
 60 ·······································in·/etc/gdm/custom.conf.·For·example:··················security.
 61 ·······································[daemon]
 62 ·······································AutomaticLoginEnable=false
3 ·······································The·GNOME·Display·Manager·(GDM)·can·allow·users·to63 ·······································The·GNOME·Display·Manager·(GDM)·can·allow·users·to
4 ·······································login·without·credentials·which·can·be·useful·for64 ·······································login·without·credentials·which·can·be·useful·for
5 ·······································public·kiosk·scenarios.·Allowing·users·to·login········Failure·to·restrict65 ·······································public·kiosk·scenarios.·Allowing·users·to·login········Failure·to·restrict
6 ·······································without·credentials·or·"guest"·account·access·has······system·access·to66 ·······································without·credentials·or·"guest"·account·access·has······system·access·to
7 3.1.1···Disable·GDM·Guest·Login········inherent·security·risks·and·should·be·disabled.·To·do··authenticated·users67 3.1.1···Disable·GDM·Guest·Login········inherent·security·risks·and·should·be·disabled.·To·do··authenticated·users
8 ·······································disable·timed·logins·or·guest·account·access,·set·the··negatively·impacts68 ·······································disable·timed·logins·or·guest·account·access,·set·the··negatively·impacts
9 ·······································TimedLoginEnable·to·false·in·the·[daemon]·section·in·/·operating·system69 ·······································TimedLoginEnable·to·false·in·the·[daemon]·section·in·/·operating·system
Offset 21, 144 lines modifiedOffset 81, 162 lines modified
21 3.1.1···Prevent·Login·to·Accounts·With·it·may·be·possible·to·log·into·the·account·without·····with·the·privileges81 3.1.1···Prevent·Login·to·Accounts·With·it·may·be·possible·to·log·into·the·account·without·····with·the·privileges
22 3.1.5···Empty·Password·················authentication.·Remove·any·instances·of·the·nullok·in··of·that·account.82 3.1.5···Empty·Password·················authentication.·Remove·any·instances·of·the·nullok·in··of·that·account.
23 ·······································/etc/pam.d/system-auth·and·/etc/pam.d/password-auth·to·Accounts·with·empty83 ·······································/etc/pam.d/system-auth·and·/etc/pam.d/password-auth·to·Accounts·with·empty
24 ·······································prevent·logins·with·empty·passwords.···················passwords·should84 ·······································prevent·logins·with·empty·passwords.···················passwords·should
25 ······························································································never·be·used·in85 ······························································································never·be·used·in
26 ······························································································operational86 ······························································································operational
27 ······························································································environments.87 ······························································································environments.
28 ·······································To·further·limit·access·to·the·root·account, 
29 ·······································administrators·can·disable·root·logins·at·the·console··Disabling·direct 
30 ·······································by·editing·the·/etc/securetty·file.·This·file·lists····root·logins·ensures 
31 ·······································all·devices·the·root·user·is·allowed·to·login·to.·If···proper 
32 ·······································the·file·does·not·exist·at·all,·the·root·user·can······accountability·and 
33 ·······································login·through·any·communication·device·on·the·system,··multifactor 
34 ·······································whether·via·the·console·or·via·a·raw·network···········authentication·to 
35 3.1.1··································interface.·This·is·dangerous·as·user·can·login·to·the··privileged·accounts. 
36 3.1.6···Direct·root·Logins·Not·Allowed·system·as·root·via·Telnet,·which·sends·the·password·in·Users·will·first 
37 ·······································plain·text·over·the·network.·By·default,·Oracle·Linux··login,·then·escalate 
38 ·······································8's·/etc/securetty·file·only·allows·the·root·user·to···to·privileged·(root) 
39 ·······································login·at·the·console·physically·attached·to·the········access·via·su·/ 
40 ·······································system.·To·prevent·root·from·logging·in,·remove·the····sudo.·This·is 
41 ·······································contents·of·this·file.·To·prevent·direct·root·logins,··required·for·FISMA 
42 ·······································remove·the·contents·of·this·file·by·typing·the·········Low·and·FISMA 
43 ·······································following·command:·····································Moderate·systems. 
44 ·······································$·sudo·echo·>·/etc/securetty 
45 ·······································To·restrict·root·logins·through·the·(deprecated)·······Preventing·direct 
46 ·······································virtual·console·devices,·ensure·lines·of·this·form·do··root·login·to 
47 ·······································not·appear·in·/etc/securetty:··························virtual·console 
48 3.1.1···Restrict·Virtual·Console·Root··vc/1···················································devices·helps·ensure 
49 3.1.5···Logins·························vc/2···················································accountability·for 
50 ·······································vc/3···················································actions·taken·on·the 
51 ·······································vc/4···················································system·using·the 
52 ······························································································root·account. 
53 ·······································Disallow·SSH·login·with·empty·passwords.·The·default88 ·······································Disallow·SSH·login·with·empty·passwords.·The·default
54 ·······································SSH·configuration·disables·logins·with·empty···········Configuring·this89 ·······································SSH·configuration·disables·logins·with·empty···········Configuring·this
55 ·······································passwords.·The·appropriate·configuration·is·used·if·no·setting·for·the·SSH90 ·······································passwords.·The·appropriate·configuration·is·used·if·no·setting·for·the·SSH
56 ·······································value·is·set·for·PermitEmptyPasswords.·················daemon·provides91 ·······································value·is·set·for·PermitEmptyPasswords.·················daemon·provides
57 ·······································To·explicitly·disallow·SSH·login·from·accounts·with····additional·assurance92 ·······································To·explicitly·disallow·SSH·login·from·accounts·with····additional·assurance
58 3.1.1···Disable·SSH·Access·via·Empty···empty·passwords,·add·or·correct·the·following·line·in··that·remote·login93 3.1.1···Disable·SSH·Access·via·Empty···empty·passwords,·add·or·correct·the·following·line·in··that·remote·login
59 3.1.5···Passwords······················/etc/ssh/sshd_config:··································via·SSH·will·require94 3.1.5···Passwords······················/etc/ssh/sshd_config:··································via·SSH·will·require
60 ·······································PermitEmptyPasswords·no································a·password,·even·in95 ·······································PermitEmptyPasswords·no································a·password,·even·in
61 ·······································Any·accounts·with·empty·passwords·should·be·disabled···the·event·of96 ·······································Any·accounts·with·empty·passwords·should·be·disabled···the·event·of
62 ·······································immediately,·and·PAM·configuration·should·prevent······misconfiguration97 ·······································immediately,·and·PAM·configuration·should·prevent······misconfiguration
63 ·······································users·from·being·able·to·assign·themselves·empty·······elsewhere.98 ·······································users·from·being·able·to·assign·themselves·empty·······elsewhere.
64 ·······································passwords.99 ·······································passwords.
 100 ·······································To·restrict·root·logins·through·the·(deprecated)·······Preventing·direct
 101 ·······································virtual·console·devices,·ensure·lines·of·this·form·do··root·login·to
 102 ·······································not·appear·in·/etc/securetty:··························virtual·console
 103 3.1.1···Restrict·Virtual·Console·Root··vc/1···················································devices·helps·ensure
 104 3.1.5···Logins·························vc/2···················································accountability·for
65 ·······································The·GNOME·Display·Manager·(GDM)·can·allow·users·to 
66 ·······································automatically·login·without·user·interaction·or 
67 ·······································credentials.·User·should·always·be·required·to·········Failure·to·restrict 
68 ·······································authenticate·themselves·to·the·system·that·they·are····system·access·to 
Max diff block lines reached; 815116/831693 bytes (98.01%) of diff not shown.
3.49 KB
./usr/share/doc/ssg-nondebian/table-ol8-nistrefs-stig.html
    
Offset 24427, 17 lines modifiedOffset 24427, 17 lines modified
0005f6a0:·6e67·0a74·696d·652d·6261·7365·6420·6c69··ng.time-based·li0005f6a0:·6e67·0a74·696d·652d·6261·7365·6420·6c69··ng.time-based·li
0005f6b0:·6d69·742c·2065·6666·6563·7473·206f·6620··mit,·effects·of·0005f6b0:·6d69·742c·2065·6666·6563·7473·206f·6620··mit,·effects·of·
0005f6c0:·706f·7465·6e74·6961·6c20·6174·7461·636b··potential·attack0005f6c0:·706f·7465·6e74·6961·6c20·6174·7461·636b··potential·attack
0005f6d0:·7320·6167·6169·6e73·740a·656e·6372·7970··s·against.encryp0005f6d0:·7320·6167·6169·6e73·740a·656e·6372·7970··s·against.encryp
0005f6e0:·7469·6f6e·206b·6579·7320·6172·6520·6c69··tion·keys·are·li0005f6e0:·7469·6f6e·206b·6579·7320·6172·6520·6c69··tion·keys·are·li
0005f6f0:·6d69·7465·642e·0a20·203c·2f74·643e·0a20··mited..··</td>.·0005f6f0:·6d69·7465·642e·0a20·203c·2f74·643e·0a20··mited..··</td>.·
0005f700:·203c·7464·3e76·6172·5f72·656b·6579·5f6c···<td>var_rekey_l0005f700:·203c·7464·3e76·6172·5f72·656b·6579·5f6c···<td>var_rekey_l
0005f710:·696d·6974·5f73·697a·653d·3147·3c62·722f··imit_size=1G<br/ 
0005f720:·3e76·6172·5f72·656b·6579·5f6c·696d·6974··>var_rekey_limit 
0005f730:·5f74·696d·653d·3168·6f75·723c·2f74·643e··_time=1hour</td>0005f710:·696d·6974·5f74·696d·653d·3168·6f75·723c··imit_time=1hour<
 0005f720:·6272·2f3e·7661·725f·7265·6b65·795f·6c69··br/>var_rekey_li
 0005f730:·6d69·745f·7369·7a65·3d31·473c·2f74·643e··mit_size=1G</td>
0005f740:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t0005f740:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t
0005f750:·643e·3c2f·7464·3e0a·2020·3c74·643e·4e2f··d></td>.··<td>N/0005f750:·643e·3c2f·7464·3e0a·2020·3c74·643e·4e2f··d></td>.··<td>N/
0005f760:·413c·2f74·643e·0a20·203c·7464·3e53·5348··A</td>.··<td>SSH0005f760:·413c·2f74·643e·0a20·203c·7464·3e53·5348··A</td>.··<td>SSH
0005f770:·2073·6572·7665·7220·7573·6573·2073·7472···server·uses·str0005f770:·2073·6572·7665·7220·7573·6573·2073·7472···server·uses·str
0005f780:·6f6e·6720·656e·7472·6f70·7920·746f·2073··ong·entropy·to·s0005f780:·6f6e·6720·656e·7472·6f70·7920·746f·2073··ong·entropy·to·s
0005f790:·6565·643c·2f74·643e·0a20·203c·7464·2078··eed</td>.··<td·x0005f790:·6565·643c·2f74·643e·0a20·203c·7464·2078··eed</td>.··<td·x
0005f7a0:·6d6c·3a6c·616e·673d·2265·6e2d·5553·223e··ml:lang="en-US">0005f7a0:·6d6c·3a6c·616e·673d·2265·6e2d·5553·223e··ml:lang="en-US">
2.0 KB
html2text {}
    
Offset 7774, 16 lines modifiedOffset 7774, 16 lines modified
7774 ·································private·key.··········································system·where·the7774 ·································private·key.··········································system·where·the
7775 ·······················································································associated·public7775 ·······················································································associated·public
7776 ·······················································································key·has·been7776 ·······················································································key·has·been
7777 ·······················································································installed.7777 ·······················································································installed.
7778 ·································The·RekeyLimit·parameter·specifies·how·often·the······By·decreasing·the7778 ·································The·RekeyLimit·parameter·specifies·how·often·the······By·decreasing·the
7779 ·································session·key·of·the·is·renegotiated,·both·in·terms·of··limit·based·on·the7779 ·································session·key·of·the·is·renegotiated,·both·in·terms·of··limit·based·on·the
7780 ···········Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···amount·of·data·and7780 ···········Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···amount·of·data·and
7781 ········N/·session·key···········elapsed.··············································enabling·time-based·var_rekey_limit_size=1G7781 ········N/·session·key···········elapsed.··············································enabling·time-based·var_rekey_limit_time=1hour
7782 ········A··renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limit,·effects·of···var_rekey_limit_time=1hour7782 ········A··renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limit,·effects·of···var_rekey_limit_size=1G
7783 ·································following·line·in·/etc/ssh/sshd_config:···············potential·attacks7783 ·································following·line·in·/etc/ssh/sshd_config:···············potential·attacks
7784 ·································RekeyLimit·1G·1hour···································against·encryption7784 ·································RekeyLimit·1G·1hour···································against·encryption
7785 ·······················································································keys·are·limited.7785 ·······················································································keys·are·limited.
7786 ·······················································································SSH·implementation7786 ·······················································································SSH·implementation
7787 ·······················································································in·Oracle·Linux·87787 ·······················································································in·Oracle·Linux·8
7788 ·······················································································uses·the·openssl7788 ·······················································································uses·the·openssl
7789 ·······················································································library,·which7789 ·······················································································library,·which
9.67 MB
./usr/share/doc/ssg-nondebian/table-ol8-nistrefs.html
    
Offset 66, 15654 lines modifiedOffset 66, 15654 lines modified
00000410:·0a20·2020·203c·7468·3e52·6174·696f·6e61··.····<th>Rationa00000410:·0a20·2020·203c·7468·3e52·6174·696f·6e61··.····<th>Rationa
00000420:·6c65·3c2f·7468·3e0a·2020·3c2f·7468·6561··le</th>.··</thea00000420:·6c65·3c2f·7468·3e0a·2020·3c2f·7468·6561··le</th>.··</thea
00000430:·643e·0a20·203c·7462·6f64·793e·0a20·203c··d>.··<tbody>.··<00000430:·643e·0a20·203c·7462·6f64·793e·0a20·203c··d>.··<tbody>.··<
00000440:·7472·3e0a·2020·2020·2020·3c74·643e·4155··tr>.······<td>AU00000440:·7472·3e0a·2020·2020·2020·3c74·643e·4155··tr>.······<td>AU
00000450:·2d32·2861·293c·2f74·643e·0a20·2020·2020··-2(a)</td>.·····00000450:·2d32·2861·293c·2f74·643e·0a20·2020·2020··-2(a)</td>.·····
00000460:·203c·7464·3e43·6f6e·6669·6775·7265·2061···<td>Configure·a00000460:·203c·7464·3e43·6f6e·6669·6775·7265·2061···<td>Configure·a
Diff chunk too large, falling back to line-by-line diff (3732 lines added, 3732 lines removed)
00000470:·7564·6974·696e·6720·6f66·2075·6e73·7563··uditing·of·unsuc00000470:·7564·6974·696e·6720·6f66·2075·6e73·7563··uditing·of·unsuc
00000480:·6365·7373·6675·6c20·6669·6c65·206d·6f64··cessful·file·mod00000480:·6365·7373·6675·6c20·6669·6c65·2061·6363··cessful·file·acc
00000490:·6966·6963·6174·696f·6e73·3c2f·7464·3e0a··ifications</td>.00000490:·6573·7365·733c·2f74·643e·0a20·2020·2020··esses</td>.·····
000004a0:·2020·2020·2020·3c74·6420·786d·6c3a·6c61········<td·xml:la000004a0:·203c·7464·2078·6d6c·3a6c·616e·673d·2265···<td·xml:lang="e
000004b0:·6e67·3d22·656e·2d55·5322·3e0a·2020·2020··ng="en-US">.····000004b0:·6e2d·5553·223e·0a20·2020·2020·2020·2045··n-US">.········E
000004c0:·2020·2020·456e·7375·7265·2074·6861·7420······Ensure·that·000004c0:·6e73·7572·6520·7468·6174·2075·6e73·7563··nsure·that·unsuc
000004d0:·756e·7375·6363·6573·7366·756c·2061·7474··unsuccessful·att000004d0:·6365·7373·6675·6c20·6174·7465·6d70·7473··cessful·attempts
000004e0:·656d·7074·7320·746f·206d·6f64·6966·7920··empts·to·modify·000004e0:·2074·6f20·6163·6365·7373·2061·2066·696c···to·access·a·fil
000004f0:·6120·6669·6c65·2061·7265·2061·7564·6974··a·file·are·audit000004f0:·6520·6172·6520·6175·6469·7465·642e·0a0a··e·are·audited...
00000500:·6564·2e0a·0a54·6865·2066·6f6c·6c6f·7769··ed...The·followi00000500:·5468·6520·666f·6c6c·6f77·696e·6720·7275··The·following·ru
00000510:·6e67·2072·756c·6573·2063·6f6e·6669·6775··ng·rules·configu00000510:·6c65·7320·636f·6e66·6967·7572·6520·6175··les·configure·au
00000520:·7265·2061·7564·6974·2061·7320·6465·7363··re·audit·as·desc00000520:·6469·7420·6173·2064·6573·6372·6962·6564··dit·as·described
00000530:·7269·6265·6420·6162·6f76·653a·0a3c·7072··ribed·above:.<pr00000530:·2061·626f·7665·3a0a·3c70·7265·3e23·2320···above:.<pre>##·
00000540:·653e·2323·2055·6e73·7563·6365·7373·6675··e>##·Unsuccessfu00000540:·556e·7375·6363·6573·7366·756c·2066·696c··Unsuccessful·fil
00000550:·6c20·6669·6c65·206d·6f64·6966·6963·6174··l·file·modificat00000550:·6520·6163·6365·7373·2028·616e·7920·6f74··e·access·(any·ot
00000560:·696f·6e73·2028·6f70·656e·2066·6f72·2077··ions·(open·for·w00000560:·6865·7220·6f70·656e·7329·2054·6869·7320··her·opens)·This·
00000570:·7269·7465·206f·7220·7472·756e·6361·7465··rite·or·truncate00000570:·6861·7320·746f·2067·6f20·6c61·7374·2e0a··has·to·go·last..
00000580:·290a·2d61·2061·6c77·6179·732c·6578·6974··).-a·always,exit00000580:·2d61·2061·6c77·6179·732c·6578·6974·202d··-a·always,exit·-
00000590:·202d·4620·6172·6368·3d62·3332·202d·5320···-F·arch=b32·-S·00000590:·4620·6172·6368·3d62·3332·202d·5320·6f70··F·arch=b32·-S·op
000005a0:·6f70·656e·6174·2c6f·7065·6e5f·6279·5f68··openat,open_by_h000005a0:·656e·2c6f·7065·6e61·742c·6f70·656e·6174··en,openat,openat
000005b0:·616e·646c·655f·6174·202d·4620·6132·2661··andle_at·-F·a2&a000005b0:·322c·6f70·656e·5f62·795f·6861·6e64·6c65··2,open_by_handle
000005c0:·6d70·3b30·3130·3033·202d·4620·6578·6974··mp;01003·-F·exit000005c0:·5f61·7420·2d46·2065·7869·743d·2d45·4143··_at·-F·exit=-EAC
000005d0:·3d2d·4541·4343·4553·202d·4620·6175·6964··=-EACCES·-F·auid000005d0:·4345·5320·2d46·2061·7569·643e·3d31·3030··CES·-F·auid>=100
000005e0:·2667·743b·3d31·3030·3020·2d46·2061·7569··&gt;=1000·-F·aui000005e0:·3020·2d46·2061·7569·6421·3d75·6e73·6574··0·-F·auid!=unset
000005f0:·6421·3d75·6e73·6574·202d·4620·6b65·793d··d!=unset·-F·key=000005f0:·202d·4620·6b65·793d·756e·7375·6363·6573···-F·key=unsucces
00000600:·756e·7375·6363·6573·7366·756c·2d6d·6f64··unsuccessful-mod00000600:·7366·756c·2d61·6363·6573·730a·2d61·2061··sful-access.-a·a
00000610:·6966·6963·6174·696f·6e0a·2d61·2061·6c77··ification.-a·alw00000610:·6c77·6179·732c·6578·6974·202d·4620·6172··lways,exit·-F·ar
00000620:·6179·732c·6578·6974·202d·4620·6172·6368··ays,exit·-F·arch00000620:·6368·3d62·3634·202d·5320·6f70·656e·2c6f··ch=b64·-S·open,o
00000630:·3d62·3634·202d·5320·6f70·656e·6174·2c6f··=b64·-S·openat,o00000630:·7065·6e61·742c·6f70·656e·6174·322c·6f70··penat,openat2,op
00000640:·7065·6e5f·6279·5f68·616e·646c·655f·6174··pen_by_handle_at00000640:·656e·5f62·795f·6861·6e64·6c65·5f61·7420··en_by_handle_at·
00000650:·202d·4620·6132·2661·6d70·3b30·3130·3033···-F·a2&amp;0100300000650:·2d46·2065·7869·743d·2d45·4143·4345·5320··-F·exit=-EACCES·
00000660:·202d·4620·6578·6974·3d2d·4541·4343·4553···-F·exit=-EACCES00000660:·2d46·2061·7569·643e·3d31·3030·3020·2d46··-F·auid>=1000·-F
00000670:·202d·4620·6175·6964·2667·743b·3d31·3030···-F·auid&gt;=10000000670:·2061·7569·6421·3d75·6e73·6574·202d·4620···auid!=unset·-F·
00000680:·3020·2d46·2061·7569·6421·3d75·6e73·6574··0·-F·auid!=unset00000680:·6b65·793d·756e·7375·6363·6573·7366·756c··key=unsuccessful
00000690:·202d·4620·6b65·793d·756e·7375·6363·6573···-F·key=unsucces00000690:·2d61·6363·6573·730a·2d61·2061·6c77·6179··-access.-a·alway
000006a0:·7366·756c·2d6d·6f64·6966·6963·6174·696f··sful-modificatio000006a0:·732c·6578·6974·202d·4620·6172·6368·3d62··s,exit·-F·arch=b
000006b0:·6e0a·2d61·2061·6c77·6179·732c·6578·6974··n.-a·always,exit000006b0:·3332·202d·5320·6f70·656e·2c6f·7065·6e61··32·-S·open,opena
000006c0:·202d·4620·6172·6368·3d62·3332·202d·5320···-F·arch=b32·-S·000006c0:·742c·6f70·656e·6174·322c·6f70·656e·5f62··t,openat2,open_b
000006d0:·6f70·656e·202d·4620·6131·2661·6d70·3b30··open·-F·a1&amp;0000006d0:·795f·6861·6e64·6c65·5f61·7420·2d46·2065··y_handle_at·-F·e
000006e0:·3130·3033·202d·4620·6578·6974·3d2d·4541··1003·-F·exit=-EA000006e0:·7869·743d·2d45·5045·524d·202d·4620·6175··xit=-EPERM·-F·au
000006f0:·4343·4553·202d·4620·6175·6964·2667·743b··CCES·-F·auid&gt;000006f0:·6964·3e3d·3130·3030·202d·4620·6175·6964··id>=1000·-F·auid
00000700:·3d31·3030·3020·2d46·2061·7569·6421·3d75··=1000·-F·auid!=u00000700:·213d·756e·7365·7420·2d46·206b·6579·3d75··!=unset·-F·key=u
00000710:·6e73·6574·202d·4620·6b65·793d·756e·7375··nset·-F·key=unsu00000710:·6e73·7563·6365·7373·6675·6c2d·6163·6365··nsuccessful-acce
00000720:·6363·6573·7366·756c·2d6d·6f64·6966·6963··ccessful-modific00000720:·7373·0a2d·6120·616c·7761·7973·2c65·7869··ss.-a·always,exi
00000730:·6174·696f·6e0a·2d61·2061·6c77·6179·732c··ation.-a·always,00000730:·7420·2d46·2061·7263·683d·6236·3420·2d53··t·-F·arch=b64·-S
00000740:·6578·6974·202d·4620·6172·6368·3d62·3634··exit·-F·arch=b6400000740:·206f·7065·6e2c·6f70·656e·6174·2c6f·7065···open,openat,ope
00000750:·202d·5320·6f70·656e·202d·4620·6131·2661···-S·open·-F·a1&a00000750:·6e61·7432·2c6f·7065·6e5f·6279·5f68·616e··nat2,open_by_han
00000760:·6d70·3b30·3130·3033·202d·4620·6578·6974··mp;01003·-F·exit00000760:·646c·655f·6174·202d·4620·6578·6974·3d2d··dle_at·-F·exit=-
00000770:·3d2d·4541·4343·4553·202d·4620·6175·6964··=-EACCES·-F·auid00000770:·4550·4552·4d20·2d46·2061·7569·643e·3d31··EPERM·-F·auid>=1
00000780:·2667·743b·3d31·3030·3020·2d46·2061·7569··&gt;=1000·-F·aui00000780:·3030·3020·2d46·2061·7569·6421·3d75·6e73··000·-F·auid!=uns
00000790:·6421·3d75·6e73·6574·202d·4620·6b65·793d··d!=unset·-F·key=00000790:·6574·202d·4620·6b65·793d·756e·7375·6363··et·-F·key=unsucc
000007a0:·756e·7375·6363·6573·7366·756c·2d6d·6f64··unsuccessful-mod000007a0:·6573·7366·756c·2d61·6363·6573·7320·2020··essful-access···
000007b0:·6966·6963·6174·696f·6e0a·2d61·2061·6c77··ification.-a·alw000007b0:·203c·2f70·7265·3e0a·0a4c·6f61·6420·6e65···</pre>..Load·ne
000007c0:·6179·732c·6578·6974·202d·4620·6172·6368··ays,exit·-F·arch000007c0:·7720·4175·6469·7420·7275·6c65·7320·696e··w·Audit·rules·in
000007d0:·3d62·3332·202d·5320·7472·756e·6361·7465··=b32·-S·truncate000007d0:·746f·206b·6572·6e65·6c20·6279·2072·756e··to·kernel·by·run
000007e0:·2c66·7472·756e·6361·7465·202d·4620·6578··,ftruncate·-F·ex000007e0:·6e69·6e67·3a0a·3c70·7265·3e61·7567·656e··ning:.<pre>augen
000007f0:·6974·3d2d·4541·4343·4553·202d·4620·6175··it=-EACCES·-F·au000007f0:·7275·6c65·7320·2d2d·6c6f·6164·3c2f·7072··rules·--load</pr
00000800:·6964·2667·743b·3d31·3030·3020·2d46·2061··id&gt;=1000·-F·a00000800:·653e·0a0a·4e6f·7465·3a20·5468·6973·2072··e>..Note:·This·r
00000810:·7569·6421·3d75·6e73·6574·202d·4620·6b65··uid!=unset·-F·ke00000810:·756c·6520·7573·6573·2061·2073·7065·6369··ule·uses·a·speci
00000820:·793d·756e·7375·6363·6573·7366·756c·2d6d··y=unsuccessful-m00000820:·616c·2073·6574·206f·6620·4175·6469·7420··al·set·of·Audit·
00000830:·6f64·6966·6963·6174·696f·6e0a·2d61·2061··odification.-a·a00000830:·7275·6c65·7320·746f·2063·6f6d·706c·7920··rules·to·comply·
00000840:·6c77·6179·732c·6578·6974·202d·4620·6172··lways,exit·-F·ar00000840:·7769·7468·204f·5350·5020·342e·322e·312e··with·OSPP·4.2.1.
00000850:·6368·3d62·3634·202d·5320·7472·756e·6361··ch=b64·-S·trunca00000850:·2059·6f75·206d·6179·2072·6575·7365·2074···You·may·reuse·t
00000860:·7465·2c66·7472·756e·6361·7465·202d·4620··te,ftruncate·-F·00000860:·6869·7320·7275·6c65·2069·6e20·6469·6666··his·rule·in·diff
00000870:·6578·6974·3d2d·4541·4343·4553·202d·4620··exit=-EACCES·-F·00000870:·6572·656e·7420·7072·6f66·696c·6573·2e20··erent·profiles.·
00000880:·6175·6964·2667·743b·3d31·3030·3020·2d46··auid&gt;=1000·-F00000880:·4966·2079·6f75·2064·6563·6964·6520·746f··If·you·decide·to
00000890:·2061·7569·6421·3d75·6e73·6574·202d·4620···auid!=unset·-F·00000890:·2064·6f20·736f·2c20·6974·2069·7320·7265···do·so,·it·is·re
000008a0:·6b65·793d·756e·7375·6363·6573·7366·756c··key=unsuccessful000008a0:·636f·6d6d·656e·6465·6420·7468·6174·2079··commended·that·y
000008b0:·2d6d·6f64·6966·6963·6174·696f·6e0a·2d61··-modification.-a000008b0:·6f75·2069·6e73·7065·6374·2063·6f6e·7465··ou·inspect·conte
000008c0:·2061·6c77·6179·732c·6578·6974·202d·4620···always,exit·-F·000008c0:·6e74·7320·6f66·2074·6865·2066·696c·6520··nts·of·the·file·
000008d0:·6172·6368·3d62·3332·202d·5320·6f70·656e··arch=b32·-S·open000008d0:·636c·6f73·656c·7920·616e·6420·6d61·6b65··closely·and·make
000008e0:·6174·2c6f·7065·6e5f·6279·5f68·616e·646c··at,open_by_handl000008e0:·2073·7572·6520·7468·6174·2074·6865·7920···sure·that·they·
000008f0:·655f·6174·202d·4620·6132·2661·6d70·3b30··e_at·-F·a2&amp;0000008f0:·6172·6520·616c·6c69·676e·6564·2077·6974··are·alligned·wit
00000900:·3130·3033·202d·4620·6578·6974·3d2d·4550··1003·-F·exit=-EP00000900:·6820·796f·7572·206e·6565·6473·2e0a·2020··h·your·needs..··
00000910:·4552·4d20·2d46·2061·7569·6426·6774·3b3d··ERM·-F·auid&gt;=00000910:·2020·2020·3c2f·7464·3e0a·2020·2020·2020······</td>.······
00000920:·3130·3030·202d·4620·6175·6964·213d·756e··1000·-F·auid!=un00000920:·3c74·6420·786d·6c3a·6c61·6e67·3d22·656e··<td·xml:lang="en
00000930:·7365·7420·2d46·206b·6579·3d75·6e73·7563··set·-F·key=unsuc00000930:·2d55·5322·3e0a·2020·2020·2020·2020·556e··-US">.········Un
00000940:·6365·7373·6675·6c2d·6d6f·6469·6669·6361··cessful-modifica00000940:·7375·6363·6573·7366·756c·2061·7474·656d··successful·attem
00000950:·7469·6f6e·0a2d·6120·616c·7761·7973·2c65··tion.-a·always,e00000950:·7074·7320·746f·2061·6363·6573·7320·6120··pts·to·access·a·
00000960:·7869·7420·2d46·2061·7263·683d·6236·3420··xit·-F·arch=b64·00000960:·6669·6c65·206d·6967·6874·2062·6520·7369··file·might·be·si
00000970:·2d53·206f·7065·6e61·742c·6f70·656e·5f62··-S·openat,open_b00000970:·676e·7320·6f66·206d·616c·6963·696f·7573··gns·of·malicious
00000980:·795f·6861·6e64·6c65·5f61·7420·2d46·2061··y_handle_at·-F·a00000980:·2061·6374·6976·6974·7920·6861·7070·656e···activity·happen
00000990:·3226·616d·703b·3031·3030·3320·2d46·2065··2&amp;01003·-F·e00000990:·696e·6720·7769·7468·696e·2074·6865·2073··ing·within·the·s
000009a0:·7869·743d·2d45·5045·524d·202d·4620·6175··xit=-EPERM·-F·au000009a0:·7973·7465·6d2e·2041·7564·6974·696e·6720··ystem.·Auditing·
000009b0:·6964·2667·743b·3d31·3030·3020·2d46·2061··id&gt;=1000·-F·a000009b0:·6f66·2073·7563·6820·6163·7469·7669·7469··of·such·activiti
000009c0:·7569·6421·3d75·6e73·6574·202d·4620·6b65··uid!=unset·-F·ke000009c0:·6573·2068·656c·7073·2069·6e20·7468·6569··es·helps·in·thei
000009d0:·793d·756e·7375·6363·6573·7366·756c·2d6d··y=unsuccessful-m000009d0:·7220·6d6f·6e69·746f·7269·6e67·2061·6e64··r·monitoring·and
000009e0:·6f64·6966·6963·6174·696f·6e0a·2d61·2061··odification.-a·a000009e0:·2069·6e76·6573·7469·6761·7469·6f6e·2e0a···investigation..
000009f0:·6c77·6179·732c·6578·6974·202d·4620·6172··lways,exit·-F·ar000009f0:·2020·2020·2020·3c2f·7464·3e0a·2020·2020········</td>.····
00000a00:·6368·3d62·3332·202d·5320·6f70·656e·202d··ch=b32·-S·open·-00000a00:·3c2f·7472·3e0a·2020·2020·3c74·723e·0a20··</tr>.····<tr>.·
00000a10:·4620·6131·2661·6d70·3b30·3130·3033·202d··F·a1&amp;01003·-00000a10:·2020·2020·203c·7464·3e41·552d·3228·6429·······<td>AU-2(d)
00000a20:·4620·6578·6974·3d2d·4550·4552·4d20·2d46··F·exit=-EPERM·-F00000a20:·3c62·722f·3e41·552d·3132·2863·293c·6272··<br/>AU-12(c)<br
00000a30:·2061·7569·6426·6774·3b3d·3130·3030·202d···auid&gt;=1000·-00000a30:·2f3e·434d·2d36·2861·293c·2f74·643e·0a20··/>CM-6(a)</td>.·
00000a40:·4620·6175·6964·213d·756e·7365·7420·2d46··F·auid!=unset·-F00000a40:·2020·2020·203c·7464·3e52·6563·6f72·6420·······<td>Record·
00000a50:·206b·6579·3d75·6e73·7563·6365·7373·6675···key=unsuccessfu00000a50:·556e·7375·6363·6573·7366·756c·2050·6572··Unsuccessful·Per
00000a60:·6c2d·6d6f·6469·6669·6361·7469·6f6e·0a2d··l-modification.-00000a60:·6d69·7373·696f·6e20·4368·616e·6765·7320··mission·Changes·
00000a70:·6120·616c·7761·7973·2c65·7869·7420·2d46··a·always,exit·-F00000a70:·746f·2046·696c·6573·202d·2073·6574·7861··to·Files·-·setxa
00000a80:·2061·7263·683d·6236·3420·2d53·206f·7065···arch=b64·-S·ope00000a80:·7474·723c·2f74·643e·0a20·2020·2020·203c··ttr</td>.······<
00000a90:·6e20·2d46·2061·3126·616d·703b·3031·3030··n·-F·a1&amp;010000000a90:·7464·2078·6d6c·3a6c·616e·673d·2265·6e2d··td·xml:lang="en-
00000aa0:·3320·2d46·2065·7869·743d·2d45·5045·524d··3·-F·exit=-EPERM00000aa0:·5553·223e·0a20·2020·2020·2020·2054·6865··US">.········The
00000ab0:·202d·4620·6175·6964·2667·743b·3d31·3030···-F·auid&gt;=10000000ab0:·2061·7564·6974·2073·7973·7465·6d20·7368···audit·system·sh
00000ac0:·3020·2d46·2061·7569·6421·3d75·6e73·6574··0·-F·auid!=unset00000ac0:·6f75·6c64·2063·6f6c·6c65·6374·2075·6e73··ould·collect·uns
00000ad0:·202d·4620·6b65·793d·756e·7375·6363·6573···-F·key=unsucces00000ad0:·7563·6365·7373·6675·6c20·6669·6c65·2070··uccessful·file·p
00000ae0:·7366·756c·2d6d·6f64·6966·6963·6174·696f··sful-modificatio00000ae0:·6572·6d69·7373·696f·6e20·6368·616e·6765··ermission·change
00000af0:·6e0a·2d61·2061·6c77·6179·732c·6578·6974··n.-a·always,exit00000af0:·0a61·7474·656d·7074·7320·666f·7220·616c··.attempts·for·al
00000b00:·202d·4620·6172·6368·3d62·3332·202d·5320···-F·arch=b32·-S·00000b00:·6c20·7573·6572·7320·616e·6420·726f·6f74··l·users·and·root
00000b10:·7472·756e·6361·7465·2c66·7472·756e·6361··truncate,ftrunca00000b10:·2e0a·4966·2074·6865·203c·7474·3e61·7564··..If·the·<tt>aud
00000b20:·7465·202d·4620·6578·6974·3d2d·4550·4552··te·-F·exit=-EPER00000b20:·6974·643c·2f74·743e·2064·6165·6d6f·6e20··itd</tt>·daemon·
00000b30:·4d20·2d46·2061·7569·6426·6774·3b3d·3130··M·-F·auid&gt;=1000000b30:·6973·2063·6f6e·6669·6775·7265·640a·746f··is·configured.to
00000b40:·3030·202d·4620·6175·6964·213d·756e·7365··00·-F·auid!=unse00000b40:·2075·7365·2074·6865·203c·7474·3e61·7567···use·the·<tt>aug
00000b50:·7420·2d46·206b·6579·3d75·6e73·7563·6365··t·-F·key=unsucce00000b50:·656e·7275·6c65·733c·2f74·743e·2070·726f··enrules</tt>·pro
00000b60:·7373·6675·6c2d·6d6f·6469·6669·6361·7469··ssful-modificati00000b60:·6772·616d·2074·6f20·7265·6164·2061·7564··gram·to·read·aud
00000b70:·6f6e·0a2d·6120·616c·7761·7973·2c65·7869··on.-a·always,exi00000b70:·6974·2072·756c·6573·2064·7572·696e·6720··it·rules·during·
00000b80:·7420·2d46·2061·7263·683d·6236·3420·2d53··t·-F·arch=b64·-S00000b80:·6461·656d·6f6e·0a73·7461·7274·7570·2028··daemon.startup·(
00000b90:·2074·7275·6e63·6174·652c·6674·7275·6e63···truncate,ftrunc00000b90:·7468·6520·6465·6661·756c·7429·2c20·6164··the·default),·ad
00000ba0:·6174·6520·2d46·2065·7869·743d·2d45·5045··ate·-F·exit=-EPE00000ba0:·6420·7468·6520·666f·6c6c·6f77·696e·6720··d·the·following·
00000bb0:·524d·202d·4620·6175·6964·2667·743b·3d31··RM·-F·auid&gt;=100000bb0:·6c69·6e65·7320·746f·2061·2066·696c·6520··lines·to·a·file·
00000bc0:·3030·3020·2d46·2061·7569·6421·3d75·6e73··000·-F·auid!=uns00000bc0:·7769·7468·2073·7566·6669·780a·3c74·743e··with·suffix.<tt>
00000bd0:·6574·202d·4620·6b65·793d·756e·7375·6363··et·-F·key=unsucc00000bd0:·2e72·756c·6573·3c2f·7474·3e20·696e·2074··.rules</tt>·in·t
00000be0:·6573·7366·756c·2d6d·6f64·6966·6963·6174··essful-modificat00000be0:·6865·2064·6972·6563·746f·7279·203c·7474··he·directory·<tt
Max diff block lines reached; 6968494/7484088 bytes (93.11%) of diff not shown.
2.53 MB
html2text {}
Max HTML report size reached
798 KB
./usr/share/doc/ssg-nondebian/table-ol8-pcidssrefs.html
Ordering differences only
    
Offset 157, 14 lines modifiedOffset 157, 28 lines modified
157 default·zone·to·<tt>drop</tt>·implements·proper·design·for·a·firewall,·i.e.157 default·zone·to·<tt>drop</tt>·implements·proper·design·for·a·firewall,·i.e.
158 any·packets·which·are·not·explicitly·permitted·should·not·be158 any·packets·which·are·not·explicitly·permitted·should·not·be
159 accepted.159 accepted.
160 ······</td>160 ······</td>
161 ····</tr>161 ····</tr>
162 ····<tr>162 ····<tr>
163 ······<td>Req-1.4.1</td>163 ······<td>Req-1.4.1</td>
 164 ······<td>Install·iptables·Package</td>
 165 ······<td·xml:lang="en-US">
 166 ········The·<code>iptables</code>·package·can·be·installed·with·the·following·command:
 167 <pre>
 168 $·sudo·yum·install·iptables</pre>
 169 ······</td>
 170 ······<td·xml:lang="en-US">
 171 ········<tt>iptables</tt>·controls·the·Linux·kernel·network·packet·filtering
 172 code.·<tt>iptables</tt>·allows·system·operators·to·set·up·firewalls·and·IP
 173 masquerading,·etc.
 174 ······</td>
 175 ····</tr>
 176 ····<tr>
 177 ······<td>Req-1.4.1</td>
164 ······<td>Set·nftables·Configuration·for·Loopback·Traffic</td>178 ······<td>Set·nftables·Configuration·for·Loopback·Traffic</td>
165 ······<td·xml:lang="en-US">179 ······<td·xml:lang="en-US">
166 ········Configure·the·loopback·interface·to·accept·traffic.180 ········Configure·the·loopback·interface·to·accept·traffic.
167 Configure·all·other·interfaces·to·deny·traffic·to·the·loopback181 Configure·all·other·interfaces·to·deny·traffic·to·the·loopback
168 network.182 network.
169 ······</td>183 ······</td>
170 ······<td·xml:lang="en-US">184 ······<td·xml:lang="en-US">
Offset 173, 28 lines modifiedOffset 187, 14 lines modified
173 is·the·only·place·that·loopback·network·traffic·should·be·seen,187 is·the·only·place·that·loopback·network·traffic·should·be·seen,
174 all·other·interfaces·should·ignore·traffic·on·this·network·as·an188 all·other·interfaces·should·ignore·traffic·on·this·network·as·an
175 anti-spoofing·measure.189 anti-spoofing·measure.
176 ······</td>190 ······</td>
177 ····</tr>191 ····</tr>
178 ····<tr>192 ····<tr>
179 ······<td>Req-1.4.1</td>193 ······<td>Req-1.4.1</td>
180 ······<td>Install·iptables·Package</td> 
181 ······<td·xml:lang="en-US"> 
182 ········The·<code>iptables</code>·package·can·be·installed·with·the·following·command: 
183 <pre> 
184 $·sudo·yum·install·iptables</pre> 
185 ······</td> 
186 ······<td·xml:lang="en-US"> 
187 ········<tt>iptables</tt>·controls·the·Linux·kernel·network·packet·filtering 
188 code.·<tt>iptables</tt>·allows·system·operators·to·set·up·firewalls·and·IP 
189 masquerading,·etc. 
190 ······</td> 
191 ····</tr> 
192 ····<tr> 
193 ······<td>Req-1.4.1</td> 
194 ······<td>Enable·Kernel·Parameter·to·Use·TCP·Syncookies·on·Network·Interfaces</td>194 ······<td>Enable·Kernel·Parameter·to·Use·TCP·Syncookies·on·Network·Interfaces</td>
195 ······<td·xml:lang="en-US">195 ······<td·xml:lang="en-US">
196 ········To·set·the·runtime·status·of·the·<code>net.ipv4.tcp_syncookies</code>·kernel·parameter,·run·the·following·command:·<pre>$·sudo·sysctl·-w·net.ipv4.tcp_syncookies=1</pre>196 ········To·set·the·runtime·status·of·the·<code>net.ipv4.tcp_syncookies</code>·kernel·parameter,·run·the·following·command:·<pre>$·sudo·sysctl·-w·net.ipv4.tcp_syncookies=1</pre>
197 To·make·sure·that·the·setting·is·persistent,·add·the·following·line·to·a·file·in·the·directory·<tt>/etc/sysctl.d</tt>:·<pre>net.ipv4.tcp_syncookies·=·1</pre>197 To·make·sure·that·the·setting·is·persistent,·add·the·following·line·to·a·file·in·the·directory·<tt>/etc/sysctl.d</tt>:·<pre>net.ipv4.tcp_syncookies·=·1</pre>
198 ······</td>198 ······</td>
199 ······<td·xml:lang="en-US">199 ······<td·xml:lang="en-US">
200 ········A·TCP·SYN·flood·attack·can·cause·a·denial·of·service·by·filling·a200 ········A·TCP·SYN·flood·attack·can·cause·a·denial·of·service·by·filling·a
Offset 203, 35 lines modifiedOffset 203, 14 lines modified
203 verifying·the·initiator·is·attempting·a·valid·connection·and·is·not·a·flood203 verifying·the·initiator·is·attempting·a·valid·connection·and·is·not·a·flood
204 source.·This·feature·is·activated·when·a·flood·condition·is·detected,·and204 source.·This·feature·is·activated·when·a·flood·condition·is·detected,·and
205 enables·the·system·to·continue·servicing·valid·connection·requests.205 enables·the·system·to·continue·servicing·valid·connection·requests.
206 ······</td>206 ······</td>
207 ····</tr>207 ····</tr>
208 ····<tr>208 ····<tr>
209 ······<td>Req-1.4.2</td>209 ······<td>Req-1.4.2</td>
210 ······<td>Disable·DCCP·Support</td> 
211 ······<td·xml:lang="en-US"> 
212 ········The·Datagram·Congestion·Control·Protocol·(DCCP)·is·a 
213 relatively·new·transport·layer·protocol,·designed·to·support 
214 streaming·media·and·telephony. 
  
215 To·configure·the·system·to·prevent·the·<code>dccp</code> 
216 kernel·module·from·being·loaded,·add·the·following·line·to·the·file·<code>/etc/modprobe.d/dccp.conf</code>: 
217 <pre>install·dccp·/bin/false</pre> 
  
218 To·configure·the·system·to·prevent·the·<code>dccp</code>·from·being·used, 
219 add·the·following·line·to·file·<code>/etc/modprobe.d/dccp.conf</code>: 
220 <pre>blacklist·dccp</pre> 
221 ······</td> 
222 ······<td·xml:lang="en-US"> 
223 ········Disabling·DCCP·protects 
224 the·system·against·exploitation·of·any·flaws·in·its·implementation. 
225 ······</td> 
226 ····</tr> 
227 ····<tr> 
228 ······<td>Req-1.4.2</td> 
229 ······<td>Disable·SCTP·Support</td>210 ······<td>Disable·SCTP·Support</td>
230 ······<td·xml:lang="en-US">211 ······<td·xml:lang="en-US">
231 ········The·Stream·Control·Transmission·Protocol·(SCTP)·is·a212 ········The·Stream·Control·Transmission·Protocol·(SCTP)·is·a
232 transport·layer·protocol,·designed·to·support·the·idea·of213 transport·layer·protocol,·designed·to·support·the·idea·of
233 message-oriented·communication,·with·several·streams·of·messages214 message-oriented·communication,·with·several·streams·of·messages
234 within·one·connection.215 within·one·connection.
  
Offset 245, 58 lines modifiedOffset 224, 75 lines modified
245 ······</td>224 ······</td>
246 ······<td·xml:lang="en-US">225 ······<td·xml:lang="en-US">
247 ········Disabling·SCTP·protects226 ········Disabling·SCTP·protects
248 the·system·against·exploitation·of·any·flaws·in·its·implementation.227 the·system·against·exploitation·of·any·flaws·in·its·implementation.
249 ······</td>228 ······</td>
250 ····</tr>229 ····</tr>
251 ····<tr>230 ····<tr>
 231 ······<td>Req-1.4.2</td>
 232 ······<td>Disable·DCCP·Support</td>
 233 ······<td·xml:lang="en-US">
 234 ········The·Datagram·Congestion·Control·Protocol·(DCCP)·is·a
 235 relatively·new·transport·layer·protocol,·designed·to·support
 236 streaming·media·and·telephony.
  
 237 To·configure·the·system·to·prevent·the·<code>dccp</code>
 238 kernel·module·from·being·loaded,·add·the·following·line·to·the·file·<code>/etc/modprobe.d/dccp.conf</code>:
 239 <pre>install·dccp·/bin/false</pre>
  
 240 To·configure·the·system·to·prevent·the·<code>dccp</code>·from·being·used,
 241 add·the·following·line·to·file·<code>/etc/modprobe.d/dccp.conf</code>:
 242 <pre>blacklist·dccp</pre>
 243 ······</td>
 244 ······<td·xml:lang="en-US">
 245 ········Disabling·DCCP·protects
 246 the·system·against·exploitation·of·any·flaws·in·its·implementation.
 247 ······</td>
 248 ····</tr>
 249 ····<tr>
252 ······<td>Req-1.4.3</td>250 ······<td>Req-1.4.3</td>
253 ······<td>Disable·Kernel·Parameter·for·Accepting·Secure·ICMP·Redirects·on·all·IPv4·Interfaces</td>251 ······<td>Disable·Kernel·Parameter·for·Accepting·Secure·ICMP·Redirects·on·all·IPv4·Interfaces</td>
254 ······<td·xml:lang="en-US">252 ······<td·xml:lang="en-US">
255 ········To·set·the·runtime·status·of·the·<code>net.ipv4.conf.all.secure_redirects</code>·kernel·parameter,·run·the·following·command:·<pre>$·sudo·sysctl·-w·net.ipv4.conf.all.secure_redirects=0</pre>253 ········To·set·the·runtime·status·of·the·<code>net.ipv4.conf.all.secure_redirects</code>·kernel·parameter,·run·the·following·command:·<pre>$·sudo·sysctl·-w·net.ipv4.conf.all.secure_redirects=0</pre>
256 To·make·sure·that·the·setting·is·persistent,·add·the·following·line·to·a·file·in·the·directory·<tt>/etc/sysctl.d</tt>:·<pre>net.ipv4.conf.all.secure_redirects·=·0</pre>254 To·make·sure·that·the·setting·is·persistent,·add·the·following·line·to·a·file·in·the·directory·<tt>/etc/sysctl.d</tt>:·<pre>net.ipv4.conf.all.secure_redirects·=·0</pre>
Max diff block lines reached; 305612/310804 bytes (98.33%) of diff not shown.
494 KB
html2text {}
    
Offset 112, 14 lines modifiedOffset 112, 23 lines modified
112 ·········Incoming·Packets····firewalld.conf·to·be:··································drop·implements112 ·········Incoming·Packets····firewalld.conf·to·be:··································drop·implements
113 ·····························DefaultZone=drop·······································proper·design·for·a113 ·····························DefaultZone=drop·······································proper·design·for·a
114 ····················································································firewall,·i.e.·any114 ····················································································firewall,·i.e.·any
115 ····················································································packets·which·are115 ····················································································packets·which·are
116 ····················································································not·explicitly116 ····················································································not·explicitly
117 ····················································································permitted·should117 ····················································································permitted·should
118 ····················································································not·be·accepted.118 ····················································································not·be·accepted.
 119 ····················································································iptables·controls
 120 ····················································································the·Linux·kernel
 121 ····················································································network·packet
 122 Req-·····Install·iptables····The·iptables·package·can·be·installed·with·the·········filtering·code.
 123 1.4.1····Package·············following·command:·····································iptables·allows
 124 ·····························$·sudo·yum·install·iptables····························system·operators·to
 125 ····················································································set·up·firewalls
 126 ····················································································and·IP
 127 ····················································································masquerading,·etc.
119 ····················································································Loopback·traffic·is128 ····················································································Loopback·traffic·is
120 ····················································································generated·between129 ····················································································generated·between
121 ····················································································processes·on130 ····················································································processes·on
122 ····················································································machine·and·is131 ····················································································machine·and·is
123 ····················································································typically·critical132 ····················································································typically·critical
124 ····················································································to·operation·of·the133 ····················································································to·operation·of·the
125 ····················································································system.·The134 ····················································································system.·The
Offset 129, 23 lines modifiedOffset 138, 14 lines modified
129 ····················································································network·traffic138 ····················································································network·traffic
130 ····················································································should·be·seen,·all139 ····················································································should·be·seen,·all
131 ····················································································other·interfaces140 ····················································································other·interfaces
132 ····················································································should·ignore141 ····················································································should·ignore
133 ····················································································traffic·on·this142 ····················································································traffic·on·this
134 ····················································································network·as·an·anti-143 ····················································································network·as·an·anti-
135 ····················································································spoofing·measure.144 ····················································································spoofing·measure.
136 ····················································································iptables·controls 
137 ····················································································the·Linux·kernel 
138 ····················································································network·packet 
139 Req-·····Install·iptables····The·iptables·package·can·be·installed·with·the·········filtering·code. 
140 1.4.1····Package·············following·command:·····································iptables·allows 
141 ·····························$·sudo·yum·install·iptables····························system·operators·to 
142 ····················································································set·up·firewalls 
143 ····················································································and·IP 
144 ····················································································masquerading,·etc. 
145 ····················································································A·TCP·SYN·flood145 ····················································································A·TCP·SYN·flood
146 ····················································································attack·can·cause·a146 ····················································································attack·can·cause·a
147 ····················································································denial·of·service147 ····················································································denial·of·service
148 ····················································································by·filling·a148 ····················································································by·filling·a
149 ····················································································system's·TCP149 ····················································································system's·TCP
150 ····················································································connection·table150 ····················································································connection·table
151 ····················································································with·connections·in151 ····················································································with·connections·in
Offset 164, 47 lines modifiedOffset 164, 90 lines modified
164 ····················································································flood·condition·is164 ····················································································flood·condition·is
165 ····················································································detected,·and165 ····················································································detected,·and
166 ····················································································enables·the·system166 ····················································································enables·the·system
167 ····················································································to·continue167 ····················································································to·continue
168 ····················································································servicing·valid168 ····················································································servicing·valid
169 ····················································································connection169 ····················································································connection
170 ····················································································requests.170 ····················································································requests.
171 ·····························The·Datagram·Congestion·Control·Protocol·(DCCP)·is·a 
172 ·····························relatively·new·transport·layer·protocol,·designed·to 
173 ·····························support·streaming·media·and·telephony.·To·configure····Disabling·DCCP 
174 ·····························the·system·to·prevent·the·dccp·kernel·module·from······protects·the·system 
175 Req-·····Disable·DCCP········being·loaded,·add·the·following·line·to·the·file·/etc/·against 
176 1.4.2····Support·············modprobe.d/dccp.conf:··································exploitation·of·any 
177 ·····························install·dccp·/bin/false································flaws·in·its 
178 ·····························To·configure·the·system·to·prevent·the·dccp·from·being·implementation. 
179 ·····························used,·add·the·following·line·to·file·/etc/modprobe.d/ 
180 ·····························dccp.conf: 
181 ·····························blacklist·dccp 
182 ·····························The·Stream·Control·Transmission·Protocol·(SCTP)·is·a171 ·····························The·Stream·Control·Transmission·Protocol·(SCTP)·is·a
183 ·····························transport·layer·protocol,·designed·to·support·the·idea172 ·····························transport·layer·protocol,·designed·to·support·the·idea
184 ·····························of·message-oriented·communication,·with·several173 ·····························of·message-oriented·communication,·with·several
185 ·····························streams·of·messages·within·one·connection.·To··········Disabling·SCTP174 ·····························streams·of·messages·within·one·connection.·To··········Disabling·SCTP
186 ·····························configure·the·system·to·prevent·the·sctp·kernel·module·protects·the·system175 ·····························configure·the·system·to·prevent·the·sctp·kernel·module·protects·the·system
187 Req-·····Disable·SCTP········from·being·loaded,·add·the·following·line·to·the·file··against176 Req-·····Disable·SCTP········from·being·loaded,·add·the·following·line·to·the·file··against
188 1.4.2····Support·············/etc/modprobe.d/sctp.conf:·····························exploitation·of·any177 1.4.2····Support·············/etc/modprobe.d/sctp.conf:·····························exploitation·of·any
189 ·····························install·sctp·/bin/false································flaws·in·its178 ·····························install·sctp·/bin/false································flaws·in·its
190 ·····························To·configure·the·system·to·prevent·the·sctp·from·being·implementation.179 ·····························To·configure·the·system·to·prevent·the·sctp·from·being·implementation.
191 ·····························used,·add·the·following·line·to·file·/etc/modprobe.d/180 ·····························used,·add·the·following·line·to·file·/etc/modprobe.d/
192 ·····························sctp.conf:181 ·····························sctp.conf:
193 ·····························blacklist·sctp182 ·····························blacklist·sctp
 183 ·····························The·Datagram·Congestion·Control·Protocol·(DCCP)·is·a
 184 ·····························relatively·new·transport·layer·protocol,·designed·to
 185 ·····························support·streaming·media·and·telephony.·To·configure····Disabling·DCCP
 186 ·····························the·system·to·prevent·the·dccp·kernel·module·from······protects·the·system
 187 Req-·····Disable·DCCP········being·loaded,·add·the·following·line·to·the·file·/etc/·against
 188 1.4.2····Support·············modprobe.d/dccp.conf:··································exploitation·of·any
 189 ·····························install·dccp·/bin/false································flaws·in·its
 190 ·····························To·configure·the·system·to·prevent·the·dccp·from·being·implementation.
 191 ·····························used,·add·the·following·line·to·file·/etc/modprobe.d/
 192 ·····························dccp.conf:
 193 ·····························blacklist·dccp
194 ····················································································Accepting·"secure"194 ····················································································Accepting·"secure"
195 ·····························To·set·the·runtime·status·of·the·······················ICMP·redirects195 ·····························To·set·the·runtime·status·of·the·······················ICMP·redirects
196 ·········Disable·Kernel······net.ipv4.conf.all.secure_redirects·kernel·parameter,···(from·those196 ·········Disable·Kernel······net.ipv4.conf.all.secure_redirects·kernel·parameter,···(from·those
197 ·········Parameter·for·······run·the·following·command:·····························gateways·listed·as197 ·········Parameter·for·······run·the·following·command:·····························gateways·listed·as
198 Req-·····Accepting·Secure····$·sudo·sysctl·-w·net.ipv4.conf.all.secure_redirects=0··default·gateways)198 Req-·····Accepting·Secure····$·sudo·sysctl·-w·net.ipv4.conf.all.secure_redirects=0··default·gateways)
199 1.4.3····ICMP·Redirects·on···To·make·sure·that·the·setting·is·persistent,·add·the···has·few·legitimate199 1.4.3····ICMP·Redirects·on···To·make·sure·that·the·setting·is·persistent,·add·the···has·few·legitimate
200 ·········all·IPv4·Interfaces·following·line·to·a·file·in·the·directory·/etc/········uses.·It·should·be200 ·········all·IPv4·Interfaces·following·line·to·a·file·in·the·directory·/etc/········uses.·It·should·be
201 ·····························sysctl.d:··············································disabled·unless·it201 ·····························sysctl.d:··············································disabled·unless·it
202 ·····························net.ipv4.conf.all.secure_redirects·=·0·················is·absolutely202 ·····························net.ipv4.conf.all.secure_redirects·=·0·················is·absolutely
203 ····················································································required.203 ····················································································required.
 204 ····················································································Responding·to
 205 ····················································································broadcast·(ICMP)
 206 ····················································································echoes·facilitates
 207 ·····························To·set·the·runtime·status·of·the·······················network·mapping·and
 208 ·····························net.ipv4.icmp_echo_ignore_broadcasts·kernel·parameter,·provides·a·vector
 209 ·········Enable·Kernel·······run·the·following·command:·····························for·amplification
 210 ·········Parameter·to·Ignore·$·sudo·sysctl·-········································attacks.
 211 Req-·····ICMP·Broadcast·Echo·w·net.ipv4.icmp_echo_ignore_broadcasts=1···············Ignoring·ICMP·echo
 212 1.4.3····Requests·on·IPv4····To·make·sure·that·the·setting·is·persistent,·add·the···requests·(pings)
 213 ·········Interfaces··········following·line·to·a·file·in·the·directory·/etc/········sent·to·broadcast
 214 ·····························sysctl.d:··············································or·multicast
 215 ·····························net.ipv4.icmp_echo_ignore_broadcasts·=·1···············addresses·makes·the
 216 ····················································································system·slightly
 217 ····················································································more·difficult·to
 218 ····················································································enumerate·on·the
 219 ····················································································network.
 220 ····················································································Enabling·reverse
 221 ····················································································path·filtering
 222 ····················································································drops·packets·with
 223 ····················································································source·addresses
 224 ····················································································that·should·not
 225 ·····························To·set·the·runtime·status·of·the·······················have·been·able·to
 226 ·········Enable·Kernel·······net.ipv4.conf.all.rp_filter·kernel·parameter,·run·the··be·received·on·the
 227 ·········Parameter·to·Use····following·command:·····································interface·they·were
 228 Req-·····Reverse·Path········$·sudo·sysctl·-w·net.ipv4.conf.all.rp_filter=1·········received·on.·It
 229 1.4.3····Filtering·on·all····To·make·sure·that·the·setting·is·persistent,·add·the···should·not·be·used
 230 ·········IPv4·Interfaces·····following·line·to·a·file·in·the·directory·/etc/········on·systems·which
 231 ·····························sysctl.d:··············································are·routers·for
Max diff block lines reached; 492375/506056 bytes (97.30%) of diff not shown.
17.2 MB
./usr/share/doc/ssg-nondebian/table-rhcos4-nistrefs.html
    
Offset 69, 15609 lines modifiedOffset 69, 15609 lines modified
00000440:·6174·696f·6e61·6c65·3c2f·7468·3e0a·2020··ationale</th>.··00000440:·6174·696f·6e61·6c65·3c2f·7468·3e0a·2020··ationale</th>.··
00000450:·3c2f·7468·6561·643e·0a20·203c·7462·6f64··</thead>.··<tbod00000450:·3c2f·7468·6561·643e·0a20·203c·7462·6f64··</thead>.··<tbod
00000460:·793e·0a20·203c·7472·3e0a·2020·2020·2020··y>.··<tr>.······00000460:·793e·0a20·203c·7472·3e0a·2020·2020·2020··y>.··<tr>.······
00000470:·3c74·643e·4155·2d32·2861·293c·2f74·643e··<td>AU-2(a)</td>00000470:·3c74·643e·4155·2d32·2861·293c·2f74·643e··<td>AU-2(a)</td>
00000480:·0a20·2020·2020·203c·7464·3e43·6f6e·6669··.······<td>Confi00000480:·0a20·2020·2020·203c·7464·3e43·6f6e·6669··.······<td>Confi
00000490:·6775·7265·2061·7564·6974·696e·6720·6f66··gure·auditing·of00000490:·6775·7265·2061·7564·6974·696e·6720·6f66··gure·auditing·of
Diff chunk too large, falling back to line-by-line diff (5075 lines added, 5075 lines removed)
000004a0:·2075·6e73·7563·6365·7373·6675·6c20·6669···unsuccessful·fi000004a0:·2075·6e73·7563·6365·7373·6675·6c20·6669···unsuccessful·fi
000004b0:·6c65·206d·6f64·6966·6963·6174·696f·6e73··le·modifications000004b0:·6c65·2061·6363·6573·7365·733c·2f74·643e··le·accesses</td>
000004c0:·3c2f·7464·3e0a·2020·2020·2020·3c74·6420··</td>.······<td·000004c0:·0a20·2020·2020·203c·7464·2078·6d6c·3a6c··.······<td·xml:l
000004d0:·786d·6c3a·6c61·6e67·3d22·656e·2d55·5322··xml:lang="en-US"000004d0:·616e·673d·2265·6e2d·5553·223e·0a20·2020··ang="en-US">.···
000004e0:·3e0a·2020·2020·2020·2020·456e·7375·7265··>.········Ensure000004e0:·2020·2020·2045·6e73·7572·6520·7468·6174·······Ensure·that
000004f0:·2074·6861·7420·756e·7375·6363·6573·7366···that·unsuccessf000004f0:·2075·6e73·7563·6365·7373·6675·6c20·6174···unsuccessful·at
00000500:·756c·2061·7474·656d·7074·7320·746f·206d··ul·attempts·to·m00000500:·7465·6d70·7473·2074·6f20·6163·6365·7373··tempts·to·access
00000510:·6f64·6966·7920·6120·6669·6c65·2061·7265··odify·a·file·are00000510:·2061·2066·696c·6520·6172·6520·6175·6469···a·file·are·audi
00000520:·2061·7564·6974·6564·2e0a·0a54·6865·2066···audited...The·f00000520:·7465·642e·0a0a·5468·6520·666f·6c6c·6f77··ted...The·follow
00000530:·6f6c·6c6f·7769·6e67·2072·756c·6573·2063··ollowing·rules·c00000530:·696e·6720·7275·6c65·7320·636f·6e66·6967··ing·rules·config
00000540:·6f6e·6669·6775·7265·2061·7564·6974·2061··onfigure·audit·a00000540:·7572·6520·6175·6469·7420·6173·2064·6573··ure·audit·as·des
00000550:·7320·6465·7363·7269·6265·6420·6162·6f76··s·described·abov00000550:·6372·6962·6564·2061·626f·7665·3a0a·3c70··cribed·above:.<p
00000560:·653a·0a3c·7072·653e·2323·2055·6e73·7563··e:.<pre>##·Unsuc00000560:·7265·3e23·2320·556e·7375·6363·6573·7366··re>##·Unsuccessf
00000570:·6365·7373·6675·6c20·6669·6c65·206d·6f64··cessful·file·mod00000570:·756c·2066·696c·6520·6163·6365·7373·2028··ul·file·access·(
00000580:·6966·6963·6174·696f·6e73·2028·6f70·656e··ifications·(open00000580:·616e·7920·6f74·6865·7220·6f70·656e·7329··any·other·opens)
00000590:·2066·6f72·2077·7269·7465·206f·7220·7472···for·write·or·tr00000590:·2054·6869·7320·6861·7320·746f·2067·6f20···This·has·to·go·
000005a0:·756e·6361·7465·290a·2d61·2061·6c77·6179··uncate).-a·alway000005a0:·6c61·7374·2e0a·2d61·2061·6c77·6179·732c··last..-a·always,
000005b0:·732c·6578·6974·202d·4620·6172·6368·3d62··s,exit·-F·arch=b000005b0:·6578·6974·202d·4620·6172·6368·3d62·3332··exit·-F·arch=b32
000005c0:·3332·202d·5320·6f70·656e·6174·2c6f·7065··32·-S·openat,ope000005c0:·202d·5320·6f70·656e·2c6f·7065·6e61·742c···-S·open,openat,
000005d0:·6e5f·6279·5f68·616e·646c·655f·6174·202d··n_by_handle_at·-000005d0:·6f70·656e·6174·322c·6f70·656e·5f62·795f··openat2,open_by_
000005e0:·4620·6132·2661·6d70·3b30·3130·3033·202d··F·a2&amp;01003·-000005e0:·6861·6e64·6c65·5f61·7420·2d46·2065·7869··handle_at·-F·exi
000005f0:·4620·6578·6974·3d2d·4541·4343·4553·202d··F·exit=-EACCES·-000005f0:·743d·2d45·4143·4345·5320·2d46·2061·7569··t=-EACCES·-F·aui
00000600:·4620·6175·6964·2667·743b·3d31·3030·3020··F·auid&gt;=1000·00000600:·643e·3d31·3030·3020·2d46·2061·7569·6421··d>=1000·-F·auid!
00000610:·2d46·2061·7569·6421·3d75·6e73·6574·202d··-F·auid!=unset·-00000610:·3d75·6e73·6574·202d·4620·6b65·793d·756e··=unset·-F·key=un
00000620:·4620·6b65·793d·756e·7375·6363·6573·7366··F·key=unsuccessf00000620:·7375·6363·6573·7366·756c·2d61·6363·6573··successful-acces
00000630:·756c·2d6d·6f64·6966·6963·6174·696f·6e0a··ul-modification.00000630:·730a·2d61·2061·6c77·6179·732c·6578·6974··s.-a·always,exit
00000640:·2d61·2061·6c77·6179·732c·6578·6974·202d··-a·always,exit·-00000640:·202d·4620·6172·6368·3d62·3634·202d·5320···-F·arch=b64·-S·
00000650:·4620·6172·6368·3d62·3634·202d·5320·6f70··F·arch=b64·-S·op00000650:·6f70·656e·2c6f·7065·6e61·742c·6f70·656e··open,openat,open
00000660:·656e·6174·2c6f·7065·6e5f·6279·5f68·616e··enat,open_by_han00000660:·6174·322c·6f70·656e·5f62·795f·6861·6e64··at2,open_by_hand
00000670:·646c·655f·6174·202d·4620·6132·2661·6d70··dle_at·-F·a2&amp00000670:·6c65·5f61·7420·2d46·2065·7869·743d·2d45··le_at·-F·exit=-E
00000680:·3b30·3130·3033·202d·4620·6578·6974·3d2d··;01003·-F·exit=-00000680:·4143·4345·5320·2d46·2061·7569·643e·3d31··ACCES·-F·auid>=1
00000690:·4541·4343·4553·202d·4620·6175·6964·2667··EACCES·-F·auid&g00000690:·3030·3020·2d46·2061·7569·6421·3d75·6e73··000·-F·auid!=uns
000006a0:·743b·3d31·3030·3020·2d46·2061·7569·6421··t;=1000·-F·auid!000006a0:·6574·202d·4620·6b65·793d·756e·7375·6363··et·-F·key=unsucc
000006b0:·3d75·6e73·6574·202d·4620·6b65·793d·756e··=unset·-F·key=un000006b0:·6573·7366·756c·2d61·6363·6573·730a·2d61··essful-access.-a
000006c0:·7375·6363·6573·7366·756c·2d6d·6f64·6966··successful-modif000006c0:·2061·6c77·6179·732c·6578·6974·202d·4620···always,exit·-F·
000006d0:·6963·6174·696f·6e0a·2d61·2061·6c77·6179··ication.-a·alway000006d0:·6172·6368·3d62·3332·202d·5320·6f70·656e··arch=b32·-S·open
000006e0:·732c·6578·6974·202d·4620·6172·6368·3d62··s,exit·-F·arch=b000006e0:·2c6f·7065·6e61·742c·6f70·656e·6174·322c··,openat,openat2,
000006f0:·3332·202d·5320·6f70·656e·202d·4620·6131··32·-S·open·-F·a1000006f0:·6f70·656e·5f62·795f·6861·6e64·6c65·5f61··open_by_handle_a
00000700:·2661·6d70·3b30·3130·3033·202d·4620·6578··&amp;01003·-F·ex00000700:·7420·2d46·2065·7869·743d·2d45·5045·524d··t·-F·exit=-EPERM
00000710:·6974·3d2d·4541·4343·4553·202d·4620·6175··it=-EACCES·-F·au00000710:·202d·4620·6175·6964·3e3d·3130·3030·202d···-F·auid>=1000·-
00000720:·6964·2667·743b·3d31·3030·3020·2d46·2061··id&gt;=1000·-F·a00000720:·4620·6175·6964·213d·756e·7365·7420·2d46··F·auid!=unset·-F
00000730:·7569·6421·3d75·6e73·6574·202d·4620·6b65··uid!=unset·-F·ke00000730:·206b·6579·3d75·6e73·7563·6365·7373·6675···key=unsuccessfu
00000740:·793d·756e·7375·6363·6573·7366·756c·2d6d··y=unsuccessful-m00000740:·6c2d·6163·6365·7373·0a2d·6120·616c·7761··l-access.-a·alwa
00000750:·6f64·6966·6963·6174·696f·6e0a·2d61·2061··odification.-a·a00000750:·7973·2c65·7869·7420·2d46·2061·7263·683d··ys,exit·-F·arch=
00000760:·6c77·6179·732c·6578·6974·202d·4620·6172··lways,exit·-F·ar00000760:·6236·3420·2d53·206f·7065·6e2c·6f70·656e··b64·-S·open,open
00000770:·6368·3d62·3634·202d·5320·6f70·656e·202d··ch=b64·-S·open·-00000770:·6174·2c6f·7065·6e61·7432·2c6f·7065·6e5f··at,openat2,open_
00000780:·4620·6131·2661·6d70·3b30·3130·3033·202d··F·a1&amp;01003·-00000780:·6279·5f68·616e·646c·655f·6174·202d·4620··by_handle_at·-F·
00000790:·4620·6578·6974·3d2d·4541·4343·4553·202d··F·exit=-EACCES·-00000790:·6578·6974·3d2d·4550·4552·4d20·2d46·2061··exit=-EPERM·-F·a
000007a0:·4620·6175·6964·2667·743b·3d31·3030·3020··F·auid&gt;=1000·000007a0:·7569·643e·3d31·3030·3020·2d46·2061·7569··uid>=1000·-F·aui
000007b0:·2d46·2061·7569·6421·3d75·6e73·6574·202d··-F·auid!=unset·-000007b0:·6421·3d75·6e73·6574·202d·4620·6b65·793d··d!=unset·-F·key=
000007c0:·4620·6b65·793d·756e·7375·6363·6573·7366··F·key=unsuccessf000007c0:·756e·7375·6363·6573·7366·756c·2d61·6363··unsuccessful-acc
000007d0:·756c·2d6d·6f64·6966·6963·6174·696f·6e0a··ul-modification.000007d0:·6573·7320·2020·203c·2f70·7265·3e0a·0a4c··ess····</pre>..L
000007e0:·2d61·2061·6c77·6179·732c·6578·6974·202d··-a·always,exit·-000007e0:·6f61·6420·6e65·7720·4175·6469·7420·7275··oad·new·Audit·ru
000007f0:·4620·6172·6368·3d62·3332·202d·5320·7472··F·arch=b32·-S·tr000007f0:·6c65·7320·696e·746f·206b·6572·6e65·6c20··les·into·kernel·
00000800:·756e·6361·7465·2c66·7472·756e·6361·7465··uncate,ftruncate00000800:·6279·2072·756e·6e69·6e67·3a0a·3c70·7265··by·running:.<pre
00000810:·202d·4620·6578·6974·3d2d·4541·4343·4553···-F·exit=-EACCES00000810:·3e61·7567·656e·7275·6c65·7320·2d2d·6c6f··>augenrules·--lo
00000820:·202d·4620·6175·6964·2667·743b·3d31·3030···-F·auid&gt;=10000000820:·6164·3c2f·7072·653e·0a0a·4e6f·7465·3a20··ad</pre>..Note:·
00000830:·3020·2d46·2061·7569·6421·3d75·6e73·6574··0·-F·auid!=unset00000830:·5468·6973·2072·756c·6520·7573·6573·2061··This·rule·uses·a
00000840:·202d·4620·6b65·793d·756e·7375·6363·6573···-F·key=unsucces00000840:·2073·7065·6369·616c·2073·6574·206f·6620···special·set·of·
00000850:·7366·756c·2d6d·6f64·6966·6963·6174·696f··sful-modificatio00000850:·4175·6469·7420·7275·6c65·7320·746f·2063··Audit·rules·to·c
00000860:·6e0a·2d61·2061·6c77·6179·732c·6578·6974··n.-a·always,exit00000860:·6f6d·706c·7920·7769·7468·204f·5350·5020··omply·with·OSPP·
00000870:·202d·4620·6172·6368·3d62·3634·202d·5320···-F·arch=b64·-S·00000870:·342e·322e·312e·2059·6f75·206d·6179·2072··4.2.1.·You·may·r
00000880:·7472·756e·6361·7465·2c66·7472·756e·6361··truncate,ftrunca00000880:·6575·7365·2074·6869·7320·7275·6c65·2069··euse·this·rule·i
00000890:·7465·202d·4620·6578·6974·3d2d·4541·4343··te·-F·exit=-EACC00000890:·6e20·6469·6666·6572·656e·7420·7072·6f66··n·different·prof
000008a0:·4553·202d·4620·6175·6964·2667·743b·3d31··ES·-F·auid&gt;=1000008a0:·696c·6573·2e20·4966·2079·6f75·2064·6563··iles.·If·you·dec
000008b0:·3030·3020·2d46·2061·7569·6421·3d75·6e73··000·-F·auid!=uns000008b0:·6964·6520·746f·2064·6f20·736f·2c20·6974··ide·to·do·so,·it
000008c0:·6574·202d·4620·6b65·793d·756e·7375·6363··et·-F·key=unsucc000008c0:·2069·7320·7265·636f·6d6d·656e·6465·6420···is·recommended·
000008d0:·6573·7366·756c·2d6d·6f64·6966·6963·6174··essful-modificat000008d0:·7468·6174·2079·6f75·2069·6e73·7065·6374··that·you·inspect
000008e0:·696f·6e0a·2d61·2061·6c77·6179·732c·6578··ion.-a·always,ex000008e0:·2063·6f6e·7465·6e74·7320·6f66·2074·6865···contents·of·the
000008f0:·6974·202d·4620·6172·6368·3d62·3332·202d··it·-F·arch=b32·-000008f0:·2066·696c·6520·636c·6f73·656c·7920·616e···file·closely·an
00000900:·5320·6f70·656e·6174·2c6f·7065·6e5f·6279··S·openat,open_by00000900:·6420·6d61·6b65·2073·7572·6520·7468·6174··d·make·sure·that
00000910:·5f68·616e·646c·655f·6174·202d·4620·6132··_handle_at·-F·a200000910:·2074·6865·7920·6172·6520·616c·6c69·676e···they·are·allign
00000920:·2661·6d70·3b30·3130·3033·202d·4620·6578··&amp;01003·-F·ex00000920:·6564·2077·6974·6820·796f·7572·206e·6565··ed·with·your·nee
00000930:·6974·3d2d·4550·4552·4d20·2d46·2061·7569··it=-EPERM·-F·aui00000930:·6473·2e0a·2020·2020·2020·3c2f·7464·3e0a··ds..······</td>.
00000940:·6426·6774·3b3d·3130·3030·202d·4620·6175··d&gt;=1000·-F·au00000940:·2020·2020·2020·3c74·6420·786d·6c3a·6c61········<td·xml:la
00000950:·6964·213d·756e·7365·7420·2d46·206b·6579··id!=unset·-F·key00000950:·6e67·3d22·656e·2d55·5322·3e0a·2020·2020··ng="en-US">.····
00000960:·3d75·6e73·7563·6365·7373·6675·6c2d·6d6f··=unsuccessful-mo00000960:·2020·2020·556e·7375·6363·6573·7366·756c······Unsuccessful
00000970:·6469·6669·6361·7469·6f6e·0a2d·6120·616c··dification.-a·al00000970:·2061·7474·656d·7074·7320·746f·2061·6363···attempts·to·acc
00000980:·7761·7973·2c65·7869·7420·2d46·2061·7263··ways,exit·-F·arc00000980:·6573·7320·6120·6669·6c65·206d·6967·6874··ess·a·file·might
00000990:·683d·6236·3420·2d53·206f·7065·6e61·742c··h=b64·-S·openat,00000990:·2062·6520·7369·676e·7320·6f66·206d·616c···be·signs·of·mal
000009a0:·6f70·656e·5f62·795f·6861·6e64·6c65·5f61··open_by_handle_a000009a0:·6963·696f·7573·2061·6374·6976·6974·7920··icious·activity·
000009b0:·7420·2d46·2061·3226·616d·703b·3031·3030··t·-F·a2&amp;0100000009b0:·6861·7070·656e·696e·6720·7769·7468·696e··happening·within
000009c0:·3320·2d46·2065·7869·743d·2d45·5045·524d··3·-F·exit=-EPERM000009c0:·2074·6865·2073·7973·7465·6d2e·2041·7564···the·system.·Aud
000009d0:·202d·4620·6175·6964·2667·743b·3d31·3030···-F·auid&gt;=100000009d0:·6974·696e·6720·6f66·2073·7563·6820·6163··iting·of·such·ac
000009e0:·3020·2d46·2061·7569·6421·3d75·6e73·6574··0·-F·auid!=unset000009e0:·7469·7669·7469·6573·2068·656c·7073·2069··tivities·helps·i
000009f0:·202d·4620·6b65·793d·756e·7375·6363·6573···-F·key=unsucces000009f0:·6e20·7468·6569·7220·6d6f·6e69·746f·7269··n·their·monitori
00000a00:·7366·756c·2d6d·6f64·6966·6963·6174·696f··sful-modificatio00000a00:·6e67·2061·6e64·2069·6e76·6573·7469·6761··ng·and·investiga
00000a10:·6e0a·2d61·2061·6c77·6179·732c·6578·6974··n.-a·always,exit00000a10:·7469·6f6e·2e0a·2020·2020·2020·3c2f·7464··tion..······</td
00000a20:·202d·4620·6172·6368·3d62·3332·202d·5320···-F·arch=b32·-S·00000a20:·3e0a·2020·2020·3c2f·7472·3e0a·2020·2020··>.····</tr>.····
00000a30:·6f70·656e·202d·4620·6131·2661·6d70·3b30··open·-F·a1&amp;000000a30:·3c74·723e·0a20·2020·2020·203c·7464·3e41··<tr>.······<td>A
00000a40:·3130·3033·202d·4620·6578·6974·3d2d·4550··1003·-F·exit=-EP00000a40:·552d·3228·6429·3c62·722f·3e41·552d·3132··U-2(d)<br/>AU-12
00000a50:·4552·4d20·2d46·2061·7569·6426·6774·3b3d··ERM·-F·auid&gt;=00000a50:·2863·293c·6272·2f3e·434d·2d36·2861·293c··(c)<br/>CM-6(a)<
00000a60:·3130·3030·202d·4620·6175·6964·213d·756e··1000·-F·auid!=un00000a60:·2f74·643e·0a20·2020·2020·203c·7464·3e52··/td>.······<td>R
00000a70:·7365·7420·2d46·206b·6579·3d75·6e73·7563··set·-F·key=unsuc00000a70:·6563·6f72·6420·556e·7375·6363·6573·7366··ecord·Unsuccessf
00000a80:·6365·7373·6675·6c2d·6d6f·6469·6669·6361··cessful-modifica00000a80:·756c·2050·6572·6d69·7373·696f·6e20·4368··ul·Permission·Ch
00000a90:·7469·6f6e·0a2d·6120·616c·7761·7973·2c65··tion.-a·always,e00000a90:·616e·6765·7320·746f·2046·696c·6573·202d··anges·to·Files·-
00000aa0:·7869·7420·2d46·2061·7263·683d·6236·3420··xit·-F·arch=b64·00000aa0:·2073·6574·7861·7474·723c·2f74·643e·0a20···setxattr</td>.·
00000ab0:·2d53·206f·7065·6e20·2d46·2061·3126·616d··-S·open·-F·a1&am00000ab0:·2020·2020·203c·7464·2078·6d6c·3a6c·616e·······<td·xml:lan
00000ac0:·703b·3031·3030·3320·2d46·2065·7869·743d··p;01003·-F·exit=00000ac0:·673d·2265·6e2d·5553·223e·0a20·2020·2020··g="en-US">.·····
00000ad0:·2d45·5045·524d·202d·4620·6175·6964·2667··-EPERM·-F·auid&g00000ad0:·2020·2054·6865·2061·7564·6974·2073·7973·····The·audit·sys
00000ae0:·743b·3d31·3030·3020·2d46·2061·7569·6421··t;=1000·-F·auid!00000ae0:·7465·6d20·7368·6f75·6c64·2063·6f6c·6c65··tem·should·colle
00000af0:·3d75·6e73·6574·202d·4620·6b65·793d·756e··=unset·-F·key=un00000af0:·6374·2075·6e73·7563·6365·7373·6675·6c20··ct·unsuccessful·
00000b00:·7375·6363·6573·7366·756c·2d6d·6f64·6966··successful-modif00000b00:·6669·6c65·2070·6572·6d69·7373·696f·6e20··file·permission·
00000b10:·6963·6174·696f·6e0a·2d61·2061·6c77·6179··ication.-a·alway00000b10:·6368·616e·6765·0a61·7474·656d·7074·7320··change.attempts·
00000b20:·732c·6578·6974·202d·4620·6172·6368·3d62··s,exit·-F·arch=b00000b20:·666f·7220·616c·6c20·7573·6572·7320·616e··for·all·users·an
00000b30:·3332·202d·5320·7472·756e·6361·7465·2c66··32·-S·truncate,f00000b30:·6420·726f·6f74·2e0a·4966·2074·6865·203c··d·root..If·the·<
00000b40:·7472·756e·6361·7465·202d·4620·6578·6974··truncate·-F·exit00000b40:·7474·3e61·7564·6974·643c·2f74·743e·2064··tt>auditd</tt>·d
00000b50:·3d2d·4550·4552·4d20·2d46·2061·7569·6426··=-EPERM·-F·auid&00000b50:·6165·6d6f·6e20·6973·2063·6f6e·6669·6775··aemon·is·configu
00000b60:·6774·3b3d·3130·3030·202d·4620·6175·6964··gt;=1000·-F·auid00000b60:·7265·640a·746f·2075·7365·2074·6865·203c··red.to·use·the·<
00000b70:·213d·756e·7365·7420·2d46·206b·6579·3d75··!=unset·-F·key=u00000b70:·7474·3e61·7567·656e·7275·6c65·733c·2f74··tt>augenrules</t
00000b80:·6e73·7563·6365·7373·6675·6c2d·6d6f·6469··nsuccessful-modi00000b80:·743e·2070·726f·6772·616d·2074·6f20·7265··t>·program·to·re
00000b90:·6669·6361·7469·6f6e·0a2d·6120·616c·7761··fication.-a·alwa00000b90:·6164·2061·7564·6974·2072·756c·6573·2064··ad·audit·rules·d
00000ba0:·7973·2c65·7869·7420·2d46·2061·7263·683d··ys,exit·-F·arch=00000ba0:·7572·696e·6720·6461·656d·6f6e·0a73·7461··uring·daemon.sta
00000bb0:·6236·3420·2d53·2074·7275·6e63·6174·652c··b64·-S·truncate,00000bb0:·7274·7570·2028·7468·6520·6465·6661·756c··rtup·(the·defaul
00000bc0:·6674·7275·6e63·6174·6520·2d46·2065·7869··ftruncate·-F·exi00000bc0:·7429·2c20·6164·6420·7468·6520·666f·6c6c··t),·add·the·foll
00000bd0:·743d·2d45·5045·524d·202d·4620·6175·6964··t=-EPERM·-F·auid00000bd0:·6f77·696e·6720·6c69·6e65·7320·746f·2061··owing·lines·to·a
00000be0:·2667·743b·3d31·3030·3020·2d46·2061·7569··&gt;=1000·-F·aui00000be0:·2066·696c·6520·7769·7468·2073·7566·6669···file·with·suffi
00000bf0:·6421·3d75·6e73·6574·202d·4620·6b65·793d··d!=unset·-F·key=00000bf0:·780a·3c74·743e·2e72·756c·6573·3c2f·7474··x.<tt>.rules</tt
00000c00:·756e·7375·6363·6573·7366·756c·2d6d·6f64··unsuccessful-mod00000c00:·3e20·696e·2074·6865·2064·6972·6563·746f··>·in·the·directo
00000c10:·6966·6963·6174·696f·6e20·2020·203c·2f70··ification····</p00000c10:·7279·203c·7474·3e2f·6574·632f·6175·6469··ry·<tt>/etc/audi
Max diff block lines reached; 7173773/7874701 bytes (91.10%) of diff not shown.
9.74 MB
html2text {}
Max HTML report size reached
3.59 MB
./usr/share/doc/ssg-nondebian/table-rhel8-anssirefs.html
    
Offset 64, 280 lines modifiedOffset 64, 280 lines modified
000003f0:·3c74·683e·5275·6c65·2054·6974·6c65·3c2f··<th>Rule·Title</000003f0:·3c74·683e·5275·6c65·2054·6974·6c65·3c2f··<th>Rule·Title</
00000400:·7468·3e0a·2020·2020·3c74·683e·4465·7363··th>.····<th>Desc00000400:·7468·3e0a·2020·2020·3c74·683e·4465·7363··th>.····<th>Desc
00000410:·7269·7074·696f·6e3c·2f74·683e·0a20·2020··ription</th>.···00000410:·7269·7074·696f·6e3c·2f74·683e·0a20·2020··ription</th>.···
00000420:·203c·7468·3e52·6174·696f·6e61·6c65·3c2f···<th>Rationale</00000420:·203c·7468·3e52·6174·696f·6e61·6c65·3c2f···<th>Rationale</
00000430:·7468·3e0a·2020·3c2f·7468·6561·643e·0a20··th>.··</thead>.·00000430:·7468·3e0a·2020·3c2f·7468·6561·643e·0a20··th>.··</thead>.·
00000440:·203c·7462·6f64·793e·0a20·203c·7472·3e0a···<tbody>.··<tr>.00000440:·203c·7462·6f64·793e·0a20·203c·7472·3e0a···<tbody>.··<tr>.
00000450:·2020·2020·2020·3c74·643e·5231·3c2f·7464········<td>R1</td00000450:·2020·2020·2020·3c74·643e·5231·3c2f·7464········<td>R1</td
00000460:·3e0a·2020·2020·2020·3c74·643e·496e·7374··>.······<td>Inst 
00000470:·616c·6c20·5041·4520·4b65·726e·656c·206f··all·PAE·Kernel·o 
00000480:·6e20·5375·7070·6f72·7465·6420·3332·2d62··n·Supported·32-b 
00000490:·6974·2078·3836·2053·7973·7465·6d73·3c2f··it·x86·Systems</ 
000004a0:·7464·3e0a·2020·2020·2020·3c74·6420·786d··td>.······<td·xm 
000004b0:·6c3a·6c61·6e67·3d22·656e·2d55·5322·3e0a··l:lang="en-US">. 
000004c0:·2020·2020·2020·2020·5379·7374·656d·7320··········Systems· 
000004d0:·7468·6174·2061·7265·2075·7369·6e67·2074··that·are·using·t 
000004e0:·6865·2036·342d·6269·7420·7838·3620·6b65··he·64-bit·x86·ke 
000004f0:·726e·656c·2070·6163·6b61·6765·0a64·6f20··rnel·package.do· 
00000500:·6e6f·7420·6e65·6564·2074·6f20·696e·7374··not·need·to·inst 
00000510:·616c·6c20·7468·6520·6b65·726e·656c·2d50··all·the·kernel-P 
00000520:·4145·2070·6163·6b61·6765·2062·6563·6175··AE·package·becau 
00000530:·7365·2074·6865·2036·342d·6269·740a·7838··se·the·64-bit.x8 
00000540:·3620·6b65·726e·656c·2061·6c72·6561·6479··6·kernel·already 
00000550:·2069·6e63·6c75·6465·7320·7468·6973·2073···includes·this·s 
00000560:·7570·706f·7274·2e20·486f·7765·7665·722c··upport.·However, 
00000570:·2069·6620·7468·6520·7379·7374·656d·2069···if·the·system·i 
00000580:·730a·3332·2d62·6974·2061·6e64·2061·6c73··s.32-bit·and·als 
00000590:·6f20·7375·7070·6f72·7473·2074·6865·2050··o·supports·the·P 
000005a0:·4145·2061·6e64·204e·5820·6665·6174·7572··AE·and·NX·featur 
000005b0:·6573·2061·730a·6465·7465·726d·696e·6564··es·as.determined 
000005c0:·2069·6e20·7468·6520·7072·6576·696f·7573···in·the·previous 
000005d0:·2073·6563·7469·6f6e·2c20·7468·6520·6b65···section,·the·ke 
000005e0:·726e·656c·2d50·4145·2070·6163·6b61·6765··rnel-PAE·package 
000005f0:·2073·686f·756c·640a·6265·2069·6e73·7461···should.be·insta 
00000600:·6c6c·6564·2074·6f20·656e·6162·6c65·2058··lled·to·enable·X 
00000610:·4420·6f72·204e·5820·7375·7070·6f72·742e··D·or·NX·support. 
00000620:·0a54·6865·203c·636f·6465·3e6b·6572·6e65··.The·<code>kerne 
00000630:·6c2d·5041·453c·2f63·6f64·653e·2070·6163··l-PAE</code>·pac 
00000640:·6b61·6765·2063·616e·2062·6520·696e·7374··kage·can·be·inst 
00000650:·616c·6c65·6420·7769·7468·2074·6865·2066··alled·with·the·f 
00000660:·6f6c·6c6f·7769·6e67·2063·6f6d·6d61·6e64··ollowing·command 
00000670:·3a0a·3c70·7265·3e0a·2420·7375·646f·2079··:.<pre>.$·sudo·y 
00000680:·756d·2069·6e73·7461·6c6c·206b·6572·6e65··um·install·kerne 
00000690:·6c2d·5041·453c·2f70·7265·3e0a·5468·6520··l-PAE</pre>.The· 
000006a0:·696e·7374·616c·6c61·7469·6f6e·2070·726f··installation·pro 
000006b0:·6365·7373·2073·686f·756c·6420·616c·736f··cess·should·also 
000006c0:·2068·6176·6520·636f·6e66·6967·7572·6564···have·configured 
000006d0:·2074·6865·0a62·6f6f·746c·6f61·6465·7220···the.bootloader· 
000006e0:·746f·206c·6f61·6420·7468·6520·6e65·7720··to·load·the·new· 
000006f0:·6b65·726e·656c·2061·7420·626f·6f74·2e20··kernel·at·boot.· 
00000700:·5665·7269·6679·2074·6869·7320·6166·7465··Verify·this·afte 
00000710:·7220·7265·626f·6f74·0a61·6e64·206d·6f64··r·reboot.and·mod 
00000720:·6966·7920·3c74·743e·2f65·7463·2f64·6566··ify·<tt>/etc/def 
00000730:·6175·6c74·2f67·7275·623c·2f74·743e·2069··ault/grub</tt>·i 
00000740:·6620·6e65·6365·7373·6172·792e·0a20·2020··f·necessary..··· 
00000750:·2020·203c·2f74·643e·0a20·2020·2020·203c·····</td>.······< 
00000760:·7464·2078·6d6c·3a6c·616e·673d·2265·6e2d··td·xml:lang="en- 
00000770:·5553·223e·0a20·2020·2020·2020·204f·6e20··US">.········On· 
00000780:·3332·2d62·6974·2073·7973·7465·6d73·2074··32-bit·systems·t 
00000790:·6861·7420·7375·7070·6f72·7420·7468·6520··hat·support·the· 
000007a0:·5844·206f·7220·4e58·2062·6974·2c20·7468··XD·or·NX·bit,·th 
000007b0:·6520·7665·6e64·6f72·2d73·7570·706c·6965··e·vendor-supplie 
000007c0:·640a·5041·4520·6b65·726e·656c·2069·7320··d.PAE·kernel·is· 
000007d0:·7265·7175·6972·6564·2074·6f20·656e·6162··required·to·enab 
000007e0:·6c65·2065·6974·6865·7220·4578·6563·7574··le·either·Execut 
000007f0:·6520·4469·7361·626c·6520·2858·4429·206f··e·Disable·(XD)·o 
00000800:·7220·4e6f·2045·7865·6375·7465·2028·4e58··r·No·Execute·(NX 
00000810:·2920·7375·7070·6f72·742e·0a20·2020·2020··)·support..····· 
00000820:·203c·2f74·643e·0a20·2020·203c·2f74·723e···</td>.····</tr> 
00000830:·0a20·2020·203c·7472·3e0a·2020·2020·2020··.····<tr>.······ 
00000840:·3c74·643e·5231·3c2f·7464·3e0a·2020·2020··<td>R1</td>.···· 
00000850:·2020·3c74·643e·456e·7375·7265·2053·4d41····<td>Ensure·SMA 
00000860:·5020·6973·206e·6f74·2064·6973·6162·6c65··P·is·not·disable 
00000870:·6420·6475·7269·6e67·2062·6f6f·743c·2f74··d·during·boot</t 
00000880:·643e·0a20·2020·2020·203c·7464·2078·6d6c··d>.······<td·xml 
00000890:·3a6c·616e·673d·2265·6e2d·5553·223e·0a20··:lang="en-US">.· 
000008a0:·2020·2020·2020·2054·6865·2053·4d41·5020·········The·SMAP· 
000008b0:·6973·2075·7365·6420·746f·2070·7265·7665··is·used·to·preve 
000008c0:·6e74·2074·6865·2073·7570·6572·7669·736f··nt·the·superviso 
000008d0:·7220·6d6f·6465·2066·726f·6d20·756e·696e··r·mode·from·unin 
000008e0:·7465·6e74·696f·6e61·6c6c·7920·7265·6164··tentionally·read 
000008f0:·696e·672f·7772·6974·696e·6720·696e·746f··ing/writing·into 
00000900:·0a6d·656d·6f72·7920·7061·6765·7320·696e··.memory·pages·in 
00000910:·2074·6865·2075·7365·7220·7370·6163·652c···the·user·space, 
00000920:·2069·7420·6973·2065·6e61·626c·6564·2062···it·is·enabled·b 
00000930:·7920·6465·6661·756c·7420·7369·6e63·6520··y·default·since· 
00000940:·4c69·6e75·7820·6b65·726e·656c·2033·2e37··Linux·kernel·3.7 
00000950:·2e0a·4275·7420·6974·2063·6f75·6c64·2062··..But·it·could·b 
00000960:·6520·6469·7361·626c·6564·2074·6872·6f75··e·disabled·throu 
00000970:·6768·206b·6572·6e65·6c20·626f·6f74·2070··gh·kernel·boot·p 
00000980:·6172·616d·6574·6572·732e·0a0a·456e·7375··arameters...Ensu 
00000990:·7265·2074·6861·7420·5375·7065·7276·6973··re·that·Supervis 
000009a0:·6f72·204d·6f64·6520·4163·6365·7373·2050··or·Mode·Access·P 
000009b0:·7265·7665·6e74·696f·6e20·2853·4d41·5029··revention·(SMAP) 
000009c0:·2069·7320·6e6f·7420·6469·7361·626c·6564···is·not·disabled 
000009d0:·2062·790a·7468·6520·3c74·743e·6e6f·736d···by.the·<tt>nosm 
000009e0:·6170·3c2f·7474·3e20·626f·6f74·2070·6172··ap</tt>·boot·par 
000009f0:·616d·656e·7465·7220·6f70·7469·6f6e·2e0a··amenter·option.. 
00000a00:·0a43·6865·636b·2074·6861·7420·7468·6520··.Check·that·the· 
00000a10:·6c69·6e65·203c·7072·653e·4752·5542·5f43··line·<pre>GRUB_C 
00000a20:·4d44·4c49·4e45·5f4c·494e·5558·3d22·2e2e··MDLINE_LINUX=".. 
00000a30:·2e22·3c2f·7072·653e·2077·6974·6869·6e20··."</pre>·within· 
00000a40:·3c74·743e·2f65·7463·2f64·6566·6175·6c74··<tt>/etc/default 
00000a50:·2f67·7275·623c·2f74·743e·0a64·6f65·736e··/grub</tt>.doesn 
00000a60:·2774·2063·6f6e·7461·696e·2074·6865·2061··'t·contain·the·a 
00000a70:·7267·756d·656e·7420·3c74·743e·6e6f·736d··rgument·<tt>nosm 
00000a80:·6170·3c2f·7474·3e2e·0a52·756e·2074·6865··ap</tt>..Run·the 
00000a90:·2066·6f6c·6c6f·7769·6e67·2063·6f6d·6d61···following·comma 
00000aa0:·6e64·2074·6f20·7570·6461·7465·2063·6f6d··nd·to·update·com 
00000ab0:·6d61·6e64·206c·696e·6520·666f·7220·616c··mand·line·for·al 
00000ac0:·7265·6164·7920·696e·7374·616c·6c65·6420··ready·installed· 
00000ad0:·6b65·726e·656c·733a·0a3c·7072·653e·2320··kernels:.<pre>#· 
00000ae0:·6772·7562·6279·202d·2d75·7064·6174·652d··grubby·--update- 
00000af0:·6b65·726e·656c·3d41·4c4c·202d·2d72·656d··kernel=ALL·--rem 
00000b00:·6f76·652d·6172·6773·3d22·6e6f·736d·6170··ove-args="nosmap 
00000b10:·223c·2f70·7265·3e0a·2020·2020·2020·3c2f··"</pre>.······</ 
00000b20:·7464·3e0a·2020·2020·2020·3c74·6420·786d··td>.······<td·xm 
00000b30:·6c3a·6c61·6e67·3d22·656e·2d55·5322·3e0a··l:lang="en-US">. 
00000b40:·2020·2020·2020·2020·4469·7361·626c·696e··········Disablin 
00000b50:·6720·534d·4150·2063·616e·2066·6163·696c··g·SMAP·can·facil 
00000b60:·6974·6174·6520·6578·706c·6f69·7461·7469··itate·exploitati 
00000b70:·6f6e·206f·6620·7675·6c6e·6572·6162·696c··on·of·vulnerabil 
00000b80:·6974·6965·7320·6361·7573·6564·2062·7920··ities·caused·by· 
00000b90:·756e·696e·7465·6e64·6564·2061·6363·6573··unintended·acces 
00000ba0:·7320·616e·640a·6d61·6e69·7075·6c61·7469··s·and.manipulati 
00000bb0:·6f6e·206f·6620·6461·7461·2069·6e20·7468··on·of·data·in·th 
00000bc0:·6520·7573·6572·2073·7061·6365·2e0a·2020··e·user·space..·· 
00000bd0:·2020·2020·3c2f·7464·3e0a·2020·2020·3c2f······</td>.····</ 
Max diff block lines reached; 3032829/3069283 bytes (98.81%) of diff not shown.
677 KB
html2text {}
    
Offset 1, 13 lines modifiedOffset 1, 35 lines modified
  
  
1 Rules·with·ANSSI·Reference·in·Guide·to·the·Secure·Configuration·of·Red·Hat1 Rules·with·ANSSI·Reference·in·Guide·to·the·Secure·Configuration·of·Red·Hat
2 Enterprise·Linux·82 Enterprise·Linux·8
  
  
 3 ······························The·SMEP·is·used·to·prevent·the·supervisor
 4 ······························mode·from·executing·user·space·code,·it·is
 5 ······························enabled·by·default·since·Linux·kernel·3.0.
 6 ······························But·it·could·be·disabled·through·kernel·boot
 7 ······························parameters.·Ensure·that·Supervisor·Mode
 8 ······························Execution·Prevention·(SMEP)·is·not·disabled··Disabling·SMEP·can·facilitate
 9 ····Ensure·SMEP·is·not········by·the·nosmep·boot·paramenter·option.·Check··exploitation·of·certain
 10 R1··disabled·during·boot······that·the·line································vulnerabilities·because·it·allows·the
 11 ······························GRUB_CMDLINE_LINUX="..."·····················kernel·to·unintentionally·execute·code
 12 ······························within·/etc/default/grub·doesn't·contain·the·in·less·privileged·memory·space.
 13 ······························argument·nosmep.·Run·the·following·command
 14 ······························to·update·command·line·for·already·installed
 15 ······························kernels:
 16 ······························#·grubby·--update-kernel=ALL·--remove-
 17 ······························args="nosmep"
 18 ···········································································Use·of·a·64-bit·operating·system
 19 ···········································································offers·a·few·advantages,·like·a·larger
 20 ····Prefer·to·use·a·64-bit····Prefer·installation·of·64-bit·operating······address·space·range·for·Address·Space
 21 R1··Operating·System·when·····systems·when·the·CPU·supports·it.············Layout·Randomization·(ASLR)·and
 22 ····supported······························································systematic·presence·of·No·eXecute·and
 23 ···········································································Execute·Disable·(NX/XD)·protection
 24 ···········································································bits.
3 ······························Systems·that·are·using·the·64-bit·x86·kernel25 ······························Systems·that·are·using·the·64-bit·x86·kernel
4 ······························package·do·not·need·to·install·the·kernel-26 ······························package·do·not·need·to·install·the·kernel-
5 ······························PAE·package·because·the·64-bit·x86·kernel27 ······························PAE·package·because·the·64-bit·x86·kernel
6 ······························already·includes·this·support.·However,·if28 ······························already·includes·this·support.·However,·if
7 ······························the·system·is·32-bit·and·also·supports·the29 ······························the·system·is·32-bit·and·also·supports·the
8 ······························PAE·and·NX·features·as·determined·in·the·····On·32-bit·systems·that·support·the·XD30 ······························PAE·and·NX·features·as·determined·in·the·····On·32-bit·systems·that·support·the·XD
9 ····Install·PAE·Kernel·on·····previous·section,·the·kernel-PAE·package·····or·NX·bit,·the·vendor-supplied·PAE31 ····Install·PAE·Kernel·on·····previous·section,·the·kernel-PAE·package·····or·NX·bit,·the·vendor-supplied·PAE
Offset 40, 53 lines modifiedOffset 62, 31 lines modified
40 ······························Advanced·Encryption·Standard·(AES)·or·New····utilizing·encryption·to·protect·data.62 ······························Advanced·Encryption·Standard·(AES)·or·New····utilizing·encryption·to·protect·data.
41 ····Install·the·dracut-fips-··Instructions·(AES-NI)·engine,·the·system·····The·operating·system·must·implement63 ····Install·the·dracut-fips-··Instructions·(AES-NI)·engine,·the·system·····The·operating·system·must·implement
42 R1··aesni·Package·············requires·that·the·dracut-fips-aesni·package··cryptographic·modules·adhering·to·the64 R1··aesni·Package·············requires·that·the·dracut-fips-aesni·package··cryptographic·modules·adhering·to·the
43 ······························be·installed.·The·dracut-fips-aesni·package··higher·standards·approved·by·the65 ······························be·installed.·The·dracut-fips-aesni·package··higher·standards·approved·by·the
44 ······························can·be·installed·with·the·following·command:·federal·government·since·this·provides66 ······························can·be·installed·with·the·following·command:·federal·government·since·this·provides
45 ······························$·sudo·yum·install·dracut-fips-aesni·········assurance·they·have·been·tested·and67 ······························$·sudo·yum·install·dracut-fips-aesni·········assurance·they·have·been·tested·and
46 ···········································································validated.68 ···········································································validated.
47 ······························The·SMEP·is·used·to·prevent·the·supervisor 
48 ······························mode·from·executing·user·space·code,·it·is 
49 ······························enabled·by·default·since·Linux·kernel·3.0. 
50 ······························But·it·could·be·disabled·through·kernel·boot 
51 ······························parameters.·Ensure·that·Supervisor·Mode 
52 ······························Execution·Prevention·(SMEP)·is·not·disabled··Disabling·SMEP·can·facilitate 
53 ····Ensure·SMEP·is·not········by·the·nosmep·boot·paramenter·option.·Check··exploitation·of·certain 
54 R1··disabled·during·boot······that·the·line································vulnerabilities·because·it·allows·the 
55 ······························GRUB_CMDLINE_LINUX="..."·····················kernel·to·unintentionally·execute·code 
56 ······························within·/etc/default/grub·doesn't·contain·the·in·less·privileged·memory·space. 
57 ······························argument·nosmep.·Run·the·following·command 
58 ······························to·update·command·line·for·already·installed 
59 ······························kernels: 
60 ······························#·grubby·--update-kernel=ALL·--remove- 
61 ······························args="nosmep" 
62 ···········································································Use·of·a·64-bit·operating·system 
63 ···········································································offers·a·few·advantages,·like·a·larger 
64 ····Prefer·to·use·a·64-bit····Prefer·installation·of·64-bit·operating······address·space·range·for·Address·Space 
65 R1··Operating·System·when·····systems·when·the·CPU·supports·it.············Layout·Randomization·(ASLR)·and 
66 ····supported······························································systematic·presence·of·No·eXecute·and 
67 ···········································································Execute·Disable·(NX/XD)·protection 
68 ···········································································bits. 
69 ······························The·grub2·boot·loader·should·have·a69 ······························The·grub2·boot·loader·should·have·a
70 ······························superuser·account·and·password·protection70 ······························superuser·account·and·password·protection
71 ······························enabled·to·protect·boot-time·settings.·······Password·protection·on·the·boot·loader71 ······························enabled·to·protect·boot-time·settings.·······Password·protection·on·the·boot·loader
72 ···········································································configuration·ensures·users·with72 ···········································································configuration·ensures·users·with
73 ····Set·the·UEFI·Boot·Loader··Since·plaintext·passwords·are·a·security·····physical·access·cannot·trivially·alter73 ····Set·Boot·Loader·Password··Since·plaintext·passwords·are·a·security·····physical·access·cannot·trivially·alter
74 R5··Password··················risk,·generate·a·hash·for·the·password·by····important·bootloader·settings.·These74 R5··in·grub2··················risk,·generate·a·hash·for·the·password·by····important·bootloader·settings.·These
75 ······························running·the·following·command:···············include·which·kernel·to·use,·and75 ······························running·the·following·command:···············include·which·kernel·to·use,·and
76 ······························#·grub2-setpassword··························whether·to·enter·single-user·mode.76 ······························#·grub2-setpassword··························whether·to·enter·single-user·mode.
77 ······························When·prompted,·enter·the·password·that·was77 ······························When·prompted,·enter·the·password·that·was
78 ······························selected.78 ······························selected.
  
79 ······························The·grub2·boot·loader·should·have·a79 ······························The·grub2·boot·loader·should·have·a
80 ······························superuser·account·and·password·protection80 ······························superuser·account·and·password·protection
81 ······························enabled·to·protect·boot-time·settings.·······Password·protection·on·the·boot·loader81 ······························enabled·to·protect·boot-time·settings.·······Password·protection·on·the·boot·loader
82 ···········································································configuration·ensures·users·with82 ···········································································configuration·ensures·users·with
83 ····Set·Boot·Loader·Password··Since·plaintext·passwords·are·a·security·····physical·access·cannot·trivially·alter83 ····Set·the·UEFI·Boot·Loader··Since·plaintext·passwords·are·a·security·····physical·access·cannot·trivially·alter
84 R5··in·grub2··················risk,·generate·a·hash·for·the·password·by····important·bootloader·settings.·These84 R5··Password··················risk,·generate·a·hash·for·the·password·by····important·bootloader·settings.·These
85 ······························running·the·following·command:···············include·which·kernel·to·use,·and85 ······························running·the·following·command:···············include·which·kernel·to·use,·and
86 ······························#·grub2-setpassword··························whether·to·enter·single-user·mode.86 ······························#·grub2-setpassword··························whether·to·enter·single-user·mode.
87 ······························When·prompted,·enter·the·password·that·was87 ······························When·prompted,·enter·the·password·that·was
88 ······························selected.88 ······························selected.
  
89 ······························On·x86·architecture·supporting·VT-d,·the89 ······························On·x86·architecture·supporting·VT-d,·the
90 ······························IOMMU·manages·the·access·control·policy90 ······························IOMMU·manages·the·access·control·policy
Offset 99, 14 lines modifiedOffset 99, 77 lines modified
99 ······························systems.·Modify·the·line·within·/etc/········hardware·devices.99 ······························systems.·Modify·the·line·within·/etc/········hardware·devices.
100 ······························default/grub·as·shown·below:100 ······························default/grub·as·shown·below:
101 ······························GRUB_CMDLINE_LINUX="...·iommu=force·..."101 ······························GRUB_CMDLINE_LINUX="...·iommu=force·..."
102 ······························Run·the·following·command·to·update·command102 ······························Run·the·following·command·to·update·command
103 ······························line·for·already·installed·kernels:103 ······························line·for·already·installed·kernels:
104 ······························#·grubby·--update-kernel=ALL·--104 ······························#·grubby·--update-kernel=ALL·--
105 ······························args="iommu=force"105 ······························args="iommu=force"
 106 ······························To·enable·poisoning·of·SLUB/SLAB·objects,
 107 ······························add·the·argument·slub_debug=P·to·the·default
 108 ······························GRUB·2·command·line·for·the·Linux·operating··Poisoning·writes·an·arbitrary·value·to
 109 ······························system.·To·ensure·that·slub_debug=P·is·added·freed·objects,·so·any·modification·or
 110 ······························as·a·kernel·command·line·argument·to·newly···reference·to·that·object·after·being
 111 ······························installed·kernels,·add·slub_debug=P·to·the···freed·or·before·being·initialized·will
 112 R8··Enable·SLUB/SLAB··········default·Grub2·command·line·for·Linux·········be·detected·and·prevented.·This
 113 ····allocator·poisoning·······operating·systems.·Modify·the·line·within·/··prevents·many·types·of·use-after-free
 114 ······························etc/default/grub·as·shown·below:·············vulnerabilities·at·little·performance
 115 ······························GRUB_CMDLINE_LINUX="...·slub_debug=P·..."····cost.·Also·prevents·leak·of·data·and
 116 ······························Run·the·following·command·to·update·command··detection·of·corrupted·memory.
 117 ······························line·for·already·installed·kernels:
 118 ······························#·grubby·--update-kernel=ALL·--
 119 ······························args="slub_debug=P"
 120 ······························L1·Terminal·Fault·(L1TF)·is·a·hardware
 121 ······························vulnerability·which·allows·unprivileged
 122 ······························speculative·access·to·data·which·is
 123 ······························available·in·the·Level·1·Data·Cache·when·the
 124 ······························page·table·entry·isn't·present.·Select·the
 125 ······························appropriate·mitigation·by·adding·the
 126 ······························argument·l1tf=flush·to·the·default·GRUB·2
 127 ······························command·line·for·the·Linux·operating·system.
 128 ······························To·ensure·that·l1tf=flush·is·added·as·a······The·L1TF·vulnerability·allows·an
 129 ······························kernel·command·line·argument·to·newly········attacker·to·bypass·memory·access
 130 ····Configure·L1·Terminal·····installed·kernels,·add·l1tf=flush·to·the·····security·controls·imposed·by·the
 131 R8··Fault·mitigations·········default·Grub2·command·line·for·Linux·········system·or·hypervisor.·The·L1TF
 132 ······························operating·systems.·Modify·the·line·within·/··vulnerability·allows·read·access·to
 133 ······························etc/default/grub·as·shown·below:·············any·physical·memory·location·that·is
 134 ······························GRUB_CMDLINE_LINUX="...·l1tf=flush·..."······cached·in·the·L1·Data·Cache.
 135 ······························Run·the·following·command·to·update·command
Max diff block lines reached; 678262/692819 bytes (97.90%) of diff not shown.
1.39 MB
./usr/share/doc/ssg-nondebian/table-rhel8-cisrefs.html
    
Offset 1623, 144 lines modifiedOffset 1623, 144 lines modified
00006560:·6520·7468·6520·7379·7374·656d·2074·6f20··e·the·system·to·00006560:·6520·7468·6520·7379·7374·656d·2074·6f20··e·the·system·to·
00006570:·706f·7465·6e74·6961·6c20·636f·6d70·726f··potential·compro00006570:·706f·7465·6e74·6961·6c20·636f·6d70·726f··potential·compro
00006580:·6d69·7365·2e0a·2020·2020·2020·3c2f·7464··mise..······</td00006580:·6d69·7365·2e0a·2020·2020·2020·3c2f·7464··mise..······</td
00006590:·3e0a·2020·2020·3c2f·7472·3e0a·2020·2020··>.····</tr>.····00006590:·3e0a·2020·2020·3c2f·7472·3e0a·2020·2020··>.····</tr>.····
000065a0:·3c74·723e·0a20·2020·2020·203c·7464·3e31··<tr>.······<td>1000065a0:·3c74·723e·0a20·2020·2020·203c·7464·3e31··<tr>.······<td>1
000065b0:·2e32·2e32·3c2f·7464·3e0a·2020·2020·2020··.2.2</td>.······000065b0:·2e32·2e32·3c2f·7464·3e0a·2020·2020·2020··.2.2</td>.······
000065c0:·3c74·643e·456e·7375·7265·2067·7067·6368··<td>Ensure·gpgch000065c0:·3c74·643e·456e·7375·7265·2067·7067·6368··<td>Ensure·gpgch
000065d0:·6563·6b20·456e·6162·6c65·6420·496e·204d··eck·Enabled·In·M000065d0:·6563·6b20·456e·6162·6c65·6420·666f·7220··eck·Enabled·for·
000065e0:·6169·6e20·7975·6d20·436f·6e66·6967·7572··ain·yum·Configur 
000065f0:·6174·696f·6e3c·2f74·643e·0a20·2020·2020··ation</td>.····· 
00006600:·203c·7464·2078·6d6c·3a6c·616e·673d·2265···<td·xml:lang="e000065e0:·416c·6c20·7975·6d20·5061·636b·6167·6520··All·yum·Package·
 000065f0:·5265·706f·7369·746f·7269·6573·3c2f·7464··Repositories</td
 00006600:·3e0a·2020·2020·2020·3c74·6420·786d·6c3a··>.······<td·xml:
 00006610:·6c61·6e67·3d22·656e·2d55·5322·3e0a·2020··lang="en-US">.··
 00006620:·2020·2020·2020·546f·2065·6e73·7572·6520········To·ensure·
 00006630:·7369·676e·6174·7572·6520·6368·6563·6b69··signature·checki
 00006640:·6e67·2069·7320·6e6f·7420·6469·7361·626c··ng·is·not·disabl
 00006650:·6564·2066·6f72·0a61·6e79·2072·6570·6f73··ed·for.any·repos
 00006660:·2c20·7265·6d6f·7665·2061·6e79·206c·696e··,·remove·any·lin
 00006670:·6573·2066·726f·6d20·6669·6c65·7320·696e··es·from·files·in
 00006680:·203c·7474·3e2f·6574·632f·7975·6d2e·7265···<tt>/etc/yum.re
 00006690:·706f·732e·643c·2f74·743e·206f·6620·7468··pos.d</tt>·of·th
 000066a0:·6520·666f·726d·3a0a·3c70·7265·3e67·7067··e·form:.<pre>gpg
 000066b0:·6368·6563·6b3d·303c·2f70·7265·3e0a·2020··check=0</pre>.··
 000066c0:·2020·2020·3c2f·7464·3e0a·2020·2020·2020······</td>.······
 000066d0:·3c74·6420·786d·6c3a·6c61·6e67·3d22·656e··<td·xml:lang="en
00006610:·6e2d·5553·223e·0a20·2020·2020·2020·2054··n-US">.········T000066e0:·2d55·5322·3e0a·2020·2020·2020·2020·5665··-US">.········Ve
 000066f0:·7269·6679·696e·6720·7468·6520·6175·7468··rifying·the·auth
 00006700:·656e·7469·6369·7479·206f·6620·7468·6520··enticity·of·the·
 00006710:·736f·6674·7761·7265·2070·7269·6f72·2074··software·prior·t
00006620:·6865·203c·7474·3e67·7067·6368·6563·6b3c··he·<tt>gpgcheck< 
00006630:·2f74·743e·206f·7074·696f·6e20·636f·6e74··/tt>·option·cont 
00006640:·726f·6c73·2077·6865·7468·6572·0a52·504d··rols·whether.RPM 
00006650:·2070·6163·6b61·6765·7327·2073·6967·6e61···packages'·signa 
00006660:·7475·7265·7320·6172·6520·616c·7761·7973··tures·are·always 
00006670:·2063·6865·636b·6564·2070·7269·6f72·2074···checked·prior·t 
00006680:·6f20·696e·7374·616c·6c61·7469·6f6e·2e0a··o·installation..00006720:·6f20·696e·7374·616c·6c61·7469·6f6e·2076··o·installation·v
00006690:·546f·2063·6f6e·6669·6775·7265·2079·756d··To·configure·yum 
000066a0:·2074·6f20·6368·6563·6b20·7061·636b·6167···to·check·packag 
000066b0:·6520·7369·676e·6174·7572·6573·2062·6566··e·signatures·bef 
000066c0:·6f72·6520·696e·7374·616c·6c69·6e67·0a74··ore·installing.t 
000066d0:·6865·6d2c·2065·6e73·7572·6520·7468·6520··hem,·ensure·the· 
000066e0:·666f·6c6c·6f77·696e·6720·6c69·6e65·2061··following·line·a 
000066f0:·7070·6561·7273·2069·6e20·3c74·743e·2f65··ppears·in·<tt>/e 
00006700:·7463·2f79·756d·2e63·6f6e·663c·2f74·743e··tc/yum.conf</tt> 
00006710:·2069·6e0a·7468·6520·3c74·743e·5b6d·6169···in.the·<tt>[mai 
00006720:·6e5d·3c2f·7474·3e20·7365·6374·696f·6e3a··n]</tt>·section: 
00006730:·0a3c·7072·653e·6770·6763·6865·636b·3d31··.<pre>gpgcheck=1 
00006740:·3c2f·7072·653e·0a20·2020·2020·203c·2f74··</pre>.······</t 
00006750:·643e·0a20·2020·2020·203c·7464·2078·6d6c··d>.······<td·xml 
00006760:·3a6c·616e·673d·2265·6e2d·5553·223e·0a20··:lang="en-US">.· 
00006770:·2020·2020·2020·2043·6861·6e67·6573·2074·········Changes·t 
00006780:·6f20·616e·7920·736f·6674·7761·7265·2063··o·any·software·c 
00006790:·6f6d·706f·6e65·6e74·7320·6361·6e20·6861··omponents·can·ha 
000067a0:·7665·2073·6967·6e69·6669·6361·6e74·2065··ve·significant·e 
000067b0:·6666·6563·7473·206f·6e20·7468·650a·6f76··ffects·on·the.ov 
000067c0:·6572·616c·6c20·7365·6375·7269·7479·206f··erall·security·o 
000067d0:·6620·7468·6520·6f70·6572·6174·696e·6720··f·the·operating· 
000067e0:·7379·7374·656d·2e20·5468·6973·2072·6571··system.·This·req 
000067f0:·7569·7265·6d65·6e74·2065·6e73·7572·6573··uirement·ensures 
00006800:·2074·6865·0a73·6f66·7477·6172·6520·6861···the.software·ha 
00006810:·7320·6e6f·7420·6265·656e·2074·616d·7065··s·not·been·tampe 
00006820:·7265·6420·7769·7468·2061·6e64·2074·6861··red·with·and·tha 
00006830:·7420·6974·2068·6173·2062·6565·6e20·7072··t·it·has·been·pr 
00006840:·6f76·6964·6564·2062·7920·610a·7472·7573··ovided·by·a.trus 
00006850:·7465·6420·7665·6e64·6f72·2e0a·3c62·7220··ted·vendor..<br· 
00006860:·2f3e·0a41·6363·6f72·6469·6e67·6c79·2c20··/>.Accordingly,· 
00006870:·7061·7463·6865·732c·2073·6572·7669·6365··patches,·service 
00006880:·2070·6163·6b73·2c20·6465·7669·6365·2064···packs,·device·d 
00006890:·7269·7665·7273·2c20·6f72·206f·7065·7261··rivers,·or·opera 
000068a0:·7469·6e67·2073·7973·7465·6d0a·636f·6d70··ting·system.comp 
000068b0:·6f6e·656e·7473·206d·7573·7420·6265·2073··onents·must·be·s 
000068c0:·6967·6e65·6420·7769·7468·2061·2063·6572··igned·with·a·cer 
000068d0:·7469·6669·6361·7465·2072·6563·6f67·6e69··tificate·recogni 
000068e0:·7a65·6420·616e·6420·6170·7072·6f76·6564··zed·and·approved 
000068f0:·2062·7920·7468·650a·6f72·6761·6e69·7a61···by·the.organiza 
00006900:·7469·6f6e·2e0a·3c62·7220·2f3e·5665·7269··tion..<br·/>Veri 
00006910:·6679·696e·6720·7468·6520·6175·7468·656e··fying·the·authen 
00006920:·7469·6369·7479·206f·6620·7468·6520·736f··ticity·of·the·so 
00006930:·6674·7761·7265·2070·7269·6f72·2074·6f20··ftware·prior·to· 
00006940:·696e·7374·616c·6c61·7469·6f6e·0a76·616c··installation.val 
00006950:·6964·6174·6573·2074·6865·2069·6e74·6567··idates·the·integ 
00006960:·7269·7479·206f·6620·7468·6520·7061·7463··rity·of·the·patc 
00006970:·6820·6f72·2075·7067·7261·6465·2072·6563··h·or·upgrade·rec 
00006980:·6569·7665·6420·6672·6f6d·2061·2076·656e··eived·from·a·ven 
00006990:·646f·722e·0a54·6869·7320·656e·7375·7265··dor..This·ensure 
000069a0:·7320·7468·6520·736f·6674·7761·7265·2068··s·the·software·h 
000069b0:·6173·206e·6f74·2062·6565·6e20·7461·6d70··as·not·been·tamp 
000069c0:·6572·6564·2077·6974·6820·616e·6420·7468··ered·with·and·th 
000069d0:·6174·2069·7420·6861·7320·6265·656e·0a70··at·it·has·been.p 
000069e0:·726f·7669·6465·6420·6279·2061·2074·7275··rovided·by·a·tru 
000069f0:·7374·6564·2076·656e·646f·722e·2053·656c··sted·vendor.·Sel 
00006a00:·662d·7369·676e·6564·2063·6572·7469·6669··f-signed·certifi 
00006a10:·6361·7465·7320·6172·6520·6469·7361·6c6c··cates·are·disall 
00006a20:·6f77·6564·2062·790a·7468·6973·2072·6571··owed·by.this·req 
00006a30:·7569·7265·6d65·6e74·2e20·4365·7274·6966··uirement.·Certif 
00006a40:·6963·6174·6573·2075·7365·6420·746f·2076··icates·used·to·v 
00006a50:·6572·6966·7920·7468·6520·736f·6674·7761··erify·the·softwa 
00006a60:·7265·206d·7573·7420·6265·2066·726f·6d20··re·must·be·from· 
00006a70:·616e·0a61·7070·726f·7665·6420·4365·7274··an.approved·Cert 
00006a80:·6966·6963·6174·6520·4175·7468·6f72·6974··ificate·Authorit 
00006a90:·7920·2843·4129·2e0a·2020·2020·2020·3c2f··y·(CA)..······</ 
00006aa0:·7464·3e0a·2020·2020·3c2f·7472·3e0a·2020··td>.····</tr>.·· 
00006ab0:·2020·3c74·723e·0a20·2020·2020·203c·7464····<tr>.······<td 
00006ac0:·3e31·2e32·2e32·3c2f·7464·3e0a·2020·2020··>1.2.2</td>.···· 
00006ad0:·2020·3c74·643e·456e·7375·7265·2067·7067····<td>Ensure·gpg 
00006ae0:·6368·6563·6b20·456e·6162·6c65·6420·666f··check·Enabled·fo 
00006af0:·7220·416c·6c20·7975·6d20·5061·636b·6167··r·All·yum·Packag 
00006b00:·6520·5265·706f·7369·746f·7269·6573·3c2f··e·Repositories</ 
00006b10:·7464·3e0a·2020·2020·2020·3c74·6420·786d··td>.······<td·xm 
00006b20:·6c3a·6c61·6e67·3d22·656e·2d55·5322·3e0a··l:lang="en-US">. 
00006b30:·2020·2020·2020·2020·546f·2065·6e73·7572··········To·ensur 
00006b40:·6520·7369·676e·6174·7572·6520·6368·6563··e·signature·chec 
00006b50:·6b69·6e67·2069·7320·6e6f·7420·6469·7361··king·is·not·disa 
00006b60:·626c·6564·2066·6f72·0a61·6e79·2072·6570··bled·for.any·rep 
00006b70:·6f73·2c20·7265·6d6f·7665·2061·6e79·206c··os,·remove·any·l 
00006b80:·696e·6573·2066·726f·6d20·6669·6c65·7320··ines·from·files· 
00006b90:·696e·203c·7474·3e2f·6574·632f·7975·6d2e··in·<tt>/etc/yum. 
00006ba0:·7265·706f·732e·643c·2f74·743e·206f·6620··repos.d</tt>·of· 
00006bb0:·7468·6520·666f·726d·3a0a·3c70·7265·3e67··the·form:.<pre>g 
00006bc0:·7067·6368·6563·6b3d·303c·2f70·7265·3e0a··pgcheck=0</pre>. 
00006bd0:·2020·2020·2020·3c2f·7464·3e0a·2020·2020········</td>.···· 
00006be0:·2020·3c74·6420·786d·6c3a·6c61·6e67·3d22····<td·xml:lang=" 
00006bf0:·656e·2d55·5322·3e0a·2020·2020·2020·2020··en-US">.········ 
00006c00:·5665·7269·6679·696e·6720·7468·6520·6175··Verifying·the·au 
00006c10:·7468·656e·7469·6369·7479·206f·6620·7468··thenticity·of·th 
00006c20:·6520·736f·6674·7761·7265·2070·7269·6f72··e·software·prior 
Max diff block lines reached; 1113045/1130735 bytes (98.44%) of diff not shown.
324 KB
html2text {}
    
Offset 367, 14 lines modifiedOffset 367, 37 lines modified
367 ··················Add·noexec·Option···binaries·from·being·executed·out·of·/var/log/audit.····files·such·as·/var/367 ··················Add·noexec·Option···binaries·from·being·executed·out·of·/var/log/audit.····files·such·as·/var/
368 1.1.2.7.4·········to·/var/log/audit···Add·the·noexec·option·to·the·fourth·column·of·/etc/····log/audit·should368 1.1.2.7.4·········to·/var/log/audit···Add·the·noexec·option·to·the·fourth·column·of·/etc/····log/audit·should
369 ······································fstab·for·the·line·which·controls·mounting·of·/var/····never·be·necessary369 ······································fstab·for·the·line·which·controls·mounting·of·/var/····never·be·necessary
370 ······································log/audit.·············································in·normal·operation370 ······································log/audit.·············································in·normal·operation
371 ·····························································································and·can·expose·the371 ·····························································································and·can·expose·the
372 ·····························································································system·to·potential372 ·····························································································system·to·potential
373 ·····························································································compromise.373 ·····························································································compromise.
 374 ·····························································································Verifying·the
 375 ·····························································································authenticity·of·the
 376 ·····························································································software·prior·to
 377 ·····························································································installation
 378 ·····························································································validates·the
 379 ·····························································································integrity·of·the
 380 ·····························································································patch·or·upgrade
 381 ·····························································································received·from·a
 382 ·····························································································vendor.·This·ensures
 383 ··················Ensure·gpgcheck·····To·ensure·signature·checking·is·not·disabled·for·any···the·software·has·not
 384 ··················Enabled·for·All·yum·repos,·remove·any·lines·from·files·in·/etc/yum.repos.d·been·tampered·with
 385 1.2.2·············Package·············of·the·form:···········································and·that·it·has·been
 386 ··················Repositories········gpgcheck=0·············································provided·by·a
 387 ·····························································································trusted·vendor.
 388 ·····························································································Self-signed
 389 ·····························································································certificates·are
 390 ·····························································································disallowed·by·this
 391 ·····························································································requirement.
 392 ·····························································································Certificates·used·to
 393 ·····························································································verify·the·software
 394 ·····························································································must·be·from·an
 395 ·····························································································approved·Certificate
 396 ·····························································································Authority·(CA)."
374 ·····························································································Changes·to·any397 ·····························································································Changes·to·any
375 ·····························································································software·components398 ·····························································································software·components
376 ·····························································································can·have·significant399 ·····························································································can·have·significant
377 ·····························································································effects·on·the400 ·····························································································effects·on·the
378 ·····························································································overall·security·of401 ·····························································································overall·security·of
379 ·····························································································the·operating402 ·····························································································the·operating
380 ·····························································································system.·This403 ·····························································································system.·This
Offset 414, 159 lines modifiedOffset 437, 136 lines modified
414 ·····························································································disallowed·by·this437 ·····························································································disallowed·by·this
415 ·····························································································requirement.438 ·····························································································requirement.
416 ·····························································································Certificates·used·to439 ·····························································································Certificates·used·to
417 ·····························································································verify·the·software440 ·····························································································verify·the·software
418 ·····························································································must·be·from·an441 ·····························································································must·be·from·an
419 ·····························································································approved·Certificate442 ·····························································································approved·Certificate
420 ·····························································································Authority·(CA).443 ·····························································································Authority·(CA).
421 ·····························································································Verifying·the 
422 ·····························································································authenticity·of·the 
423 ·····························································································software·prior·to 
424 ·····························································································installation 
425 ·····························································································validates·the 
426 ·····························································································integrity·of·the 
427 ·····························································································patch·or·upgrade 
428 ·····························································································received·from·a 
429 ·····························································································vendor.·This·ensures 
430 ··················Ensure·gpgcheck·····To·ensure·signature·checking·is·not·disabled·for·any···the·software·has·not 
431 ··················Enabled·for·All·yum·repos,·remove·any·lines·from·files·in·/etc/yum.repos.d·been·tampered·with 
432 1.2.2·············Package·············of·the·form:···········································and·that·it·has·been 
433 ··················Repositories········gpgcheck=0·············································provided·by·a 
434 ·····························································································trusted·vendor. 
435 ·····························································································Self-signed 
436 ·····························································································certificates·are 
437 ·····························································································disallowed·by·this 
438 ·····························································································requirement. 
439 ·····························································································Certificates·used·to 
440 ·····························································································verify·the·software 
441 ·····························································································must·be·from·an 
442 ·····························································································approved·Certificate 
443 ·····························································································Authority·(CA)." 
444 ·····························································································Password·protection444 ·····························································································Password·protection
445 ······································The·grub2·boot·loader·should·have·a·superuser·account··on·the·boot·loader445 ······································The·grub2·boot·loader·should·have·a·superuser·account··on·the·boot·loader
446 ······································and·password·protection·enabled·to·protect·boot-time···configuration446 ······································and·password·protection·enabled·to·protect·boot-time···configuration
447 ······································settings.··············································ensures·users·with447 ······································settings.··············································ensures·users·with
448 ·····························································································physical·access448 ·····························································································physical·access
449 1.3.1·············Set·the·UEFI·Boot···Since·plaintext·passwords·are·a·security·risk,·········cannot·trivially449 1.3.1·············Set·Boot·Loader·····Since·plaintext·passwords·are·a·security·risk,·········cannot·trivially
450 ··················Loader·Password·····generate·a·hash·for·the·password·by·running·the········alter·important450 ··················Password·in·grub2···generate·a·hash·for·the·password·by·running·the········alter·important
451 ······································following·command:·····································bootloader·settings.451 ······································following·command:·····································bootloader·settings.
452 ······································#·grub2-setpassword····································These·include·which452 ······································#·grub2-setpassword····································These·include·which
453 ······································When·prompted,·enter·the·password·that·was·selected.···kernel·to·use,·and453 ······································When·prompted,·enter·the·password·that·was·selected.···kernel·to·use,·and
454 ·····························································································whether·to·enter454 ·····························································································whether·to·enter
455 ·····························································································single-user·mode.455 ·····························································································single-user·mode.
456 ·····························································································Password·protection456 ·····························································································Password·protection
457 ······································The·grub2·boot·loader·should·have·a·superuser·account··on·the·boot·loader457 ······································The·grub2·boot·loader·should·have·a·superuser·account··on·the·boot·loader
458 ······································and·password·protection·enabled·to·protect·boot-time···configuration458 ······································and·password·protection·enabled·to·protect·boot-time···configuration
459 ······································settings.··············································ensures·users·with459 ······································settings.··············································ensures·users·with
460 ·····························································································physical·access460 ·····························································································physical·access
461 1.3.1·············Set·Boot·Loader·····Since·plaintext·passwords·are·a·security·risk,·········cannot·trivially461 1.3.1·············Set·the·UEFI·Boot···Since·plaintext·passwords·are·a·security·risk,·········cannot·trivially
462 ··················Password·in·grub2···generate·a·hash·for·the·password·by·running·the········alter·important462 ··················Loader·Password·····generate·a·hash·for·the·password·by·running·the········alter·important
463 ······································following·command:·····································bootloader·settings.463 ······································following·command:·····································bootloader·settings.
464 ······································#·grub2-setpassword····································These·include·which464 ······································#·grub2-setpassword····································These·include·which
465 ······································When·prompted,·enter·the·password·that·was·selected.···kernel·to·use,·and465 ······································When·prompted,·enter·the·password·that·was·selected.···kernel·to·use,·and
466 ·····························································································whether·to·enter466 ·····························································································whether·to·enter
467 ·····························································································single-user·mode.467 ·····························································································single-user·mode.
468 ·····························································································The·root·group·is·a468 ·····························································································Only·root·should·be
469 ·····························································································highly-privileged 
470 ·····························································································group.·Furthermore, 
471 ·····························································································the·group-owner·of 
472 ·····························································································this·file·should·not 
473 ······································The·file·/boot/grub2/user.cfg·should·be·group-owned·by·have·any·access 
474 ··················Verify·/boot/grub2/·the·root·group·to·prevent·reading·or·modification·of···privileges·anyway. 
475 1.3.2·············user.cfg·Group······the·file.·To·properly·set·the·group·owner·of·/boot/····Non-root·users·who 
476 ··················Ownership···········grub2/user.cfg,·run·the·command:·······················read·the·boot 
477 ······································$·sudo·chgrp·root·/boot/grub2/user.cfg·················parameters·may·be 
478 ·····························································································able·to·identify469 ·····························································································able·to·modify
 470 ·····························································································important·boot
 471 ······································The·file·/boot/grub2/user.cfg·should·be·owned·by·the···parameters.·Also,
 472 ··················Verify·/boot/grub2/·root·user·to·prevent·reading·or·modification·of·the····non-root·users·who
 473 1.3.2·············user.cfg·User·······file.·To·properly·set·the·owner·of·/boot/grub2/········read·the·boot
 474 ··················Ownership···········user.cfg,·run·the·command:·····························parameters·may·be
 475 ······································$·sudo·chown·root·/boot/grub2/user.cfg·················able·to·identify
479 ·····························································································weaknesses·in476 ·····························································································weaknesses·in
480 ·····························································································security·upon·boot477 ·····························································································security·upon·boot
481 ·····························································································and·be·able·to478 ·····························································································and·be·able·to
482 ·····························································································exploit·them.479 ·····························································································exploit·them.
483 ·····························································································The·root·group·is·a480 ·····························································································The·root·group·is·a
 481 ······································The·file·/boot/grub2/grub.cfg·should·be·group-owned·by·highly-privileged
 482 ··················Verify·/boot/grub2/·the·root·group·to·prevent·destruction·or·modification··group.·Furthermore,
 483 1.3.2·············grub.cfg·Group······of·the·file.·To·properly·set·the·group·owner·of·/boot/·the·group-owner·of
 484 ··················Ownership···········grub2/grub.cfg,·run·the·command:·······················this·file·should·not
 485 ······································$·sudo·chgrp·root·/boot/grub2/grub.cfg·················have·any·access
 486 ·····························································································privileges·anyway.
 487 ······································File·permissions·for·/boot/efi/EFI/redhat/user.cfg·····Proper·permissions
 488 ··················Verify·/boot/efi/···should·be·set·to·600.·To·properly·set·the·permissions··ensure·that·only·the
 489 1.3.2·············EFI/redhat/user.cfg·of·/boot/efi/EFI/redhat/user.cfg,·run·the·command:·····root·user·can·read
 490 ··················Permissions·········$·sudo·chmod·600·/boot/efi/EFI/redhat/user.cfg·········or·modify·important
 491 ·····························································································boot·parameters.
 492 ··················Verify·the·UEFI·····The·file·/boot/efi/EFI/redhat/grub.cfg·should·be·owned·Only·root·should·be
 493 ··················Boot·Loader·········by·the·root·user·to·prevent·destruction·or·············able·to·modify
Max diff block lines reached; 315277/331659 bytes (95.06%) of diff not shown.
1.25 MB
./usr/share/doc/ssg-nondebian/table-rhel8-cuirefs.html
Ordering differences only
    
Offset 40, 14 lines modifiedOffset 40, 90 lines modified
40 ····<th>Mapping</th>40 ····<th>Mapping</th>
41 ····<th>Rule·Title</th>41 ····<th>Rule·Title</th>
42 ····<th>Description</th>42 ····<th>Description</th>
43 ····<th>Rationale</th>43 ····<th>Rationale</th>
44 ··</thead>44 ··</thead>
45 ··<tbody>45 ··<tbody>
46 ··<tr>46 ··<tr>
 47 ······<td>3.1.1<br/>3.1.5</td>
 48 ······<td>Verify·Only·Root·Has·UID·0</td>
 49 ······<td·xml:lang="en-US">
 50 ········If·any·account·other·than·root·has·a·UID·of·0,·this·misconfiguration·should
 51 be·investigated·and·the·accounts·other·than·root·should·be·removed·or·have
 52 their·UID·changed.
 53 <br·/>
 54 If·the·account·is·associated·with·system·commands·or·applications·the·UID
 55 should·be·changed·to·one·greater·than·"0"·but·less·than·"1000."
 56 Otherwise·assign·a·UID·greater·than·"1000"·that·has·not·already·been
 57 assigned.
 58 ······</td>
 59 ······<td·xml:lang="en-US">
 60 ········An·account·has·root·authority·if·it·has·a·UID·of·0.·Multiple·accounts
 61 with·a·UID·of·0·afford·more·opportunity·for·potential·intruders·to
 62 guess·a·password·for·a·privileged·account.·Proper·configuration·of
 63 sudo·is·recommended·to·afford·multiple·system·administrators
 64 access·to·root·privileges·in·an·accountable·manner.
 65 ······</td>
 66 ····</tr>
 67 ····<tr>
 68 ······<td>3.1.1<br/>3.1.5</td>
 69 ······<td>Disable·SSH·Root·Login</td>
 70 ······<td·xml:lang="en-US">
 71 ········The·root·user·should·never·be·allowed·to·login·to·a
 72 system·directly·over·a·network.
 73 To·disable·root·login·via·SSH,·add·or·correct·the·following·line·in
  
  
 74 <tt>/etc/ssh/sshd_config</tt>:
  
 75 <pre>PermitRootLogin·no</pre>
 76 ······</td>
 77 ······<td·xml:lang="en-US">
 78 ········Even·though·the·communications·channel·may·be·encrypted,·an·additional·layer·of
 79 security·is·gained·by·extending·the·policy·of·not·logging·directly·on·as·root.
 80 In·addition,·logging·in·with·a·user-specific·account·provides·individual
 81 accountability·of·actions·performed·on·the·system·and·also·helps·to·minimize
 82 direct·attack·attempts·on·root's·password.
 83 ······</td>
 84 ····</tr>
 85 ····<tr>
 86 ······<td>3.1.1<br/>3.4.5</td>
 87 ······<td>Require·Authentication·for·Emergency·Systemd·Target</td>
 88 ······<td·xml:lang="en-US">
 89 ········Emergency·mode·is·intended·as·a·system·recovery
 90 method,·providing·a·single·user·root·access·to·the·system
 91 during·a·failed·boot·sequence.
 92 <br·/><br·/>
 93 By·default,·Emergency·mode·is·protected·by·requiring·a·password·and·is·set
 94 in·<tt>/usr/lib/systemd/system/emergency.service</tt>.
 95 ······</td>
 96 ······<td·xml:lang="en-US">
 97 ········This·prevents·attackers·with·physical·access·from·trivially·bypassing·security
 98 on·the·machine·and·gaining·root·access.·Such·accesses·are·further·prevented
 99 by·configuring·the·bootloader·password.
 100 ······</td>
 101 ····</tr>
 102 ····<tr>
 103 ······<td>3.1.1</td>
 104 ······<td>Disable·GDM·Automatic·Login</td>
 105 ······<td·xml:lang="en-US">
 106 ········The·GNOME·Display·Manager·(GDM)·can·allow·users·to·automatically·login·without
 107 user·interaction·or·credentials.·User·should·always·be·required·to·authenticate·themselves
 108 to·the·system·that·they·are·authorized·to·use.·To·disable·user·ability·to·automatically
 109 login·to·the·system,·set·the·<tt>AutomaticLoginEnable</tt>·to·<tt>false</tt>·in·the
 110 <tt>[daemon]</tt>·section·in·<tt>/etc/gdm/custom.conf</tt>.·For·example:
 111 <pre>[daemon]
 112 AutomaticLoginEnable=false</pre>
 113 ······</td>
 114 ······<td·xml:lang="en-US">
 115 ········Failure·to·restrict·system·access·to·authenticated·users·negatively·impacts·operating
 116 system·security.
 117 ······</td>
 118 ····</tr>
 119 ····<tr>
47 ······<td>3.1.1</td>120 ······<td>3.1.1</td>
48 ······<td>Disable·GDM·Guest·Login</td>121 ······<td>Disable·GDM·Guest·Login</td>
49 ······<td·xml:lang="en-US">122 ······<td·xml:lang="en-US">
50 ········The·GNOME·Display·Manager·(GDM)·can·allow·users·to·login·without·credentials123 ········The·GNOME·Display·Manager·(GDM)·can·allow·users·to·login·without·credentials
51 which·can·be·useful·for·public·kiosk·scenarios.·Allowing·users·to·login·without·credentials124 which·can·be·useful·for·public·kiosk·scenarios.·Allowing·users·to·login·without·credentials
52 or·"guest"·account·access·has·inherent·security·risks·and·should·be·disabled.·To·do·disable125 or·"guest"·account·access·has·inherent·security·risks·and·should·be·disabled.·To·do·disable
53 timed·logins·or·guest·account·access,·set·the·<tt>TimedLoginEnable</tt>·to·<tt>false</tt>·in126 timed·logins·or·guest·account·access,·set·the·<tt>TimedLoginEnable</tt>·to·<tt>false</tt>·in
Offset 77, 57 lines modifiedOffset 153, 14 lines modified
77 ······<td·xml:lang="en-US">153 ······<td·xml:lang="en-US">
78 ········If·an·account·has·an·empty·password,·anyone·could·log·in·and154 ········If·an·account·has·an·empty·password,·anyone·could·log·in·and
79 run·commands·with·the·privileges·of·that·account.·Accounts·with155 run·commands·with·the·privileges·of·that·account.·Accounts·with
80 empty·passwords·should·never·be·used·in·operational·environments.156 empty·passwords·should·never·be·used·in·operational·environments.
81 ······</td>157 ······</td>
82 ····</tr>158 ····</tr>
83 ····<tr>159 ····<tr>
84 ······<td>3.1.1<br/>3.1.6</td> 
85 ······<td>Direct·root·Logins·Not·Allowed</td> 
86 ······<td·xml:lang="en-US"> 
87 ········To·further·limit·access·to·the·<tt>root</tt>·account,·administrators 
88 can·disable·root·logins·at·the·console·by·editing·the·<tt>/etc/securetty</tt>·file. 
89 This·file·lists·all·devices·the·root·user·is·allowed·to·login·to.·If·the·file·does 
90 not·exist·at·all,·the·root·user·can·login·through·any·communication·device·on·the 
91 system,·whether·via·the·console·or·via·a·raw·network·interface.·This·is·dangerous 
92 as·user·can·login·to·the·system·as·root·via·Telnet,·which·sends·the·password·in 
93 plain·text·over·the·network.·By·default,·Red·Hat·Enterprise·Linux·8's 
94 <tt>/etc/securetty</tt>·file·only·allows·the·root·user·to·login·at·the·console 
95 physically·attached·to·the·system.·To·prevent·root·from·logging·in,·remove·the 
96 contents·of·this·file.·To·prevent·direct·root·logins,·remove·the·contents·of·this 
97 file·by·typing·the·following·command: 
98 <pre> 
99 $·sudo·echo·&gt;·/etc/securetty 
100 </pre> 
101 ······</td> 
102 ······<td·xml:lang="en-US"> 
103 ········Disabling·direct·root·logins·ensures·proper·accountability·and·multifactor 
104 authentication·to·privileged·accounts.·Users·will·first·login,·then·escalate 
105 to·privileged·(root)·access·via·su·/·sudo.·This·is·required·for·FISMA·Low 
106 and·FISMA·Moderate·systems. 
107 ······</td> 
108 ····</tr> 
109 ····<tr> 
110 ······<td>3.1.1<br/>3.1.5</td> 
111 ······<td>Restrict·Virtual·Console·Root·Logins</td> 
112 ······<td·xml:lang="en-US"> 
Max diff block lines reached; 467848/473803 bytes (98.74%) of diff not shown.
814 KB
html2text {}
    
Offset 1, 13 lines modifiedOffset 1, 73 lines modified
  
  
1 Rules·with·NIST-800-171·Reference·in·Guide·to·the·Secure·Configuration·of·Red1 Rules·with·NIST-800-171·Reference·in·Guide·to·the·Secure·Configuration·of·Red
2 Hat·Enterprise·Linux·82 Hat·Enterprise·Linux·8
  
  
 3 ······························································································An·account·has·root
 4 ······························································································authority·if·it·has
 5 ······························································································a·UID·of·0.·Multiple
 6 ······························································································accounts·with·a·UID
 7 ·······································If·any·account·other·than·root·has·a·UID·of·0,·this····of·0·afford·more
 8 ·······································misconfiguration·should·be·investigated·and·the········opportunity·for
 9 ·······································accounts·other·than·root·should·be·removed·or·have·····potential·intruders
 10 ·······································their·UID·changed.·····································to·guess·a·password
 11 3.1.1···Verify·Only·Root·Has·UID·0·····If·the·account·is·associated·with·system·commands·or···for·a·privileged
 12 3.1.5··································applications·the·UID·should·be·changed·to·one·greater··account.·Proper
 13 ·······································than·"0"·but·less·than·"1000."·Otherwise·assign·a·UID··configuration·of
 14 ·······································greater·than·"1000"·that·has·not·already·been··········sudo·is·recommended
 15 ·······································assigned.··············································to·afford·multiple
 16 ······························································································system
 17 ······························································································administrators
 18 ······························································································access·to·root
 19 ······························································································privileges·in·an
 20 ······························································································accountable·manner.
 21 ······························································································Even·though·the
 22 ······························································································communications
 23 ······························································································channel·may·be
 24 ······························································································encrypted,·an
 25 ······························································································additional·layer·of
 26 ······························································································security·is·gained
 27 ······························································································by·extending·the
 28 ······························································································policy·of·not
 29 ·······································The·root·user·should·never·be·allowed·to·login·to·a····logging·directly·on
 30 3.1.1··································system·directly·over·a·network.·To·disable·root·login··as·root.·In
 31 3.1.5···Disable·SSH·Root·Login·········via·SSH,·add·or·correct·the·following·line·in·/etc/····addition,·logging·in
 32 ·······································ssh/sshd_config:·······································with·a·user-specific
 33 ·······································PermitRootLogin·no·····································account·provides
 34 ······························································································individual
 35 ······························································································accountability·of
 36 ······························································································actions·performed·on
 37 ······························································································the·system·and·also
 38 ······························································································helps·to·minimize
 39 ······························································································direct·attack
 40 ······························································································attempts·on·root's
 41 ······························································································password.
 42 ······························································································This·prevents
 43 ······························································································attackers·with
 44 ·······································Emergency·mode·is·intended·as·a·system·recovery········physical·access·from
 45 ·······································method,·providing·a·single·user·root·access·to·the·····trivially·bypassing
 46 3.1.1···Require·Authentication·for·····system·during·a·failed·boot·sequence.··················security·on·the
 47 3.4.5···Emergency·Systemd·Target······························································machine·and·gaining
 48 ·······································By·default,·Emergency·mode·is·protected·by·requiring·a·root·access.·Such
 49 ·······································password·and·is·set·in·/usr/lib/systemd/system/········accesses·are·further
 50 ·······································emergency.service.·····································prevented·by
 51 ······························································································configuring·the
 52 ······························································································bootloader·password.
 53 ·······································The·GNOME·Display·Manager·(GDM)·can·allow·users·to
 54 ·······································automatically·login·without·user·interaction·or
 55 ·······································credentials.·User·should·always·be·required·to·········Failure·to·restrict
 56 ·······································authenticate·themselves·to·the·system·that·they·are····system·access·to
 57 3.1.1···Disable·GDM·Automatic·Login····authorized·to·use.·To·disable·user·ability·to··········authenticated·users
 58 ·······································automatically·login·to·the·system,·set·the·············negatively·impacts
 59 ·······································AutomaticLoginEnable·to·false·in·the·[daemon]·section··operating·system
 60 ·······································in·/etc/gdm/custom.conf.·For·example:··················security.
 61 ·······································[daemon]
 62 ·······································AutomaticLoginEnable=false
3 ·······································The·GNOME·Display·Manager·(GDM)·can·allow·users·to63 ·······································The·GNOME·Display·Manager·(GDM)·can·allow·users·to
4 ·······································login·without·credentials·which·can·be·useful·for64 ·······································login·without·credentials·which·can·be·useful·for
5 ·······································public·kiosk·scenarios.·Allowing·users·to·login········Failure·to·restrict65 ·······································public·kiosk·scenarios.·Allowing·users·to·login········Failure·to·restrict
6 ·······································without·credentials·or·"guest"·account·access·has······system·access·to66 ·······································without·credentials·or·"guest"·account·access·has······system·access·to
7 3.1.1···Disable·GDM·Guest·Login········inherent·security·risks·and·should·be·disabled.·To·do··authenticated·users67 3.1.1···Disable·GDM·Guest·Login········inherent·security·risks·and·should·be·disabled.·To·do··authenticated·users
8 ·······································disable·timed·logins·or·guest·account·access,·set·the··negatively·impacts68 ·······································disable·timed·logins·or·guest·account·access,·set·the··negatively·impacts
9 ·······································TimedLoginEnable·to·false·in·the·[daemon]·section·in·/·operating·system69 ·······································TimedLoginEnable·to·false·in·the·[daemon]·section·in·/·operating·system
Offset 21, 144 lines modifiedOffset 81, 162 lines modified
21 3.1.1···Prevent·Login·to·Accounts·With·it·may·be·possible·to·log·into·the·account·without·····with·the·privileges81 3.1.1···Prevent·Login·to·Accounts·With·it·may·be·possible·to·log·into·the·account·without·····with·the·privileges
22 3.1.5···Empty·Password·················authentication.·Remove·any·instances·of·the·nullok·in··of·that·account.82 3.1.5···Empty·Password·················authentication.·Remove·any·instances·of·the·nullok·in··of·that·account.
23 ·······································/etc/pam.d/system-auth·and·/etc/pam.d/password-auth·to·Accounts·with·empty83 ·······································/etc/pam.d/system-auth·and·/etc/pam.d/password-auth·to·Accounts·with·empty
24 ·······································prevent·logins·with·empty·passwords.···················passwords·should84 ·······································prevent·logins·with·empty·passwords.···················passwords·should
25 ······························································································never·be·used·in85 ······························································································never·be·used·in
26 ······························································································operational86 ······························································································operational
27 ······························································································environments.87 ······························································································environments.
28 ·······································To·further·limit·access·to·the·root·account, 
29 ·······································administrators·can·disable·root·logins·at·the·console··Disabling·direct 
30 ·······································by·editing·the·/etc/securetty·file.·This·file·lists····root·logins·ensures 
31 ·······································all·devices·the·root·user·is·allowed·to·login·to.·If···proper 
32 ·······································the·file·does·not·exist·at·all,·the·root·user·can······accountability·and 
33 ·······································login·through·any·communication·device·on·the·system,··multifactor 
34 ·······································whether·via·the·console·or·via·a·raw·network···········authentication·to 
35 3.1.1··································interface.·This·is·dangerous·as·user·can·login·to·the··privileged·accounts. 
36 3.1.6···Direct·root·Logins·Not·Allowed·system·as·root·via·Telnet,·which·sends·the·password·in·Users·will·first 
37 ·······································plain·text·over·the·network.·By·default,·Red·Hat·······login,·then·escalate 
38 ·······································Enterprise·Linux·8's·/etc/securetty·file·only·allows···to·privileged·(root) 
39 ·······································the·root·user·to·login·at·the·console·physically·······access·via·su·/ 
40 ·······································attached·to·the·system.·To·prevent·root·from·logging···sudo.·This·is 
41 ·······································in,·remove·the·contents·of·this·file.·To·prevent·······required·for·FISMA 
42 ·······································direct·root·logins,·remove·the·contents·of·this·file···Low·and·FISMA 
43 ·······································by·typing·the·following·command:·······················Moderate·systems. 
44 ·······································$·sudo·echo·>·/etc/securetty 
45 ·······································To·restrict·root·logins·through·the·(deprecated)·······Preventing·direct 
46 ·······································virtual·console·devices,·ensure·lines·of·this·form·do··root·login·to 
47 ·······································not·appear·in·/etc/securetty:··························virtual·console 
48 3.1.1···Restrict·Virtual·Console·Root··vc/1···················································devices·helps·ensure 
49 3.1.5···Logins·························vc/2···················································accountability·for 
50 ·······································vc/3···················································actions·taken·on·the 
51 ·······································vc/4···················································system·using·the 
52 ······························································································root·account. 
53 ·······································Disallow·SSH·login·with·empty·passwords.·The·default88 ·······································Disallow·SSH·login·with·empty·passwords.·The·default
54 ·······································SSH·configuration·disables·logins·with·empty···········Configuring·this89 ·······································SSH·configuration·disables·logins·with·empty···········Configuring·this
55 ·······································passwords.·The·appropriate·configuration·is·used·if·no·setting·for·the·SSH90 ·······································passwords.·The·appropriate·configuration·is·used·if·no·setting·for·the·SSH
56 ·······································value·is·set·for·PermitEmptyPasswords.·················daemon·provides91 ·······································value·is·set·for·PermitEmptyPasswords.·················daemon·provides
57 ·······································To·explicitly·disallow·SSH·login·from·accounts·with····additional·assurance92 ·······································To·explicitly·disallow·SSH·login·from·accounts·with····additional·assurance
58 3.1.1···Disable·SSH·Access·via·Empty···empty·passwords,·add·or·correct·the·following·line·in··that·remote·login93 3.1.1···Disable·SSH·Access·via·Empty···empty·passwords,·add·or·correct·the·following·line·in··that·remote·login
59 3.1.5···Passwords······················/etc/ssh/sshd_config:··································via·SSH·will·require94 3.1.5···Passwords······················/etc/ssh/sshd_config:··································via·SSH·will·require
60 ·······································PermitEmptyPasswords·no································a·password,·even·in95 ·······································PermitEmptyPasswords·no································a·password,·even·in
61 ·······································Any·accounts·with·empty·passwords·should·be·disabled···the·event·of96 ·······································Any·accounts·with·empty·passwords·should·be·disabled···the·event·of
62 ·······································immediately,·and·PAM·configuration·should·prevent······misconfiguration97 ·······································immediately,·and·PAM·configuration·should·prevent······misconfiguration
63 ·······································users·from·being·able·to·assign·themselves·empty·······elsewhere.98 ·······································users·from·being·able·to·assign·themselves·empty·······elsewhere.
64 ·······································passwords.99 ·······································passwords.
 100 ·······································To·restrict·root·logins·through·the·(deprecated)·······Preventing·direct
 101 ·······································virtual·console·devices,·ensure·lines·of·this·form·do··root·login·to
 102 ·······································not·appear·in·/etc/securetty:··························virtual·console
 103 3.1.1···Restrict·Virtual·Console·Root··vc/1···················································devices·helps·ensure
 104 3.1.5···Logins·························vc/2···················································accountability·for
65 ·······································The·GNOME·Display·Manager·(GDM)·can·allow·users·to 
66 ·······································automatically·login·without·user·interaction·or 
67 ·······································credentials.·User·should·always·be·required·to·········Failure·to·restrict 
68 ·······································authenticate·themselves·to·the·system·that·they·are····system·access·to 
Max diff block lines reached; 816981/833570 bytes (98.01%) of diff not shown.
6.48 KB
./usr/share/doc/ssg-nondebian/table-rhel8-nistrefs-ospp.html
    
Offset 4075, 15 lines modifiedOffset 4075, 15 lines modified
4075 <tt>RekeyLimit</tt>.4075 <tt>RekeyLimit</tt>.
4076 ··</td>4076 ··</td>
4077 ··<td·xml:lang="en-US">4077 ··<td·xml:lang="en-US">
4078 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling4078 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4079 time-based·limit,·effects·of·potential·attacks·against4079 time-based·limit,·effects·of·potential·attacks·against
4080 encryption·keys·are·limited.4080 encryption·keys·are·limited.
4081 ··</td>4081 ··</td>
4082 ··<td>var_ssh_client_rekey_limit_size=1G<br/>var_ssh_client_rekey_limit_time=1hour</td>4082 ··<td>var_ssh_client_rekey_limit_time=1hour<br/>var_ssh_client_rekey_limit_size=1G</td>
4083 </tr>4083 </tr>
4084 <tr>4084 <tr>
4085 ··<td></td>4085 ··<td></td>
4086 ··<td>CCE-83349-1</td>4086 ··<td>CCE-83349-1</td>
4087 ··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>4087 ··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>
4088 ··<td·xml:lang="en-US">4088 ··<td·xml:lang="en-US">
4089 To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure4089 To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure
Offset 4138, 15 lines modifiedOffset 4138, 15 lines modified
4138 <pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>4138 <pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>
4139 ··</td>4139 ··</td>
4140 ··<td·xml:lang="en-US">4140 ··<td·xml:lang="en-US">
4141 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling4141 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4142 time-based·limit,·effects·of·potential·attacks·against4142 time-based·limit,·effects·of·potential·attacks·against
4143 encryption·keys·are·limited.4143 encryption·keys·are·limited.
4144 ··</td>4144 ··</td>
4145 ··<td>var_rekey_limit_size=1G<br/>var_rekey_limit_time=1hour</td>4145 ··<td>var_rekey_limit_time=1hour<br/>var_rekey_limit_size=1G</td>
4146 </tr>4146 </tr>
4147 <tr>4147 <tr>
4148 ··<td></td>4148 ··<td></td>
4149 ··<td>CCE-82462-3</td>4149 ··<td>CCE-82462-3</td>
4150 ··<td>SSH·server·uses·strong·entropy·to·seed</td>4150 ··<td>SSH·server·uses·strong·entropy·to·seed</td>
4151 ··<td·xml:lang="en-US">4151 ··<td·xml:lang="en-US">
4152 To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.4152 To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.
5.11 KB
html2text {}
    
Offset 3356, 16 lines modifiedOffset 3356, 16 lines modified
3356 ······················································································································options,·which·can3356 ······················································································································options,·which·can
3357 ······················································································································help·protect3357 ······················································································································help·protect
3358 ······················································································································programs·which·use3358 ······················································································································programs·which·use
3359 ······················································································································it.3359 ······················································································································it.
3360 ·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the3360 ·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the
3361 ·····························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the3361 ·····························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the
3362 ·····CCE-···Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and3362 ·····CCE-···Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and
3363 ·····82880-·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_size=1G3363 ·····82880-·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_time=1hour
3364 ·····6······renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_time=1hour3364 ·····6······renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_size=1G
3365 ············for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks3365 ············for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks
3366 ·····························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption3366 ·····························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption
3367 ·····························containing·definition·of·RekeyLimit.·····················································keys·are·limited.3367 ·····························containing·definition·of·RekeyLimit.·····················································keys·are·limited.
3368 ······················································································································Some·SSH3368 ······················································································································Some·SSH
3369 ······················································································································implementations·use3369 ······················································································································implementations·use
3370 ······················································································································the·openssl·library3370 ······················································································································the·openssl·library
3371 ······················································································································for·entropy,·which3371 ······················································································································for·entropy,·which
Offset 3416, 16 lines modifiedOffset 3416, 16 lines modified
3416 ······················································································································generator·used·by3416 ······················································································································generator·used·by
3417 ······················································································································SSH·would·be·known3417 ······················································································································SSH·would·be·known
3418 ······················································································································to·potential3418 ······················································································································to·potential
3419 ······················································································································attackers.3419 ······················································································································attackers.
3420 ······················································································································By·decreasing·the3420 ······················································································································By·decreasing·the
3421 ·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the3421 ·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the
3422 ·····CCE-···Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and3422 ·····CCE-···Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and
3423 ·····82177-·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_size=1G3423 ·····82177-·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_time=1hour
3424 ·····7······renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_time=1hour3424 ·····7······renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_size=1G
3425 ·····························RekeyLimit·1G·1hour······································································potential·attacks3425 ·····························RekeyLimit·1G·1hour······································································potential·attacks
3426 ······················································································································against·encryption3426 ······················································································································against·encryption
3427 ······················································································································keys·are·limited.3427 ······················································································································keys·are·limited.
3428 ······················································································································SSH·implementation3428 ······················································································································SSH·implementation
3429 ······················································································································in·Red·Hat3429 ······················································································································in·Red·Hat
3430 ······················································································································Enterprise·Linux·83430 ······················································································································Enterprise·Linux·8
3431 ······················································································································uses·the·openssl3431 ······················································································································uses·the·openssl
3.56 KB
./usr/share/doc/ssg-nondebian/table-rhel8-nistrefs-stig.html
    
Offset 24277, 17 lines modifiedOffset 24277, 17 lines modified
0005ed40:·696e·670a·7469·6d65·2d62·6173·6564·206c··ing.time-based·l0005ed40:·696e·670a·7469·6d65·2d62·6173·6564·206c··ing.time-based·l
0005ed50:·696d·6974·2c20·6566·6665·6374·7320·6f66··imit,·effects·of0005ed50:·696d·6974·2c20·6566·6665·6374·7320·6f66··imit,·effects·of
0005ed60:·2070·6f74·656e·7469·616c·2061·7474·6163···potential·attac0005ed60:·2070·6f74·656e·7469·616c·2061·7474·6163···potential·attac
0005ed70:·6b73·2061·6761·696e·7374·0a65·6e63·7279··ks·against.encry0005ed70:·6b73·2061·6761·696e·7374·0a65·6e63·7279··ks·against.encry
0005ed80:·7074·696f·6e20·6b65·7973·2061·7265·206c··ption·keys·are·l0005ed80:·7074·696f·6e20·6b65·7973·2061·7265·206c··ption·keys·are·l
0005ed90:·696d·6974·6564·2e0a·2020·3c2f·7464·3e0a··imited..··</td>.0005ed90:·696d·6974·6564·2e0a·2020·3c2f·7464·3e0a··imited..··</td>.
0005eda0:·2020·3c74·643e·7661·725f·7265·6b65·795f····<td>var_rekey_0005eda0:·2020·3c74·643e·7661·725f·7265·6b65·795f····<td>var_rekey_
0005edb0:·6c69·6d69·745f·7469·6d65·3d31·686f·7572··limit_time=1hour0005edb0:·6c69·6d69·745f·7369·7a65·3d31·473c·6272··limit_size=1G<br
0005edc0:·3c62·722f·3e76·6172·5f72·656b·6579·5f6c··<br/>var_rekey_l 
0005edd0:·696d·6974·5f73·697a·653d·3147·3c2f·7464··imit_size=1G</td0005edc0:·2f3e·7661·725f·7265·6b65·795f·6c69·6d69··/>var_rekey_limi
 0005edd0:·745f·7469·6d65·3d31·686f·7572·3c2f·7464··t_time=1hour</td
0005ede0:·3e0a·3c2f·7472·3e0a·3c74·723e·0a20·203c··>.</tr>.<tr>.··<0005ede0:·3e0a·3c2f·7472·3e0a·3c74·723e·0a20·203c··>.</tr>.<tr>.··<
0005edf0:·7464·3e3c·2f74·643e·0a20·203c·7464·3e43··td></td>.··<td>C0005edf0:·7464·3e3c·2f74·643e·0a20·203c·7464·3e43··td></td>.··<td>C
0005ee00:·4345·2d38·3234·3632·2d33·3c2f·7464·3e0a··CE-82462-3</td>.0005ee00:·4345·2d38·3234·3632·2d33·3c2f·7464·3e0a··CE-82462-3</td>.
0005ee10:·2020·3c74·643e·5353·4820·7365·7276·6572····<td>SSH·server0005ee10:·2020·3c74·643e·5353·4820·7365·7276·6572····<td>SSH·server
0005ee20:·2075·7365·7320·7374·726f·6e67·2065·6e74···uses·strong·ent0005ee20:·2075·7365·7320·7374·726f·6e67·2065·6e74···uses·strong·ent
0005ee30:·726f·7079·2074·6f20·7365·6564·3c2f·7464··ropy·to·seed</td0005ee30:·726f·7079·2074·6f20·7365·6564·3c2f·7464··ropy·to·seed</td
0005ee40:·3e0a·2020·3c74·6420·786d·6c3a·6c61·6e67··>.··<td·xml:lang0005ee40:·3e0a·2020·3c74·6420·786d·6c3a·6c61·6e67··>.··<td·xml:lang
2.07 KB
html2text {}
    
Offset 7644, 16 lines modifiedOffset 7644, 16 lines modified
7644 ·····································corresponding·private·key.····························system·where·the7644 ·····································corresponding·private·key.····························system·where·the
7645 ···························································································associated·public7645 ···························································································associated·public
7646 ···························································································key·has·been7646 ···························································································key·has·been
7647 ···························································································installed.7647 ···························································································installed.
7648 ·····································The·RekeyLimit·parameter·specifies·how·often·the······By·decreasing·the7648 ·····································The·RekeyLimit·parameter·specifies·how·often·the······By·decreasing·the
7649 ·····································session·key·of·the·is·renegotiated,·both·in·terms·of··limit·based·on·the7649 ·····································session·key·of·the·is·renegotiated,·both·in·terms·of··limit·based·on·the
7650 ········CCE-···Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···amount·of·data·and7650 ········CCE-···Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···amount·of·data·and
7651 ········82177-·session·key···········elapsed.··············································enabling·time-based·var_rekey_limit_time=1hour7651 ········82177-·session·key···········elapsed.··············································enabling·time-based·var_rekey_limit_size=1G
7652 ········7······renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limit,·effects·of···var_rekey_limit_size=1G7652 ········7······renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limit,·effects·of···var_rekey_limit_time=1hour
7653 ·····································following·line·in·/etc/ssh/sshd_config:···············potential·attacks7653 ·····································following·line·in·/etc/ssh/sshd_config:···············potential·attacks
7654 ·····································RekeyLimit·1G·1hour···································against·encryption7654 ·····································RekeyLimit·1G·1hour···································against·encryption
7655 ···························································································keys·are·limited.7655 ···························································································keys·are·limited.
7656 ···························································································SSH·implementation7656 ···························································································SSH·implementation
7657 ···························································································in·Red·Hat7657 ···························································································in·Red·Hat
7658 ···························································································Enterprise·Linux·87658 ···························································································Enterprise·Linux·8
7659 ···························································································uses·the·openssl7659 ···························································································uses·the·openssl
9.68 MB
./usr/share/doc/ssg-nondebian/table-rhel8-nistrefs.html
    
Offset 68, 15656 lines modifiedOffset 68, 15656 lines modified
00000430:·3e52·6174·696f·6e61·6c65·3c2f·7468·3e0a··>Rationale</th>.00000430:·3e52·6174·696f·6e61·6c65·3c2f·7468·3e0a··>Rationale</th>.
00000440:·2020·3c2f·7468·6561·643e·0a20·203c·7462····</thead>.··<tb00000440:·2020·3c2f·7468·6561·643e·0a20·203c·7462····</thead>.··<tb
00000450:·6f64·793e·0a20·203c·7472·3e0a·2020·2020··ody>.··<tr>.····00000450:·6f64·793e·0a20·203c·7472·3e0a·2020·2020··ody>.··<tr>.····
00000460:·2020·3c74·643e·4155·2d32·2861·293c·2f74····<td>AU-2(a)</t00000460:·2020·3c74·643e·4155·2d32·2861·293c·2f74····<td>AU-2(a)</t
00000470:·643e·0a20·2020·2020·203c·7464·3e43·6f6e··d>.······<td>Con00000470:·643e·0a20·2020·2020·203c·7464·3e43·6f6e··d>.······<td>Con
00000480:·6669·6775·7265·2061·7564·6974·696e·6720··figure·auditing·00000480:·6669·6775·7265·2061·7564·6974·696e·6720··figure·auditing·
Diff chunk too large, falling back to line-by-line diff (8724 lines added, 8724 lines removed)
00000490:·6f66·2075·6e73·7563·6365·7373·6675·6c20··of·unsuccessful·00000490:·6f66·2075·6e73·7563·6365·7373·6675·6c20··of·unsuccessful·
000004a0:·6669·6c65·206d·6f64·6966·6963·6174·696f··file·modificatio000004a0:·6669·6c65·2061·6363·6573·7365·733c·2f74··file·accesses</t
000004b0:·6e73·3c2f·7464·3e0a·2020·2020·2020·3c74··ns</td>.······<t000004b0:·643e·0a20·2020·2020·203c·7464·2078·6d6c··d>.······<td·xml
000004c0:·6420·786d·6c3a·6c61·6e67·3d22·656e·2d55··d·xml:lang="en-U000004c0:·3a6c·616e·673d·2265·6e2d·5553·223e·0a20··:lang="en-US">.·
000004d0:·5322·3e0a·2020·2020·2020·2020·456e·7375··S">.········Ensu000004d0:·2020·2020·2020·2045·6e73·7572·6520·7468·········Ensure·th
000004e0:·7265·2074·6861·7420·756e·7375·6363·6573··re·that·unsucces000004e0:·6174·2075·6e73·7563·6365·7373·6675·6c20··at·unsuccessful·
000004f0:·7366·756c·2061·7474·656d·7074·7320·746f··sful·attempts·to000004f0:·6174·7465·6d70·7473·2074·6f20·6163·6365··attempts·to·acce
00000500:·206d·6f64·6966·7920·6120·6669·6c65·2061···modify·a·file·a00000500:·7373·2061·2066·696c·6520·6172·6520·6175··ss·a·file·are·au
00000510:·7265·2061·7564·6974·6564·2e0a·0a54·6865··re·audited...The00000510:·6469·7465·642e·0a0a·5468·6520·666f·6c6c··dited...The·foll
00000520:·2066·6f6c·6c6f·7769·6e67·2072·756c·6573···following·rules00000520:·6f77·696e·6720·7275·6c65·7320·636f·6e66··owing·rules·conf
00000530:·2063·6f6e·6669·6775·7265·2061·7564·6974···configure·audit00000530:·6967·7572·6520·6175·6469·7420·6173·2064··igure·audit·as·d
00000540:·2061·7320·6465·7363·7269·6265·6420·6162···as·described·ab00000540:·6573·6372·6962·6564·2061·626f·7665·3a0a··escribed·above:.
00000550:·6f76·653a·0a3c·7072·653e·2323·2055·6e73··ove:.<pre>##·Uns00000550:·3c70·7265·3e23·2320·556e·7375·6363·6573··<pre>##·Unsucces
00000560:·7563·6365·7373·6675·6c20·6669·6c65·206d··uccessful·file·m00000560:·7366·756c·2066·696c·6520·6163·6365·7373··sful·file·access
00000570:·6f64·6966·6963·6174·696f·6e73·2028·6f70··odifications·(op00000570:·2028·616e·7920·6f74·6865·7220·6f70·656e···(any·other·open
00000580:·656e·2066·6f72·2077·7269·7465·206f·7220··en·for·write·or·00000580:·7329·2054·6869·7320·6861·7320·746f·2067··s)·This·has·to·g
00000590:·7472·756e·6361·7465·290a·2d61·2061·6c77··truncate).-a·alw00000590:·6f20·6c61·7374·2e0a·2d61·2061·6c77·6179··o·last..-a·alway
000005a0:·6179·732c·6578·6974·202d·4620·6172·6368··ays,exit·-F·arch000005a0:·732c·6578·6974·202d·4620·6172·6368·3d62··s,exit·-F·arch=b
000005b0:·3d62·3332·202d·5320·6f70·656e·6174·2c6f··=b32·-S·openat,o000005b0:·3332·202d·5320·6f70·656e·2c6f·7065·6e61··32·-S·open,opena
000005c0:·7065·6e5f·6279·5f68·616e·646c·655f·6174··pen_by_handle_at000005c0:·742c·6f70·656e·6174·322c·6f70·656e·5f62··t,openat2,open_b
000005d0:·202d·4620·6132·2661·6d70·3b30·3130·3033···-F·a2&amp;01003000005d0:·795f·6861·6e64·6c65·5f61·7420·2d46·2065··y_handle_at·-F·e
000005e0:·202d·4620·6578·6974·3d2d·4541·4343·4553···-F·exit=-EACCES000005e0:·7869·743d·2d45·4143·4345·5320·2d46·2061··xit=-EACCES·-F·a
000005f0:·202d·4620·6175·6964·2667·743b·3d31·3030···-F·auid&gt;=100000005f0:·7569·643e·3d31·3030·3020·2d46·2061·7569··uid>=1000·-F·aui
00000600:·3020·2d46·2061·7569·6421·3d75·6e73·6574··0·-F·auid!=unset00000600:·6421·3d75·6e73·6574·202d·4620·6b65·793d··d!=unset·-F·key=
00000610:·202d·4620·6b65·793d·756e·7375·6363·6573···-F·key=unsucces00000610:·756e·7375·6363·6573·7366·756c·2d61·6363··unsuccessful-acc
00000620:·7366·756c·2d6d·6f64·6966·6963·6174·696f··sful-modificatio00000620:·6573·730a·2d61·2061·6c77·6179·732c·6578··ess.-a·always,ex
00000630:·6e0a·2d61·2061·6c77·6179·732c·6578·6974··n.-a·always,exit00000630:·6974·202d·4620·6172·6368·3d62·3634·202d··it·-F·arch=b64·-
00000640:·202d·4620·6172·6368·3d62·3634·202d·5320···-F·arch=b64·-S·00000640:·5320·6f70·656e·2c6f·7065·6e61·742c·6f70··S·open,openat,op
00000650:·6f70·656e·6174·2c6f·7065·6e5f·6279·5f68··openat,open_by_h00000650:·656e·6174·322c·6f70·656e·5f62·795f·6861··enat2,open_by_ha
00000660:·616e·646c·655f·6174·202d·4620·6132·2661··andle_at·-F·a2&a00000660:·6e64·6c65·5f61·7420·2d46·2065·7869·743d··ndle_at·-F·exit=
00000670:·6d70·3b30·3130·3033·202d·4620·6578·6974··mp;01003·-F·exit00000670:·2d45·4143·4345·5320·2d46·2061·7569·643e··-EACCES·-F·auid>
00000680:·3d2d·4541·4343·4553·202d·4620·6175·6964··=-EACCES·-F·auid00000680:·3d31·3030·3020·2d46·2061·7569·6421·3d75··=1000·-F·auid!=u
00000690:·2667·743b·3d31·3030·3020·2d46·2061·7569··&gt;=1000·-F·aui00000690:·6e73·6574·202d·4620·6b65·793d·756e·7375··nset·-F·key=unsu
000006a0:·6421·3d75·6e73·6574·202d·4620·6b65·793d··d!=unset·-F·key=000006a0:·6363·6573·7366·756c·2d61·6363·6573·730a··ccessful-access.
000006b0:·756e·7375·6363·6573·7366·756c·2d6d·6f64··unsuccessful-mod000006b0:·2d61·2061·6c77·6179·732c·6578·6974·202d··-a·always,exit·-
000006c0:·6966·6963·6174·696f·6e0a·2d61·2061·6c77··ification.-a·alw000006c0:·4620·6172·6368·3d62·3332·202d·5320·6f70··F·arch=b32·-S·op
000006d0:·6179·732c·6578·6974·202d·4620·6172·6368··ays,exit·-F·arch000006d0:·656e·2c6f·7065·6e61·742c·6f70·656e·6174··en,openat,openat
000006e0:·3d62·3332·202d·5320·6f70·656e·202d·4620··=b32·-S·open·-F·000006e0:·322c·6f70·656e·5f62·795f·6861·6e64·6c65··2,open_by_handle
000006f0:·6131·2661·6d70·3b30·3130·3033·202d·4620··a1&amp;01003·-F·000006f0:·5f61·7420·2d46·2065·7869·743d·2d45·5045··_at·-F·exit=-EPE
00000700:·6578·6974·3d2d·4541·4343·4553·202d·4620··exit=-EACCES·-F·00000700:·524d·202d·4620·6175·6964·3e3d·3130·3030··RM·-F·auid>=1000
00000710:·6175·6964·2667·743b·3d31·3030·3020·2d46··auid&gt;=1000·-F00000710:·202d·4620·6175·6964·213d·756e·7365·7420···-F·auid!=unset·
00000720:·2061·7569·6421·3d75·6e73·6574·202d·4620···auid!=unset·-F·00000720:·2d46·206b·6579·3d75·6e73·7563·6365·7373··-F·key=unsuccess
00000730:·6b65·793d·756e·7375·6363·6573·7366·756c··key=unsuccessful00000730:·6675·6c2d·6163·6365·7373·0a2d·6120·616c··ful-access.-a·al
00000740:·2d6d·6f64·6966·6963·6174·696f·6e0a·2d61··-modification.-a00000740:·7761·7973·2c65·7869·7420·2d46·2061·7263··ways,exit·-F·arc
00000750:·2061·6c77·6179·732c·6578·6974·202d·4620···always,exit·-F·00000750:·683d·6236·3420·2d53·206f·7065·6e2c·6f70··h=b64·-S·open,op
00000760:·6172·6368·3d62·3634·202d·5320·6f70·656e··arch=b64·-S·open00000760:·656e·6174·2c6f·7065·6e61·7432·2c6f·7065··enat,openat2,ope
00000770:·202d·4620·6131·2661·6d70·3b30·3130·3033···-F·a1&amp;0100300000770:·6e5f·6279·5f68·616e·646c·655f·6174·202d··n_by_handle_at·-
00000780:·202d·4620·6578·6974·3d2d·4541·4343·4553···-F·exit=-EACCES00000780:·4620·6578·6974·3d2d·4550·4552·4d20·2d46··F·exit=-EPERM·-F
00000790:·202d·4620·6175·6964·2667·743b·3d31·3030···-F·auid&gt;=10000000790:·2061·7569·643e·3d31·3030·3020·2d46·2061···auid>=1000·-F·a
000007a0:·3020·2d46·2061·7569·6421·3d75·6e73·6574··0·-F·auid!=unset000007a0:·7569·6421·3d75·6e73·6574·202d·4620·6b65··uid!=unset·-F·ke
000007b0:·202d·4620·6b65·793d·756e·7375·6363·6573···-F·key=unsucces000007b0:·793d·756e·7375·6363·6573·7366·756c·2d61··y=unsuccessful-a
000007c0:·7366·756c·2d6d·6f64·6966·6963·6174·696f··sful-modificatio000007c0:·6363·6573·7320·2020·203c·2f70·7265·3e0a··ccess····</pre>.
000007d0:·6e0a·2d61·2061·6c77·6179·732c·6578·6974··n.-a·always,exit000007d0:·0a4c·6f61·6420·6e65·7720·4175·6469·7420··.Load·new·Audit·
000007e0:·202d·4620·6172·6368·3d62·3332·202d·5320···-F·arch=b32·-S·000007e0:·7275·6c65·7320·696e·746f·206b·6572·6e65··rules·into·kerne
000007f0:·7472·756e·6361·7465·2c66·7472·756e·6361··truncate,ftrunca000007f0:·6c20·6279·2072·756e·6e69·6e67·3a0a·3c70··l·by·running:.<p
00000800:·7465·202d·4620·6578·6974·3d2d·4541·4343··te·-F·exit=-EACC00000800:·7265·3e61·7567·656e·7275·6c65·7320·2d2d··re>augenrules·--
00000810:·4553·202d·4620·6175·6964·2667·743b·3d31··ES·-F·auid&gt;=100000810:·6c6f·6164·3c2f·7072·653e·0a0a·4e6f·7465··load</pre>..Note
00000820:·3030·3020·2d46·2061·7569·6421·3d75·6e73··000·-F·auid!=uns00000820:·3a20·5468·6973·2072·756c·6520·7573·6573··:·This·rule·uses
00000830:·6574·202d·4620·6b65·793d·756e·7375·6363··et·-F·key=unsucc00000830:·2061·2073·7065·6369·616c·2073·6574·206f···a·special·set·o
00000840:·6573·7366·756c·2d6d·6f64·6966·6963·6174··essful-modificat00000840:·6620·4175·6469·7420·7275·6c65·7320·746f··f·Audit·rules·to
00000850:·696f·6e0a·2d61·2061·6c77·6179·732c·6578··ion.-a·always,ex00000850:·2063·6f6d·706c·7920·7769·7468·204f·5350···comply·with·OSP
00000860:·6974·202d·4620·6172·6368·3d62·3634·202d··it·-F·arch=b64·-00000860:·5020·342e·322e·312e·2059·6f75·206d·6179··P·4.2.1.·You·may
00000870:·5320·7472·756e·6361·7465·2c66·7472·756e··S·truncate,ftrun00000870:·2072·6575·7365·2074·6869·7320·7275·6c65···reuse·this·rule
00000880:·6361·7465·202d·4620·6578·6974·3d2d·4541··cate·-F·exit=-EA00000880:·2069·6e20·6469·6666·6572·656e·7420·7072···in·different·pr
00000890:·4343·4553·202d·4620·6175·6964·2667·743b··CCES·-F·auid&gt;00000890:·6f66·696c·6573·2e20·4966·2079·6f75·2064··ofiles.·If·you·d
000008a0:·3d31·3030·3020·2d46·2061·7569·6421·3d75··=1000·-F·auid!=u000008a0:·6563·6964·6520·746f·2064·6f20·736f·2c20··ecide·to·do·so,·
000008b0:·6e73·6574·202d·4620·6b65·793d·756e·7375··nset·-F·key=unsu000008b0:·6974·2069·7320·7265·636f·6d6d·656e·6465··it·is·recommende
000008c0:·6363·6573·7366·756c·2d6d·6f64·6966·6963··ccessful-modific000008c0:·6420·7468·6174·2079·6f75·2069·6e73·7065··d·that·you·inspe
000008d0:·6174·696f·6e0a·2d61·2061·6c77·6179·732c··ation.-a·always,000008d0:·6374·2063·6f6e·7465·6e74·7320·6f66·2074··ct·contents·of·t
000008e0:·6578·6974·202d·4620·6172·6368·3d62·3332··exit·-F·arch=b32000008e0:·6865·2066·696c·6520·636c·6f73·656c·7920··he·file·closely·
000008f0:·202d·5320·6f70·656e·6174·2c6f·7065·6e5f···-S·openat,open_000008f0:·616e·6420·6d61·6b65·2073·7572·6520·7468··and·make·sure·th
00000900:·6279·5f68·616e·646c·655f·6174·202d·4620··by_handle_at·-F·00000900:·6174·2074·6865·7920·6172·6520·616c·6c69··at·they·are·alli
00000910:·6132·2661·6d70·3b30·3130·3033·202d·4620··a2&amp;01003·-F·00000910:·676e·6564·2077·6974·6820·796f·7572·206e··gned·with·your·n
00000920:·6578·6974·3d2d·4550·4552·4d20·2d46·2061··exit=-EPERM·-F·a00000920:·6565·6473·2e0a·2020·2020·2020·3c2f·7464··eeds..······</td
00000930:·7569·6426·6774·3b3d·3130·3030·202d·4620··uid&gt;=1000·-F·00000930:·3e0a·2020·2020·2020·3c74·6420·786d·6c3a··>.······<td·xml:
00000940:·6175·6964·213d·756e·7365·7420·2d46·206b··auid!=unset·-F·k00000940:·6c61·6e67·3d22·656e·2d55·5322·3e0a·2020··lang="en-US">.··
00000950:·6579·3d75·6e73·7563·6365·7373·6675·6c2d··ey=unsuccessful-00000950:·2020·2020·2020·556e·7375·6363·6573·7366········Unsuccessf
00000960:·6d6f·6469·6669·6361·7469·6f6e·0a2d·6120··modification.-a·00000960:·756c·2061·7474·656d·7074·7320·746f·2061··ul·attempts·to·a
00000970:·616c·7761·7973·2c65·7869·7420·2d46·2061··always,exit·-F·a00000970:·6363·6573·7320·6120·6669·6c65·206d·6967··ccess·a·file·mig
00000980:·7263·683d·6236·3420·2d53·206f·7065·6e61··rch=b64·-S·opena00000980:·6874·2062·6520·7369·676e·7320·6f66·206d··ht·be·signs·of·m
00000990:·742c·6f70·656e·5f62·795f·6861·6e64·6c65··t,open_by_handle00000990:·616c·6963·696f·7573·2061·6374·6976·6974··alicious·activit
000009a0:·5f61·7420·2d46·2061·3226·616d·703b·3031··_at·-F·a2&amp;01000009a0:·7920·6861·7070·656e·696e·6720·7769·7468··y·happening·with
000009b0:·3030·3320·2d46·2065·7869·743d·2d45·5045··003·-F·exit=-EPE000009b0:·696e·2074·6865·2073·7973·7465·6d2e·2041··in·the·system.·A
000009c0:·524d·202d·4620·6175·6964·2667·743b·3d31··RM·-F·auid&gt;=1000009c0:·7564·6974·696e·6720·6f66·2073·7563·6820··uditing·of·such·
000009d0:·3030·3020·2d46·2061·7569·6421·3d75·6e73··000·-F·auid!=uns000009d0:·6163·7469·7669·7469·6573·2068·656c·7073··activities·helps
000009e0:·6574·202d·4620·6b65·793d·756e·7375·6363··et·-F·key=unsucc000009e0:·2069·6e20·7468·6569·7220·6d6f·6e69·746f···in·their·monito
000009f0:·6573·7366·756c·2d6d·6f64·6966·6963·6174··essful-modificat000009f0:·7269·6e67·2061·6e64·2069·6e76·6573·7469··ring·and·investi
00000a00:·696f·6e0a·2d61·2061·6c77·6179·732c·6578··ion.-a·always,ex00000a00:·6761·7469·6f6e·2e0a·2020·2020·2020·3c2f··gation..······</
00000a10:·6974·202d·4620·6172·6368·3d62·3332·202d··it·-F·arch=b32·-00000a10:·7464·3e0a·2020·2020·3c2f·7472·3e0a·2020··td>.····</tr>.··
00000a20:·5320·6f70·656e·202d·4620·6131·2661·6d70··S·open·-F·a1&amp00000a20:·2020·3c74·723e·0a20·2020·2020·203c·7464····<tr>.······<td
00000a30:·3b30·3130·3033·202d·4620·6578·6974·3d2d··;01003·-F·exit=-00000a30:·3e41·552d·3228·6429·3c62·722f·3e41·552d··>AU-2(d)<br/>AU-
00000a40:·4550·4552·4d20·2d46·2061·7569·6426·6774··EPERM·-F·auid&gt00000a40:·3132·2863·293c·6272·2f3e·434d·2d36·2861··12(c)<br/>CM-6(a
00000a50:·3b3d·3130·3030·202d·4620·6175·6964·213d··;=1000·-F·auid!=00000a50:·293c·2f74·643e·0a20·2020·2020·203c·7464··)</td>.······<td
00000a60:·756e·7365·7420·2d46·206b·6579·3d75·6e73··unset·-F·key=uns00000a60:·3e52·6563·6f72·6420·556e·7375·6363·6573··>Record·Unsucces
00000a70:·7563·6365·7373·6675·6c2d·6d6f·6469·6669··uccessful-modifi00000a70:·7366·756c·2050·6572·6d69·7373·696f·6e20··sful·Permission·
00000a80:·6361·7469·6f6e·0a2d·6120·616c·7761·7973··cation.-a·always00000a80:·4368·616e·6765·7320·746f·2046·696c·6573··Changes·to·Files
00000a90:·2c65·7869·7420·2d46·2061·7263·683d·6236··,exit·-F·arch=b600000a90:·202d·2073·6574·7861·7474·723c·2f74·643e···-·setxattr</td>
00000aa0:·3420·2d53·206f·7065·6e20·2d46·2061·3126··4·-S·open·-F·a1&00000aa0:·0a20·2020·2020·203c·7464·2078·6d6c·3a6c··.······<td·xml:l
00000ab0:·616d·703b·3031·3030·3320·2d46·2065·7869··amp;01003·-F·exi00000ab0:·616e·673d·2265·6e2d·5553·223e·0a20·2020··ang="en-US">.···
00000ac0:·743d·2d45·5045·524d·202d·4620·6175·6964··t=-EPERM·-F·auid00000ac0:·2020·2020·2054·6865·2061·7564·6974·2073·······The·audit·s
00000ad0:·2667·743b·3d31·3030·3020·2d46·2061·7569··&gt;=1000·-F·aui00000ad0:·7973·7465·6d20·7368·6f75·6c64·2063·6f6c··ystem·should·col
00000ae0:·6421·3d75·6e73·6574·202d·4620·6b65·793d··d!=unset·-F·key=00000ae0:·6c65·6374·2075·6e73·7563·6365·7373·6675··lect·unsuccessfu
00000af0:·756e·7375·6363·6573·7366·756c·2d6d·6f64··unsuccessful-mod00000af0:·6c20·6669·6c65·2070·6572·6d69·7373·696f··l·file·permissio
00000b00:·6966·6963·6174·696f·6e0a·2d61·2061·6c77··ification.-a·alw00000b00:·6e20·6368·616e·6765·0a61·7474·656d·7074··n·change.attempt
00000b10:·6179·732c·6578·6974·202d·4620·6172·6368··ays,exit·-F·arch00000b10:·7320·666f·7220·616c·6c20·7573·6572·7320··s·for·all·users·
00000b20:·3d62·3332·202d·5320·7472·756e·6361·7465··=b32·-S·truncate00000b20:·616e·6420·726f·6f74·2e0a·4966·2074·6865··and·root..If·the
00000b30:·2c66·7472·756e·6361·7465·202d·4620·6578··,ftruncate·-F·ex00000b30:·203c·7474·3e61·7564·6974·643c·2f74·743e···<tt>auditd</tt>
00000b40:·6974·3d2d·4550·4552·4d20·2d46·2061·7569··it=-EPERM·-F·aui00000b40:·2064·6165·6d6f·6e20·6973·2063·6f6e·6669···daemon·is·confi
00000b50:·6426·6774·3b3d·3130·3030·202d·4620·6175··d&gt;=1000·-F·au00000b50:·6775·7265·640a·746f·2075·7365·2074·6865··gured.to·use·the
00000b60:·6964·213d·756e·7365·7420·2d46·206b·6579··id!=unset·-F·key00000b60:·203c·7474·3e61·7567·656e·7275·6c65·733c···<tt>augenrules<
00000b70:·3d75·6e73·7563·6365·7373·6675·6c2d·6d6f··=unsuccessful-mo00000b70:·2f74·743e·2070·726f·6772·616d·2074·6f20··/tt>·program·to·
00000b80:·6469·6669·6361·7469·6f6e·0a2d·6120·616c··dification.-a·al00000b80:·7265·6164·2061·7564·6974·2072·756c·6573··read·audit·rules
00000b90:·7761·7973·2c65·7869·7420·2d46·2061·7263··ways,exit·-F·arc00000b90:·2064·7572·696e·6720·6461·656d·6f6e·0a73···during·daemon.s
00000ba0:·683d·6236·3420·2d53·2074·7275·6e63·6174··h=b64·-S·truncat00000ba0:·7461·7274·7570·2028·7468·6520·6465·6661··tartup·(the·defa
00000bb0:·652c·6674·7275·6e63·6174·6520·2d46·2065··e,ftruncate·-F·e00000bb0:·756c·7429·2c20·6164·6420·7468·6520·666f··ult),·add·the·fo
00000bc0:·7869·743d·2d45·5045·524d·202d·4620·6175··xit=-EPERM·-F·au00000bc0:·6c6c·6f77·696e·6720·6c69·6e65·7320·746f··llowing·lines·to
00000bd0:·6964·2667·743b·3d31·3030·3020·2d46·2061··id&gt;=1000·-F·a00000bd0:·2061·2066·696c·6520·7769·7468·2073·7566···a·file·with·suf
00000be0:·7569·6421·3d75·6e73·6574·202d·4620·6b65··uid!=unset·-F·ke00000be0:·6669·780a·3c74·743e·2e72·756c·6573·3c2f··fix.<tt>.rules</
00000bf0:·793d·756e·7375·6363·6573·7366·756c·2d6d··y=unsuccessful-m00000bf0:·7474·3e20·696e·2074·6865·2064·6972·6563··tt>·in·the·direc
00000c00:·6f64·6966·6963·6174·696f·6e20·2020·203c··odification····<00000c00:·746f·7279·203c·7474·3e2f·6574·632f·6175··tory·<tt>/etc/au
Max diff block lines reached; 6288913/7493403 bytes (83.93%) of diff not shown.
2.53 MB
html2text {}
Max HTML report size reached
800 KB
./usr/share/doc/ssg-nondebian/table-rhel8-pcidssrefs.html
Ordering differences only
    
Offset 157, 14 lines modifiedOffset 157, 28 lines modified
157 default·zone·to·<tt>drop</tt>·implements·proper·design·for·a·firewall,·i.e.157 default·zone·to·<tt>drop</tt>·implements·proper·design·for·a·firewall,·i.e.
158 any·packets·which·are·not·explicitly·permitted·should·not·be158 any·packets·which·are·not·explicitly·permitted·should·not·be
159 accepted.159 accepted.
160 ······</td>160 ······</td>
161 ····</tr>161 ····</tr>
162 ····<tr>162 ····<tr>
163 ······<td>Req-1.4.1</td>163 ······<td>Req-1.4.1</td>
 164 ······<td>Install·iptables·Package</td>
 165 ······<td·xml:lang="en-US">
 166 ········The·<code>iptables</code>·package·can·be·installed·with·the·following·command:
 167 <pre>
 168 $·sudo·yum·install·iptables</pre>
 169 ······</td>
 170 ······<td·xml:lang="en-US">
 171 ········<tt>iptables</tt>·controls·the·Linux·kernel·network·packet·filtering
 172 code.·<tt>iptables</tt>·allows·system·operators·to·set·up·firewalls·and·IP
 173 masquerading,·etc.
 174 ······</td>
 175 ····</tr>
 176 ····<tr>
 177 ······<td>Req-1.4.1</td>
164 ······<td>Set·nftables·Configuration·for·Loopback·Traffic</td>178 ······<td>Set·nftables·Configuration·for·Loopback·Traffic</td>
165 ······<td·xml:lang="en-US">179 ······<td·xml:lang="en-US">
166 ········Configure·the·loopback·interface·to·accept·traffic.180 ········Configure·the·loopback·interface·to·accept·traffic.
167 Configure·all·other·interfaces·to·deny·traffic·to·the·loopback181 Configure·all·other·interfaces·to·deny·traffic·to·the·loopback
168 network.182 network.
169 ······</td>183 ······</td>
170 ······<td·xml:lang="en-US">184 ······<td·xml:lang="en-US">
Offset 173, 28 lines modifiedOffset 187, 14 lines modified
173 is·the·only·place·that·loopback·network·traffic·should·be·seen,187 is·the·only·place·that·loopback·network·traffic·should·be·seen,
174 all·other·interfaces·should·ignore·traffic·on·this·network·as·an188 all·other·interfaces·should·ignore·traffic·on·this·network·as·an
175 anti-spoofing·measure.189 anti-spoofing·measure.
176 ······</td>190 ······</td>
177 ····</tr>191 ····</tr>
178 ····<tr>192 ····<tr>
179 ······<td>Req-1.4.1</td>193 ······<td>Req-1.4.1</td>
180 ······<td>Install·iptables·Package</td> 
181 ······<td·xml:lang="en-US"> 
182 ········The·<code>iptables</code>·package·can·be·installed·with·the·following·command: 
183 <pre> 
184 $·sudo·yum·install·iptables</pre> 
185 ······</td> 
186 ······<td·xml:lang="en-US"> 
187 ········<tt>iptables</tt>·controls·the·Linux·kernel·network·packet·filtering 
188 code.·<tt>iptables</tt>·allows·system·operators·to·set·up·firewalls·and·IP 
189 masquerading,·etc. 
190 ······</td> 
191 ····</tr> 
192 ····<tr> 
193 ······<td>Req-1.4.1</td> 
194 ······<td>Enable·Kernel·Parameter·to·Use·TCP·Syncookies·on·Network·Interfaces</td>194 ······<td>Enable·Kernel·Parameter·to·Use·TCP·Syncookies·on·Network·Interfaces</td>
195 ······<td·xml:lang="en-US">195 ······<td·xml:lang="en-US">
196 ········To·set·the·runtime·status·of·the·<code>net.ipv4.tcp_syncookies</code>·kernel·parameter,·run·the·following·command:·<pre>$·sudo·sysctl·-w·net.ipv4.tcp_syncookies=1</pre>196 ········To·set·the·runtime·status·of·the·<code>net.ipv4.tcp_syncookies</code>·kernel·parameter,·run·the·following·command:·<pre>$·sudo·sysctl·-w·net.ipv4.tcp_syncookies=1</pre>
197 To·make·sure·that·the·setting·is·persistent,·add·the·following·line·to·a·file·in·the·directory·<tt>/etc/sysctl.d</tt>:·<pre>net.ipv4.tcp_syncookies·=·1</pre>197 To·make·sure·that·the·setting·is·persistent,·add·the·following·line·to·a·file·in·the·directory·<tt>/etc/sysctl.d</tt>:·<pre>net.ipv4.tcp_syncookies·=·1</pre>
198 ······</td>198 ······</td>
199 ······<td·xml:lang="en-US">199 ······<td·xml:lang="en-US">
200 ········A·TCP·SYN·flood·attack·can·cause·a·denial·of·service·by·filling·a200 ········A·TCP·SYN·flood·attack·can·cause·a·denial·of·service·by·filling·a
Offset 203, 35 lines modifiedOffset 203, 14 lines modified
203 verifying·the·initiator·is·attempting·a·valid·connection·and·is·not·a·flood203 verifying·the·initiator·is·attempting·a·valid·connection·and·is·not·a·flood
204 source.·This·feature·is·activated·when·a·flood·condition·is·detected,·and204 source.·This·feature·is·activated·when·a·flood·condition·is·detected,·and
205 enables·the·system·to·continue·servicing·valid·connection·requests.205 enables·the·system·to·continue·servicing·valid·connection·requests.
206 ······</td>206 ······</td>
207 ····</tr>207 ····</tr>
208 ····<tr>208 ····<tr>
209 ······<td>Req-1.4.2</td>209 ······<td>Req-1.4.2</td>
210 ······<td>Disable·DCCP·Support</td> 
211 ······<td·xml:lang="en-US"> 
212 ········The·Datagram·Congestion·Control·Protocol·(DCCP)·is·a 
213 relatively·new·transport·layer·protocol,·designed·to·support 
214 streaming·media·and·telephony. 
  
215 To·configure·the·system·to·prevent·the·<code>dccp</code> 
216 kernel·module·from·being·loaded,·add·the·following·line·to·the·file·<code>/etc/modprobe.d/dccp.conf</code>: 
217 <pre>install·dccp·/bin/false</pre> 
  
218 To·configure·the·system·to·prevent·the·<code>dccp</code>·from·being·used, 
219 add·the·following·line·to·file·<code>/etc/modprobe.d/dccp.conf</code>: 
220 <pre>blacklist·dccp</pre> 
221 ······</td> 
222 ······<td·xml:lang="en-US"> 
223 ········Disabling·DCCP·protects 
224 the·system·against·exploitation·of·any·flaws·in·its·implementation. 
225 ······</td> 
226 ····</tr> 
227 ····<tr> 
228 ······<td>Req-1.4.2</td> 
229 ······<td>Disable·SCTP·Support</td>210 ······<td>Disable·SCTP·Support</td>
230 ······<td·xml:lang="en-US">211 ······<td·xml:lang="en-US">
231 ········The·Stream·Control·Transmission·Protocol·(SCTP)·is·a212 ········The·Stream·Control·Transmission·Protocol·(SCTP)·is·a
232 transport·layer·protocol,·designed·to·support·the·idea·of213 transport·layer·protocol,·designed·to·support·the·idea·of
233 message-oriented·communication,·with·several·streams·of·messages214 message-oriented·communication,·with·several·streams·of·messages
234 within·one·connection.215 within·one·connection.
  
Offset 245, 58 lines modifiedOffset 224, 75 lines modified
245 ······</td>224 ······</td>
246 ······<td·xml:lang="en-US">225 ······<td·xml:lang="en-US">
247 ········Disabling·SCTP·protects226 ········Disabling·SCTP·protects
248 the·system·against·exploitation·of·any·flaws·in·its·implementation.227 the·system·against·exploitation·of·any·flaws·in·its·implementation.
249 ······</td>228 ······</td>
250 ····</tr>229 ····</tr>
251 ····<tr>230 ····<tr>
 231 ······<td>Req-1.4.2</td>
 232 ······<td>Disable·DCCP·Support</td>
 233 ······<td·xml:lang="en-US">
 234 ········The·Datagram·Congestion·Control·Protocol·(DCCP)·is·a
 235 relatively·new·transport·layer·protocol,·designed·to·support
 236 streaming·media·and·telephony.
  
 237 To·configure·the·system·to·prevent·the·<code>dccp</code>
 238 kernel·module·from·being·loaded,·add·the·following·line·to·the·file·<code>/etc/modprobe.d/dccp.conf</code>:
 239 <pre>install·dccp·/bin/false</pre>
  
 240 To·configure·the·system·to·prevent·the·<code>dccp</code>·from·being·used,
 241 add·the·following·line·to·file·<code>/etc/modprobe.d/dccp.conf</code>:
 242 <pre>blacklist·dccp</pre>
 243 ······</td>
 244 ······<td·xml:lang="en-US">
 245 ········Disabling·DCCP·protects
 246 the·system·against·exploitation·of·any·flaws·in·its·implementation.
 247 ······</td>
 248 ····</tr>
 249 ····<tr>
252 ······<td>Req-1.4.3</td>250 ······<td>Req-1.4.3</td>
253 ······<td>Disable·Kernel·Parameter·for·Accepting·Secure·ICMP·Redirects·on·all·IPv4·Interfaces</td>251 ······<td>Disable·Kernel·Parameter·for·Accepting·Secure·ICMP·Redirects·on·all·IPv4·Interfaces</td>
254 ······<td·xml:lang="en-US">252 ······<td·xml:lang="en-US">
255 ········To·set·the·runtime·status·of·the·<code>net.ipv4.conf.all.secure_redirects</code>·kernel·parameter,·run·the·following·command:·<pre>$·sudo·sysctl·-w·net.ipv4.conf.all.secure_redirects=0</pre>253 ········To·set·the·runtime·status·of·the·<code>net.ipv4.conf.all.secure_redirects</code>·kernel·parameter,·run·the·following·command:·<pre>$·sudo·sysctl·-w·net.ipv4.conf.all.secure_redirects=0</pre>
256 To·make·sure·that·the·setting·is·persistent,·add·the·following·line·to·a·file·in·the·directory·<tt>/etc/sysctl.d</tt>:·<pre>net.ipv4.conf.all.secure_redirects·=·0</pre>254 To·make·sure·that·the·setting·is·persistent,·add·the·following·line·to·a·file·in·the·directory·<tt>/etc/sysctl.d</tt>:·<pre>net.ipv4.conf.all.secure_redirects·=·0</pre>
Max diff block lines reached; 306320/311512 bytes (98.33%) of diff not shown.
495 KB
html2text {}
    
Offset 112, 14 lines modifiedOffset 112, 23 lines modified
112 ·········Incoming·Packets····firewalld.conf·to·be:··································drop·implements112 ·········Incoming·Packets····firewalld.conf·to·be:··································drop·implements
113 ·····························DefaultZone=drop·······································proper·design·for·a113 ·····························DefaultZone=drop·······································proper·design·for·a
114 ····················································································firewall,·i.e.·any114 ····················································································firewall,·i.e.·any
115 ····················································································packets·which·are115 ····················································································packets·which·are
116 ····················································································not·explicitly116 ····················································································not·explicitly
117 ····················································································permitted·should117 ····················································································permitted·should
118 ····················································································not·be·accepted.118 ····················································································not·be·accepted.
 119 ····················································································iptables·controls
 120 ····················································································the·Linux·kernel
 121 ····················································································network·packet
 122 Req-·····Install·iptables····The·iptables·package·can·be·installed·with·the·········filtering·code.
 123 1.4.1····Package·············following·command:·····································iptables·allows
 124 ·····························$·sudo·yum·install·iptables····························system·operators·to
 125 ····················································································set·up·firewalls
 126 ····················································································and·IP
 127 ····················································································masquerading,·etc.
119 ····················································································Loopback·traffic·is128 ····················································································Loopback·traffic·is
120 ····················································································generated·between129 ····················································································generated·between
121 ····················································································processes·on130 ····················································································processes·on
122 ····················································································machine·and·is131 ····················································································machine·and·is
123 ····················································································typically·critical132 ····················································································typically·critical
124 ····················································································to·operation·of·the133 ····················································································to·operation·of·the
125 ····················································································system.·The134 ····················································································system.·The
Offset 129, 23 lines modifiedOffset 138, 14 lines modified
129 ····················································································network·traffic138 ····················································································network·traffic
130 ····················································································should·be·seen,·all139 ····················································································should·be·seen,·all
131 ····················································································other·interfaces140 ····················································································other·interfaces
132 ····················································································should·ignore141 ····················································································should·ignore
133 ····················································································traffic·on·this142 ····················································································traffic·on·this
134 ····················································································network·as·an·anti-143 ····················································································network·as·an·anti-
135 ····················································································spoofing·measure.144 ····················································································spoofing·measure.
136 ····················································································iptables·controls 
137 ····················································································the·Linux·kernel 
138 ····················································································network·packet 
139 Req-·····Install·iptables····The·iptables·package·can·be·installed·with·the·········filtering·code. 
140 1.4.1····Package·············following·command:·····································iptables·allows 
141 ·····························$·sudo·yum·install·iptables····························system·operators·to 
142 ····················································································set·up·firewalls 
143 ····················································································and·IP 
144 ····················································································masquerading,·etc. 
145 ····················································································A·TCP·SYN·flood145 ····················································································A·TCP·SYN·flood
146 ····················································································attack·can·cause·a146 ····················································································attack·can·cause·a
147 ····················································································denial·of·service147 ····················································································denial·of·service
148 ····················································································by·filling·a148 ····················································································by·filling·a
149 ····················································································system's·TCP149 ····················································································system's·TCP
150 ····················································································connection·table150 ····················································································connection·table
151 ····················································································with·connections·in151 ····················································································with·connections·in
Offset 164, 47 lines modifiedOffset 164, 90 lines modified
164 ····················································································flood·condition·is164 ····················································································flood·condition·is
165 ····················································································detected,·and165 ····················································································detected,·and
166 ····················································································enables·the·system166 ····················································································enables·the·system
167 ····················································································to·continue167 ····················································································to·continue
168 ····················································································servicing·valid168 ····················································································servicing·valid
169 ····················································································connection169 ····················································································connection
170 ····················································································requests.170 ····················································································requests.
171 ·····························The·Datagram·Congestion·Control·Protocol·(DCCP)·is·a 
172 ·····························relatively·new·transport·layer·protocol,·designed·to 
173 ·····························support·streaming·media·and·telephony.·To·configure····Disabling·DCCP 
174 ·····························the·system·to·prevent·the·dccp·kernel·module·from······protects·the·system 
175 Req-·····Disable·DCCP········being·loaded,·add·the·following·line·to·the·file·/etc/·against 
176 1.4.2····Support·············modprobe.d/dccp.conf:··································exploitation·of·any 
177 ·····························install·dccp·/bin/false································flaws·in·its 
178 ·····························To·configure·the·system·to·prevent·the·dccp·from·being·implementation. 
179 ·····························used,·add·the·following·line·to·file·/etc/modprobe.d/ 
180 ·····························dccp.conf: 
181 ·····························blacklist·dccp 
182 ·····························The·Stream·Control·Transmission·Protocol·(SCTP)·is·a171 ·····························The·Stream·Control·Transmission·Protocol·(SCTP)·is·a
183 ·····························transport·layer·protocol,·designed·to·support·the·idea172 ·····························transport·layer·protocol,·designed·to·support·the·idea
184 ·····························of·message-oriented·communication,·with·several173 ·····························of·message-oriented·communication,·with·several
185 ·····························streams·of·messages·within·one·connection.·To··········Disabling·SCTP174 ·····························streams·of·messages·within·one·connection.·To··········Disabling·SCTP
186 ·····························configure·the·system·to·prevent·the·sctp·kernel·module·protects·the·system175 ·····························configure·the·system·to·prevent·the·sctp·kernel·module·protects·the·system
187 Req-·····Disable·SCTP········from·being·loaded,·add·the·following·line·to·the·file··against176 Req-·····Disable·SCTP········from·being·loaded,·add·the·following·line·to·the·file··against
188 1.4.2····Support·············/etc/modprobe.d/sctp.conf:·····························exploitation·of·any177 1.4.2····Support·············/etc/modprobe.d/sctp.conf:·····························exploitation·of·any
189 ·····························install·sctp·/bin/false································flaws·in·its178 ·····························install·sctp·/bin/false································flaws·in·its
190 ·····························To·configure·the·system·to·prevent·the·sctp·from·being·implementation.179 ·····························To·configure·the·system·to·prevent·the·sctp·from·being·implementation.
191 ·····························used,·add·the·following·line·to·file·/etc/modprobe.d/180 ·····························used,·add·the·following·line·to·file·/etc/modprobe.d/
192 ·····························sctp.conf:181 ·····························sctp.conf:
193 ·····························blacklist·sctp182 ·····························blacklist·sctp
 183 ·····························The·Datagram·Congestion·Control·Protocol·(DCCP)·is·a
 184 ·····························relatively·new·transport·layer·protocol,·designed·to
 185 ·····························support·streaming·media·and·telephony.·To·configure····Disabling·DCCP
 186 ·····························the·system·to·prevent·the·dccp·kernel·module·from······protects·the·system
 187 Req-·····Disable·DCCP········being·loaded,·add·the·following·line·to·the·file·/etc/·against
 188 1.4.2····Support·············modprobe.d/dccp.conf:··································exploitation·of·any
 189 ·····························install·dccp·/bin/false································flaws·in·its
 190 ·····························To·configure·the·system·to·prevent·the·dccp·from·being·implementation.
 191 ·····························used,·add·the·following·line·to·file·/etc/modprobe.d/
 192 ·····························dccp.conf:
 193 ·····························blacklist·dccp
194 ····················································································Accepting·"secure"194 ····················································································Accepting·"secure"
195 ·····························To·set·the·runtime·status·of·the·······················ICMP·redirects195 ·····························To·set·the·runtime·status·of·the·······················ICMP·redirects
196 ·········Disable·Kernel······net.ipv4.conf.all.secure_redirects·kernel·parameter,···(from·those196 ·········Disable·Kernel······net.ipv4.conf.all.secure_redirects·kernel·parameter,···(from·those
197 ·········Parameter·for·······run·the·following·command:·····························gateways·listed·as197 ·········Parameter·for·······run·the·following·command:·····························gateways·listed·as
198 Req-·····Accepting·Secure····$·sudo·sysctl·-w·net.ipv4.conf.all.secure_redirects=0··default·gateways)198 Req-·····Accepting·Secure····$·sudo·sysctl·-w·net.ipv4.conf.all.secure_redirects=0··default·gateways)
199 1.4.3····ICMP·Redirects·on···To·make·sure·that·the·setting·is·persistent,·add·the···has·few·legitimate199 1.4.3····ICMP·Redirects·on···To·make·sure·that·the·setting·is·persistent,·add·the···has·few·legitimate
200 ·········all·IPv4·Interfaces·following·line·to·a·file·in·the·directory·/etc/········uses.·It·should·be200 ·········all·IPv4·Interfaces·following·line·to·a·file·in·the·directory·/etc/········uses.·It·should·be
201 ·····························sysctl.d:··············································disabled·unless·it201 ·····························sysctl.d:··············································disabled·unless·it
202 ·····························net.ipv4.conf.all.secure_redirects·=·0·················is·absolutely202 ·····························net.ipv4.conf.all.secure_redirects·=·0·················is·absolutely
203 ····················································································required.203 ····················································································required.
 204 ····················································································Responding·to
 205 ····················································································broadcast·(ICMP)
 206 ····················································································echoes·facilitates
 207 ·····························To·set·the·runtime·status·of·the·······················network·mapping·and
 208 ·····························net.ipv4.icmp_echo_ignore_broadcasts·kernel·parameter,·provides·a·vector
 209 ·········Enable·Kernel·······run·the·following·command:·····························for·amplification
 210 ·········Parameter·to·Ignore·$·sudo·sysctl·-········································attacks.
 211 Req-·····ICMP·Broadcast·Echo·w·net.ipv4.icmp_echo_ignore_broadcasts=1···············Ignoring·ICMP·echo
 212 1.4.3····Requests·on·IPv4····To·make·sure·that·the·setting·is·persistent,·add·the···requests·(pings)
 213 ·········Interfaces··········following·line·to·a·file·in·the·directory·/etc/········sent·to·broadcast
 214 ·····························sysctl.d:··············································or·multicast
 215 ·····························net.ipv4.icmp_echo_ignore_broadcasts·=·1···············addresses·makes·the
 216 ····················································································system·slightly
 217 ····················································································more·difficult·to
 218 ····················································································enumerate·on·the
 219 ····················································································network.
 220 ····················································································Enabling·reverse
 221 ····················································································path·filtering
 222 ····················································································drops·packets·with
 223 ····················································································source·addresses
 224 ····················································································that·should·not
 225 ·····························To·set·the·runtime·status·of·the·······················have·been·able·to
 226 ·········Enable·Kernel·······net.ipv4.conf.all.rp_filter·kernel·parameter,·run·the··be·received·on·the
 227 ·········Parameter·to·Use····following·command:·····································interface·they·were
 228 Req-·····Reverse·Path········$·sudo·sysctl·-w·net.ipv4.conf.all.rp_filter=1·········received·on.·It
 229 1.4.3····Filtering·on·all····To·make·sure·that·the·setting·is·persistent,·add·the···should·not·be·used
 230 ·········IPv4·Interfaces·····following·line·to·a·file·in·the·directory·/etc/········on·systems·which
 231 ·····························sysctl.d:··············································are·routers·for
Max diff block lines reached; 493406/507087 bytes (97.30%) of diff not shown.
885 B
./usr/share/scap-security-guide/ansible/cs10-playbook-stig.yml
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 ····var_accounts_passwords_pam_faillock_dir:·!!str·/var/log/faillock43 ····var_accounts_passwords_pam_faillock_dir:·!!str·/var/log/faillock
44 ····var_accounts_passwords_pam_faillock_fail_interval:·!!str·90044 ····var_accounts_passwords_pam_faillock_fail_interval:·!!str·900
45 ····var_accounts_passwords_pam_faillock_unlock_time:·!!str·045 ····var_accounts_passwords_pam_faillock_unlock_time:·!!str·0
46 ····var_password_pam_dcredit:·!!str·-146 ····var_password_pam_dcredit:·!!str·-1
47 ····var_password_pam_dictcheck:·!!str·147 ····var_password_pam_dictcheck:·!!str·1
48 ····var_password_pam_difok:·!!str·848 ····var_password_pam_difok:·!!str·8
49 ····var_password_pam_lcredit:·!!str·-149 ····var_password_pam_lcredit:·!!str·-1
50 ····var_password_pam_maxclassrepeat:·!!str·450 ····var_password_pam_maxclassrepeat:·!!str·3
51 ····var_password_pam_maxrepeat:·!!str·351 ····var_password_pam_maxrepeat:·!!str·3
52 ····var_password_pam_minclass:·!!str·452 ····var_password_pam_minclass:·!!str·4
53 ····var_password_pam_minlen:·!!str·1553 ····var_password_pam_minlen:·!!str·15
54 ····var_password_pam_ocredit:·!!str·-154 ····var_password_pam_ocredit:·!!str·-1
55 ····var_password_pam_retry:·!!str·355 ····var_password_pam_retry:·!!str·3
56 ····var_password_pam_ucredit:·!!str·-156 ····var_password_pam_ucredit:·!!str·-1
57 ····var_password_hashing_algorithm_pam:·!!str·yescrypt57 ····var_password_hashing_algorithm_pam:·!!str·yescrypt
893 B
./usr/share/scap-security-guide/ansible/cs10-playbook-stig_gui.yml
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 ····var_accounts_passwords_pam_faillock_dir:·!!str·/var/log/faillock43 ····var_accounts_passwords_pam_faillock_dir:·!!str·/var/log/faillock
44 ····var_accounts_passwords_pam_faillock_fail_interval:·!!str·90044 ····var_accounts_passwords_pam_faillock_fail_interval:·!!str·900
45 ····var_accounts_passwords_pam_faillock_unlock_time:·!!str·045 ····var_accounts_passwords_pam_faillock_unlock_time:·!!str·0
46 ····var_password_pam_dcredit:·!!str·-146 ····var_password_pam_dcredit:·!!str·-1
47 ····var_password_pam_dictcheck:·!!str·147 ····var_password_pam_dictcheck:·!!str·1
48 ····var_password_pam_difok:·!!str·848 ····var_password_pam_difok:·!!str·8
49 ····var_password_pam_lcredit:·!!str·-149 ····var_password_pam_lcredit:·!!str·-1
50 ····var_password_pam_maxclassrepeat:·!!str·450 ····var_password_pam_maxclassrepeat:·!!str·3
51 ····var_password_pam_maxrepeat:·!!str·351 ····var_password_pam_maxrepeat:·!!str·3
52 ····var_password_pam_minclass:·!!str·452 ····var_password_pam_minclass:·!!str·4
53 ····var_password_pam_minlen:·!!str·1553 ····var_password_pam_minlen:·!!str·15
54 ····var_password_pam_ocredit:·!!str·-154 ····var_password_pam_ocredit:·!!str·-1
55 ····var_password_pam_retry:·!!str·355 ····var_password_pam_retry:·!!str·3
56 ····var_password_pam_ucredit:·!!str·-156 ····var_password_pam_ucredit:·!!str·-1
57 ····var_password_hashing_algorithm_pam:·!!str·yescrypt57 ····var_password_hashing_algorithm_pam:·!!str·yescrypt
885 B
./usr/share/scap-security-guide/ansible/ol10-playbook-stig.yml
    
Offset 41, 15 lines modifiedOffset 41, 15 lines modified
41 ····var_accounts_passwords_pam_faillock_dir:·!!str·/var/log/faillock41 ····var_accounts_passwords_pam_faillock_dir:·!!str·/var/log/faillock
42 ····var_accounts_passwords_pam_faillock_fail_interval:·!!str·90042 ····var_accounts_passwords_pam_faillock_fail_interval:·!!str·900
43 ····var_accounts_passwords_pam_faillock_unlock_time:·!!str·043 ····var_accounts_passwords_pam_faillock_unlock_time:·!!str·0
44 ····var_password_pam_dcredit:·!!str·-144 ····var_password_pam_dcredit:·!!str·-1
45 ····var_password_pam_dictcheck:·!!str·145 ····var_password_pam_dictcheck:·!!str·1
46 ····var_password_pam_difok:·!!str·846 ····var_password_pam_difok:·!!str·8
47 ····var_password_pam_lcredit:·!!str·-147 ····var_password_pam_lcredit:·!!str·-1
48 ····var_password_pam_maxclassrepeat:·!!str·448 ····var_password_pam_maxclassrepeat:·!!str·3
49 ····var_password_pam_maxrepeat:·!!str·349 ····var_password_pam_maxrepeat:·!!str·3
50 ····var_password_pam_minclass:·!!str·450 ····var_password_pam_minclass:·!!str·4
51 ····var_password_pam_minlen:·!!str·1551 ····var_password_pam_minlen:·!!str·15
52 ····var_password_pam_ocredit:·!!str·-152 ····var_password_pam_ocredit:·!!str·-1
53 ····var_password_pam_retry:·!!str·353 ····var_password_pam_retry:·!!str·3
54 ····var_password_pam_ucredit:·!!str·-154 ····var_password_pam_ucredit:·!!str·-1
55 ····var_password_hashing_algorithm_pam:·!!str·yescrypt55 ····var_password_hashing_algorithm_pam:·!!str·yescrypt
893 B
./usr/share/scap-security-guide/ansible/ol10-playbook-stig_gui.yml
    
Offset 41, 15 lines modifiedOffset 41, 15 lines modified
41 ····var_accounts_passwords_pam_faillock_dir:·!!str·/var/log/faillock41 ····var_accounts_passwords_pam_faillock_dir:·!!str·/var/log/faillock
42 ····var_accounts_passwords_pam_faillock_fail_interval:·!!str·90042 ····var_accounts_passwords_pam_faillock_fail_interval:·!!str·900
43 ····var_accounts_passwords_pam_faillock_unlock_time:·!!str·043 ····var_accounts_passwords_pam_faillock_unlock_time:·!!str·0
44 ····var_password_pam_dcredit:·!!str·-144 ····var_password_pam_dcredit:·!!str·-1
45 ····var_password_pam_dictcheck:·!!str·145 ····var_password_pam_dictcheck:·!!str·1
46 ····var_password_pam_difok:·!!str·846 ····var_password_pam_difok:·!!str·8
47 ····var_password_pam_lcredit:·!!str·-147 ····var_password_pam_lcredit:·!!str·-1
48 ····var_password_pam_maxclassrepeat:·!!str·448 ····var_password_pam_maxclassrepeat:·!!str·3
49 ····var_password_pam_maxrepeat:·!!str·349 ····var_password_pam_maxrepeat:·!!str·3
50 ····var_password_pam_minclass:·!!str·450 ····var_password_pam_minclass:·!!str·4
51 ····var_password_pam_minlen:·!!str·1551 ····var_password_pam_minlen:·!!str·15
52 ····var_password_pam_ocredit:·!!str·-152 ····var_password_pam_ocredit:·!!str·-1
53 ····var_password_pam_retry:·!!str·353 ····var_password_pam_retry:·!!str·3
54 ····var_password_pam_ucredit:·!!str·-154 ····var_password_pam_ucredit:·!!str·-1
55 ····var_password_hashing_algorithm_pam:·!!str·yescrypt55 ····var_password_hashing_algorithm_pam:·!!str·yescrypt
889 B
./usr/share/scap-security-guide/ansible/rhel10-playbook-stig.yml
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 ····var_accounts_passwords_pam_faillock_dir:·!!str·/var/log/faillock43 ····var_accounts_passwords_pam_faillock_dir:·!!str·/var/log/faillock
44 ····var_accounts_passwords_pam_faillock_fail_interval:·!!str·90044 ····var_accounts_passwords_pam_faillock_fail_interval:·!!str·900
45 ····var_accounts_passwords_pam_faillock_unlock_time:·!!str·045 ····var_accounts_passwords_pam_faillock_unlock_time:·!!str·0
46 ····var_password_pam_dcredit:·!!str·-146 ····var_password_pam_dcredit:·!!str·-1
47 ····var_password_pam_dictcheck:·!!str·147 ····var_password_pam_dictcheck:·!!str·1
48 ····var_password_pam_difok:·!!str·848 ····var_password_pam_difok:·!!str·8
49 ····var_password_pam_lcredit:·!!str·-149 ····var_password_pam_lcredit:·!!str·-1
50 ····var_password_pam_maxclassrepeat:·!!str·450 ····var_password_pam_maxclassrepeat:·!!str·3
51 ····var_password_pam_maxrepeat:·!!str·351 ····var_password_pam_maxrepeat:·!!str·3
52 ····var_password_pam_minclass:·!!str·452 ····var_password_pam_minclass:·!!str·4
53 ····var_password_pam_minlen:·!!str·1553 ····var_password_pam_minlen:·!!str·15
54 ····var_password_pam_ocredit:·!!str·-154 ····var_password_pam_ocredit:·!!str·-1
55 ····var_password_pam_retry:·!!str·355 ····var_password_pam_retry:·!!str·3
56 ····var_password_pam_ucredit:·!!str·-156 ····var_password_pam_ucredit:·!!str·-1
57 ····var_password_hashing_algorithm_pam:·!!str·yescrypt57 ····var_password_hashing_algorithm_pam:·!!str·yescrypt
897 B
./usr/share/scap-security-guide/ansible/rhel10-playbook-stig_gui.yml
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 ····var_accounts_passwords_pam_faillock_dir:·!!str·/var/log/faillock43 ····var_accounts_passwords_pam_faillock_dir:·!!str·/var/log/faillock
44 ····var_accounts_passwords_pam_faillock_fail_interval:·!!str·90044 ····var_accounts_passwords_pam_faillock_fail_interval:·!!str·900
45 ····var_accounts_passwords_pam_faillock_unlock_time:·!!str·045 ····var_accounts_passwords_pam_faillock_unlock_time:·!!str·0
46 ····var_password_pam_dcredit:·!!str·-146 ····var_password_pam_dcredit:·!!str·-1
47 ····var_password_pam_dictcheck:·!!str·147 ····var_password_pam_dictcheck:·!!str·1
48 ····var_password_pam_difok:·!!str·848 ····var_password_pam_difok:·!!str·8
49 ····var_password_pam_lcredit:·!!str·-149 ····var_password_pam_lcredit:·!!str·-1
50 ····var_password_pam_maxclassrepeat:·!!str·450 ····var_password_pam_maxclassrepeat:·!!str·3
51 ····var_password_pam_maxrepeat:·!!str·351 ····var_password_pam_maxrepeat:·!!str·3
52 ····var_password_pam_minclass:·!!str·452 ····var_password_pam_minclass:·!!str·4
53 ····var_password_pam_minlen:·!!str·1553 ····var_password_pam_minlen:·!!str·15
54 ····var_password_pam_ocredit:·!!str·-154 ····var_password_pam_ocredit:·!!str·-1
55 ····var_password_pam_retry:·!!str·355 ····var_password_pam_retry:·!!str·3
56 ····var_password_pam_ucredit:·!!str·-156 ····var_password_pam_ucredit:·!!str·-1
57 ····var_password_hashing_algorithm_pam:·!!str·yescrypt57 ····var_password_hashing_algorithm_pam:·!!str·yescrypt
1.31 KB
./usr/share/scap-security-guide/tailoring/ol8_stig_delta_tailoring.xml
1.18 KB
./usr/share/scap-security-guide/tailoring/ol8_stig_delta_tailoring.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">
3 ··<xccdf-1.2:version·time="2025-02-28T20:08:00">1</xccdf-1.2:version>3 ··<xccdf-1.2:version·time="2025-03-01T22:08:00">1</xccdf-1.2:version>
4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">
5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Oracle·Linux·8</xccdf-1.2:title>5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Oracle·Linux·8</xccdf-1.2:title>
6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the
7 DISA·STIG·for·Oracle·Linux·8·V2R3.</xccdf-1.2:description>7 DISA·STIG·for·Oracle·Linux·8·V2R3.</xccdf-1.2:description>
8 ····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs"·selected="false"/>8 ····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs"·selected="false"/>
9 ····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_logon_fail_delay"·selected="false"/>9 ····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_logon_fail_delay"·selected="false"/>
10 ····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions"·selected="false"/>10 ····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions"·selected="false"/>
1.12 KB
./usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml
999 B
./usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">
3 ··<xccdf-1.2:version·time="2025-02-28T20:08:00">1</xccdf-1.2:version>3 ··<xccdf-1.2:version·time="2025-03-01T22:08:00">1</xccdf-1.2:version>
4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">
5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>
6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the
7 DISA·STIG·for·Red·Hat·Enterprise·Linux·8·V2R2.7 DISA·STIG·for·Red·Hat·Enterprise·Linux·8·V2R2.
  
8 In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·8,·this8 In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·8,·this
9 configuration·baseline·is·applicable·to·the·operating·system·tier·of9 configuration·baseline·is·applicable·to·the·operating·system·tier·of
1.12 KB
./usr/share/scap-security-guide/tailoring/rhel9_stig_delta_tailoring.xml
999 B
./usr/share/scap-security-guide/tailoring/rhel9_stig_delta_tailoring.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">
3 ··<xccdf-1.2:version·time="2025-02-28T20:08:00">1</xccdf-1.2:version>3 ··<xccdf-1.2:version·time="2025-03-01T22:08:00">1</xccdf-1.2:version>
4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">
5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>
6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the
7 DISA·STIG·for·Red·Hat·Enterprise·Linux·9·V2R3.7 DISA·STIG·for·Red·Hat·Enterprise·Linux·9·V2R3.
  
8 In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·9,·this8 In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·9,·this
9 configuration·baseline·is·applicable·to·the·operating·system·tier·of9 configuration·baseline·is·applicable·to·the·operating·system·tier·of
3.76 MB
./usr/share/xml/scap/ssg/content/ssg-al2023-ds.xml
3.76 MB
./usr/share/xml/scap/ssg/content/ssg-al2023-ds.xml
Max HTML report size reached
718 KB
./usr/share/xml/scap/ssg/content/ssg-al2023-ocil.xml
718 KB
./usr/share/xml/scap/ssg/content/ssg-al2023-ocil.xml
Ordering differences only
    
Offset 3, 2991 lines modifiedOffset 3, 2991 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-package_aide_installed_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-set_password_hashing_algorithm_systemauth_ocil:questionnaire:1">
 11 ······<ocil:title>Set·PAM''s·Password·Hashing·Algorithm</ocil:title>
11 ······<ocil:title>Install·AIDE</ocil:title> 
12 ······<ocil:actions> 
13 ········<ocil:test_action_ref>ocil:ssg-package_aide_installed_action:testaction:1</ocil:test_action_ref> 
14 ······</ocil:actions> 
15 ····</ocil:questionnaire> 
16 ····<ocil:questionnaire·id="ocil:ssg-file_cron_deny_not_exist_ocil:questionnaire:1"> 
17 ······<ocil:title>Ensure·that·/etc/cron.deny·does·not·exist</ocil:title> 
18 ······<ocil:actions>12 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-file_cron_deny_not_exist_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-set_password_hashing_algorithm_systemauth_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>14 ······</ocil:actions>
21 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_group_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-package_avahi_removed_ocil:questionnaire:1">
23 ······<ocil:title>Verify·Permissions·on·Backup·group·File</ocil:title>17 ······<ocil:title>Uninstall·avahi·Server·Package</ocil:title>
24 ······<ocil:actions>18 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_group_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-package_avahi_removed_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>20 ······</ocil:actions>
27 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-service_nftables_disabled_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_yama_ptrace_scope_ocil:questionnaire:1">
29 ······<ocil:title>Verify·nftables·Service·is·Disabled</ocil:title>23 ······<ocil:title>Restrict·usage·of·ptrace·to·descendant·processes</ocil:title>
30 ······<ocil:actions>24 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-service_nftables_disabled_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_yama_ptrace_scope_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>26 ······</ocil:actions>
33 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lremovexattr_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-mount_option_dev_shm_nosuid_ocil:questionnaire:1">
35 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·lremovexattr</ocil:title>29 ······<ocil:title>Add·nosuid·Option·to·/dev/shm</ocil:title>
36 ······<ocil:actions>30 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_lremovexattr_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nosuid_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>32 ······</ocil:actions>
39 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_d_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
41 ······<ocil:title>Verify·Owner·on·cron.d</ocil:title>35 ······<ocil:title>Configure·auditd·mail_acct·Action·on·Low·Disk·Space</ocil:title>
42 ······<ocil:actions>36 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-file_owner_cron_d_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>38 ······</ocil:actions>
45 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-banner_etc_motd_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-banner_etc_motd_ocil:questionnaire:1">
47 ······<ocil:title>Modify·the·System·Message·of·the·Day·Banner</ocil:title>41 ······<ocil:title>Modify·the·System·Message·of·the·Day·Banner</ocil:title>
48 ······<ocil:actions>42 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-banner_etc_motd_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-banner_etc_motd_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>44 ······</ocil:actions>
51 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-package_audit_installed_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_monthly_ocil:questionnaire:1">
 47 ······<ocil:title>Verify·Group·Who·Owns·cron.monthly</ocil:title>
53 ······<ocil:title>Ensure·the·audit·Subsystem·is·Installed</ocil:title> 
54 ······<ocil:actions> 
55 ········<ocil:test_action_ref>ocil:ssg-package_audit_installed_action:testaction:1</ocil:test_action_ref> 
56 ······</ocil:actions> 
57 ····</ocil:questionnaire> 
58 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_accept_source_route_ocil:questionnaire:1"> 
59 ······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·all·IPv6·Interfaces</ocil:title> 
60 ······<ocil:actions>48 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_monthly_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>50 ······</ocil:actions>
63 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_allow_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_x11_forwarding_ocil:questionnaire:1">
65 ······<ocil:title>Verify·Group·Who·Owns·/etc/cron.allow·file</ocil:title>53 ······<ocil:title>Disable·X11·Forwarding</ocil:title>
66 ······<ocil:actions>54 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_allow_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_x11_forwarding_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>56 ······</ocil:actions>
69 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_d_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-accounts_user_dot_user_ownership_ocil:questionnaire:1">
71 ······<ocil:title>Verify·Group·Who·Owns·cron.d</ocil:title>59 ······<ocil:title>User·Initialization·Files·Must·Be·Owned·By·the·Primary·User</ocil:title>
72 ······<ocil:actions>60 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_d_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-accounts_user_dot_user_ownership_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>62 ······</ocil:actions>
75 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_at_allow_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_issue_net_ocil:questionnaire:1">
77 ······<ocil:title>Verify·Permissions·on·/etc/at.allow·file</ocil:title>65 ······<ocil:title>Verify·Group·Ownership·of·System·Login·Banner·for·Remote·Connections</ocil:title>
78 ······<ocil:actions>66 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-file_permissions_at_allow_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_issue_net_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>68 ······</ocil:actions>
81 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_user_cfg_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_gshadow_ocil:questionnaire:1">
83 ······<ocil:title>Verify·/boot/grub2/user.cfg·Group·Ownership</ocil:title>71 ······<ocil:title>Verify·Group·Who·Owns·gshadow·File</ocil:title>
84 ······<ocil:actions>72 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_user_cfg_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_gshadow_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>74 ······</ocil:actions>
87 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-dir_perms_world_writable_sticky_bits_ocil:questionnaire:1"> 
89 ······<ocil:title>Verify·that·All·World-Writable·Directories·Have·Sticky·Bits·Set</ocil:title>76 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_accept_redirects_ocil:questionnaire:1">
 77 ······<ocil:title>Disable·Kernel·Parameter·for·Accepting·ICMP·Redirects·by·Default·on·IPv4·Interfaces</ocil:title>
90 ······<ocil:actions>78 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-dir_perms_world_writable_sticky_bits_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_accept_redirects_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>80 ······</ocil:actions>
93 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-accounts_password_set_min_life_existing_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-mount_option_tmp_nodev_ocil:questionnaire:1">
95 ······<ocil:title>Set·Existing·Passwords·Minimum·Age</ocil:title>83 ······<ocil:title>Add·nodev·Option·to·/tmp</ocil:title>
96 ······<ocil:actions>84 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-accounts_password_set_min_life_existing_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-mount_option_tmp_nodev_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>86 ······</ocil:actions>
99 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_group_ocil:questionnaire:1"> 
101 ······<ocil:title>Verify·Group·Who·Owns·group·File</ocil:title>88 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_log_martians_ocil:questionnaire:1">
 89 ······<ocil:title>Enable·Kernel·Paremeter·to·Log·Martian·Packets·on·all·IPv4·Interfaces·by·Default</ocil:title>
102 ······<ocil:actions>90 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_group_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_log_martians_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>92 ······</ocil:actions>
105 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_gshadow_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_shadow_ocil:questionnaire:1">
107 ······<ocil:title>Verify·Permissions·on·Backup·gshadow·File</ocil:title>95 ······<ocil:title>Verify·Permissions·on·shadow·File</ocil:title>
108 ······<ocil:actions>96 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_shadow_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>98 ······</ocil:actions>
111 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_admin_space_left_action_ocil:questionnaire:1"> 
113 ······<ocil:title>Configure·auditd·admin_space_left·Action·on·Low·Disk·Space</ocil:title>100 ····<ocil:questionnaire·id="ocil:ssg-package_aide_installed_ocil:questionnaire:1">
 101 ······<ocil:title>Install·AIDE</ocil:title>
114 ······<ocil:actions>102 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_admin_space_left_action_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-package_aide_installed_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>104 ······</ocil:actions>
117 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_kernel_module_loading_query_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-accounts_root_gid_zero_ocil:questionnaire:1">
119 ······<ocil:title>Ensure·auditd·Collects·Information·on·Kernel·Module·Loading·and·Unloading·-·query_module</ocil:title>107 ······<ocil:title>Verify·Root·Has·A·Primary·GID·0</ocil:title>
120 ······<ocil:actions>108 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_query_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-accounts_root_gid_zero_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>110 ······</ocil:actions>
123 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
124 ····<ocil:questionnaire·id="ocil:ssg-postfix_network_listening_disabled_ocil:questionnaire:1"> 
Max diff block lines reached; 722911/734919 bytes (98.37%) of diff not shown.
2.89 MB
./usr/share/xml/scap/ssg/content/ssg-al2023-xccdf.xml
2.89 MB
./usr/share/xml/scap/ssg/content/ssg-al2023-xccdf.xml
Max HTML report size reached
1.48 MB
./usr/share/xml/scap/ssg/content/ssg-alinux2-ds.xml
1.48 MB
./usr/share/xml/scap/ssg/content/ssg-alinux2-ds.xml
    
Offset 19, 23 lines modifiedOffset 19, 23 lines modified
19 ····</ds:checklists>19 ····</ds:checklists>
20 ····<ds:checks>20 ····<ds:checks>
21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-alinux2-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-alinux2-oval.xml"/>21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-alinux2-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-alinux2-oval.xml"/>
22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-alinux2-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-alinux2-ocil.xml"/>22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-alinux2-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-alinux2-ocil.xml"/>
23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-alinux2-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-alinux2-cpe-oval.xml"/>23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-alinux2-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-alinux2-cpe-oval.xml"/>
24 ····</ds:checks>24 ····</ds:checks>
25 ··</ds:data-stream>25 ··</ds:data-stream>
26 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux2-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">26 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux2-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28 ······<cpe-dict:cpe-item·name="cpe:/o:alinux:alibaba_cloud_linux:2">28 ······<cpe-dict:cpe-item·name="cpe:/o:alinux:alibaba_cloud_linux:2">
29 ········<cpe-dict:title·xml:lang="en-us">Alibaba·Cloud·Linux·2</cpe-dict:title>29 ········<cpe-dict:title·xml:lang="en-us">Alibaba·Cloud·Linux·2</cpe-dict:title>
30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml">oval:ssg-installed_OS_is_alinux2:def:1</cpe-dict:check>30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml">oval:ssg-installed_OS_is_alinux2:def:1</cpe-dict:check>
31 ······</cpe-dict:cpe-item>31 ······</cpe-dict:cpe-item>
32 ····</cpe-dict:cpe-list>32 ····</cpe-dict:cpe-list>
33 ··</ds:component>33 ··</ds:component>
34 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux2-xccdf.xml"·timestamp="2025-02-28T20:08:00">34 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux2-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ALINUX-2"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">35 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ALINUX-2"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>36 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·2</xccdf-1.2:title>37 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·2</xccdf-1.2:title>
38 ······<xccdf-1.2:description>38 ······<xccdf-1.2:description>
39 ········This·guide·presents·a·catalog·of·security-relevant39 ········This·guide·presents·a·catalog·of·security-relevant
40 configuration·settings·for·Alibaba·Cloud·Linux·2.·It·is·a·rendering·of40 configuration·settings·for·Alibaba·Cloud·Linux·2.·It·is·a·rendering·of
41 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)41 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 104, 228 lines modifiedOffset 104, 228 lines modified
104 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>104 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
105 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>105 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
106 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>106 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
107 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>107 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
108 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>108 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
109 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>109 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
110 ······<cpe-lang:platform-specification>110 ······<cpe-lang:platform-specification>
111 ········<cpe-lang:platform·id="ipv6_enabled">111 ········<cpe-lang:platform·id="package_shadow-utils">
112 ··········<cpe-lang:logical-test·operator="AND"·negate="false">112 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
113 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-ipv6_enabled:def:1"/>113 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
114 ··········</cpe-lang:logical-test>114 ··········</cpe-lang:logical-test>
115 ········</cpe-lang:platform>115 ········</cpe-lang:platform>
116 ········<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">116 ········<cpe-lang:platform·id="package_ntp">
117 ··········<cpe-lang:logical-test·operator="OR"·negate="false">117 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
118 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/> 
119 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>118 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_ntp:def:1"/>
120 ··········</cpe-lang:logical-test>119 ··········</cpe-lang:logical-test>
121 ········</cpe-lang:platform>120 ········</cpe-lang:platform>
122 ········<cpe-lang:platform·id="grub2">121 ········<cpe-lang:platform·id="aarch64_arch">
123 ··········<cpe-lang:logical-test·operator="AND"·negate="false">122 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
124 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/>123 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
125 ··········</cpe-lang:logical-test>124 ··········</cpe-lang:logical-test>
126 ········</cpe-lang:platform>125 ········</cpe-lang:platform>
127 ········<cpe-lang:platform·id="machine">126 ········<cpe-lang:platform·id="machine">
128 ··········<cpe-lang:logical-test·operator="AND"·negate="false">127 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
129 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>128 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>
130 ··········</cpe-lang:logical-test>129 ··········</cpe-lang:logical-test>
131 ········</cpe-lang:platform>130 ········</cpe-lang:platform>
132 ········<cpe-lang:platform·id="package_iptables">131 ········<cpe-lang:platform·id="x86_64_arch">
133 ··········<cpe-lang:logical-test·operator="AND"·negate="false">132 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
134 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>133 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
135 ··········</cpe-lang:logical-test>134 ··········</cpe-lang:logical-test>
136 ········</cpe-lang:platform>135 ········</cpe-lang:platform>
137 ········<cpe-lang:platform·id="not_aarch64_arch">136 ········<cpe-lang:platform·id="system_with_kernel">
138 ··········<cpe-lang:logical-test·operator="AND"·negate="true">137 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
139 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>138 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
140 ··········</cpe-lang:logical-test>139 ··········</cpe-lang:logical-test>
141 ········</cpe-lang:platform>140 ········</cpe-lang:platform>
142 ········<cpe-lang:platform·id="package_ntp">141 ········<cpe-lang:platform·id="package_logrotate">
143 ··········<cpe-lang:logical-test·operator="AND"·negate="false">142 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
144 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_ntp:def:1"/>143 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>
145 ··········</cpe-lang:logical-test>144 ··········</cpe-lang:logical-test>
146 ········</cpe-lang:platform>145 ········</cpe-lang:platform>
147 ········<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">146 ········<cpe-lang:platform·id="package_sudo">
148 ··········<cpe-lang:logical-test·operator="AND"·negate="false">147 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
149 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>148 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
150 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>149 ··········</cpe-lang:logical-test>
 150 ········</cpe-lang:platform>
 151 ········<cpe-lang:platform·id="not_aarch64_arch">
 152 ··········<cpe-lang:logical-test·operator="AND"·negate="true">
151 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>153 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
152 ··········</cpe-lang:logical-test>154 ··········</cpe-lang:logical-test>
153 ········</cpe-lang:platform>155 ········</cpe-lang:platform>
154 ········<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">156 ········<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">
155 ··········<cpe-lang:logical-test·operator="AND"·negate="false">157 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
156 ············<cpe-lang:logical-test·operator="AND"·negate="true">158 ············<cpe-lang:logical-test·operator="AND"·negate="true">
157 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>159 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
158 ············</cpe-lang:logical-test>160 ············</cpe-lang:logical-test>
159 ············<cpe-lang:logical-test·operator="AND"·negate="true">161 ············<cpe-lang:logical-test·operator="AND"·negate="true">
160 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>162 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>
161 ············</cpe-lang:logical-test>163 ············</cpe-lang:logical-test>
162 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>164 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
163 ··········</cpe-lang:logical-test>165 ··········</cpe-lang:logical-test>
164 ········</cpe-lang:platform>166 ········</cpe-lang:platform>
165 ········<cpe-lang:platform·id="package_pam">167 ········<cpe-lang:platform·id="package_yum">
166 ··········<cpe-lang:logical-test·operator="AND"·negate="false">168 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
167 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>169 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_yum:def:1"/>
168 ··········</cpe-lang:logical-test>170 ··········</cpe-lang:logical-test>
169 ········</cpe-lang:platform>171 ········</cpe-lang:platform>
170 ········<cpe-lang:platform·id="package_firewalld">172 ········<cpe-lang:platform·id="package_firewalld">
171 ··········<cpe-lang:logical-test·operator="AND"·negate="false">173 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
172 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>174 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>
173 ··········</cpe-lang:logical-test>175 ··········</cpe-lang:logical-test>
174 ········</cpe-lang:platform>176 ········</cpe-lang:platform>
 177 ········<cpe-lang:platform·id="package_systemd">
 178 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 179 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_systemd:def:1"/>
 180 ··········</cpe-lang:logical-test>
 181 ········</cpe-lang:platform>
 182 ········<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">
 183 ··········<cpe-lang:logical-test·operator="OR"·negate="false">
 184 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
 185 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
 186 ··········</cpe-lang:logical-test>
 187 ········</cpe-lang:platform>
175 ········<cpe-lang:platform·id="package_rsyslog">188 ········<cpe-lang:platform·id="package_rsyslog">
176 ··········<cpe-lang:logical-test·operator="AND"·negate="false">189 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
177 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>190 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>
178 ··········</cpe-lang:logical-test>191 ··········</cpe-lang:logical-test>
179 ········</cpe-lang:platform>192 ········</cpe-lang:platform>
180 ········<cpe-lang:platform·id="package_logrotate">193 ········<cpe-lang:platform·id="package_gdm">
181 ··········<cpe-lang:logical-test·operator="AND"·negate="false">194 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
182 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>195 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>
183 ··········</cpe-lang:logical-test>196 ··········</cpe-lang:logical-test>
184 ········</cpe-lang:platform>197 ········</cpe-lang:platform>
185 ········<cpe-lang:platform·id="package_audit">198 ········<cpe-lang:platform·id="package_postfix">
186 ··········<cpe-lang:logical-test·operator="AND"·negate="false">199 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
187 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>200 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_postfix:def:1"/>
188 ··········</cpe-lang:logical-test>201 ··········</cpe-lang:logical-test>
189 ········</cpe-lang:platform>202 ········</cpe-lang:platform>
190 ········<cpe-lang:platform·id="package_yum">203 ········<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">
191 ··········<cpe-lang:logical-test·operator="AND"·negate="false">204 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
192 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_yum:def:1"/>205 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
Max diff block lines reached; 1537024/1550819 bytes (99.11%) of diff not shown.
858 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-ocil.xml
858 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-ocil.xml
Ordering differences only
    
Offset 3, 6946 lines modifiedOffset 3, 6649 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
 10 ····<ocil:questionnaire·id="ocil:ssg-disallow_bypass_password_sudo_ocil:questionnaire:1">
 11 ······<ocil:title>Disallow·Configuration·to·Bypass·Password·Requirements·for·Privilege·Escalation</ocil:title>
10 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_notifiers_ocil:questionnaire:1"> 
11 ······<ocil:title>Enable·checks·on·notifier·call·chains</ocil:title> 
12 ······<ocil:actions> 
13 ········<ocil:test_action_ref>ocil:ssg-kernel_config_debug_notifiers_action:testaction:1</ocil:test_action_ref> 
14 ······</ocil:actions> 
15 ····</ocil:questionnaire> 
16 ····<ocil:questionnaire·id="ocil:ssg-accounts_maximum_age_login_defs_ocil:questionnaire:1"> 
17 ······<ocil:title>Set·Password·Maximum·Age</ocil:title> 
18 ······<ocil:actions>12 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-accounts_maximum_age_login_defs_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-disallow_bypass_password_sudo_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>14 ······</ocil:actions>
21 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_immutable_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-gnome_gdm_disable_xdmcp_ocil:questionnaire:1">
23 ······<ocil:title>Make·the·auditd·Configuration·Immutable</ocil:title>17 ······<ocil:title>Disable·XDMCP·in·GDM</ocil:title>
24 ······<ocil:actions>18 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-audit_rules_immutable_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-gnome_gdm_disable_xdmcp_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>20 ······</ocil:actions>
27 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1"> 
29 ······<ocil:title>Verify·Permissions·on·SSH·Server·Private·*_key·Key·Files</ocil:title>22 ····<ocil:questionnaire·id="ocil:ssg-chronyd_or_ntpd_specify_remote_server_ocil:questionnaire:1">
 23 ······<ocil:title>Specify·a·Remote·NTP·Server</ocil:title>
30 ······<ocil:actions>24 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-chronyd_or_ntpd_specify_remote_server_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>26 ······</ocil:actions>
33 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-selinux_state_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-package_ypbind_removed_ocil:questionnaire:1">
35 ······<ocil:title>Ensure·SELinux·State·is·Enforcing</ocil:title>29 ······<ocil:title>Remove·NIS·Client</ocil:title>
36 ······<ocil:actions>30 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-selinux_state_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-package_ypbind_removed_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>32 ······</ocil:actions>
39 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_group_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-configure_kerberos_crypto_policy_ocil:questionnaire:1">
41 ······<ocil:title>Verify·Group·Who·Owns·Backup·group·File</ocil:title>35 ······<ocil:title>Configure·Kerberos·to·use·System·Crypto·Policy</ocil:title>
42 ······<ocil:actions>36 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_group_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-configure_kerberos_crypto_policy_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>38 ······</ocil:actions>
45 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_hibernation_ocil:questionnaire:1">
47 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchownat</ocil:title>41 ······<ocil:title>Disable·hibernation</ocil:title>
48 ······<ocil:actions>42 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-kernel_config_hibernation_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>44 ······</ocil:actions>
51 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_setxattr_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_shadow_ocil:questionnaire:1">
53 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·setxattr</ocil:title>47 ······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/shadow</ocil:title>
54 ······<ocil:actions>48 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_setxattr_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_shadow_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>50 ······</ocil:actions>
57 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_monthly_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_maxstartups_ocil:questionnaire:1">
59 ······<ocil:title>Verify·Owner·on·cron.monthly</ocil:title>53 ······<ocil:title>Ensure·SSH·MaxStartups·is·configured</ocil:title>
60 ······<ocil:actions>54 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-file_owner_cron_monthly_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-sshd_set_maxstartups_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>56 ······</ocil:actions>
63 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_shadow_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-sshd_limit_user_access_ocil:questionnaire:1">
65 ······<ocil:title>Verify·Permissions·on·shadow·File</ocil:title>59 ······<ocil:title>Limit·Users'·SSH·Access</ocil:title>
66 ······<ocil:actions>60 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_shadow_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-sshd_limit_user_access_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>62 ······</ocil:actions>
69 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-grub2_spec_store_bypass_disable_argument_ocil:questionnaire:1"> 
71 ······<ocil:title>Configure·Speculative·Store·Bypass·Mitigation</ocil:title>64 ····<ocil:questionnaire·id="ocil:ssg-no_all_squash_exports_ocil:questionnaire:1">
 65 ······<ocil:title>Ensure·All-Squashing·Disabled·On·All·Exports</ocil:title>
72 ······<ocil:actions>66 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-grub2_spec_store_bypass_disable_argument_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-no_all_squash_exports_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>68 ······</ocil:actions>
75 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_weekly_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-package_bind_removed_ocil:questionnaire:1">
77 ······<ocil:title>Verify·Group·Who·Owns·cron.weekly</ocil:title>71 ······<ocil:title>Uninstall·bind·Package</ocil:title>
78 ······<ocil:actions>72 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_weekly_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-package_bind_removed_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>74 ······</ocil:actions>
81 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_disable_ipv6_ocil:questionnaire:1"> 
83 ······<ocil:title>Disable·IPv6·Addressing·on·IPv6·Interfaces·by·Default</ocil:title>76 ····<ocil:questionnaire·id="ocil:ssg-file_groupownership_sshd_pub_key_ocil:questionnaire:1">
 77 ······<ocil:title>Verify·Group·Ownership·on·SSH·Server·Public·*.pub·Key·Files</ocil:title>
84 ······<ocil:actions>78 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_default_disable_ipv6_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-file_groupownership_sshd_pub_key_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>80 ······</ocil:actions>
87 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-file_ownership_binary_dirs_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-set_ip6tables_default_rule_ocil:questionnaire:1">
89 ······<ocil:title>Verify·that·System·Executables·Have·Root·Ownership</ocil:title>83 ······<ocil:title>Set·Default·ip6tables·Policy·for·Incoming·Packets</ocil:title>
90 ······<ocil:actions>84 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-file_ownership_binary_dirs_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-set_ip6tables_default_rule_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>86 ······</ocil:actions>
93 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_allow_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_cron_weekly_ocil:questionnaire:1">
95 ······<ocil:title>Verify·Group·Who·Owns·/etc/cron.allow·file</ocil:title>89 ······<ocil:title>Verify·Permissions·on·cron.weekly</ocil:title>
96 ······<ocil:actions>90 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_allow_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-file_permissions_cron_weekly_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>92 ······</ocil:actions>
99 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-file_cron_deny_not_exist_ocil:questionnaire:1"> 
101 ······<ocil:title>Ensure·that·/etc/cron.deny·does·not·exist</ocil:title>94 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchown_ocil:questionnaire:1">
 95 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchown</ocil:title>
102 ······<ocil:actions>96 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-file_cron_deny_not_exist_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchown_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>98 ······</ocil:actions>
105 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_monthly_ocil:questionnaire:1">100 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_kerb_auth_ocil:questionnaire:1">
107 ······<ocil:title>Verify·Group·Who·Owns·cron.monthly</ocil:title>101 ······<ocil:title>Disable·Kerberos·Authentication</ocil:title>
108 ······<ocil:actions>102 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_monthly_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_kerb_auth_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>104 ······</ocil:actions>
111 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-accounts_password_warn_age_login_defs_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">
113 ······<ocil:title>Set·Password·Warning·Age</ocil:title>107 ······<ocil:title>Enable·Use·of·Strict·Mode·Checking</ocil:title>
114 ······<ocil:actions>108 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-accounts_password_warn_age_login_defs_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-sshd_enable_strictmodes_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>110 ······</ocil:actions>
117 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_cron_daily_ocil:questionnaire:1">112 ····<ocil:questionnaire·id="ocil:ssg-coredump_disable_storage_ocil:questionnaire:1">
119 ······<ocil:title>Verify·Permissions·on·cron.daily</ocil:title>113 ······<ocil:title>Disable·storing·core·dump</ocil:title>
120 ······<ocil:actions>114 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-file_permissions_cron_daily_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-coredump_disable_storage_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>116 ······</ocil:actions>
123 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
Max diff block lines reached; 865701/877959 bytes (98.60%) of diff not shown.
603 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-xccdf.xml
603 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-xccdf.xml
Ordering differences only
    
Offset 71, 228 lines modifiedOffset 71, 228 lines modified
71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
77 ··<cpe-lang:platform-specification>77 ··<cpe-lang:platform-specification>
78 ····<cpe-lang:platform·id="ipv6_enabled">78 ····<cpe-lang:platform·id="package_shadow-utils">
79 ······<cpe-lang:logical-test·operator="AND"·negate="false">79 ······<cpe-lang:logical-test·operator="AND"·negate="false">
80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-ipv6_enabled:def:1"/>80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
81 ······</cpe-lang:logical-test>81 ······</cpe-lang:logical-test>
82 ····</cpe-lang:platform>82 ····</cpe-lang:platform>
83 ····<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">83 ····<cpe-lang:platform·id="package_ntp">
84 ······<cpe-lang:logical-test·operator="OR"·negate="false">84 ······<cpe-lang:logical-test·operator="AND"·negate="false">
85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/> 
86 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_ntp:def:1"/>
87 ······</cpe-lang:logical-test>86 ······</cpe-lang:logical-test>
88 ····</cpe-lang:platform>87 ····</cpe-lang:platform>
89 ····<cpe-lang:platform·id="grub2">88 ····<cpe-lang:platform·id="aarch64_arch">
90 ······<cpe-lang:logical-test·operator="AND"·negate="false">89 ······<cpe-lang:logical-test·operator="AND"·negate="false">
91 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/>90 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
92 ······</cpe-lang:logical-test>91 ······</cpe-lang:logical-test>
93 ····</cpe-lang:platform>92 ····</cpe-lang:platform>
94 ····<cpe-lang:platform·id="machine">93 ····<cpe-lang:platform·id="machine">
95 ······<cpe-lang:logical-test·operator="AND"·negate="false">94 ······<cpe-lang:logical-test·operator="AND"·negate="false">
96 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>95 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>
97 ······</cpe-lang:logical-test>96 ······</cpe-lang:logical-test>
98 ····</cpe-lang:platform>97 ····</cpe-lang:platform>
99 ····<cpe-lang:platform·id="package_iptables">98 ····<cpe-lang:platform·id="x86_64_arch">
100 ······<cpe-lang:logical-test·operator="AND"·negate="false">99 ······<cpe-lang:logical-test·operator="AND"·negate="false">
101 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>100 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
102 ······</cpe-lang:logical-test>101 ······</cpe-lang:logical-test>
103 ····</cpe-lang:platform>102 ····</cpe-lang:platform>
104 ····<cpe-lang:platform·id="not_aarch64_arch">103 ····<cpe-lang:platform·id="system_with_kernel">
105 ······<cpe-lang:logical-test·operator="AND"·negate="true">104 ······<cpe-lang:logical-test·operator="AND"·negate="false">
106 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>105 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
107 ······</cpe-lang:logical-test>106 ······</cpe-lang:logical-test>
108 ····</cpe-lang:platform>107 ····</cpe-lang:platform>
109 ····<cpe-lang:platform·id="package_ntp">108 ····<cpe-lang:platform·id="package_logrotate">
110 ······<cpe-lang:logical-test·operator="AND"·negate="false">109 ······<cpe-lang:logical-test·operator="AND"·negate="false">
111 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_ntp:def:1"/>110 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>
112 ······</cpe-lang:logical-test>111 ······</cpe-lang:logical-test>
113 ····</cpe-lang:platform>112 ····</cpe-lang:platform>
114 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">113 ····<cpe-lang:platform·id="package_sudo">
115 ······<cpe-lang:logical-test·operator="AND"·negate="false">114 ······<cpe-lang:logical-test·operator="AND"·negate="false">
116 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>115 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
117 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>116 ······</cpe-lang:logical-test>
 117 ····</cpe-lang:platform>
 118 ····<cpe-lang:platform·id="not_aarch64_arch">
 119 ······<cpe-lang:logical-test·operator="AND"·negate="true">
118 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>120 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
119 ······</cpe-lang:logical-test>121 ······</cpe-lang:logical-test>
120 ····</cpe-lang:platform>122 ····</cpe-lang:platform>
121 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">123 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">
122 ······<cpe-lang:logical-test·operator="AND"·negate="false">124 ······<cpe-lang:logical-test·operator="AND"·negate="false">
123 ········<cpe-lang:logical-test·operator="AND"·negate="true">125 ········<cpe-lang:logical-test·operator="AND"·negate="true">
124 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>126 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
125 ········</cpe-lang:logical-test>127 ········</cpe-lang:logical-test>
126 ········<cpe-lang:logical-test·operator="AND"·negate="true">128 ········<cpe-lang:logical-test·operator="AND"·negate="true">
127 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>129 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>
128 ········</cpe-lang:logical-test>130 ········</cpe-lang:logical-test>
129 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>131 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
130 ······</cpe-lang:logical-test>132 ······</cpe-lang:logical-test>
131 ····</cpe-lang:platform>133 ····</cpe-lang:platform>
132 ····<cpe-lang:platform·id="package_pam">134 ····<cpe-lang:platform·id="package_yum">
133 ······<cpe-lang:logical-test·operator="AND"·negate="false">135 ······<cpe-lang:logical-test·operator="AND"·negate="false">
134 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>136 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_yum:def:1"/>
135 ······</cpe-lang:logical-test>137 ······</cpe-lang:logical-test>
136 ····</cpe-lang:platform>138 ····</cpe-lang:platform>
137 ····<cpe-lang:platform·id="package_firewalld">139 ····<cpe-lang:platform·id="package_firewalld">
138 ······<cpe-lang:logical-test·operator="AND"·negate="false">140 ······<cpe-lang:logical-test·operator="AND"·negate="false">
139 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>141 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>
140 ······</cpe-lang:logical-test>142 ······</cpe-lang:logical-test>
141 ····</cpe-lang:platform>143 ····</cpe-lang:platform>
 144 ····<cpe-lang:platform·id="package_systemd">
 145 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 146 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_systemd:def:1"/>
 147 ······</cpe-lang:logical-test>
 148 ····</cpe-lang:platform>
 149 ····<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">
 150 ······<cpe-lang:logical-test·operator="OR"·negate="false">
 151 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
 152 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
 153 ······</cpe-lang:logical-test>
 154 ····</cpe-lang:platform>
142 ····<cpe-lang:platform·id="package_rsyslog">155 ····<cpe-lang:platform·id="package_rsyslog">
143 ······<cpe-lang:logical-test·operator="AND"·negate="false">156 ······<cpe-lang:logical-test·operator="AND"·negate="false">
144 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>157 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>
145 ······</cpe-lang:logical-test>158 ······</cpe-lang:logical-test>
146 ····</cpe-lang:platform>159 ····</cpe-lang:platform>
147 ····<cpe-lang:platform·id="package_logrotate">160 ····<cpe-lang:platform·id="package_gdm">
148 ······<cpe-lang:logical-test·operator="AND"·negate="false">161 ······<cpe-lang:logical-test·operator="AND"·negate="false">
149 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>162 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>
150 ······</cpe-lang:logical-test>163 ······</cpe-lang:logical-test>
151 ····</cpe-lang:platform>164 ····</cpe-lang:platform>
152 ····<cpe-lang:platform·id="package_audit">165 ····<cpe-lang:platform·id="package_postfix">
153 ······<cpe-lang:logical-test·operator="AND"·negate="false">166 ······<cpe-lang:logical-test·operator="AND"·negate="false">
154 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>167 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_postfix:def:1"/>
155 ······</cpe-lang:logical-test>168 ······</cpe-lang:logical-test>
156 ····</cpe-lang:platform>169 ····</cpe-lang:platform>
157 ····<cpe-lang:platform·id="package_yum">170 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">
158 ······<cpe-lang:logical-test·operator="AND"·negate="false">171 ······<cpe-lang:logical-test·operator="AND"·negate="false">
159 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_yum:def:1"/>172 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
 173 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>
 174 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
160 ······</cpe-lang:logical-test>175 ······</cpe-lang:logical-test>
161 ····</cpe-lang:platform>176 ····</cpe-lang:platform>
162 ····<cpe-lang:platform·id="non-uefi">177 ····<cpe-lang:platform·id="non-uefi">
163 ······<cpe-lang:logical-test·operator="AND"·negate="false">178 ······<cpe-lang:logical-test·operator="AND"·negate="false">
164 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>179 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>
165 ······</cpe-lang:logical-test>180 ······</cpe-lang:logical-test>
166 ····</cpe-lang:platform>181 ····</cpe-lang:platform>
 182 ····<cpe-lang:platform·id="package_autofs_and_system_with_kernel">
167 ····<cpe-lang:platform·id="package_chrony_or_package_ntp"> 
168 ······<cpe-lang:logical-test·operator="OR"·negate="false"> 
169 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_chrony:def:1"/> 
170 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_ntp:def:1"/> 
171 ······</cpe-lang:logical-test> 
172 ····</cpe-lang:platform> 
173 ····<cpe-lang:platform·id="package_sudo"> 
174 ······<cpe-lang:logical-test·operator="AND"·negate="false">183 ······<cpe-lang:logical-test·operator="AND"·negate="false">
175 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>184 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-package_autofs:def:1"/>
 185 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
176 ······</cpe-lang:logical-test>186 ······</cpe-lang:logical-test>
177 ····</cpe-lang:platform>187 ····</cpe-lang:platform>
178 ····<cpe-lang:platform·id="system_with_kernel">188 ····<cpe-lang:platform·id="grub2">
179 ······<cpe-lang:logical-test·operator="AND"·negate="false">189 ······<cpe-lang:logical-test·operator="AND"·negate="false">
Max diff block lines reached; 604422/617739 bytes (97.84%) of diff not shown.
1.46 MB
./usr/share/xml/scap/ssg/content/ssg-alinux3-ds.xml
1.46 MB
./usr/share/xml/scap/ssg/content/ssg-alinux3-ds.xml
    
Offset 19, 23 lines modifiedOffset 19, 23 lines modified
19 ····</ds:checklists>19 ····</ds:checklists>
20 ····<ds:checks>20 ····<ds:checks>
21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-alinux3-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-alinux3-oval.xml"/>21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-alinux3-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-alinux3-oval.xml"/>
22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-alinux3-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-alinux3-ocil.xml"/>22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-alinux3-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-alinux3-ocil.xml"/>
23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-alinux3-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-alinux3-cpe-oval.xml"/>23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-alinux3-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-alinux3-cpe-oval.xml"/>
24 ····</ds:checks>24 ····</ds:checks>
25 ··</ds:data-stream>25 ··</ds:data-stream>
26 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux3-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">26 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux3-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28 ······<cpe-dict:cpe-item·name="cpe:/o:alinux:alibaba_cloud_linux:3">28 ······<cpe-dict:cpe-item·name="cpe:/o:alinux:alibaba_cloud_linux:3">
29 ········<cpe-dict:title·xml:lang="en-us">Alibaba·Cloud·Linux·3</cpe-dict:title>29 ········<cpe-dict:title·xml:lang="en-us">Alibaba·Cloud·Linux·3</cpe-dict:title>
30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml">oval:ssg-installed_OS_is_alinux3:def:1</cpe-dict:check>30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml">oval:ssg-installed_OS_is_alinux3:def:1</cpe-dict:check>
31 ······</cpe-dict:cpe-item>31 ······</cpe-dict:cpe-item>
32 ····</cpe-dict:cpe-list>32 ····</cpe-dict:cpe-list>
33 ··</ds:component>33 ··</ds:component>
34 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux3-xccdf.xml"·timestamp="2025-02-28T20:08:00">34 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux3-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ALINUX-3"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">35 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ALINUX-3"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>36 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·3</xccdf-1.2:title>37 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·3</xccdf-1.2:title>
38 ······<xccdf-1.2:description>38 ······<xccdf-1.2:description>
39 ········This·guide·presents·a·catalog·of·security-relevant39 ········This·guide·presents·a·catalog·of·security-relevant
40 configuration·settings·for·Alibaba·Cloud·Linux·3.·It·is·a·rendering·of40 configuration·settings·for·Alibaba·Cloud·Linux·3.·It·is·a·rendering·of
41 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)41 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 104, 219 lines modifiedOffset 104, 219 lines modified
104 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>104 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
105 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>105 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
106 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>106 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
107 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>107 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
108 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>108 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
109 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>109 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
110 ······<cpe-lang:platform-specification>110 ······<cpe-lang:platform-specification>
111 ········<cpe-lang:platform·id="ipv6_enabled">111 ········<cpe-lang:platform·id="package_shadow-utils">
112 ··········<cpe-lang:logical-test·operator="AND"·negate="false">112 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
113 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-ipv6_enabled:def:1"/>113 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
114 ··········</cpe-lang:logical-test>114 ··········</cpe-lang:logical-test>
115 ········</cpe-lang:platform>115 ········</cpe-lang:platform>
116 ········<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">116 ········<cpe-lang:platform·id="aarch64_arch">
117 ··········<cpe-lang:logical-test·operator="OR"·negate="false">117 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
118 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>118 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
 119 ··········</cpe-lang:logical-test>
 120 ········</cpe-lang:platform>
 121 ········<cpe-lang:platform·id="machine">
 122 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 123 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>
 124 ··········</cpe-lang:logical-test>
 125 ········</cpe-lang:platform>
 126 ········<cpe-lang:platform·id="x86_64_arch">
 127 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
119 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>128 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
120 ··········</cpe-lang:logical-test>129 ··········</cpe-lang:logical-test>
121 ········</cpe-lang:platform>130 ········</cpe-lang:platform>
122 ········<cpe-lang:platform·id="grub2">131 ········<cpe-lang:platform·id="system_with_kernel">
123 ··········<cpe-lang:logical-test·operator="AND"·negate="false">132 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
124 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/>133 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
125 ··········</cpe-lang:logical-test>134 ··········</cpe-lang:logical-test>
126 ········</cpe-lang:platform>135 ········</cpe-lang:platform>
127 ········<cpe-lang:platform·id="machine">136 ········<cpe-lang:platform·id="package_logrotate">
128 ··········<cpe-lang:logical-test·operator="AND"·negate="false">137 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
129 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>138 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>
130 ··········</cpe-lang:logical-test>139 ··········</cpe-lang:logical-test>
131 ········</cpe-lang:platform>140 ········</cpe-lang:platform>
132 ········<cpe-lang:platform·id="package_iptables">141 ········<cpe-lang:platform·id="package_sudo">
133 ··········<cpe-lang:logical-test·operator="AND"·negate="false">142 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
134 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>143 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
135 ··········</cpe-lang:logical-test>144 ··········</cpe-lang:logical-test>
136 ········</cpe-lang:platform>145 ········</cpe-lang:platform>
137 ········<cpe-lang:platform·id="not_aarch64_arch">146 ········<cpe-lang:platform·id="not_aarch64_arch">
138 ··········<cpe-lang:logical-test·operator="AND"·negate="true">147 ··········<cpe-lang:logical-test·operator="AND"·negate="true">
139 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>148 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
140 ··········</cpe-lang:logical-test>149 ··········</cpe-lang:logical-test>
141 ········</cpe-lang:platform>150 ········</cpe-lang:platform>
142 ········<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel"> 
143 ··········<cpe-lang:logical-test·operator="AND"·negate="false"> 
144 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/> 
145 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/> 
146 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/> 
147 ··········</cpe-lang:logical-test> 
148 ········</cpe-lang:platform> 
149 ········<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">151 ········<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">
150 ··········<cpe-lang:logical-test·operator="AND"·negate="false">152 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
151 ············<cpe-lang:logical-test·operator="AND"·negate="true">153 ············<cpe-lang:logical-test·operator="AND"·negate="true">
152 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>154 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
153 ············</cpe-lang:logical-test>155 ············</cpe-lang:logical-test>
154 ············<cpe-lang:logical-test·operator="AND"·negate="true">156 ············<cpe-lang:logical-test·operator="AND"·negate="true">
155 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>157 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>
156 ············</cpe-lang:logical-test>158 ············</cpe-lang:logical-test>
157 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>159 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
158 ··········</cpe-lang:logical-test>160 ··········</cpe-lang:logical-test>
159 ········</cpe-lang:platform>161 ········</cpe-lang:platform>
160 ········<cpe-lang:platform·id="package_pam">162 ········<cpe-lang:platform·id="package_yum">
161 ··········<cpe-lang:logical-test·operator="AND"·negate="false">163 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
162 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>164 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_yum:def:1"/>
163 ··········</cpe-lang:logical-test>165 ··········</cpe-lang:logical-test>
164 ········</cpe-lang:platform>166 ········</cpe-lang:platform>
165 ········<cpe-lang:platform·id="package_firewalld">167 ········<cpe-lang:platform·id="package_firewalld">
166 ··········<cpe-lang:logical-test·operator="AND"·negate="false">168 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
167 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>169 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>
168 ··········</cpe-lang:logical-test>170 ··········</cpe-lang:logical-test>
169 ········</cpe-lang:platform>171 ········</cpe-lang:platform>
 172 ········<cpe-lang:platform·id="package_systemd">
 173 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 174 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_systemd:def:1"/>
 175 ··········</cpe-lang:logical-test>
 176 ········</cpe-lang:platform>
 177 ········<cpe-lang:platform·id="wifi-iface">
 178 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 179 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_wifi_interface:def:1"/>
 180 ··········</cpe-lang:logical-test>
 181 ········</cpe-lang:platform>
 182 ········<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">
 183 ··········<cpe-lang:logical-test·operator="OR"·negate="false">
 184 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
 185 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
 186 ··········</cpe-lang:logical-test>
 187 ········</cpe-lang:platform>
170 ········<cpe-lang:platform·id="package_rsyslog">188 ········<cpe-lang:platform·id="package_rsyslog">
171 ··········<cpe-lang:logical-test·operator="AND"·negate="false">189 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
172 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>190 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>
173 ··········</cpe-lang:logical-test>191 ··········</cpe-lang:logical-test>
174 ········</cpe-lang:platform>192 ········</cpe-lang:platform>
175 ········<cpe-lang:platform·id="package_logrotate">193 ········<cpe-lang:platform·id="package_gdm">
176 ··········<cpe-lang:logical-test·operator="AND"·negate="false">194 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
177 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>195 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>
178 ··········</cpe-lang:logical-test>196 ··········</cpe-lang:logical-test>
179 ········</cpe-lang:platform>197 ········</cpe-lang:platform>
180 ········<cpe-lang:platform·id="package_audit">198 ········<cpe-lang:platform·id="package_postfix">
181 ··········<cpe-lang:logical-test·operator="AND"·negate="false">199 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
Max diff block lines reached; 1514773/1527050 bytes (99.20%) of diff not shown.
859 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-ocil.xml
859 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-ocil.xml
Ordering differences only
    
Offset 3, 6571 lines modifiedOffset 3, 6312 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_route_localnet_ocil:questionnaire:1"> 
11 ······<ocil:title>Prevent·Routing·External·Traffic·to·Local·Loopback·on·All·IPv4·Interfaces</ocil:title>10 ····<ocil:questionnaire·id="ocil:ssg-service_rsyncd_disabled_ocil:questionnaire:1">
 11 ······<ocil:title>Ensure·rsyncd·service·is·disabled</ocil:title>
12 ······<ocil:actions>12 ······<ocil:actions>
13 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_route_localnet_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-service_rsyncd_disabled_action:testaction:1</ocil:test_action_ref>
14 ······</ocil:actions>14 ······</ocil:actions>
15 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
16 ····<ocil:questionnaire·id="ocil:ssg-package_chrony_installed_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-kernel_module_dccp_disabled_ocil:questionnaire:1">
17 ······<ocil:title>The·Chrony·package·is·installed</ocil:title>17 ······<ocil:title>Disable·DCCP·Support</ocil:title>
18 ······<ocil:actions>18 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-package_chrony_installed_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-kernel_module_dccp_disabled_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>20 ······</ocil:actions>
21 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-grub2_spec_store_bypass_disable_argument_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-service_avahi-daemon_disabled_ocil:questionnaire:1">
23 ······<ocil:title>Configure·Speculative·Store·Bypass·Mitigation</ocil:title>23 ······<ocil:title>Disable·Avahi·Server·Software</ocil:title>
24 ······<ocil:actions>24 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-grub2_spec_store_bypass_disable_argument_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-service_avahi-daemon_disabled_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>26 ······</ocil:actions>
27 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_settimeofday_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-kernel_module_usb-storage_disabled_ocil:questionnaire:1">
29 ······<ocil:title>Record·attempts·to·alter·time·through·settimeofday</ocil:title>29 ······<ocil:title>Disable·Modprobe·Loading·of·USB·Storage·Driver</ocil:title>
30 ······<ocil:actions>30 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-audit_rules_time_settimeofday_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-kernel_module_usb-storage_disabled_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>32 ······</ocil:actions>
33 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_immutable_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_login_events_lastlog_ocil:questionnaire:1">
35 ······<ocil:title>Make·the·auditd·Configuration·Immutable</ocil:title>35 ······<ocil:title>Record·Attempts·to·Alter·Logon·and·Logout·Events·-·lastlog</ocil:title>
36 ······<ocil:actions>36 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-audit_rules_immutable_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-audit_rules_login_events_lastlog_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>38 ······</ocil:actions>
39 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-audit_privileged_commands_shutdown_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-package_xinetd_removed_ocil:questionnaire:1">
41 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·shutdown</ocil:title>41 ······<ocil:title>Uninstall·xinetd·Package</ocil:title>
42 ······<ocil:actions>42 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-audit_privileged_commands_shutdown_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-package_xinetd_removed_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>44 ······</ocil:actions>
45 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-package_openssh-server_installed_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-service_syslogng_enabled_ocil:questionnaire:1">
47 ······<ocil:title>Install·the·OpenSSH·Server·Package</ocil:title>47 ······<ocil:title>Enable·syslog-ng·Service</ocil:title>
48 ······<ocil:actions>48 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-package_openssh-server_installed_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-service_syslogng_enabled_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>50 ······</ocil:actions>
51 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-set_iptables_default_rule_forward_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_key_ocil:questionnaire:1">
53 ······<ocil:title>Set·Default·iptables·Policy·for·Forwarded·Packets</ocil:title>53 ······<ocil:title>Specify·module·signing·key·to·use</ocil:title>
54 ······<ocil:actions>54 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-set_iptables_default_rule_forward_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_key_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>56 ······</ocil:actions>
57 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_page_table_isolation_ocil:questionnaire:1"> 
59 ······<ocil:title>Remove·the·kernel·mapping·in·user·mode</ocil:title>58 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchmodat_ocil:questionnaire:1">
 59 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchmodat</ocil:title>
60 ······<ocil:actions>60 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-kernel_config_page_table_isolation_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchmodat_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>62 ······</ocil:actions>
63 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_shadow_ocil:questionnaire:1"> 
65 ······<ocil:title>Verify·User·Who·Owns·Backup·shadow·File</ocil:title>64 ····<ocil:questionnaire·id="ocil:ssg-service_nftables_disabled_ocil:questionnaire:1">
 65 ······<ocil:title>Verify·nftables·Service·is·Disabled</ocil:title>
66 ······<ocil:actions>66 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_shadow_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-service_nftables_disabled_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>68 ······</ocil:actions>
69 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-file_ownership_binary_dirs_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-accounts_root_gid_zero_ocil:questionnaire:1">
71 ······<ocil:title>Verify·that·System·Executables·Have·Root·Ownership</ocil:title>71 ······<ocil:title>Verify·Root·Has·A·Primary·GID·0</ocil:title>
72 ······<ocil:actions>72 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-file_ownership_binary_dirs_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-accounts_root_gid_zero_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>74 ······</ocil:actions>
75 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_d_ocil:questionnaire:1"> 
77 ······<ocil:title>Verify·Owner·on·cron.d</ocil:title>76 ····<ocil:questionnaire·id="ocil:ssg-accounts_password_set_max_life_existing_ocil:questionnaire:1">
 77 ······<ocil:title>Set·Existing·Passwords·Maximum·Age</ocil:title>
78 ······<ocil:actions>78 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-file_owner_cron_d_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-accounts_password_set_max_life_existing_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>80 ······</ocil:actions>
81 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-wireless_disable_interfaces_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_gssapi_auth_ocil:questionnaire:1">
83 ······<ocil:title>Deactivate·Wireless·Network·Interfaces</ocil:title>83 ······<ocil:title>Disable·GSSAPI·Authentication</ocil:title>
84 ······<ocil:actions>84 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-wireless_disable_interfaces_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_gssapi_auth_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>86 ······</ocil:actions>
87 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-service_oddjobd_disabled_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-auditd_overflow_action_ocil:questionnaire:1">
89 ······<ocil:title>Disable·Odd·Job·Daemon·(oddjobd)</ocil:title>89 ······<ocil:title>Appropriate·Action·Must·be·Setup·When·the·Internal·Audit·Event·Queue·is·Full</ocil:title>
90 ······<ocil:actions>90 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-service_oddjobd_disabled_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-auditd_overflow_action_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>92 ······</ocil:actions>
93 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_group_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-configure_kerberos_crypto_policy_ocil:questionnaire:1">
95 ······<ocil:title>Verify·User·Who·Owns·Backup·group·File</ocil:title>95 ······<ocil:title>Configure·Kerberos·to·use·System·Crypto·Policy</ocil:title>
96 ······<ocil:actions>96 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_group_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-configure_kerberos_crypto_policy_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>98 ······</ocil:actions>
99 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-file_groupownership_audit_configuration_ocil:questionnaire:1"> 
101 ······<ocil:title>Audit·Configuration·Files·Must·Be·Owned·By·Group·root</ocil:title>100 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_loglevel_info_ocil:questionnaire:1">
 101 ······<ocil:title>Set·LogLevel·to·INFO</ocil:title>
102 ······<ocil:actions>102 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-file_groupownership_audit_configuration_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-sshd_set_loglevel_info_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>104 ······</ocil:actions>
105 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-sudo_add_noexec_ocil:questionnaire:1">
107 ······<ocil:title>Disable·Compression·Or·Set·Compression·to·delayed</ocil:title>107 ······<ocil:title>Ensure·Privileged·Escalated·Commands·Cannot·Execute·Other·Commands·-·sudo·NOEXEC</ocil:title>
108 ······<ocil:actions>108 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-sudo_add_noexec_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>110 ······</ocil:actions>
111 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_unauthorized_sgid_ocil:questionnaire:1"> 
113 ······<ocil:title>Ensure·All·SGID·Executables·Are·Authorized</ocil:title>112 ····<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_ocil:questionnaire:1">
 113 ······<ocil:title>Ensure·Rsyslog·Encrypts·Off-Loaded·Audit·Records</ocil:title>
114 ······<ocil:actions>114 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-file_permissions_unauthorized_sgid_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>116 ······</ocil:actions>
117 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1"> 
119 ······<ocil:title>Verify·Permissions·on·Backup·passwd·File</ocil:title>118 ····<ocil:questionnaire·id="ocil:ssg-chronyd_run_as_chrony_user_ocil:questionnaire:1">
 119 ······<ocil:title>Ensure·that·chronyd·is·running·under·chrony·user·account</ocil:title>
120 ······<ocil:actions>120 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>121 ········<ocil:test_action_ref>ocil:ssg-chronyd_run_as_chrony_user_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>122 ······</ocil:actions>
Max diff block lines reached; 867188/879548 bytes (98.59%) of diff not shown.
578 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-xccdf.xml
578 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-xccdf.xml
Ordering differences only
    
Offset 71, 219 lines modifiedOffset 71, 219 lines modified
71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
77 ··<cpe-lang:platform-specification>77 ··<cpe-lang:platform-specification>
78 ····<cpe-lang:platform·id="ipv6_enabled">78 ····<cpe-lang:platform·id="package_shadow-utils">
79 ······<cpe-lang:logical-test·operator="AND"·negate="false">79 ······<cpe-lang:logical-test·operator="AND"·negate="false">
80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-ipv6_enabled:def:1"/>80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
81 ······</cpe-lang:logical-test>81 ······</cpe-lang:logical-test>
82 ····</cpe-lang:platform>82 ····</cpe-lang:platform>
83 ····<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">83 ····<cpe-lang:platform·id="aarch64_arch">
84 ······<cpe-lang:logical-test·operator="OR"·negate="false">84 ······<cpe-lang:logical-test·operator="AND"·negate="false">
85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
 86 ······</cpe-lang:logical-test>
 87 ····</cpe-lang:platform>
 88 ····<cpe-lang:platform·id="machine">
 89 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 90 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>
 91 ······</cpe-lang:logical-test>
 92 ····</cpe-lang:platform>
 93 ····<cpe-lang:platform·id="x86_64_arch">
 94 ······<cpe-lang:logical-test·operator="AND"·negate="false">
86 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>95 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
87 ······</cpe-lang:logical-test>96 ······</cpe-lang:logical-test>
88 ····</cpe-lang:platform>97 ····</cpe-lang:platform>
89 ····<cpe-lang:platform·id="grub2">98 ····<cpe-lang:platform·id="system_with_kernel">
90 ······<cpe-lang:logical-test·operator="AND"·negate="false">99 ······<cpe-lang:logical-test·operator="AND"·negate="false">
91 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/>100 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
92 ······</cpe-lang:logical-test>101 ······</cpe-lang:logical-test>
93 ····</cpe-lang:platform>102 ····</cpe-lang:platform>
94 ····<cpe-lang:platform·id="machine">103 ····<cpe-lang:platform·id="package_logrotate">
95 ······<cpe-lang:logical-test·operator="AND"·negate="false">104 ······<cpe-lang:logical-test·operator="AND"·negate="false">
96 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>105 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>
97 ······</cpe-lang:logical-test>106 ······</cpe-lang:logical-test>
98 ····</cpe-lang:platform>107 ····</cpe-lang:platform>
99 ····<cpe-lang:platform·id="package_iptables">108 ····<cpe-lang:platform·id="package_sudo">
100 ······<cpe-lang:logical-test·operator="AND"·negate="false">109 ······<cpe-lang:logical-test·operator="AND"·negate="false">
101 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>110 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
102 ······</cpe-lang:logical-test>111 ······</cpe-lang:logical-test>
103 ····</cpe-lang:platform>112 ····</cpe-lang:platform>
104 ····<cpe-lang:platform·id="not_aarch64_arch">113 ····<cpe-lang:platform·id="not_aarch64_arch">
105 ······<cpe-lang:logical-test·operator="AND"·negate="true">114 ······<cpe-lang:logical-test·operator="AND"·negate="true">
106 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>115 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
107 ······</cpe-lang:logical-test>116 ······</cpe-lang:logical-test>
108 ····</cpe-lang:platform>117 ····</cpe-lang:platform>
109 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel"> 
110 ······<cpe-lang:logical-test·operator="AND"·negate="false"> 
111 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/> 
112 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/> 
113 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/> 
114 ······</cpe-lang:logical-test> 
115 ····</cpe-lang:platform> 
116 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">118 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">
117 ······<cpe-lang:logical-test·operator="AND"·negate="false">119 ······<cpe-lang:logical-test·operator="AND"·negate="false">
118 ········<cpe-lang:logical-test·operator="AND"·negate="true">120 ········<cpe-lang:logical-test·operator="AND"·negate="true">
119 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>121 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
120 ········</cpe-lang:logical-test>122 ········</cpe-lang:logical-test>
121 ········<cpe-lang:logical-test·operator="AND"·negate="true">123 ········<cpe-lang:logical-test·operator="AND"·negate="true">
122 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>124 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>
123 ········</cpe-lang:logical-test>125 ········</cpe-lang:logical-test>
124 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>126 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
125 ······</cpe-lang:logical-test>127 ······</cpe-lang:logical-test>
126 ····</cpe-lang:platform>128 ····</cpe-lang:platform>
127 ····<cpe-lang:platform·id="package_pam">129 ····<cpe-lang:platform·id="package_yum">
128 ······<cpe-lang:logical-test·operator="AND"·negate="false">130 ······<cpe-lang:logical-test·operator="AND"·negate="false">
129 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>131 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_yum:def:1"/>
130 ······</cpe-lang:logical-test>132 ······</cpe-lang:logical-test>
131 ····</cpe-lang:platform>133 ····</cpe-lang:platform>
132 ····<cpe-lang:platform·id="package_firewalld">134 ····<cpe-lang:platform·id="package_firewalld">
133 ······<cpe-lang:logical-test·operator="AND"·negate="false">135 ······<cpe-lang:logical-test·operator="AND"·negate="false">
134 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>136 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>
135 ······</cpe-lang:logical-test>137 ······</cpe-lang:logical-test>
136 ····</cpe-lang:platform>138 ····</cpe-lang:platform>
 139 ····<cpe-lang:platform·id="package_systemd">
 140 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 141 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_systemd:def:1"/>
 142 ······</cpe-lang:logical-test>
 143 ····</cpe-lang:platform>
 144 ····<cpe-lang:platform·id="wifi-iface">
 145 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 146 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_wifi_interface:def:1"/>
 147 ······</cpe-lang:logical-test>
 148 ····</cpe-lang:platform>
 149 ····<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">
 150 ······<cpe-lang:logical-test·operator="OR"·negate="false">
 151 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
 152 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
 153 ······</cpe-lang:logical-test>
 154 ····</cpe-lang:platform>
137 ····<cpe-lang:platform·id="package_rsyslog">155 ····<cpe-lang:platform·id="package_rsyslog">
138 ······<cpe-lang:logical-test·operator="AND"·negate="false">156 ······<cpe-lang:logical-test·operator="AND"·negate="false">
139 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>157 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>
140 ······</cpe-lang:logical-test>158 ······</cpe-lang:logical-test>
141 ····</cpe-lang:platform>159 ····</cpe-lang:platform>
142 ····<cpe-lang:platform·id="package_logrotate">160 ····<cpe-lang:platform·id="package_gdm">
143 ······<cpe-lang:logical-test·operator="AND"·negate="false">161 ······<cpe-lang:logical-test·operator="AND"·negate="false">
144 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>162 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>
145 ······</cpe-lang:logical-test>163 ······</cpe-lang:logical-test>
146 ····</cpe-lang:platform>164 ····</cpe-lang:platform>
147 ····<cpe-lang:platform·id="package_audit">165 ····<cpe-lang:platform·id="package_postfix">
148 ······<cpe-lang:logical-test·operator="AND"·negate="false">166 ······<cpe-lang:logical-test·operator="AND"·negate="false">
149 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>167 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_postfix:def:1"/>
150 ······</cpe-lang:logical-test>168 ······</cpe-lang:logical-test>
151 ····</cpe-lang:platform>169 ····</cpe-lang:platform>
152 ····<cpe-lang:platform·id="package_yum">170 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">
153 ······<cpe-lang:logical-test·operator="AND"·negate="false">171 ······<cpe-lang:logical-test·operator="AND"·negate="false">
154 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_yum:def:1"/>172 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
 173 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>
 174 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
155 ······</cpe-lang:logical-test>175 ······</cpe-lang:logical-test>
156 ····</cpe-lang:platform>176 ····</cpe-lang:platform>
157 ····<cpe-lang:platform·id="non-uefi">177 ····<cpe-lang:platform·id="non-uefi">
158 ······<cpe-lang:logical-test·operator="AND"·negate="false">178 ······<cpe-lang:logical-test·operator="AND"·negate="false">
159 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>179 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>
160 ······</cpe-lang:logical-test>180 ······</cpe-lang:logical-test>
161 ····</cpe-lang:platform>181 ····</cpe-lang:platform>
162 ····<cpe-lang:platform·id="package_sudo">182 ····<cpe-lang:platform·id="package_autofs_and_system_with_kernel">
163 ······<cpe-lang:logical-test·operator="AND"·negate="false">183 ······<cpe-lang:logical-test·operator="AND"·negate="false">
164 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>184 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-package_autofs:def:1"/>
 185 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
165 ······</cpe-lang:logical-test>186 ······</cpe-lang:logical-test>
166 ····</cpe-lang:platform>187 ····</cpe-lang:platform>
167 ····<cpe-lang:platform·id="system_with_kernel">188 ····<cpe-lang:platform·id="grub2">
168 ······<cpe-lang:logical-test·operator="AND"·negate="false">189 ······<cpe-lang:logical-test·operator="AND"·negate="false">
169 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>190 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/>
Max diff block lines reached; 579822/592101 bytes (97.93%) of diff not shown.
4.88 MB
./usr/share/xml/scap/ssg/content/ssg-almalinux9-ds.xml
4.88 MB
./usr/share/xml/scap/ssg/content/ssg-almalinux9-ds.xml
Max HTML report size reached
992 KB
./usr/share/xml/scap/ssg/content/ssg-almalinux9-ocil.xml
992 KB
./usr/share/xml/scap/ssg/content/ssg-almalinux9-ocil.xml
Ordering differences only
    
Offset 3, 3507 lines modifiedOffset 3, 3507 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_accept_source_route_ocil:questionnaire:1"> 
11 ······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·IPv4·Interfaces·by·Default</ocil:title>10 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchown_ocil:questionnaire:1">
 11 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchown</ocil:title>
12 ······<ocil:actions>12 ······<ocil:actions>
13 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_accept_source_route_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchown_action:testaction:1</ocil:test_action_ref>
14 ······</ocil:actions>14 ······</ocil:actions>
15 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
16 ····<ocil:questionnaire·id="ocil:ssg-accounts_user_dot_group_ownership_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_cron_allow_ocil:questionnaire:1">
17 ······<ocil:title>User·Initialization·Files·Must·Be·Group-Owned·By·The·Primary·Group</ocil:title>17 ······<ocil:title>Verify·Permissions·on·/etc/cron.allow·file</ocil:title>
18 ······<ocil:actions>18 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-accounts_user_dot_group_ownership_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-file_permissions_cron_allow_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>20 ······</ocil:actions>
21 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1"> 
23 ······<ocil:title>Configure·auditd·mail_acct·Action·on·Low·Disk·Space</ocil:title>22 ····<ocil:questionnaire·id="ocil:ssg-sshd_do_not_permit_user_env_ocil:questionnaire:1">
 23 ······<ocil:title>Do·Not·Allow·SSH·Environment·Options</ocil:title>
24 ······<ocil:actions>24 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-sshd_do_not_permit_user_env_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>26 ······</ocil:actions>
27 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-libreswan_approved_tunnels_ocil:questionnaire:1"> 
29 ······<ocil:title>Verify·Any·Configured·IPSec·Tunnel·Connections</ocil:title>28 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_forwarding_ocil:questionnaire:1">
 29 ······<ocil:title>Disable·Kernel·Parameter·for·IPv6·Forwarding</ocil:title>
30 ······<ocil:actions>30 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-libreswan_approved_tunnels_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_forwarding_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>32 ······</ocil:actions>
33 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-security_patches_up_to_date_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_login_events_faillock_ocil:questionnaire:1">
35 ······<ocil:title>Ensure·Software·Patches·Installed</ocil:title>35 ······<ocil:title>Record·Attempts·to·Alter·Logon·and·Logout·Events·-·faillock</ocil:title>
36 ······<ocil:actions>36 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-security_patches_up_to_date_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-audit_rules_login_events_faillock_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>38 ······</ocil:actions>
39 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_screensaver_idle_activation_enabled_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_motd_ocil:questionnaire:1">
41 ······<ocil:title>Enable·GNOME3·Screensaver·Idle·Activation</ocil:title>41 ······<ocil:title>Verify·permissions·on·Message·of·the·Day·Banner</ocil:title>
42 ······<ocil:actions>42 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-dconf_gnome_screensaver_idle_activation_enabled_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_motd_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>44 ······</ocil:actions>
45 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-has_nonlocal_mta_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_dictcheck_ocil:questionnaire:1">
47 ······<ocil:title>Ensure·Mail·Transfer·Agent·is·not·Listening·on·any·non-loopback·Address</ocil:title>47 ······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Prevent·the·Use·of·Dictionary·Words</ocil:title>
48 ······<ocil:actions>48 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-has_nonlocal_mta_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_dictcheck_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>50 ······</ocil:actions>
51 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_weekly_ocil:questionnaire:1">
53 ······<ocil:title>Record·Events·that·Modify·the·System's·Mandatory·Access·Controls</ocil:title>53 ······<ocil:title>Verify·Owner·on·cron.weekly</ocil:title>
54 ······<ocil:actions>54 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-file_owner_cron_weekly_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>56 ······</ocil:actions>
57 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_accept_ra_ocil:questionnaire:1"> 
59 ······<ocil:title>Configure·Accepting·Router·Advertisements·on·All·IPv6·Interfaces</ocil:title>58 ····<ocil:questionnaire·id="ocil:ssg-kernel_module_sctp_disabled_ocil:questionnaire:1">
 59 ······<ocil:title>Disable·SCTP·Support</ocil:title>
60 ······<ocil:actions>60 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_accept_ra_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-kernel_module_sctp_disabled_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>62 ······</ocil:actions>
63 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-mount_option_home_nosuid_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-file_groupownership_sshd_pub_key_ocil:questionnaire:1">
65 ······<ocil:title>Add·nosuid·Option·to·/home</ocil:title>65 ······<ocil:title>Verify·Group·Ownership·on·SSH·Server·Public·*.pub·Key·Files</ocil:title>
66 ······<ocil:actions>66 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-mount_option_home_nosuid_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-file_groupownership_sshd_pub_key_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>68 ······</ocil:actions>
69 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-file_groupownership_audit_binaries_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-partition_for_tmp_ocil:questionnaire:1">
71 ······<ocil:title>Verify·that·audit·tools·are·owned·by·group·root</ocil:title>71 ······<ocil:title>Ensure·/tmp·Located·On·Separate·Partition</ocil:title>
72 ······<ocil:actions>72 ······<ocil:actions>
 73 ········<ocil:test_action_ref>ocil:ssg-partition_for_tmp_action:testaction:1</ocil:test_action_ref>
 74 ······</ocil:actions>
 75 ····</ocil:questionnaire>
 76 ····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_screensaver_lock_delay_ocil:questionnaire:1">
 77 ······<ocil:title>Set·GNOME3·Screensaver·Lock·Delay·After·Activation·Period</ocil:title>
 78 ······<ocil:actions>
 79 ········<ocil:test_action_ref>ocil:ssg-dconf_gnome_screensaver_lock_delay_action:testaction:1</ocil:test_action_ref>
 80 ······</ocil:actions>
 81 ····</ocil:questionnaire>
 82 ····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_allow_ocil:questionnaire:1">
 83 ······<ocil:title>Verify·User·Who·Owns·/etc/cron.allow·file</ocil:title>
 84 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-file_groupownership_audit_binaries_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-file_owner_cron_allow_action:testaction:1</ocil:test_action_ref>
 86 ······</ocil:actions>
 87 ····</ocil:questionnaire>
 88 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_system_shutdown_ocil:questionnaire:1">
 89 ······<ocil:title>Shutdown·System·When·Auditing·Failures·Occur</ocil:title>
 90 ······<ocil:actions>
 91 ········<ocil:test_action_ref>ocil:ssg-audit_rules_system_shutdown_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>92 ······</ocil:actions>
75 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_banner_enabled_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_banner_enabled_ocil:questionnaire:1">
77 ······<ocil:title>Enable·GNOME3·Login·Warning·Banner</ocil:title>95 ······<ocil:title>Enable·GNOME3·Login·Warning·Banner</ocil:title>
78 ······<ocil:actions>96 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-dconf_gnome_banner_enabled_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-dconf_gnome_banner_enabled_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>98 ······</ocil:actions>
81 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-accounts_password_warn_age_login_defs_ocil:questionnaire:1"> 
83 ······<ocil:title>Set·Password·Warning·Age</ocil:title>100 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_execution_chcon_ocil:questionnaire:1">
 101 ······<ocil:title>Record·Any·Attempts·to·Run·chcon</ocil:title>
84 ······<ocil:actions>102 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-accounts_password_warn_age_login_defs_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-audit_rules_execution_chcon_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>104 ······</ocil:actions>
87 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_screensaver_idle_delay_ocil:questionnaire:1"> 
89 ······<ocil:title>Set·GNOME3·Screensaver·Inactivity·Timeout</ocil:title>106 ····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_deny_ocil:questionnaire:1">
 107 ······<ocil:title>Lock·Accounts·After·Failed·Password·Attempts</ocil:title>
90 ······<ocil:actions>108 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-dconf_gnome_screensaver_idle_delay_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-accounts_passwords_pam_faillock_deny_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>110 ······</ocil:actions>
93 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_unlinkat_ocil:questionnaire:1"> 
95 ······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·unlinkat</ocil:title>112 ····<ocil:questionnaire·id="ocil:ssg-selinux_policytype_ocil:questionnaire:1">
 113 ······<ocil:title>Configure·SELinux·Policy</ocil:title>
96 ······<ocil:actions>114 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_unlinkat_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-selinux_policytype_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>116 ······</ocil:actions>
99 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-account_unique_id_ocil:questionnaire:1">118 ····<ocil:questionnaire·id="ocil:ssg-package_firewalld_installed_ocil:questionnaire:1">
101 ······<ocil:title>Ensure·All·Accounts·on·the·System·Have·Unique·User·IDs</ocil:title>119 ······<ocil:title>Install·firewalld·Package</ocil:title>
102 ······<ocil:actions>120 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-account_unique_id_action:testaction:1</ocil:test_action_ref>121 ········<ocil:test_action_ref>ocil:ssg-package_firewalld_installed_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>122 ······</ocil:actions>
Max diff block lines reached; 1004436/1015872 bytes (98.87%) of diff not shown.
3.8 MB
./usr/share/xml/scap/ssg/content/ssg-almalinux9-xccdf.xml
3.8 MB
./usr/share/xml/scap/ssg/content/ssg-almalinux9-xccdf.xml
Max HTML report size reached
1.7 MB
./usr/share/xml/scap/ssg/content/ssg-anolis23-ds.xml
1.7 MB
./usr/share/xml/scap/ssg/content/ssg-anolis23-ds.xml
Max HTML report size reached
984 KB
./usr/share/xml/scap/ssg/content/ssg-anolis23-ocil.xml
984 KB
./usr/share/xml/scap/ssg/content/ssg-anolis23-ocil.xml
Ordering differences only
    
Offset 3, 3301 lines modifiedOffset 3, 3301 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_systemmap_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_sshd_pub_key_ocil:questionnaire:1">
11 ······<ocil:title>Verify·Permissions·on·System.map·Files</ocil:title>11 ······<ocil:title>Verify·Permissions·on·SSH·Server·Public·*.pub·Key·Files</ocil:title>
12 ······<ocil:actions>12 ······<ocil:actions>
13 ········<ocil:test_action_ref>ocil:ssg-file_permissions_systemmap_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-file_permissions_sshd_pub_key_action:testaction:1</ocil:test_action_ref>
14 ······</ocil:actions>14 ······</ocil:actions>
15 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
16 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_page_table_isolation_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-accounts_password_set_min_life_existing_ocil:questionnaire:1">
17 ······<ocil:title>Remove·the·kernel·mapping·in·user·mode</ocil:title>17 ······<ocil:title>Set·Existing·Passwords·Minimum·Age</ocil:title>
18 ······<ocil:actions>18 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-kernel_config_page_table_isolation_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-accounts_password_set_min_life_existing_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>20 ······</ocil:actions>
21 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-grub2_password_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-sshd_do_not_permit_user_env_ocil:questionnaire:1">
23 ······<ocil:title>Set·Boot·Loader·Password·in·grub2</ocil:title>23 ······<ocil:title>Do·Not·Allow·SSH·Environment·Options</ocil:title>
24 ······<ocil:actions>24 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-grub2_password_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-sshd_do_not_permit_user_env_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>26 ······</ocil:actions>
27 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_openat_ocil:questionnaire:1"> 
29 ······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·openat</ocil:title>28 ····<ocil:questionnaire·id="ocil:ssg-sshd_enable_warning_banner_ocil:questionnaire:1">
 29 ······<ocil:title>Enable·SSH·Warning·Banner</ocil:title>
30 ······<ocil:actions>30 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_openat_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-sshd_enable_warning_banner_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>32 ······</ocil:actions>
33 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-accounts_password_set_min_life_existing_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_page_table_isolation_ocil:questionnaire:1">
35 ······<ocil:title>Set·Existing·Passwords·Minimum·Age</ocil:title>35 ······<ocil:title>Remove·the·kernel·mapping·in·user·mode</ocil:title>
36 ······<ocil:actions>36 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-accounts_password_set_min_life_existing_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-kernel_config_page_table_isolation_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>38 ······</ocil:actions>
39 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-accounts_umask_etc_profile_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-configure_crypto_policy_ocil:questionnaire:1">
41 ······<ocil:title>Ensure·the·Default·Umask·is·Set·Correctly·in·/etc/profile</ocil:title>41 ······<ocil:title>Configure·System·Cryptography·Policy</ocil:title>
42 ······<ocil:actions>42 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-accounts_umask_etc_profile_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-configure_crypto_policy_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>44 ······</ocil:actions>
45 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-coredump_disable_backtraces_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-service_squid_disabled_ocil:questionnaire:1">
47 ······<ocil:title>Disable·core·dump·backtraces</ocil:title>47 ······<ocil:title>Disable·Squid</ocil:title>
48 ······<ocil:actions>48 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-coredump_disable_backtraces_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-service_squid_disabled_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>50 ······</ocil:actions>
51 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-journald_compress_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_gshadow_ocil:questionnaire:1">
53 ······<ocil:title>Ensure·journald·is·configured·to·compress·large·log·files</ocil:title>53 ······<ocil:title>Verify·Group·Who·Owns·Backup·gshadow·File</ocil:title>
54 ······<ocil:actions>54 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-journald_compress_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>56 ······</ocil:actions>
57 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_dmesg_restrict_ocil:questionnaire:1">
59 ······<ocil:title>Enable·different·security·models</ocil:title>59 ······<ocil:title>Restrict·unprivileged·access·to·the·kernel·syslog</ocil:title>
60 ······<ocil:actions>60 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-kernel_config_security_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-kernel_config_security_dmesg_restrict_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>62 ······</ocil:actions>
63 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-package_aide_installed_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_var_log_syslog_ocil:questionnaire:1">
65 ······<ocil:title>Install·AIDE</ocil:title>65 ······<ocil:title>Verify·Permissions·on·/var/log/syslog·File</ocil:title>
66 ······<ocil:actions>66 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-package_aide_installed_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-file_permissions_var_log_syslog_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>68 ······</ocil:actions>
69 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_max_sessions_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-service_slapd_disabled_ocil:questionnaire:1">
71 ······<ocil:title>Set·SSH·MaxSessions·limit</ocil:title>71 ······<ocil:title>Disable·LDAP·Server·(slapd)</ocil:title>
72 ······<ocil:actions>72 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-sshd_set_max_sessions_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-service_slapd_disabled_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>74 ······</ocil:actions>
75 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-package_syslogng_installed_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-accounts_umask_etc_profile_ocil:questionnaire:1">
77 ······<ocil:title>Ensure·syslog-ng·is·Installed</ocil:title>77 ······<ocil:title>Ensure·the·Default·Umask·is·Set·Correctly·in·/etc/profile</ocil:title>
78 ······<ocil:actions>78 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-package_syslogng_installed_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-accounts_umask_etc_profile_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>80 ······</ocil:actions>
81 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-no_rsh_trust_files_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-package_logrotate_installed_ocil:questionnaire:1">
83 ······<ocil:title>Remove·Rsh·Trust·Files</ocil:title>83 ······<ocil:title>Ensure·logrotate·is·Installed</ocil:title>
84 ······<ocil:actions>84 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-no_rsh_trust_files_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-package_logrotate_installed_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>86 ······</ocil:actions>
87 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-service_squid_disabled_ocil:questionnaire:1"> 
89 ······<ocil:title>Disable·Squid</ocil:title>88 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_arp_ignore_ocil:questionnaire:1">
 89 ······<ocil:title>Configure·Response·Mode·of·ARP·Requests·for·All·IPv4·Interfaces</ocil:title>
90 ······<ocil:actions>90 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-service_squid_disabled_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_arp_ignore_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>92 ······</ocil:actions>
93 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-grub2_disable_recovery_ocil:questionnaire:1">
95 ······<ocil:title>Record·Events·that·Modify·User/Group·Information</ocil:title>95 ······<ocil:title>Disable·Recovery·Booting</ocil:title>
96 ······<ocil:actions>96 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-grub2_disable_recovery_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>98 ······</ocil:actions>
99 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-accounts_polyinstantiated_var_tmp_ocil:questionnaire:1"> 
101 ······<ocil:title>Configure·Polyinstantiation·of·/var/tmp·Directories</ocil:title>100 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_writable_hooks_ocil:questionnaire:1">
 101 ······<ocil:title>Disable·mutable·hooks</ocil:title>
102 ······<ocil:actions>102 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-accounts_polyinstantiated_var_tmp_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-kernel_config_security_writable_hooks_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>104 ······</ocil:actions>
105 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_minclass_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-service_dhcpd_disabled_ocil:questionnaire:1">
107 ······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Minimum·Different·Categories</ocil:title>107 ······<ocil:title>Disable·DHCP·Service</ocil:title>
108 ······<ocil:actions>108 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_minclass_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-service_dhcpd_disabled_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>110 ······</ocil:actions>
111 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_list_ocil:questionnaire:1">112 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_disk_full_action_ocil:questionnaire:1">
113 ······<ocil:title>Enable·checks·on·linked·list·manipulation</ocil:title>113 ······<ocil:title>Configure·auditd·Disk·Full·Action·when·Disk·Space·Is·Full</ocil:title>
114 ······<ocil:actions>114 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-kernel_config_debug_list_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-auditd_data_disk_full_action_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>116 ······</ocil:actions>
117 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-service_qpidd_disabled_ocil:questionnaire:1">118 ····<ocil:questionnaire·id="ocil:ssg-file_ownership_library_dirs_ocil:questionnaire:1">
119 ······<ocil:title>Disable·Apache·Qpid·(qpidd)</ocil:title>119 ······<ocil:title>Verify·that·Shared·Library·Files·Have·Root·Ownership</ocil:title>
120 ······<ocil:actions>120 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-service_qpidd_disabled_action:testaction:1</ocil:test_action_ref>121 ········<ocil:test_action_ref>ocil:ssg-file_ownership_library_dirs_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>122 ······</ocil:actions>
123 ····</ocil:questionnaire>123 ····</ocil:questionnaire>
124 ····<ocil:questionnaire·id="ocil:ssg-account_unique_id_ocil:questionnaire:1">124 ····<ocil:questionnaire·id="ocil:ssg-grub2_enable_iommu_force_ocil:questionnaire:1">
125 ······<ocil:title>Ensure·All·Accounts·on·the·System·Have·Unique·User·IDs</ocil:title>125 ······<ocil:title>IOMMU·configuration·directive</ocil:title>
126 ······<ocil:actions>126 ······<ocil:actions>
Max diff block lines reached; 994827/1007450 bytes (98.75%) of diff not shown.
695 KB
./usr/share/xml/scap/ssg/content/ssg-anolis23-xccdf.xml
695 KB
./usr/share/xml/scap/ssg/content/ssg-anolis23-xccdf.xml
Ordering differences only
    
Offset 71, 244 lines modifiedOffset 71, 244 lines modified
71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
77 ··<cpe-lang:platform-specification>77 ··<cpe-lang:platform-specification>
78 ····<cpe-lang:platform·id="ipv6_enabled">78 ····<cpe-lang:platform·id="package_shadow-utils">
79 ······<cpe-lang:logical-test·operator="AND"·negate="false">79 ······<cpe-lang:logical-test·operator="AND"·negate="false">
80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-ipv6_enabled:def:1"/>80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
81 ······</cpe-lang:logical-test>81 ······</cpe-lang:logical-test>
82 ····</cpe-lang:platform>82 ····</cpe-lang:platform>
83 ····<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">83 ····<cpe-lang:platform·id="package_squid_and_system_with_kernel">
84 ······<cpe-lang:logical-test·operator="OR"·negate="false">84 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_squid:def:1"/>
 86 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
 87 ······</cpe-lang:logical-test>
 88 ····</cpe-lang:platform>
 89 ····<cpe-lang:platform·id="aarch64_arch">
 90 ······<cpe-lang:logical-test·operator="AND"·negate="false">
85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>91 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
86 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/> 
87 ······</cpe-lang:logical-test>92 ······</cpe-lang:logical-test>
88 ····</cpe-lang:platform>93 ····</cpe-lang:platform>
89 ····<cpe-lang:platform·id="machine">94 ····<cpe-lang:platform·id="machine">
90 ······<cpe-lang:logical-test·operator="AND"·negate="false">95 ······<cpe-lang:logical-test·operator="AND"·negate="false">
91 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>96 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>
92 ······</cpe-lang:logical-test>97 ······</cpe-lang:logical-test>
93 ····</cpe-lang:platform>98 ····</cpe-lang:platform>
94 ····<cpe-lang:platform·id="package_iptables">99 ····<cpe-lang:platform·id="x86_64_arch">
95 ······<cpe-lang:logical-test·operator="AND"·negate="false">100 ······<cpe-lang:logical-test·operator="AND"·negate="false">
96 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>101 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
97 ······</cpe-lang:logical-test>102 ······</cpe-lang:logical-test>
98 ····</cpe-lang:platform>103 ····</cpe-lang:platform>
99 ····<cpe-lang:platform·id="not_aarch64_arch">104 ····<cpe-lang:platform·id="system_with_kernel">
100 ······<cpe-lang:logical-test·operator="AND"·negate="true">105 ······<cpe-lang:logical-test·operator="AND"·negate="false">
101 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>106 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
102 ······</cpe-lang:logical-test>107 ······</cpe-lang:logical-test>
103 ····</cpe-lang:platform>108 ····</cpe-lang:platform>
104 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">109 ····<cpe-lang:platform·id="package_logrotate">
105 ······<cpe-lang:logical-test·operator="AND"·negate="false">110 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 111 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>
 112 ······</cpe-lang:logical-test>
 113 ····</cpe-lang:platform>
 114 ····<cpe-lang:platform·id="package_sudo">
 115 ······<cpe-lang:logical-test·operator="AND"·negate="false">
106 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>116 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
107 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>117 ······</cpe-lang:logical-test>
 118 ····</cpe-lang:platform>
 119 ····<cpe-lang:platform·id="not_aarch64_arch">
 120 ······<cpe-lang:logical-test·operator="AND"·negate="true">
108 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>121 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
109 ······</cpe-lang:logical-test>122 ······</cpe-lang:logical-test>
110 ····</cpe-lang:platform>123 ····</cpe-lang:platform>
111 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">124 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">
112 ······<cpe-lang:logical-test·operator="AND"·negate="false">125 ······<cpe-lang:logical-test·operator="AND"·negate="false">
113 ········<cpe-lang:logical-test·operator="AND"·negate="true">126 ········<cpe-lang:logical-test·operator="AND"·negate="true">
114 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>127 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
115 ········</cpe-lang:logical-test>128 ········</cpe-lang:logical-test>
116 ········<cpe-lang:logical-test·operator="AND"·negate="true">129 ········<cpe-lang:logical-test·operator="AND"·negate="true">
117 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>130 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>
118 ········</cpe-lang:logical-test>131 ········</cpe-lang:logical-test>
119 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>132 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
120 ······</cpe-lang:logical-test>133 ······</cpe-lang:logical-test>
121 ····</cpe-lang:platform>134 ····</cpe-lang:platform>
122 ····<cpe-lang:platform·id="package_pam">135 ····<cpe-lang:platform·id="package_snmpd_and_system_with_kernel">
123 ······<cpe-lang:logical-test·operator="AND"·negate="false">136 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 137 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_snmpd:def:1"/>
 138 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
 139 ······</cpe-lang:logical-test>
 140 ····</cpe-lang:platform>
 141 ····<cpe-lang:platform·id="package_yum">
 142 ······<cpe-lang:logical-test·operator="AND"·negate="false">
124 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>143 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_yum:def:1"/>
125 ······</cpe-lang:logical-test>144 ······</cpe-lang:logical-test>
126 ····</cpe-lang:platform>145 ····</cpe-lang:platform>
127 ····<cpe-lang:platform·id="package_firewalld">146 ····<cpe-lang:platform·id="package_firewalld">
128 ······<cpe-lang:logical-test·operator="AND"·negate="false">147 ······<cpe-lang:logical-test·operator="AND"·negate="false">
129 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>148 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>
130 ······</cpe-lang:logical-test>149 ······</cpe-lang:logical-test>
131 ····</cpe-lang:platform>150 ····</cpe-lang:platform>
132 ····<cpe-lang:platform·id="package_rsyslog">151 ····<cpe-lang:platform·id="package_systemd">
133 ······<cpe-lang:logical-test·operator="AND"·negate="false">152 ······<cpe-lang:logical-test·operator="AND"·negate="false">
134 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>153 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_systemd:def:1"/>
135 ······</cpe-lang:logical-test>154 ······</cpe-lang:logical-test>
136 ····</cpe-lang:platform>155 ····</cpe-lang:platform>
137 ····<cpe-lang:platform·id="package_logrotate">156 ····<cpe-lang:platform·id="wifi-iface">
138 ······<cpe-lang:logical-test·operator="AND"·negate="false">157 ······<cpe-lang:logical-test·operator="AND"·negate="false">
139 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>158 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_wifi_interface:def:1"/>
140 ······</cpe-lang:logical-test>159 ······</cpe-lang:logical-test>
141 ····</cpe-lang:platform>160 ····</cpe-lang:platform>
142 ····<cpe-lang:platform·id="package_audit">161 ····<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">
143 ······<cpe-lang:logical-test·operator="AND"·negate="false">162 ······<cpe-lang:logical-test·operator="OR"·negate="false">
 163 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
144 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>164 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
145 ······</cpe-lang:logical-test>165 ······</cpe-lang:logical-test>
146 ····</cpe-lang:platform>166 ····</cpe-lang:platform>
147 ····<cpe-lang:platform·id="package_yum">167 ····<cpe-lang:platform·id="package_rsyslog">
148 ······<cpe-lang:logical-test·operator="AND"·negate="false">168 ······<cpe-lang:logical-test·operator="AND"·negate="false">
149 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_yum:def:1"/>169 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>
150 ······</cpe-lang:logical-test>170 ······</cpe-lang:logical-test>
151 ····</cpe-lang:platform>171 ····</cpe-lang:platform>
152 ····<cpe-lang:platform·id="non-uefi">172 ····<cpe-lang:platform·id="package_gdm">
153 ······<cpe-lang:logical-test·operator="AND"·negate="false">173 ······<cpe-lang:logical-test·operator="AND"·negate="false">
154 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>174 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>
155 ······</cpe-lang:logical-test>175 ······</cpe-lang:logical-test>
156 ····</cpe-lang:platform>176 ····</cpe-lang:platform>
157 ····<cpe-lang:platform·id="uefi">177 ····<cpe-lang:platform·id="package_postfix">
158 ······<cpe-lang:logical-test·operator="AND"·negate="false">178 ······<cpe-lang:logical-test·operator="AND"·negate="false">
159 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_uefi:def:1"/>179 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_postfix:def:1"/>
160 ······</cpe-lang:logical-test>180 ······</cpe-lang:logical-test>
161 ····</cpe-lang:platform>181 ····</cpe-lang:platform>
162 ····<cpe-lang:platform·id="package_snmpd_and_system_with_kernel">182 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">
163 ······<cpe-lang:logical-test·operator="AND"·negate="false">183 ······<cpe-lang:logical-test·operator="AND"·negate="false">
164 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_snmpd:def:1"/>184 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
 185 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>
165 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>186 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
166 ······</cpe-lang:logical-test>187 ······</cpe-lang:logical-test>
167 ····</cpe-lang:platform>188 ····</cpe-lang:platform>
168 ····<cpe-lang:platform·id="package_sudo">189 ····<cpe-lang:platform·id="non-uefi">
169 ······<cpe-lang:logical-test·operator="AND"·negate="false">190 ······<cpe-lang:logical-test·operator="AND"·negate="false">
170 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>191 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>
171 ······</cpe-lang:logical-test>192 ······</cpe-lang:logical-test>
172 ····</cpe-lang:platform>193 ····</cpe-lang:platform>
173 ····<cpe-lang:platform·id="system_with_kernel">194 ····<cpe-lang:platform·id="package_autofs_and_system_with_kernel">
174 ······<cpe-lang:logical-test·operator="AND"·negate="false">195 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 196 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis23-cpe-oval.xml"·id-ref="oval:ssg-package_autofs:def:1"/>
Max diff block lines reached; 697669/711370 bytes (98.07%) of diff not shown.
1.7 MB
./usr/share/xml/scap/ssg/content/ssg-anolis8-ds.xml
1.7 MB
./usr/share/xml/scap/ssg/content/ssg-anolis8-ds.xml
Max HTML report size reached
983 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-ocil.xml
983 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-ocil.xml
Ordering differences only
    
Offset 3, 3389 lines modifiedOffset 3, 3389 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-accounts_password_minlen_login_defs_ocil:questionnaire:1"> 
11 ······<ocil:title>Set·Password·Minimum·Length·in·login.defs</ocil:title>10 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_shadow_ocil:questionnaire:1">
 11 ······<ocil:title>Verify·Permissions·on·Backup·shadow·File</ocil:title>
12 ······<ocil:actions>12 ······<ocil:actions>
13 ········<ocil:test_action_ref>ocil:ssg-accounts_password_minlen_login_defs_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_shadow_action:testaction:1</ocil:test_action_ref>
14 ······</ocil:actions>14 ······</ocil:actions>
15 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
16 ····<ocil:questionnaire·id="ocil:ssg-set_password_hashing_algorithm_systemauth_ocil:questionnaire:1"> 
17 ······<ocil:title>Set·PAM''s·Password·Hashing·Algorithm</ocil:title>16 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_root_login_ocil:questionnaire:1">
 17 ······<ocil:title>Disable·SSH·Root·Login</ocil:title>
18 ······<ocil:actions>18 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-set_password_hashing_algorithm_systemauth_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_root_login_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>20 ······</ocil:actions>
21 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-group_unique_name_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-accounts_tmout_ocil:questionnaire:1">
23 ······<ocil:title>Ensure·All·Groups·on·the·System·Have·Unique·Group·Names</ocil:title>23 ······<ocil:title>Set·Interactive·Session·Timeout</ocil:title>
24 ······<ocil:actions>24 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-group_unique_name_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-accounts_tmout_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>26 ······</ocil:actions>
27 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_var_log_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-accounts_root_gid_zero_ocil:questionnaire:1">
29 ······<ocil:title>Verify·Group·Who·Owns·/var/log·Directory</ocil:title>29 ······<ocil:title>Verify·Root·Has·A·Primary·GID·0</ocil:title>
30 ······<ocil:actions>30 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_var_log_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-accounts_root_gid_zero_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>32 ······</ocil:actions>
33 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-package_cron_installed_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_disk_error_action_stig_ocil:questionnaire:1">
35 ······<ocil:title>Install·the·cron·service</ocil:title>35 ······<ocil:title>Configure·auditd·Disk·Error·Action·on·Disk·Error</ocil:title>
36 ······<ocil:actions>36 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-package_cron_installed_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_stig_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>38 ······</ocil:actions>
39 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-account_unique_id_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_compat_brk_ocil:questionnaire:1">
41 ······<ocil:title>Ensure·All·Accounts·on·the·System·Have·Unique·User·IDs</ocil:title>41 ······<ocil:title>Disable·compatibility·with·brk()</ocil:title>
42 ······<ocil:actions>42 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-account_unique_id_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-kernel_config_compat_brk_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>44 ······</ocil:actions>
45 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_creat_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_disk_full_action_ocil:questionnaire:1">
47 ······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·creat</ocil:title>47 ······<ocil:title>Configure·auditd·Disk·Full·Action·when·Disk·Space·Is·Full</ocil:title>
48 ······<ocil:actions>48 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_creat_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-auditd_data_disk_full_action_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>50 ······</ocil:actions>
51 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-rpm_verify_hashes_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-no_direct_root_logins_ocil:questionnaire:1">
53 ······<ocil:title>Verify·File·Hashes·with·RPM</ocil:title>53 ······<ocil:title>Direct·root·Logins·Not·Allowed</ocil:title>
54 ······<ocil:actions>54 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-rpm_verify_hashes_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-no_direct_root_logins_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>56 ······</ocil:actions>
57 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-require_emergency_target_auth_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_cron_d_ocil:questionnaire:1">
59 ······<ocil:title>Require·Authentication·for·Emergency·Systemd·Target</ocil:title>59 ······<ocil:title>Verify·Permissions·on·cron.d</ocil:title>
60 ······<ocil:actions>60 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-require_emergency_target_auth_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-file_permissions_cron_d_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>62 ······</ocil:actions>
63 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-sudo_vdsm_nopasswd_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_grub2_cfg_ocil:questionnaire:1">
65 ······<ocil:title>Only·the·VDSM·User·Can·Use·sudo·NOPASSWD</ocil:title>65 ······<ocil:title>Verify·/boot/grub2/grub.cfg·Permissions</ocil:title>
66 ······<ocil:actions>66 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-sudo_vdsm_nopasswd_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-file_permissions_grub2_cfg_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>68 ······</ocil:actions>
69 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-coredump_disable_backtraces_ocil:questionnaire:1"> 
71 ······<ocil:title>Disable·core·dump·backtraces</ocil:title>70 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_openat_ocil:questionnaire:1">
 71 ······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·openat</ocil:title>
72 ······<ocil:actions>72 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-coredump_disable_backtraces_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_openat_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>74 ······</ocil:actions>
75 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-audit_privileged_commands_reboot_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_binary_dirs_ocil:questionnaire:1">
77 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·reboot</ocil:title>77 ······<ocil:title>Verify·that·System·Executables·Have·Restrictive·Permissions</ocil:title>
78 ······<ocil:actions>78 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-audit_privileged_commands_reboot_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-file_permissions_binary_dirs_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>80 ······</ocil:actions>
81 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_issue_ocil:questionnaire:1">
83 ······<ocil:title>Enable·Use·of·Strict·Mode·Checking</ocil:title>83 ······<ocil:title>Verify·permissions·on·System·Login·Banner</ocil:title>
84 ······<ocil:actions>84 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-sshd_enable_strictmodes_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_issue_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>86 ······</ocil:actions>
87 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-file_at_deny_not_exist_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_allow_ocil:questionnaire:1">
89 ······<ocil:title>Ensure·that·/etc/at.deny·does·not·exist</ocil:title>89 ······<ocil:title>Verify·Group·Who·Owns·/etc/cron.allow·file</ocil:title>
90 ······<ocil:actions>90 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-file_at_deny_not_exist_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_allow_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>92 ······</ocil:actions>
93 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-accounts_root_path_dirs_no_write_ocil:questionnaire:1"> 
95 ······<ocil:title>Ensure·that·Root's·Path·Does·Not·Include·World·or·Group-Writable·Directories</ocil:title>94 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_accept_source_route_ocil:questionnaire:1">
 95 ······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·IPv4·Interfaces·by·Default</ocil:title>
96 ······<ocil:actions>96 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-accounts_root_path_dirs_no_write_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_accept_source_route_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>98 ······</ocil:actions>
99 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-file_groupownership_audit_configuration_ocil:questionnaire:1"> 
101 ······<ocil:title>Audit·Configuration·Files·Must·Be·Owned·By·Group·root</ocil:title>100 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_open_ocil:questionnaire:1">
 101 ······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·open</ocil:title>
102 ······<ocil:actions>102 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-file_groupownership_audit_configuration_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_open_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>104 ······</ocil:actions>
105 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-accounts_umask_etc_login_defs_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_num_logs_ocil:questionnaire:1">
107 ······<ocil:title>Ensure·the·Default·Umask·is·Set·Correctly·in·login.defs</ocil:title>107 ······<ocil:title>Configure·auditd·Number·of·Logs·Retained</ocil:title>
108 ······<ocil:actions>108 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-accounts_umask_etc_login_defs_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_num_logs_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>110 ······</ocil:actions>
111 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-aide_periodic_cron_checking_ocil:questionnaire:1">112 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_hourly_ocil:questionnaire:1">
113 ······<ocil:title>Configure·Periodic·Execution·of·AIDE</ocil:title>113 ······<ocil:title>Verify·Group·Who·Owns·cron.hourly</ocil:title>
114 ······<ocil:actions>114 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-aide_periodic_cron_checking_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_hourly_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>116 ······</ocil:actions>
117 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_accept_redirects_ocil:questionnaire:1"> 
119 ······<ocil:title>Disable·Accepting·ICMP·Redirects·for·All·IPv6·Interfaces</ocil:title>118 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_weekly_ocil:questionnaire:1">
 119 ······<ocil:title>Verify·Group·Who·Owns·cron.weekly</ocil:title>
120 ······<ocil:actions>120 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_accept_redirects_action:testaction:1</ocil:test_action_ref>121 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_weekly_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>122 ······</ocil:actions>
123 ····</ocil:questionnaire>123 ····</ocil:questionnaire>
Max diff block lines reached; 993220/1005989 bytes (98.73%) of diff not shown.
694 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-xccdf.xml
694 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-xccdf.xml
Ordering differences only
    
Offset 71, 244 lines modifiedOffset 71, 244 lines modified
71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
77 ··<cpe-lang:platform-specification>77 ··<cpe-lang:platform-specification>
78 ····<cpe-lang:platform·id="ipv6_enabled">78 ····<cpe-lang:platform·id="package_shadow-utils">
79 ······<cpe-lang:logical-test·operator="AND"·negate="false">79 ······<cpe-lang:logical-test·operator="AND"·negate="false">
80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-ipv6_enabled:def:1"/>80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
81 ······</cpe-lang:logical-test>81 ······</cpe-lang:logical-test>
82 ····</cpe-lang:platform>82 ····</cpe-lang:platform>
83 ····<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">83 ····<cpe-lang:platform·id="package_squid_and_system_with_kernel">
84 ······<cpe-lang:logical-test·operator="OR"·negate="false">84 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_squid:def:1"/>
 86 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
 87 ······</cpe-lang:logical-test>
 88 ····</cpe-lang:platform>
 89 ····<cpe-lang:platform·id="aarch64_arch">
 90 ······<cpe-lang:logical-test·operator="AND"·negate="false">
85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>91 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
86 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/> 
87 ······</cpe-lang:logical-test>92 ······</cpe-lang:logical-test>
88 ····</cpe-lang:platform>93 ····</cpe-lang:platform>
89 ····<cpe-lang:platform·id="machine">94 ····<cpe-lang:platform·id="machine">
90 ······<cpe-lang:logical-test·operator="AND"·negate="false">95 ······<cpe-lang:logical-test·operator="AND"·negate="false">
91 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>96 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>
92 ······</cpe-lang:logical-test>97 ······</cpe-lang:logical-test>
93 ····</cpe-lang:platform>98 ····</cpe-lang:platform>
94 ····<cpe-lang:platform·id="package_iptables">99 ····<cpe-lang:platform·id="x86_64_arch">
95 ······<cpe-lang:logical-test·operator="AND"·negate="false">100 ······<cpe-lang:logical-test·operator="AND"·negate="false">
96 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>101 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
97 ······</cpe-lang:logical-test>102 ······</cpe-lang:logical-test>
98 ····</cpe-lang:platform>103 ····</cpe-lang:platform>
99 ····<cpe-lang:platform·id="not_aarch64_arch">104 ····<cpe-lang:platform·id="system_with_kernel">
100 ······<cpe-lang:logical-test·operator="AND"·negate="true">105 ······<cpe-lang:logical-test·operator="AND"·negate="false">
101 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>106 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
102 ······</cpe-lang:logical-test>107 ······</cpe-lang:logical-test>
103 ····</cpe-lang:platform>108 ····</cpe-lang:platform>
104 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">109 ····<cpe-lang:platform·id="package_logrotate">
105 ······<cpe-lang:logical-test·operator="AND"·negate="false">110 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 111 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>
 112 ······</cpe-lang:logical-test>
 113 ····</cpe-lang:platform>
 114 ····<cpe-lang:platform·id="package_sudo">
 115 ······<cpe-lang:logical-test·operator="AND"·negate="false">
106 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>116 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
107 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>117 ······</cpe-lang:logical-test>
 118 ····</cpe-lang:platform>
 119 ····<cpe-lang:platform·id="not_aarch64_arch">
 120 ······<cpe-lang:logical-test·operator="AND"·negate="true">
108 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>121 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
109 ······</cpe-lang:logical-test>122 ······</cpe-lang:logical-test>
110 ····</cpe-lang:platform>123 ····</cpe-lang:platform>
111 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">124 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">
112 ······<cpe-lang:logical-test·operator="AND"·negate="false">125 ······<cpe-lang:logical-test·operator="AND"·negate="false">
113 ········<cpe-lang:logical-test·operator="AND"·negate="true">126 ········<cpe-lang:logical-test·operator="AND"·negate="true">
114 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>127 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
115 ········</cpe-lang:logical-test>128 ········</cpe-lang:logical-test>
116 ········<cpe-lang:logical-test·operator="AND"·negate="true">129 ········<cpe-lang:logical-test·operator="AND"·negate="true">
117 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>130 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>
118 ········</cpe-lang:logical-test>131 ········</cpe-lang:logical-test>
119 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>132 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
120 ······</cpe-lang:logical-test>133 ······</cpe-lang:logical-test>
121 ····</cpe-lang:platform>134 ····</cpe-lang:platform>
122 ····<cpe-lang:platform·id="package_pam">135 ····<cpe-lang:platform·id="package_snmpd_and_system_with_kernel">
123 ······<cpe-lang:logical-test·operator="AND"·negate="false">136 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 137 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_snmpd:def:1"/>
 138 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
 139 ······</cpe-lang:logical-test>
 140 ····</cpe-lang:platform>
 141 ····<cpe-lang:platform·id="package_yum">
 142 ······<cpe-lang:logical-test·operator="AND"·negate="false">
124 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>143 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_yum:def:1"/>
125 ······</cpe-lang:logical-test>144 ······</cpe-lang:logical-test>
126 ····</cpe-lang:platform>145 ····</cpe-lang:platform>
127 ····<cpe-lang:platform·id="package_firewalld">146 ····<cpe-lang:platform·id="package_firewalld">
128 ······<cpe-lang:logical-test·operator="AND"·negate="false">147 ······<cpe-lang:logical-test·operator="AND"·negate="false">
129 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>148 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>
130 ······</cpe-lang:logical-test>149 ······</cpe-lang:logical-test>
131 ····</cpe-lang:platform>150 ····</cpe-lang:platform>
132 ····<cpe-lang:platform·id="package_rsyslog">151 ····<cpe-lang:platform·id="package_systemd">
133 ······<cpe-lang:logical-test·operator="AND"·negate="false">152 ······<cpe-lang:logical-test·operator="AND"·negate="false">
134 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>153 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_systemd:def:1"/>
135 ······</cpe-lang:logical-test>154 ······</cpe-lang:logical-test>
136 ····</cpe-lang:platform>155 ····</cpe-lang:platform>
137 ····<cpe-lang:platform·id="package_logrotate">156 ····<cpe-lang:platform·id="wifi-iface">
138 ······<cpe-lang:logical-test·operator="AND"·negate="false">157 ······<cpe-lang:logical-test·operator="AND"·negate="false">
139 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>158 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_wifi_interface:def:1"/>
140 ······</cpe-lang:logical-test>159 ······</cpe-lang:logical-test>
141 ····</cpe-lang:platform>160 ····</cpe-lang:platform>
142 ····<cpe-lang:platform·id="package_audit">161 ····<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">
143 ······<cpe-lang:logical-test·operator="AND"·negate="false">162 ······<cpe-lang:logical-test·operator="OR"·negate="false">
 163 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
144 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>164 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
145 ······</cpe-lang:logical-test>165 ······</cpe-lang:logical-test>
146 ····</cpe-lang:platform>166 ····</cpe-lang:platform>
147 ····<cpe-lang:platform·id="package_yum">167 ····<cpe-lang:platform·id="package_rsyslog">
148 ······<cpe-lang:logical-test·operator="AND"·negate="false">168 ······<cpe-lang:logical-test·operator="AND"·negate="false">
149 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_yum:def:1"/>169 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>
150 ······</cpe-lang:logical-test>170 ······</cpe-lang:logical-test>
151 ····</cpe-lang:platform>171 ····</cpe-lang:platform>
152 ····<cpe-lang:platform·id="non-uefi">172 ····<cpe-lang:platform·id="package_gdm">
153 ······<cpe-lang:logical-test·operator="AND"·negate="false">173 ······<cpe-lang:logical-test·operator="AND"·negate="false">
154 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>174 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>
155 ······</cpe-lang:logical-test>175 ······</cpe-lang:logical-test>
156 ····</cpe-lang:platform>176 ····</cpe-lang:platform>
157 ····<cpe-lang:platform·id="uefi">177 ····<cpe-lang:platform·id="package_postfix">
158 ······<cpe-lang:logical-test·operator="AND"·negate="false">178 ······<cpe-lang:logical-test·operator="AND"·negate="false">
159 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_uefi:def:1"/>179 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_postfix:def:1"/>
160 ······</cpe-lang:logical-test>180 ······</cpe-lang:logical-test>
161 ····</cpe-lang:platform>181 ····</cpe-lang:platform>
162 ····<cpe-lang:platform·id="package_snmpd_and_system_with_kernel">182 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">
163 ······<cpe-lang:logical-test·operator="AND"·negate="false">183 ······<cpe-lang:logical-test·operator="AND"·negate="false">
164 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_snmpd:def:1"/>184 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
 185 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>
165 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>186 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
166 ······</cpe-lang:logical-test>187 ······</cpe-lang:logical-test>
167 ····</cpe-lang:platform>188 ····</cpe-lang:platform>
168 ····<cpe-lang:platform·id="package_sudo">189 ····<cpe-lang:platform·id="non-uefi">
169 ······<cpe-lang:logical-test·operator="AND"·negate="false">190 ······<cpe-lang:logical-test·operator="AND"·negate="false">
170 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>191 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>
171 ······</cpe-lang:logical-test>192 ······</cpe-lang:logical-test>
172 ····</cpe-lang:platform>193 ····</cpe-lang:platform>
173 ····<cpe-lang:platform·id="system_with_kernel">194 ····<cpe-lang:platform·id="package_autofs_and_system_with_kernel">
174 ······<cpe-lang:logical-test·operator="AND"·negate="false">195 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 196 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml"·id-ref="oval:ssg-package_autofs:def:1"/>
Max diff block lines reached; 697145/710800 bytes (98.08%) of diff not shown.
12.0 MB
./usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml
12.0 MB
./usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml
Max HTML report size reached
8.55 MB
./usr/share/xml/scap/ssg/content/ssg-centos8-xccdf.xml
8.55 MB
./usr/share/xml/scap/ssg/content/ssg-centos8-xccdf.xml
Max HTML report size reached
8.94 MB
./usr/share/xml/scap/ssg/content/ssg-cs10-ds.xml
8.94 MB
./usr/share/xml/scap/ssg/content/ssg-cs10-ds.xml
Max HTML report size reached
6.6 MB
./usr/share/xml/scap/ssg/content/ssg-cs10-xccdf.xml
6.6 MB
./usr/share/xml/scap/ssg/content/ssg-cs10-xccdf.xml
Max HTML report size reached
12.0 MB
./usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml
12.0 MB
./usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml
Max HTML report size reached
8.49 MB
./usr/share/xml/scap/ssg/content/ssg-cs9-xccdf.xml
8.49 MB
./usr/share/xml/scap/ssg/content/ssg-cs9-xccdf.xml
Max HTML report size reached
8.37 MB
./usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml
8.37 MB
./usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml
Max HTML report size reached
1.96 MB
./usr/share/xml/scap/ssg/content/ssg-fedora-ocil.xml
1.96 MB
./usr/share/xml/scap/ssg/content/ssg-fedora-ocil.xml
Max HTML report size reached
6.22 MB
./usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml
6.22 MB
./usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml
Max HTML report size reached
476 KB
./usr/share/xml/scap/ssg/content/ssg-kylinserver10-ds.xml
476 KB
./usr/share/xml/scap/ssg/content/ssg-kylinserver10-ds.xml
    
Offset 19, 15 lines modifiedOffset 19, 15 lines modified
19 ····</ds:checklists>19 ····</ds:checklists>
20 ····<ds:checks>20 ····<ds:checks>
21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-kylinserver10-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-kylinserver10-oval.xml"/>21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-kylinserver10-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-kylinserver10-oval.xml"/>
22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-kylinserver10-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-kylinserver10-ocil.xml"/>22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-kylinserver10-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-kylinserver10-ocil.xml"/>
23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-kylinserver10-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-kylinserver10-cpe-oval.xml"/>23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-kylinserver10-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-kylinserver10-cpe-oval.xml"/>
24 ····</ds:checks>24 ····</ds:checks>
25 ··</ds:data-stream>25 ··</ds:data-stream>
26 ··<ds:component·id="scap_org.open-scap_comp_ssg-kylinserver10-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">26 ··<ds:component·id="scap_org.open-scap_comp_ssg-kylinserver10-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28 ······<cpe-dict:cpe-item·name="cpe:/o:Kylin:Kylin:V10_SP1:ga:server">28 ······<cpe-dict:cpe-item·name="cpe:/o:Kylin:Kylin:V10_SP1:ga:server">
29 ········<cpe-dict:title·xml:lang="en-us">Kylin·V10·SP1</cpe-dict:title>29 ········<cpe-dict:title·xml:lang="en-us">Kylin·V10·SP1</cpe-dict:title>
30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml">oval:ssg-installed_OS_is_kylinserver10:def:1</cpe-dict:check>30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml">oval:ssg-installed_OS_is_kylinserver10:def:1</cpe-dict:check>
31 ······</cpe-dict:cpe-item>31 ······</cpe-dict:cpe-item>
32 ······<cpe-dict:cpe-item·name="cpe:/o:Kylin:Kylin:V10_SP2:ga:server">32 ······<cpe-dict:cpe-item·name="cpe:/o:Kylin:Kylin:V10_SP2:ga:server">
33 ········<cpe-dict:title·xml:lang="en-us">Kylin·V10·SP2</cpe-dict:title>33 ········<cpe-dict:title·xml:lang="en-us">Kylin·V10·SP2</cpe-dict:title>
Offset 35, 15 lines modifiedOffset 35, 15 lines modified
35 ······</cpe-dict:cpe-item>35 ······</cpe-dict:cpe-item>
36 ······<cpe-dict:cpe-item·name="cpe:/o:Kylin:Kylin:V10_SP3:ga:server">36 ······<cpe-dict:cpe-item·name="cpe:/o:Kylin:Kylin:V10_SP3:ga:server">
37 ········<cpe-dict:title·xml:lang="en-us">Kylin·V10·SP3</cpe-dict:title>37 ········<cpe-dict:title·xml:lang="en-us">Kylin·V10·SP3</cpe-dict:title>
38 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml">oval:ssg-installed_OS_is_kylinserver10:def:1</cpe-dict:check>38 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml">oval:ssg-installed_OS_is_kylinserver10:def:1</cpe-dict:check>
39 ······</cpe-dict:cpe-item>39 ······</cpe-dict:cpe-item>
40 ····</cpe-dict:cpe-list>40 ····</cpe-dict:cpe-list>
41 ··</ds:component>41 ··</ds:component>
42 ··<ds:component·id="scap_org.open-scap_comp_ssg-kylinserver10-xccdf.xml"·timestamp="2025-02-28T20:08:00">42 ··<ds:component·id="scap_org.open-scap_comp_ssg-kylinserver10-xccdf.xml"·timestamp="2025-03-01T22:08:00">
43 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_KYLINSERVER10"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">43 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_KYLINSERVER10"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
44 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>44 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
45 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Kylin·Server·10</xccdf-1.2:title>45 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Kylin·Server·10</xccdf-1.2:title>
46 ······<xccdf-1.2:description>46 ······<xccdf-1.2:description>
47 ········This·guide·presents·a·catalog·of·security-relevant47 ········This·guide·presents·a·catalog·of·security-relevant
48 configuration·settings·for·Kylin·Server·10.·It·is·a·rendering·of48 configuration·settings·for·Kylin·Server·10.·It·is·a·rendering·of
49 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)49 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 112, 94 lines modifiedOffset 112, 94 lines modified
112 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>112 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
113 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>113 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
114 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>114 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
115 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>115 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
116 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>116 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
117 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>117 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
118 ······<cpe-lang:platform-specification>118 ······<cpe-lang:platform-specification>
119 ········<cpe-lang:platform·id="package_dnf">119 ········<cpe-lang:platform·id="package_shadow-utils">
120 ··········<cpe-lang:logical-test·operator="AND"·negate="false">120 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
121 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_dnf:def:1"/>121 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
122 ··········</cpe-lang:logical-test>122 ··········</cpe-lang:logical-test>
123 ········</cpe-lang:platform>123 ········</cpe-lang:platform>
124 ········<cpe-lang:platform·id="machine">124 ········<cpe-lang:platform·id="machine">
125 ··········<cpe-lang:logical-test·operator="AND"·negate="false">125 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
126 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>126 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>
127 ··········</cpe-lang:logical-test>127 ··········</cpe-lang:logical-test>
128 ········</cpe-lang:platform>128 ········</cpe-lang:platform>
129 ········<cpe-lang:platform·id="package_pam">129 ········<cpe-lang:platform·id="system_with_kernel">
130 ··········<cpe-lang:logical-test·operator="AND"·negate="false">130 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 131 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
 132 ··········</cpe-lang:logical-test>
 133 ········</cpe-lang:platform>
 134 ········<cpe-lang:platform·id="package_sudo">
 135 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
131 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>136 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
132 ··········</cpe-lang:logical-test>137 ··········</cpe-lang:logical-test>
133 ········</cpe-lang:platform>138 ········</cpe-lang:platform>
134 ········<cpe-lang:platform·id="package_firewalld">139 ········<cpe-lang:platform·id="package_firewalld">
135 ··········<cpe-lang:logical-test·operator="AND"·negate="false">140 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
136 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>141 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>
137 ··········</cpe-lang:logical-test>142 ··········</cpe-lang:logical-test>
138 ········</cpe-lang:platform>143 ········</cpe-lang:platform>
139 ········<cpe-lang:platform·id="package_rsyslog">144 ········<cpe-lang:platform·id="package_rsyslog">
140 ··········<cpe-lang:logical-test·operator="AND"·negate="false">145 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
141 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>146 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>
142 ··········</cpe-lang:logical-test>147 ··········</cpe-lang:logical-test>
143 ········</cpe-lang:platform>148 ········</cpe-lang:platform>
144 ········<cpe-lang:platform·id="package_audit">149 ········<cpe-lang:platform·id="package_gdm">
145 ··········<cpe-lang:logical-test·operator="AND"·negate="false">150 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
146 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>151 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>
147 ··········</cpe-lang:logical-test>152 ··········</cpe-lang:logical-test>
148 ········</cpe-lang:platform>153 ········</cpe-lang:platform>
149 ········<cpe-lang:platform·id="non-uefi">154 ········<cpe-lang:platform·id="non-uefi">
150 ··········<cpe-lang:logical-test·operator="AND"·negate="false">155 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
151 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>156 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>
152 ··········</cpe-lang:logical-test>157 ··········</cpe-lang:logical-test>
153 ········</cpe-lang:platform>158 ········</cpe-lang:platform>
154 ········<cpe-lang:platform·id="uefi"> 
155 ··········<cpe-lang:logical-test·operator="AND"·negate="false"> 
156 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_uefi:def:1"/> 
157 ··········</cpe-lang:logical-test> 
158 ········</cpe-lang:platform> 
159 ········<cpe-lang:platform·id="package_sudo"> 
160 ··········<cpe-lang:logical-test·operator="AND"·negate="false"> 
161 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/> 
162 ··········</cpe-lang:logical-test> 
163 ········</cpe-lang:platform> 
164 ········<cpe-lang:platform·id="system_with_kernel">159 ········<cpe-lang:platform·id="package_autofs_and_system_with_kernel">
165 ··········<cpe-lang:logical-test·operator="AND"·negate="false">160 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 161 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_autofs:def:1"/>
166 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>162 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
167 ··········</cpe-lang:logical-test>163 ··········</cpe-lang:logical-test>
168 ········</cpe-lang:platform>164 ········</cpe-lang:platform>
169 ········<cpe-lang:platform·id="package_chrony">165 ········<cpe-lang:platform·id="package_chrony">
170 ··········<cpe-lang:logical-test·operator="AND"·negate="false">166 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
171 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_chrony:def:1"/>167 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_chrony:def:1"/>
172 ··········</cpe-lang:logical-test>168 ··········</cpe-lang:logical-test>
173 ········</cpe-lang:platform>169 ········</cpe-lang:platform>
174 ········<cpe-lang:platform·id="grub2_and_system_with_kernel">170 ········<cpe-lang:platform·id="package_audit">
175 ··········<cpe-lang:logical-test·operator="AND"·negate="false">171 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
176 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/> 
177 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>172 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>
 173 ··········</cpe-lang:logical-test>
 174 ········</cpe-lang:platform>
 175 ········<cpe-lang:platform·id="package_pam">
 176 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 177 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>
178 ··········</cpe-lang:logical-test>178 ··········</cpe-lang:logical-test>
179 ········</cpe-lang:platform>179 ········</cpe-lang:platform>
180 ········<cpe-lang:platform·id="package_bash">180 ········<cpe-lang:platform·id="package_bash">
181 ··········<cpe-lang:logical-test·operator="AND"·negate="false">181 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
182 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>182 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>
183 ··········</cpe-lang:logical-test>183 ··········</cpe-lang:logical-test>
184 ········</cpe-lang:platform>184 ········</cpe-lang:platform>
185 ········<cpe-lang:platform·id="package_autofs_and_system_with_kernel">185 ········<cpe-lang:platform·id="grub2_and_system_with_kernel">
186 ··········<cpe-lang:logical-test·operator="AND"·negate="false">186 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
187 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_autofs:def:1"/>187 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/>
188 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>188 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
189 ··········</cpe-lang:logical-test>189 ··········</cpe-lang:logical-test>
190 ········</cpe-lang:platform>190 ········</cpe-lang:platform>
191 ········<cpe-lang:platform·id="package_gdm">191 ········<cpe-lang:platform·id="uefi">
192 ··········<cpe-lang:logical-test·operator="AND"·negate="false">192 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
193 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>193 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_uefi:def:1"/>
194 ··········</cpe-lang:logical-test>194 ··········</cpe-lang:logical-test>
195 ········</cpe-lang:platform>195 ········</cpe-lang:platform>
Max diff block lines reached; 475607/487458 bytes (97.57%) of diff not shown.
227 KB
./usr/share/xml/scap/ssg/content/ssg-kylinserver10-ocil.xml
227 KB
./usr/share/xml/scap/ssg/content/ssg-kylinserver10-ocil.xml
Ordering differences only
    
Offset 3, 1619 lines modifiedOffset 3, 1826 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-service_auditd_enabled_ocil:questionnaire:1"> 
11 ······<ocil:title>Enable·auditd·Service</ocil:title>10 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_ocil:questionnaire:1">
 11 ······<ocil:title>Enable·Kernel·Parameter·to·Use·Reverse·Path·Filtering·on·all·IPv4·Interfaces</ocil:title>
12 ······<ocil:actions>12 ······<ocil:actions>
13 ········<ocil:test_action_ref>ocil:ssg-service_auditd_enabled_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_action:testaction:1</ocil:test_action_ref>
14 ······</ocil:actions>14 ······</ocil:actions>
15 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
16 ····<ocil:questionnaire·id="ocil:ssg-selinux_not_disabled_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_root_login_ocil:questionnaire:1">
17 ······<ocil:title>Ensure·SELinux·is·Not·Disabled</ocil:title>17 ······<ocil:title>Disable·SSH·Root·Login</ocil:title>
18 ······<ocil:actions>18 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-selinux_not_disabled_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_root_login_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>20 ······</ocil:actions>
21 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_x11_forwarding_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-package_aide_installed_ocil:questionnaire:1">
23 ······<ocil:title>Disable·X11·Forwarding</ocil:title>23 ······<ocil:title>Install·AIDE</ocil:title>
24 ······<ocil:actions>24 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_x11_forwarding_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-package_aide_installed_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>26 ······</ocil:actions>
27 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_passwd_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-service_auditd_enabled_ocil:questionnaire:1">
29 ······<ocil:title>Verify·Permissions·on·passwd·File</ocil:title>29 ······<ocil:title>Enable·auditd·Service</ocil:title>
30 ······<ocil:actions>30 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_passwd_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-service_auditd_enabled_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>32 ······</ocil:actions>
33 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-no_empty_passwords_etc_shadow_ocil:questionnaire:1"> 
35 ······<ocil:title>Ensure·There·Are·No·Accounts·With·Blank·or·Null·Passwords</ocil:title>34 ····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_screensaver_idle_delay_ocil:questionnaire:1">
 35 ······<ocil:title>Set·GNOME3·Screensaver·Inactivity·Timeout</ocil:title>
36 ······<ocil:actions>36 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-no_empty_passwords_etc_shadow_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-dconf_gnome_screensaver_idle_delay_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>38 ······</ocil:actions>
39 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-accounts_umask_etc_bashrc_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-service_autofs_disabled_ocil:questionnaire:1">
41 ······<ocil:title>Ensure·the·Default·Bash·Umask·is·Set·Correctly</ocil:title>41 ······<ocil:title>Disable·the·Automounter</ocil:title>
42 ······<ocil:actions>42 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-accounts_umask_etc_bashrc_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-service_autofs_disabled_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>44 ······</ocil:actions>
45 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_send_redirects_ocil:questionnaire:1"> 
47 ······<ocil:title>Disable·Kernel·Parameter·for·Sending·ICMP·Redirects·on·all·IPv4·Interfaces</ocil:title>46 ····<ocil:questionnaire·id="ocil:ssg-accounts_root_path_dirs_no_write_ocil:questionnaire:1">
 47 ······<ocil:title>Ensure·that·Root's·Path·Does·Not·Include·World·or·Group-Writable·Directories</ocil:title>
48 ······<ocil:actions>48 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_send_redirects_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-accounts_root_path_dirs_no_write_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>50 ······</ocil:actions>
51 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-package_openssh-server_installed_ocil:questionnaire:1"> 
53 ······<ocil:title>Install·the·OpenSSH·Server·Package</ocil:title>52 ····<ocil:questionnaire·id="ocil:ssg-accounts_password_warn_age_login_defs_ocil:questionnaire:1">
 53 ······<ocil:title>Set·Password·Warning·Age</ocil:title>
54 ······<ocil:actions>54 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-package_openssh-server_installed_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-accounts_password_warn_age_login_defs_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>56 ······</ocil:actions>
57 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-no_files_unowned_by_user_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-sudoers_validate_passwd_ocil:questionnaire:1">
59 ······<ocil:title>Ensure·All·Files·Are·Owned·by·a·User</ocil:title>59 ······<ocil:title>Ensure·invoking·users·password·for·privilege·escalation·when·using·sudo</ocil:title>
60 ······<ocil:actions>60 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-no_files_unowned_by_user_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-sudoers_validate_passwd_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>62 ······</ocil:actions>
63 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_secure_redirects_ocil:questionnaire:1"> 
65 ······<ocil:title>Configure·Kernel·Parameter·for·Accepting·Secure·Redirects·By·Default</ocil:title>64 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
 65 ······<ocil:title>Verify·Permissions·on·SSH·Server·Private·*_key·Key·Files</ocil:title>
66 ······<ocil:actions>66 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_secure_redirects_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>68 ······</ocil:actions>
69 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-banner_etc_issue_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-package_binutils_installed_ocil:questionnaire:1">
71 ······<ocil:title>Modify·the·System·Login·Banner</ocil:title>71 ······<ocil:title>Install·binutils·Package</ocil:title>
72 ······<ocil:actions>72 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-banner_etc_issue_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-package_binutils_installed_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>74 ······</ocil:actions>
75 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-require_singleuser_auth_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-require_emergency_target_auth_ocil:questionnaire:1">
77 ······<ocil:title>Require·Authentication·for·Single·User·Mode</ocil:title>77 ······<ocil:title>Require·Authentication·for·Emergency·Systemd·Target</ocil:title>
78 ······<ocil:actions>78 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-require_singleuser_auth_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-require_emergency_target_auth_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>80 ······</ocil:actions>
81 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-package_ntp_installed_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-package_net-snmp_removed_ocil:questionnaire:1">
83 ······<ocil:title>Install·the·ntp·service</ocil:title>83 ······<ocil:title>Uninstall·net-snmp·Package</ocil:title>
84 ······<ocil:actions>84 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-package_ntp_installed_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-package_net-snmp_removed_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>86 ······</ocil:actions>
87 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_disable_ctrlaltdel_reboot_ocil:questionnaire:1"> 
89 ······<ocil:title>Disable·Ctrl-Alt-Del·Reboot·Key·Sequence·in·GNOME3</ocil:title>88 ····<ocil:questionnaire·id="ocil:ssg-set_password_hashing_algorithm_passwordauth_ocil:questionnaire:1">
 89 ······<ocil:title>Set·PAM''s·Password·Hashing·Algorithm·-·password-auth</ocil:title>
90 ······<ocil:actions>90 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-dconf_gnome_disable_ctrlaltdel_reboot_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-set_password_hashing_algorithm_passwordauth_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>92 ······</ocil:actions>
93 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-service_dhcpd_disabled_ocil:questionnaire:1"> 
95 ······<ocil:title>Disable·DHCP·Service</ocil:title>94 ····<ocil:questionnaire·id="ocil:ssg-accounts_max_concurrent_login_sessions_ocil:questionnaire:1">
 95 ······<ocil:title>Limit·the·Number·of·Concurrent·Login·Sessions·Allowed·Per·User</ocil:title>
96 ······<ocil:actions>96 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-service_dhcpd_disabled_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-accounts_max_concurrent_login_sessions_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>98 ······</ocil:actions>
99 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-package_nfs-utils_removed_ocil:questionnaire:1"> 
101 ······<ocil:title>Uninstall·nfs-utils·Package</ocil:title>100 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_x11_forwarding_ocil:questionnaire:1">
 101 ······<ocil:title>Disable·X11·Forwarding</ocil:title>
102 ······<ocil:actions>102 ······<ocil:actions>
 103 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_x11_forwarding_action:testaction:1</ocil:test_action_ref>
 104 ······</ocil:actions>
 105 ····</ocil:questionnaire>
 106 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_shadow_ocil:questionnaire:1">
 107 ······<ocil:title>Verify·Permissions·on·shadow·File</ocil:title>
 108 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-package_nfs-utils_removed_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_shadow_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>110 ······</ocil:actions>
105 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-accounts_minimum_age_login_defs_ocil:questionnaire:1">112 ····<ocil:questionnaire·id="ocil:ssg-accounts_minimum_age_login_defs_ocil:questionnaire:1">
107 ······<ocil:title>Set·Password·Minimum·Age</ocil:title>113 ······<ocil:title>Set·Password·Minimum·Age</ocil:title>
108 ······<ocil:actions>114 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-accounts_minimum_age_login_defs_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-accounts_minimum_age_login_defs_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>116 ······</ocil:actions>
111 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_send_redirects_ocil:questionnaire:1"> 
113 ······<ocil:title>Disable·Kernel·Parameter·for·Sending·ICMP·Redirects·on·all·IPv4·Interfaces·by·Default</ocil:title>118 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_passwd_ocil:questionnaire:1">
 119 ······<ocil:title>Verify·Permissions·on·passwd·File</ocil:title>
114 ······<ocil:actions>120 ······<ocil:actions>
Max diff block lines reached; 220689/232335 bytes (94.99%) of diff not shown.
230 KB
./usr/share/xml/scap/ssg/content/ssg-kylinserver10-xccdf.xml
229 KB
./usr/share/xml/scap/ssg/content/ssg-kylinserver10-xccdf.xml
Ordering differences only
    
Offset 71, 94 lines modifiedOffset 71, 94 lines modified
71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
77 ··<cpe-lang:platform-specification>77 ··<cpe-lang:platform-specification>
78 ····<cpe-lang:platform·id="package_dnf">78 ····<cpe-lang:platform·id="package_shadow-utils">
79 ······<cpe-lang:logical-test·operator="AND"·negate="false">79 ······<cpe-lang:logical-test·operator="AND"·negate="false">
80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_dnf:def:1"/>80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
81 ······</cpe-lang:logical-test>81 ······</cpe-lang:logical-test>
82 ····</cpe-lang:platform>82 ····</cpe-lang:platform>
83 ····<cpe-lang:platform·id="machine">83 ····<cpe-lang:platform·id="machine">
84 ······<cpe-lang:logical-test·operator="AND"·negate="false">84 ······<cpe-lang:logical-test·operator="AND"·negate="false">
85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>
86 ······</cpe-lang:logical-test>86 ······</cpe-lang:logical-test>
87 ····</cpe-lang:platform>87 ····</cpe-lang:platform>
88 ····<cpe-lang:platform·id="package_pam">88 ····<cpe-lang:platform·id="system_with_kernel">
89 ······<cpe-lang:logical-test·operator="AND"·negate="false">89 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 90 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
 91 ······</cpe-lang:logical-test>
 92 ····</cpe-lang:platform>
 93 ····<cpe-lang:platform·id="package_sudo">
 94 ······<cpe-lang:logical-test·operator="AND"·negate="false">
90 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>95 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
91 ······</cpe-lang:logical-test>96 ······</cpe-lang:logical-test>
92 ····</cpe-lang:platform>97 ····</cpe-lang:platform>
93 ····<cpe-lang:platform·id="package_firewalld">98 ····<cpe-lang:platform·id="package_firewalld">
94 ······<cpe-lang:logical-test·operator="AND"·negate="false">99 ······<cpe-lang:logical-test·operator="AND"·negate="false">
95 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>100 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>
96 ······</cpe-lang:logical-test>101 ······</cpe-lang:logical-test>
97 ····</cpe-lang:platform>102 ····</cpe-lang:platform>
98 ····<cpe-lang:platform·id="package_rsyslog">103 ····<cpe-lang:platform·id="package_rsyslog">
99 ······<cpe-lang:logical-test·operator="AND"·negate="false">104 ······<cpe-lang:logical-test·operator="AND"·negate="false">
100 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>105 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>
101 ······</cpe-lang:logical-test>106 ······</cpe-lang:logical-test>
102 ····</cpe-lang:platform>107 ····</cpe-lang:platform>
103 ····<cpe-lang:platform·id="package_audit">108 ····<cpe-lang:platform·id="package_gdm">
104 ······<cpe-lang:logical-test·operator="AND"·negate="false">109 ······<cpe-lang:logical-test·operator="AND"·negate="false">
105 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>110 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>
106 ······</cpe-lang:logical-test>111 ······</cpe-lang:logical-test>
107 ····</cpe-lang:platform>112 ····</cpe-lang:platform>
108 ····<cpe-lang:platform·id="non-uefi">113 ····<cpe-lang:platform·id="non-uefi">
109 ······<cpe-lang:logical-test·operator="AND"·negate="false">114 ······<cpe-lang:logical-test·operator="AND"·negate="false">
110 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>115 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>
111 ······</cpe-lang:logical-test>116 ······</cpe-lang:logical-test>
112 ····</cpe-lang:platform>117 ····</cpe-lang:platform>
113 ····<cpe-lang:platform·id="uefi"> 
114 ······<cpe-lang:logical-test·operator="AND"·negate="false"> 
115 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_uefi:def:1"/> 
116 ······</cpe-lang:logical-test> 
117 ····</cpe-lang:platform> 
118 ····<cpe-lang:platform·id="package_sudo"> 
119 ······<cpe-lang:logical-test·operator="AND"·negate="false"> 
120 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/> 
121 ······</cpe-lang:logical-test> 
122 ····</cpe-lang:platform> 
123 ····<cpe-lang:platform·id="system_with_kernel">118 ····<cpe-lang:platform·id="package_autofs_and_system_with_kernel">
124 ······<cpe-lang:logical-test·operator="AND"·negate="false">119 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 120 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_autofs:def:1"/>
125 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>121 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
126 ······</cpe-lang:logical-test>122 ······</cpe-lang:logical-test>
127 ····</cpe-lang:platform>123 ····</cpe-lang:platform>
128 ····<cpe-lang:platform·id="package_chrony">124 ····<cpe-lang:platform·id="package_chrony">
129 ······<cpe-lang:logical-test·operator="AND"·negate="false">125 ······<cpe-lang:logical-test·operator="AND"·negate="false">
130 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_chrony:def:1"/>126 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_chrony:def:1"/>
131 ······</cpe-lang:logical-test>127 ······</cpe-lang:logical-test>
132 ····</cpe-lang:platform>128 ····</cpe-lang:platform>
133 ····<cpe-lang:platform·id="grub2_and_system_with_kernel">129 ····<cpe-lang:platform·id="package_audit">
134 ······<cpe-lang:logical-test·operator="AND"·negate="false">130 ······<cpe-lang:logical-test·operator="AND"·negate="false">
135 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/> 
136 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>131 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>
 132 ······</cpe-lang:logical-test>
 133 ····</cpe-lang:platform>
 134 ····<cpe-lang:platform·id="package_pam">
 135 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 136 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>
137 ······</cpe-lang:logical-test>137 ······</cpe-lang:logical-test>
138 ····</cpe-lang:platform>138 ····</cpe-lang:platform>
139 ····<cpe-lang:platform·id="package_bash">139 ····<cpe-lang:platform·id="package_bash">
140 ······<cpe-lang:logical-test·operator="AND"·negate="false">140 ······<cpe-lang:logical-test·operator="AND"·negate="false">
141 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>141 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>
142 ······</cpe-lang:logical-test>142 ······</cpe-lang:logical-test>
143 ····</cpe-lang:platform>143 ····</cpe-lang:platform>
144 ····<cpe-lang:platform·id="package_autofs_and_system_with_kernel">144 ····<cpe-lang:platform·id="grub2_and_system_with_kernel">
145 ······<cpe-lang:logical-test·operator="AND"·negate="false">145 ······<cpe-lang:logical-test·operator="AND"·negate="false">
146 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_autofs:def:1"/>146 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/>
147 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>147 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
148 ······</cpe-lang:logical-test>148 ······</cpe-lang:logical-test>
149 ····</cpe-lang:platform>149 ····</cpe-lang:platform>
150 ····<cpe-lang:platform·id="package_gdm">150 ····<cpe-lang:platform·id="uefi">
151 ······<cpe-lang:logical-test·operator="AND"·negate="false">151 ······<cpe-lang:logical-test·operator="AND"·negate="false">
152 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>152 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_uefi:def:1"/>
153 ······</cpe-lang:logical-test>153 ······</cpe-lang:logical-test>
154 ····</cpe-lang:platform>154 ····</cpe-lang:platform>
155 ····<cpe-lang:platform·id="package_shadow-utils">155 ····<cpe-lang:platform·id="package_dnf">
156 ······<cpe-lang:logical-test·operator="AND"·negate="false">156 ······<cpe-lang:logical-test·operator="AND"·negate="false">
157 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>157 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-kylinserver10-cpe-oval.xml"·id-ref="oval:ssg-package_dnf:def:1"/>
158 ······</cpe-lang:logical-test>158 ······</cpe-lang:logical-test>
159 ····</cpe-lang:platform>159 ····</cpe-lang:platform>
160 ··</cpe-lang:platform-specification>160 ··</cpe-lang:platform-specification>
161 ··<xccdf-1.2:platform·idref="cpe:/o:Kylin:Kylin:V10_SP1:ga:server"/>161 ··<xccdf-1.2:platform·idref="cpe:/o:Kylin:Kylin:V10_SP1:ga:server"/>
162 ··<xccdf-1.2:platform·idref="cpe:/o:Kylin:Kylin:V10_SP2:ga:server"/>162 ··<xccdf-1.2:platform·idref="cpe:/o:Kylin:Kylin:V10_SP2:ga:server"/>
163 ··<xccdf-1.2:platform·idref="cpe:/o:Kylin:Kylin:V10_SP3:ga:server"/>163 ··<xccdf-1.2:platform·idref="cpe:/o:Kylin:Kylin:V10_SP3:ga:server"/>
164 ··<xccdf-1.2:version·update="https://github.com/ComplianceAsCode/content/releases/latest">0.1.76</xccdf-1.2:version>164 ··<xccdf-1.2:version·update="https://github.com/ComplianceAsCode/content/releases/latest">0.1.76</xccdf-1.2:version>
Offset 809, 17 lines modifiedOffset 809, 14 lines modified
809 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:puppet"·id="package_aide_installed"·complexity="low"·disruption="low"·reboot="false"·strategy="enable">include·install_aide809 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:puppet"·id="package_aide_installed"·complexity="low"·disruption="low"·reboot="false"·strategy="enable">include·install_aide
  
810 class·install_aide·{810 class·install_aide·{
811 ··package·{·'aide':811 ··package·{·'aide':
812 ····ensure·=&gt;·'installed',812 ····ensure·=&gt;·'installed',
813 ··}813 ··}
814 }</xccdf-1.2:fix>814 }</xccdf-1.2:fix>
815 ··············<xccdf-1.2:fix·system="urn:redhat:osbuild:blueprint"·id="package_aide_installed">[[packages]] 
816 name·=·"aide" 
817 version·=·"*"</xccdf-1.2:fix> 
818 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:ansible"·id="package_aide_installed"·complexity="low"·disruption="low"·reboot="false"·strategy="enable">-·name:·Gather·the·package·facts815 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:ansible"·id="package_aide_installed"·complexity="low"·disruption="low"·reboot="false"·strategy="enable">-·name:·Gather·the·package·facts
819 ··package_facts:816 ··package_facts:
820 ····manager:·auto817 ····manager:·auto
821 ··tags:818 ··tags:
822 ··-·CJIS-5.10.1.3819 ··-·CJIS-5.10.1.3
823 ··-·NIST-800-53-CM-6(a)820 ··-·NIST-800-53-CM-6(a)
824 ··-·PCI-DSS-Req-11.5821 ··-·PCI-DSS-Req-11.5
Offset 843, 14 lines modifiedOffset 840, 17 lines modified
843 ··-·PCI-DSSv4-11.5.2840 ··-·PCI-DSSv4-11.5.2
844 ··-·enable_strategy841 ··-·enable_strategy
845 ··-·low_complexity842 ··-·low_complexity
Max diff block lines reached; 224446/234802 bytes (95.59%) of diff not shown.
9.12 KB
./usr/share/xml/scap/ssg/content/ssg-macos1015-ds.xml
9.02 KB
./usr/share/xml/scap/ssg/content/ssg-macos1015-ds.xml
    
Offset 19, 23 lines modifiedOffset 19, 23 lines modified
19 ····</ds:checklists>19 ····</ds:checklists>
20 ····<ds:checks>20 ····<ds:checks>
21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-macos1015-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-macos1015-oval.xml"/>21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-macos1015-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-macos1015-oval.xml"/>
22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-macos1015-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-macos1015-ocil.xml"/>22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-macos1015-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-macos1015-ocil.xml"/>
23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-macos1015-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-macos1015-cpe-oval.xml"/>23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-macos1015-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-macos1015-cpe-oval.xml"/>
24 ····</ds:checks>24 ····</ds:checks>
25 ··</ds:data-stream>25 ··</ds:data-stream>
26 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">26 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28 ······<cpe-dict:cpe-item·name="cpe:/o:apple:macos:10.15">28 ······<cpe-dict:cpe-item·name="cpe:/o:apple:macos:10.15">
29 ········<cpe-dict:title·xml:lang="en-us">Apple·macOS·10.15</cpe-dict:title>29 ········<cpe-dict:title·xml:lang="en-us">Apple·macOS·10.15</cpe-dict:title>
30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-macos1015-cpe-oval.xml">oval:ssg-installed_OS_is_macos1015:def:1</cpe-dict:check>30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-macos1015-cpe-oval.xml">oval:ssg-installed_OS_is_macos1015:def:1</cpe-dict:check>
31 ······</cpe-dict:cpe-item>31 ······</cpe-dict:cpe-item>
32 ····</cpe-dict:cpe-list>32 ····</cpe-dict:cpe-list>
33 ··</ds:component>33 ··</ds:component>
34 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-xccdf.xml"·timestamp="2025-02-28T20:08:00">34 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_macOS-1015"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">35 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_macOS-1015"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>36 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Apple·macOS·10.15</xccdf-1.2:title>37 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Apple·macOS·10.15</xccdf-1.2:title>
38 ······<xccdf-1.2:description>38 ······<xccdf-1.2:description>
39 ········This·guide·presents·a·catalog·of·security-relevant39 ········This·guide·presents·a·catalog·of·security-relevant
40 configuration·settings·for·Apple·macOS·10.15.·It·is·a·rendering·of40 configuration·settings·for·Apple·macOS·10.15.·It·is·a·rendering·of
41 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)41 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 563, 15 lines modifiedOffset 563, 15 lines modified
563 ··············<xccdf-1.2:check-content-ref·href="ssg-macos1015-ocil.xml"·name="ocil:ssg-audit_failure_halt_ocil:questionnaire:1"/>563 ··············<xccdf-1.2:check-content-ref·href="ssg-macos1015-ocil.xml"·name="ocil:ssg-audit_failure_halt_ocil:questionnaire:1"/>
564 ············</xccdf-1.2:check>564 ············</xccdf-1.2:check>
565 ··········</xccdf-1.2:Rule>565 ··········</xccdf-1.2:Rule>
566 ········</xccdf-1.2:Group>566 ········</xccdf-1.2:Group>
567 ······</xccdf-1.2:Group>567 ······</xccdf-1.2:Group>
568 ····</xccdf-1.2:Benchmark>568 ····</xccdf-1.2:Benchmark>
569 ··</ds:component>569 ··</ds:component>
570 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-oval.xml"·timestamp="2025-02-28T20:08:00">570 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-oval.xml"·timestamp="2025-03-01T22:08:00">
571 ····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">571 ····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
572 ······<oval-def:generator>572 ······<oval-def:generator>
573 ········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>573 ········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
574 ········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>574 ········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>
575 ········<oval:schema_version>5.11</oval:schema_version>575 ········<oval:schema_version>5.11</oval:schema_version>
576 ········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>576 ········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
577 ······</oval-def:generator>577 ······</oval-def:generator>
Offset 600, 74 lines modifiedOffset 600, 74 lines modified
600 ··········<ind:filepath>/etc/security/audit_control</ind:filepath>600 ··········<ind:filepath>/etc/security/audit_control</ind:filepath>
601 ··········<ind:pattern·operation="pattern·match">^policy:.*,ahlt.*$</ind:pattern>601 ··········<ind:pattern·operation="pattern·match">^policy:.*,ahlt.*$</ind:pattern>
602 ··········<ind:instance·datatype="int">1</ind:instance>602 ··········<ind:instance·datatype="int">1</ind:instance>
603 ········</ind:textfilecontent54_object>603 ········</ind:textfilecontent54_object>
604 ······</oval-def:objects>604 ······</oval-def:objects>
605 ····</oval-def:oval_definitions>605 ····</oval-def:oval_definitions>
606 ··</ds:component>606 ··</ds:component>
607 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-ocil.xml"·timestamp="2025-02-28T20:08:00">607 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-ocil.xml"·timestamp="2025-03-01T22:08:00">
608 ····<ocil:ocil>608 ····<ocil:ocil>
609 ······<ocil:generator>609 ······<ocil:generator>
610 ········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>610 ········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
611 ········<ocil:product_version>ssg:·0.1.76</ocil:product_version>611 ········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
612 ········<ocil:schema_version>2.0</ocil:schema_version>612 ········<ocil:schema_version>2.0</ocil:schema_version>
613 ········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>613 ········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
614 ······</ocil:generator>614 ······</ocil:generator>
615 ······<ocil:questionnaires>615 ······<ocil:questionnaires>
616 ········<ocil:questionnaire·id="ocil:ssg-service_com_apple_auditd_enabled_ocil:questionnaire:1"> 
617 ··········<ocil:title>Enable·audit·Service</ocil:title> 
618 ··········<ocil:actions> 
619 ············<ocil:test_action_ref>ocil:ssg-service_com_apple_auditd_enabled_action:testaction:1</ocil:test_action_ref> 
620 ··········</ocil:actions> 
621 ········</ocil:questionnaire> 
622 ········<ocil:questionnaire·id="ocil:ssg-audit_failure_halt_ocil:questionnaire:1">616 ········<ocil:questionnaire·id="ocil:ssg-audit_failure_halt_ocil:questionnaire:1">
623 ··········<ocil:title>Shutdown·System·When·Auditing·Failures·Occur</ocil:title>617 ··········<ocil:title>Shutdown·System·When·Auditing·Failures·Occur</ocil:title>
624 ··········<ocil:actions>618 ··········<ocil:actions>
625 ············<ocil:test_action_ref>ocil:ssg-audit_failure_halt_action:testaction:1</ocil:test_action_ref>619 ············<ocil:test_action_ref>ocil:ssg-audit_failure_halt_action:testaction:1</ocil:test_action_ref>
626 ··········</ocil:actions>620 ··········</ocil:actions>
627 ········</ocil:questionnaire>621 ········</ocil:questionnaire>
 622 ········<ocil:questionnaire·id="ocil:ssg-service_com_apple_auditd_enabled_ocil:questionnaire:1">
 623 ··········<ocil:title>Enable·audit·Service</ocil:title>
 624 ··········<ocil:actions>
 625 ············<ocil:test_action_ref>ocil:ssg-service_com_apple_auditd_enabled_action:testaction:1</ocil:test_action_ref>
 626 ··········</ocil:actions>
 627 ········</ocil:questionnaire>
628 ······</ocil:questionnaires>628 ······</ocil:questionnaires>
629 ······<ocil:test_actions>629 ······<ocil:test_actions>
630 ········<ocil:boolean_question_test_action·id="ocil:ssg-service_com_apple_auditd_enabled_action:testaction:1"·question_ref="ocil:ssg-service_com_apple_auditd_enabled_question:question:1">630 ········<ocil:boolean_question_test_action·id="ocil:ssg-audit_failure_halt_action:testaction:1"·question_ref="ocil:ssg-audit_failure_halt_question:question:1">
631 ··········<ocil:when_true>631 ··········<ocil:when_true>
632 ············<ocil:result>PASS</ocil:result>632 ············<ocil:result>PASS</ocil:result>
633 ··········</ocil:when_true>633 ··········</ocil:when_true>
634 ··········<ocil:when_false>634 ··········<ocil:when_false>
635 ············<ocil:result>FAIL</ocil:result>635 ············<ocil:result>FAIL</ocil:result>
636 ··········</ocil:when_false>636 ··········</ocil:when_false>
637 ········</ocil:boolean_question_test_action>637 ········</ocil:boolean_question_test_action>
638 ········<ocil:boolean_question_test_action·id="ocil:ssg-audit_failure_halt_action:testaction:1"·question_ref="ocil:ssg-audit_failure_halt_question:question:1">638 ········<ocil:boolean_question_test_action·id="ocil:ssg-service_com_apple_auditd_enabled_action:testaction:1"·question_ref="ocil:ssg-service_com_apple_auditd_enabled_question:question:1">
639 ··········<ocil:when_true>639 ··········<ocil:when_true>
640 ············<ocil:result>PASS</ocil:result>640 ············<ocil:result>PASS</ocil:result>
641 ··········</ocil:when_true>641 ··········</ocil:when_true>
642 ··········<ocil:when_false>642 ··········<ocil:when_false>
643 ············<ocil:result>FAIL</ocil:result>643 ············<ocil:result>FAIL</ocil:result>
644 ··········</ocil:when_false>644 ··········</ocil:when_false>
645 ········</ocil:boolean_question_test_action>645 ········</ocil:boolean_question_test_action>
646 ······</ocil:test_actions>646 ······</ocil:test_actions>
647 ······<ocil:questions>647 ······<ocil:questions>
 648 ········<ocil:boolean_question·id="ocil:ssg-audit_failure_halt_question:question:1">
 649 ··········<ocil:question_text>To·verify·that·auditing·is·enabled·and·running,·run·the
 650 following·command:
 651 $·sudo·grep·-E·"^policy.*ahlt"·/etc/security/audit_control
 652 The·output·should·contain·ahlt
 653 ······Is·it·the·case·that·auditing·is·not·configured·to·shut·down·on·audit·failure?</ocil:question_text>
 654 ········</ocil:boolean_question>
648 ········<ocil:boolean_question·id="ocil:ssg-service_com_apple_auditd_enabled_question:question:1">655 ········<ocil:boolean_question·id="ocil:ssg-service_com_apple_auditd_enabled_question:question:1">
649 ··········<ocil:question_text>To·verify·that·auditing·is·enabled·and·running,·run·the656 ··········<ocil:question_text>To·verify·that·auditing·is·enabled·and·running,·run·the
650 following·command:657 following·command:
651 $·sudo·launchctl·list·com.apple.auditd658 $·sudo·launchctl·list·com.apple.auditd
652 The·output·should·return·process·information·for659 The·output·should·return·process·information·for
653 com.apple.auditd660 com.apple.auditd
654 ······Is·it·the·case·that·auditing·is·not·enabled·or·running?</ocil:question_text>661 ······Is·it·the·case·that·auditing·is·not·enabled·or·running?</ocil:question_text>
655 ········</ocil:boolean_question>662 ········</ocil:boolean_question>
656 ········<ocil:boolean_question·id="ocil:ssg-audit_failure_halt_question:question:1"> 
657 ··········<ocil:question_text>To·verify·that·auditing·is·enabled·and·running,·run·the 
658 following·command: 
659 $·sudo·grep·-E·"^policy.*ahlt"·/etc/security/audit_control 
660 The·output·should·contain·ahlt 
661 ······Is·it·the·case·that·auditing·is·not·configured·to·shut·down·on·audit·failure?</ocil:question_text> 
662 ········</ocil:boolean_question> 
663 ······</ocil:questions>663 ······</ocil:questions>
664 ····</ocil:ocil>664 ····</ocil:ocil>
665 ··</ds:component>665 ··</ds:component>
666 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-cpe-oval.xml"·timestamp="2025-02-28T20:08:00">666 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-cpe-oval.xml"·timestamp="2025-03-01T22:08:00">
667 ····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">667 ····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
668 ······<oval-def:generator>668 ······<oval-def:generator>
669 ········<oval:product_name>build_cpe.py·from·SCAP·Security·Guide</oval:product_name>669 ········<oval:product_name>build_cpe.py·from·SCAP·Security·Guide</oval:product_name>
670 ········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>670 ········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>
671 ········<oval:schema_version>5.11</oval:schema_version>671 ········<oval:schema_version>5.11</oval:schema_version>
672 ········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>672 ········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
673 ······</oval-def:generator>673 ······</oval-def:generator>
Max diff block lines reached; -1/9126 bytes (-0.01%) of diff not shown.
4.0 KB
./usr/share/xml/scap/ssg/content/ssg-macos1015-ocil.xml
3.89 KB
./usr/share/xml/scap/ssg/content/ssg-macos1015-ocil.xml
Ordering differences only
    
Offset 3, 56 lines modifiedOffset 3, 56 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-service_com_apple_auditd_enabled_ocil:questionnaire:1"> 
11 ······<ocil:title>Enable·audit·Service</ocil:title> 
12 ······<ocil:actions> 
13 ········<ocil:test_action_ref>ocil:ssg-service_com_apple_auditd_enabled_action:testaction:1</ocil:test_action_ref> 
14 ······</ocil:actions> 
15 ····</ocil:questionnaire> 
16 ····<ocil:questionnaire·id="ocil:ssg-audit_failure_halt_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-audit_failure_halt_ocil:questionnaire:1">
17 ······<ocil:title>Shutdown·System·When·Auditing·Failures·Occur</ocil:title>11 ······<ocil:title>Shutdown·System·When·Auditing·Failures·Occur</ocil:title>
18 ······<ocil:actions>12 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-audit_failure_halt_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-audit_failure_halt_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>14 ······</ocil:actions>
21 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
 16 ····<ocil:questionnaire·id="ocil:ssg-service_com_apple_auditd_enabled_ocil:questionnaire:1">
 17 ······<ocil:title>Enable·audit·Service</ocil:title>
 18 ······<ocil:actions>
 19 ········<ocil:test_action_ref>ocil:ssg-service_com_apple_auditd_enabled_action:testaction:1</ocil:test_action_ref>
 20 ······</ocil:actions>
 21 ····</ocil:questionnaire>
22 ··</ocil:questionnaires>22 ··</ocil:questionnaires>
23 ··<ocil:test_actions>23 ··<ocil:test_actions>
24 ····<ocil:boolean_question_test_action·id="ocil:ssg-service_com_apple_auditd_enabled_action:testaction:1"·question_ref="ocil:ssg-service_com_apple_auditd_enabled_question:question:1">24 ····<ocil:boolean_question_test_action·id="ocil:ssg-audit_failure_halt_action:testaction:1"·question_ref="ocil:ssg-audit_failure_halt_question:question:1">
25 ······<ocil:when_true>25 ······<ocil:when_true>
26 ········<ocil:result>PASS</ocil:result>26 ········<ocil:result>PASS</ocil:result>
27 ······</ocil:when_true>27 ······</ocil:when_true>
28 ······<ocil:when_false>28 ······<ocil:when_false>
29 ········<ocil:result>FAIL</ocil:result>29 ········<ocil:result>FAIL</ocil:result>
30 ······</ocil:when_false>30 ······</ocil:when_false>
31 ····</ocil:boolean_question_test_action>31 ····</ocil:boolean_question_test_action>
32 ····<ocil:boolean_question_test_action·id="ocil:ssg-audit_failure_halt_action:testaction:1"·question_ref="ocil:ssg-audit_failure_halt_question:question:1">32 ····<ocil:boolean_question_test_action·id="ocil:ssg-service_com_apple_auditd_enabled_action:testaction:1"·question_ref="ocil:ssg-service_com_apple_auditd_enabled_question:question:1">
33 ······<ocil:when_true>33 ······<ocil:when_true>
34 ········<ocil:result>PASS</ocil:result>34 ········<ocil:result>PASS</ocil:result>
35 ······</ocil:when_true>35 ······</ocil:when_true>
36 ······<ocil:when_false>36 ······<ocil:when_false>
37 ········<ocil:result>FAIL</ocil:result>37 ········<ocil:result>FAIL</ocil:result>
38 ······</ocil:when_false>38 ······</ocil:when_false>
39 ····</ocil:boolean_question_test_action>39 ····</ocil:boolean_question_test_action>
40 ··</ocil:test_actions>40 ··</ocil:test_actions>
41 ··<ocil:questions>41 ··<ocil:questions>
 42 ····<ocil:boolean_question·id="ocil:ssg-audit_failure_halt_question:question:1">
 43 ······<ocil:question_text>To·verify·that·auditing·is·enabled·and·running,·run·the
 44 following·command:
 45 $·sudo·grep·-E·"^policy.*ahlt"·/etc/security/audit_control
 46 The·output·should·contain·ahlt
 47 ······Is·it·the·case·that·auditing·is·not·configured·to·shut·down·on·audit·failure?</ocil:question_text>
 48 ····</ocil:boolean_question>
42 ····<ocil:boolean_question·id="ocil:ssg-service_com_apple_auditd_enabled_question:question:1">49 ····<ocil:boolean_question·id="ocil:ssg-service_com_apple_auditd_enabled_question:question:1">
43 ······<ocil:question_text>To·verify·that·auditing·is·enabled·and·running,·run·the50 ······<ocil:question_text>To·verify·that·auditing·is·enabled·and·running,·run·the
44 following·command:51 following·command:
45 $·sudo·launchctl·list·com.apple.auditd52 $·sudo·launchctl·list·com.apple.auditd
46 The·output·should·return·process·information·for53 The·output·should·return·process·information·for
47 com.apple.auditd54 com.apple.auditd
48 ······Is·it·the·case·that·auditing·is·not·enabled·or·running?</ocil:question_text>55 ······Is·it·the·case·that·auditing·is·not·enabled·or·running?</ocil:question_text>
49 ····</ocil:boolean_question>56 ····</ocil:boolean_question>
50 ····<ocil:boolean_question·id="ocil:ssg-audit_failure_halt_question:question:1"> 
51 ······<ocil:question_text>To·verify·that·auditing·is·enabled·and·running,·run·the 
52 following·command: 
53 $·sudo·grep·-E·"^policy.*ahlt"·/etc/security/audit_control 
54 The·output·should·contain·ahlt 
55 ······Is·it·the·case·that·auditing·is·not·configured·to·shut·down·on·audit·failure?</ocil:question_text> 
56 ····</ocil:boolean_question> 
57 ··</ocil:questions>57 ··</ocil:questions>
58 </ocil:ocil>58 </ocil:ocil>
906 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-ds.xml
906 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-ds.xml
    
Offset 19, 15 lines modifiedOffset 19, 15 lines modified
19 ····</ds:checklists>19 ····</ds:checklists>
20 ····<ds:checks>20 ····<ds:checks>
21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ocp4-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ocp4-oval.xml"/>21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ocp4-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ocp4-oval.xml"/>
22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ocp4-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ocp4-ocil.xml"/>22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ocp4-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ocp4-ocil.xml"/>
23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ocp4-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ocp4-cpe-oval.xml"/>23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ocp4-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ocp4-cpe-oval.xml"/>
24 ····</ds:checks>24 ····</ds:checks>
25 ··</ds:data-stream>25 ··</ds:data-stream>
26 ··<ds:component·id="scap_org.open-scap_comp_ssg-ocp4-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">26 ··<ds:component·id="scap_org.open-scap_comp_ssg-ocp4-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28 ······<cpe-dict:cpe-item·name="cpe:/a:redhat:openshift_container_platform:4.1">28 ······<cpe-dict:cpe-item·name="cpe:/a:redhat:openshift_container_platform:4.1">
29 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·OpenShift·Container·Platform·4</cpe-dict:title>29 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·OpenShift·Container·Platform·4</cpe-dict:title>
30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml">oval:ssg-installed_app_is_ocp4:def:1</cpe-dict:check>30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml">oval:ssg-installed_app_is_ocp4:def:1</cpe-dict:check>
31 ······</cpe-dict:cpe-item>31 ······</cpe-dict:cpe-item>
32 ······<cpe-dict:cpe-item·name="cpe:/a:redhat:openshift_container_platform:4.10">32 ······<cpe-dict:cpe-item·name="cpe:/a:redhat:openshift_container_platform:4.10">
33 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·OpenShift·Container·Platform·4.10</cpe-dict:title>33 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·OpenShift·Container·Platform·4.10</cpe-dict:title>
Offset 111, 15 lines modifiedOffset 111, 15 lines modified
111 ······</cpe-dict:cpe-item>111 ······</cpe-dict:cpe-item>
112 ······<cpe-dict:cpe-item·name="cpe:/o:redhat:openshift_container_platform_node:4">112 ······<cpe-dict:cpe-item·name="cpe:/o:redhat:openshift_container_platform_node:4">
113 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·OpenShift·Container·Platform·4·Node</cpe-dict:title>113 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·OpenShift·Container·Platform·4·Node</cpe-dict:title>
114 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml">oval:ssg-installed_app_is_ocp4_node:def:1</cpe-dict:check>114 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml">oval:ssg-installed_app_is_ocp4_node:def:1</cpe-dict:check>
115 ······</cpe-dict:cpe-item>115 ······</cpe-dict:cpe-item>
116 ····</cpe-dict:cpe-list>116 ····</cpe-dict:cpe-list>
117 ··</ds:component>117 ··</ds:component>
118 ··<ds:component·id="scap_org.open-scap_comp_ssg-ocp4-xccdf.xml"·timestamp="2025-02-28T20:08:00">118 ··<ds:component·id="scap_org.open-scap_comp_ssg-ocp4-xccdf.xml"·timestamp="2025-03-01T22:08:00">
119 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OCP-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">119 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OCP-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
120 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>120 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
121 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·OpenShift·Container·Platform·4</xccdf-1.2:title>121 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·OpenShift·Container·Platform·4</xccdf-1.2:title>
122 ······<xccdf-1.2:description>122 ······<xccdf-1.2:description>
123 ········This·guide·presents·a·catalog·of·security-relevant123 ········This·guide·presents·a·catalog·of·security-relevant
124 configuration·settings·for·Red·Hat·OpenShift·Container·Platform·4.·It·is·a·rendering·of124 configuration·settings·for·Red·Hat·OpenShift·Container·Platform·4.·It·is·a·rendering·of
125 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)125 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 189, 199 lines modifiedOffset 189, 199 lines modified
189 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>189 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
190 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>190 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
191 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>191 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
192 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>192 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
193 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">stigid</xccdf-1.2:reference>193 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">stigid</xccdf-1.2:reference>
194 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>194 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
195 ······<cpe-lang:platform-specification>195 ······<cpe-lang:platform-specification>
196 ········<cpe-lang:platform·id="ocp4-node-on-sdn">196 ········<cpe-lang:platform·id="ocp4-node-on-ovn">
197 ··········<cpe-lang:logical-test·operator="AND"·negate="false">197 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
198 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node_on_openshift-sdn:def:1"/>198 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node_on_openshift-ovn:def:1"/>
199 ··········</cpe-lang:logical-test>199 ··········</cpe-lang:logical-test>
200 ········</cpe-lang:platform>200 ········</cpe-lang:platform>
201 ········<cpe-lang:platform·id="not_ocp4-on-hypershift-hosted_and_ocp4.6_or_ocp4.7_or_ocp4.8">201 ········<cpe-lang:platform·id="not_ocp4-on-hypershift-hosted_and_ocp4.8_or_ocp4.9">
202 ··········<cpe-lang:logical-test·operator="AND"·negate="false">202 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
203 ············<cpe-lang:logical-test·operator="AND"·negate="true">203 ············<cpe-lang:logical-test·operator="AND"·negate="true">
204 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift_hosted:def:1"/>204 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift_hosted:def:1"/>
205 ············</cpe-lang:logical-test>205 ············</cpe-lang:logical-test>
206 ············<cpe-lang:logical-test·operator="OR"·negate="false">206 ············<cpe-lang:logical-test·operator="OR"·negate="false">
207 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_6:def:1"/> 
208 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_7:def:1"/> 
209 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_8:def:1"/>207 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_8:def:1"/>
 208 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_9:def:1"/>
210 ············</cpe-lang:logical-test>209 ············</cpe-lang:logical-test>
211 ··········</cpe-lang:logical-test>210 ··········</cpe-lang:logical-test>
212 ········</cpe-lang:platform>211 ········</cpe-lang:platform>
213 ········<cpe-lang:platform·id="ocp4-node">212 ········<cpe-lang:platform·id="ocp4-on-hypershift">
214 ··········<cpe-lang:logical-test·operator="AND"·negate="false">213 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
215 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node:def:1"/>214 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift:def:1"/>
216 ··········</cpe-lang:logical-test>215 ··········</cpe-lang:logical-test>
217 ········</cpe-lang:platform>216 ········</cpe-lang:platform>
218 ········<cpe-lang:platform·id="ocp4.11_or_ocp4.12_or_ocp4.13_or_ocp4.14_or_ocp4.15">217 ········<cpe-lang:platform·id="not_ocp4-on-hypershift">
219 ··········<cpe-lang:logical-test·operator="OR"·negate="false">218 ··········<cpe-lang:logical-test·operator="AND"·negate="true">
220 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_11:def:1"/>219 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift:def:1"/>
221 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_12:def:1"/> 
222 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_13:def:1"/> 
223 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_14:def:1"/> 
224 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_15:def:1"/> 
225 ··········</cpe-lang:logical-test>220 ··········</cpe-lang:logical-test>
226 ········</cpe-lang:platform>221 ········</cpe-lang:platform>
227 ········<cpe-lang:platform·id="ocp4-node_and_s390x_arch">222 ········<cpe-lang:platform·id="ocp4-on-sdn">
 223 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 224 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_openshiftsdn:def:1"/>
 225 ··········</cpe-lang:logical-test>
 226 ········</cpe-lang:platform>
 227 ········<cpe-lang:platform·id="not_s390x_arch_and_ocp4-node">
228 ··········<cpe-lang:logical-test·operator="AND"·negate="false">228 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 229 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>
229 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node:def:1"/>230 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node:def:1"/>
230 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_s390x:def:1"/> 
231 ··········</cpe-lang:logical-test>231 ··········</cpe-lang:logical-test>
232 ········</cpe-lang:platform>232 ········</cpe-lang:platform>
233 ········<cpe-lang:platform·id="ocp4.6_or_ocp4.7">233 ········<cpe-lang:platform·id="ocp4.16">
234 ··········<cpe-lang:logical-test·operator="OR"·negate="false">234 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
235 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_6:def:1"/>235 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_16:def:1"/>
236 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_7:def:1"/> 
237 ··········</cpe-lang:logical-test>236 ··········</cpe-lang:logical-test>
238 ········</cpe-lang:platform>237 ········</cpe-lang:platform>
239 ········<cpe-lang:platform·id="ocp4.6_or_ocp4.7_or_ocp4.8">238 ········<cpe-lang:platform·id="ocp4-node-on-sdn">
240 ··········<cpe-lang:logical-test·operator="OR"·negate="false">239 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
241 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_6:def:1"/>240 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node_on_openshift-sdn:def:1"/>
242 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_7:def:1"/> 
243 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_8:def:1"/> 
244 ··········</cpe-lang:logical-test>241 ··········</cpe-lang:logical-test>
245 ········</cpe-lang:platform>242 ········</cpe-lang:platform>
246 ········<cpe-lang:platform·id="not_s390x_arch_and_ocp4-node">243 ········<cpe-lang:platform·id="ocp4-node_and_s390x_arch">
247 ··········<cpe-lang:logical-test·operator="AND"·negate="false">244 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
248 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/> 
249 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node:def:1"/>245 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node:def:1"/>
 246 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_s390x:def:1"/>
250 ··········</cpe-lang:logical-test>247 ··········</cpe-lang:logical-test>
251 ········</cpe-lang:platform>248 ········</cpe-lang:platform>
252 ········<cpe-lang:platform·id="not_ocp4-on-hypershift">249 ········<cpe-lang:platform·id="ocp4-master-node">
253 ··········<cpe-lang:logical-test·operator="AND"·negate="true">250 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
254 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift:def:1"/>251 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-node_is_ocp4_master_node:def:1"/>
255 ··········</cpe-lang:logical-test>252 ··········</cpe-lang:logical-test>
256 ········</cpe-lang:platform>253 ········</cpe-lang:platform>
257 ········<cpe-lang:platform·id="not_ocp4-on-hypershift-hosted_and_ocp4.10_or_ocp4.11_or_ocp4.12_or_ocp4.13_or_ocp4.14_or_ocp4.15_or_ocp4.16_or_ocp4.17_or_ocp4.9">254 ········<cpe-lang:platform·id="not_ocp4-on-hypershift-hosted_and_ocp4.12_or_ocp4.13">
258 ··········<cpe-lang:logical-test·operator="AND"·negate="false">255 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
259 ············<cpe-lang:logical-test·operator="AND"·negate="true">256 ············<cpe-lang:logical-test·operator="AND"·negate="true">
260 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift_hosted:def:1"/>257 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift_hosted:def:1"/>
261 ············</cpe-lang:logical-test>258 ············</cpe-lang:logical-test>
262 ············<cpe-lang:logical-test·operator="OR"·negate="false">259 ············<cpe-lang:logical-test·operator="OR"·negate="false">
263 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_10:def:1"/> 
264 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_11:def:1"/> 
265 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_12:def:1"/>260 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_12:def:1"/>
266 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_13:def:1"/>261 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_13:def:1"/>
267 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_14:def:1"/> 
268 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_15:def:1"/> 
269 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_16:def:1"/> 
270 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_17:def:1"/> 
271 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_9:def:1"/> 
272 ············</cpe-lang:logical-test>262 ············</cpe-lang:logical-test>
273 ··········</cpe-lang:logical-test>263 ··········</cpe-lang:logical-test>
274 ········</cpe-lang:platform>264 ········</cpe-lang:platform>
275 ········<cpe-lang:platform·id="not_ocp4-on-hypershift_and_not_ocp4-on-hypershift-hosted">265 ········<cpe-lang:platform·id="ocp4.6_or_ocp4.7_or_ocp4.8">
Max diff block lines reached; 911911/927432 bytes (98.33%) of diff not shown.
841 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-ocil.xml
841 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-ocil.xml
Ordering differences only
    
Offset 3, 5133 lines modifiedOffset 3, 5270 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-file_owner_ovsdb_server_pid_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etcd_data_dir_ocil:questionnaire:1">
11 ······<ocil:title>Verify·User·Who·Owns·The·Open·vSwitch·Database·Server·PID</ocil:title>11 ······<ocil:title>Verify·Group·Who·Owns·The·Etcd·Database·Directory</ocil:title>
12 ······<ocil:actions>12 ······<ocil:actions>
13 ········<ocil:test_action_ref>ocil:ssg-file_owner_ovsdb_server_pid_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etcd_data_dir_action:testaction:1</ocil:test_action_ref>
14 ······</ocil:actions>14 ······</ocil:actions>
15 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
16 ····<ocil:questionnaire·id="ocil:ssg-api_server_insecure_bind_address_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-controller_service_account_private_key_ocil:questionnaire:1">
17 ······<ocil:title>Disable·Use·of·the·Insecure·Bind·Address</ocil:title>17 ······<ocil:title>Configure·the·Service·Account·Private·Key·for·the·Controller·Manager</ocil:title>
18 ······<ocil:actions>18 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-api_server_insecure_bind_address_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-controller_service_account_private_key_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>20 ······</ocil:actions>
21 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-scc_limit_network_namespace_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-openshift_api_server_audit_log_path_ocil:questionnaire:1">
23 ······<ocil:title>Limit·Access·to·the·Host·Network·Namespace</ocil:title>23 ······<ocil:title>Configure·the·Audit·Log·Path</ocil:title>
24 ······<ocil:actions>24 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-scc_limit_network_namespace_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-openshift_api_server_audit_log_path_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>26 ······</ocil:actions>
27 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-gitops_operator_exists_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-file_owner_etcd_data_dir_ocil:questionnaire:1">
29 ······<ocil:title>Ensure·that·GitOps·Operator·is·deployed</ocil:title>29 ······<ocil:title>Verify·User·Who·Owns·The·Etcd·Database·Directory</ocil:title>
30 ······<ocil:actions>30 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-gitops_operator_exists_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-file_owner_etcd_data_dir_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>32 ······</ocil:actions>
33 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etcd_data_files_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-kubelet_anonymous_auth_ocil:questionnaire:1">
35 ······<ocil:title>Verify·Group·Who·Owns·The·Etcd·Write-Ahead-Log·Files</ocil:title>35 ······<ocil:title>Disable·Anonymous·Authentication·to·the·Kubelet</ocil:title>
36 ······<ocil:actions>36 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etcd_data_files_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-kubelet_anonymous_auth_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>38 ······</ocil:actions>
39 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-scansettings_have_schedule_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-scheduler_port_is_zero_ocil:questionnaire:1">
41 ······<ocil:title>Ensure·that·Compliance·Operator·scans·are·running·periodically</ocil:title>41 ······<ocil:title>Ensure·that·the·port·parameter·is·zero</ocil:title>
42 ······<ocil:actions>42 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-scansettings_have_schedule_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-scheduler_port_is_zero_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>44 ······</ocil:actions>
45 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_protect_kernel_defaults_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-api_server_kubelet_certificate_authority_ocil:questionnaire:1">
47 ······<ocil:title>kubelet·-·Enable·Protect·Kernel·Defaults</ocil:title>47 ······<ocil:title>Configure·the·kubelet·Certificate·Authority·for·the·API·Server</ocil:title>
48 ······<ocil:actions>48 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-kubelet_enable_protect_kernel_defaults_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-api_server_kubelet_certificate_authority_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>50 ······</ocil:actions>
51 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-api_server_audit_log_maxsize_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-file_ownership_var_log_kube_audit_ocil:questionnaire:1">
53 ······<ocil:title>Configure·Kubernetes·API·Server·Maximum·Audit·Log·Size</ocil:title>53 ······<ocil:title>Kubernetes·Audit·Logs·Must·Be·Owned·By·Root</ocil:title>
54 ······<ocil:actions>54 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-api_server_audit_log_maxsize_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-file_ownership_var_log_kube_audit_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>56 ······</ocil:actions>
57 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-api_server_tls_security_profile_not_old_ocil:questionnaire:1"> 
59 ······<ocil:title>Ensure·APIServer·is·not·configured·with·Old·tlsSecurityProfile</ocil:title>58 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_openshift_pki_cert_files_ocil:questionnaire:1">
 59 ······<ocil:title>Verify·Group·Who·Owns·The·OpenShift·PKI·Certificate·Files</ocil:title>
60 ······<ocil:actions>60 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-api_server_tls_security_profile_not_old_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_openshift_pki_cert_files_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>62 ······</ocil:actions>
63 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-accounts_unique_service_account_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-api_server_kubelet_client_cert_pre_4_9_ocil:questionnaire:1">
65 ······<ocil:title>Ensure·Usage·of·Unique·Service·Accounts</ocil:title>65 ······<ocil:title>Configure·the·kubelet·Certificate·File·for·the·API·Server</ocil:title>
66 ······<ocil:actions>66 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-accounts_unique_service_account_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-api_server_kubelet_client_cert_pre_4_9_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>68 ······</ocil:actions>
69 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-file_perms_openshift_sdn_cniserver_config_ocil:questionnaire:1"> 
71 ······<ocil:title>Verify·Permissions·on·the·OpenShift·SDN·CNI·Server·Config</ocil:title>70 ····<ocil:questionnaire·id="ocil:ssg-rbac_logging_del_ocil:questionnaire:1">
 71 ······<ocil:title>Ensure·that·the·ClusterLogging·and·ClusterLoggingForwarder·resources·are·protected·from·unauthorized·deletion</ocil:title>
72 ······<ocil:actions>72 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-file_perms_openshift_sdn_cniserver_config_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-rbac_logging_del_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>74 ······</ocil:actions>
75 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-audit_log_forwarding_webhook_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-luks_enabled_on_all_nodes_ocil:questionnaire:1">
77 ······<ocil:title>Ensure·that·Audit·Log·Webhook·Is·Configured</ocil:title>77 ······<ocil:title>Ensure·that·LUKS·is·configured·on·worker·nodes</ocil:title>
78 ······<ocil:actions>78 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-audit_log_forwarding_webhook_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-luks_enabled_on_all_nodes_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>80 ······</ocil:actions>
81 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-oauthclient_token_maxage_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-ocp_api_server_audit_log_maxsize_ocil:questionnaire:1">
83 ······<ocil:title>Configure·OAuth·clients·so·that·tokens·have·a·maximum·age·set</ocil:title>83 ······<ocil:title>Configure·OpenShift·API·Server·Maximum·Audit·Log·Size</ocil:title>
84 ······<ocil:actions>84 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-oauthclient_token_maxage_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-ocp_api_server_audit_log_maxsize_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>86 ······</ocil:actions>
87 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-kubelet_configure_tls_cipher_suites_kubeapiserver_operator_ocil:questionnaire:1"> 
89 ······<ocil:title>Ensure·that·the·Kubernetes·API·Server·Operator·only·makes·use·of·Strong·Cryptographic·Ciphers</ocil:title>88 ····<ocil:questionnaire·id="ocil:ssg-api_server_admission_control_plugin_alwaysadmit_ocil:questionnaire:1">
 89 ······<ocil:title>Disable·the·AlwaysAdmit·Admission·Control·Plugin</ocil:title>
90 ······<ocil:actions>90 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-kubelet_configure_tls_cipher_suites_kubeapiserver_operator_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-api_server_admission_control_plugin_alwaysadmit_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>92 ······</ocil:actions>
93 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-classification_banner_ocil:questionnaire:1"> 
95 ······<ocil:title>Enable·Classification·Banner·on·OpenShift·Console</ocil:title>94 ····<ocil:questionnaire·id="ocil:ssg-project_config_and_template_resource_quota_ocil:questionnaire:1">
 95 ······<ocil:title>Ensure·that·project·templates·autocreate·Resource·Quotas</ocil:title>
96 ······<ocil:actions>96 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-classification_banner_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-project_config_and_template_resource_quota_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>98 ······</ocil:actions>
99 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-file_owner_proxy_kubeconfig_ocil:questionnaire:1">100 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etcd_member_ocil:questionnaire:1">
101 ······<ocil:title>Verify·User·Who·Owns·The·Worker·Proxy·Kubeconfig·File</ocil:title>101 ······<ocil:title>Verify·Permissions·on·the·Etcd·Member·Pod·Specification·File</ocil:title>
102 ······<ocil:actions>102 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-file_owner_proxy_kubeconfig_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etcd_member_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>104 ······</ocil:actions>
105 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-file_owner_kube_controller_manager_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-file_ownership_var_log_oauth_audit_ocil:questionnaire:1">
107 ······<ocil:title>Verify·User·Who·Owns·The·Kubernetes·Controller·Manager·Pod·Specification·File</ocil:title>107 ······<ocil:title>OAuth·Audit·Logs·Must·Be·Owned·By·Root</ocil:title>
108 ······<ocil:actions>108 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-file_owner_kube_controller_manager_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-file_ownership_var_log_oauth_audit_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>110 ······</ocil:actions>
111 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-api_server_bind_address_ocil:questionnaire:1">112 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_multus_conf_ocil:questionnaire:1">
113 ······<ocil:title>Ensure·that·the·bindAddress·is·set·to·a·relevant·secure·port</ocil:title>113 ······<ocil:title>Verify·Group·Who·Owns·The·OpenShift·Multus·Container·Network·Interface·Plugin·Files</ocil:title>
114 ······<ocil:actions>114 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-api_server_bind_address_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_multus_conf_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>116 ······</ocil:actions>
117 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_ovsdb_server_pid_ocil:questionnaire:1">118 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_kube_scheduler_ocil:questionnaire:1">
119 ······<ocil:title>Verify·Permissions·on·the·Open·vSwitch·Database·Server·PID</ocil:title>119 ······<ocil:title>Verify·Permissions·on·the·Kube·Scheduler·Pod·Specification·File</ocil:title>
120 ······<ocil:actions>120 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-file_permissions_ovsdb_server_pid_action:testaction:1</ocil:test_action_ref>121 ········<ocil:test_action_ref>ocil:ssg-file_permissions_kube_scheduler_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>122 ······</ocil:actions>
123 ····</ocil:questionnaire>123 ····</ocil:questionnaire>
124 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_kube_apiserver_ocil:questionnaire:1">124 ····<ocil:questionnaire·id="ocil:ssg-kubelet_disable_readonly_port_ocil:questionnaire:1">
125 ······<ocil:title>Verify·Permissions·on·the·Kubernetes·API·Server·Pod·Specification·File</ocil:title>125 ······<ocil:title>kubelet·-·Disable·the·Read-Only·Port</ocil:title>
Max diff block lines reached; 847377/860750 bytes (98.45%) of diff not shown.
27.1 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-xccdf.xml
27.0 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-xccdf.xml
Ordering differences only
    
Offset 72, 199 lines modifiedOffset 72, 199 lines modified
72 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>72 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
73 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>73 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
74 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>74 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
75 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>75 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">stigid</xccdf-1.2:reference>76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">stigid</xccdf-1.2:reference>
77 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>77 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
78 ··<cpe-lang:platform-specification>78 ··<cpe-lang:platform-specification>
79 ····<cpe-lang:platform·id="ocp4-node-on-sdn">79 ····<cpe-lang:platform·id="ocp4-node-on-ovn">
80 ······<cpe-lang:logical-test·operator="AND"·negate="false">80 ······<cpe-lang:logical-test·operator="AND"·negate="false">
81 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node_on_openshift-sdn:def:1"/>81 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node_on_openshift-ovn:def:1"/>
82 ······</cpe-lang:logical-test>82 ······</cpe-lang:logical-test>
83 ····</cpe-lang:platform>83 ····</cpe-lang:platform>
84 ····<cpe-lang:platform·id="not_ocp4-on-hypershift-hosted_and_ocp4.6_or_ocp4.7_or_ocp4.8">84 ····<cpe-lang:platform·id="not_ocp4-on-hypershift-hosted_and_ocp4.8_or_ocp4.9">
85 ······<cpe-lang:logical-test·operator="AND"·negate="false">85 ······<cpe-lang:logical-test·operator="AND"·negate="false">
86 ········<cpe-lang:logical-test·operator="AND"·negate="true">86 ········<cpe-lang:logical-test·operator="AND"·negate="true">
87 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift_hosted:def:1"/>87 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift_hosted:def:1"/>
88 ········</cpe-lang:logical-test>88 ········</cpe-lang:logical-test>
89 ········<cpe-lang:logical-test·operator="OR"·negate="false">89 ········<cpe-lang:logical-test·operator="OR"·negate="false">
90 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_6:def:1"/> 
91 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_7:def:1"/> 
92 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_8:def:1"/>90 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_8:def:1"/>
 91 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_9:def:1"/>
93 ········</cpe-lang:logical-test>92 ········</cpe-lang:logical-test>
94 ······</cpe-lang:logical-test>93 ······</cpe-lang:logical-test>
95 ····</cpe-lang:platform>94 ····</cpe-lang:platform>
96 ····<cpe-lang:platform·id="ocp4-node">95 ····<cpe-lang:platform·id="ocp4-on-hypershift">
97 ······<cpe-lang:logical-test·operator="AND"·negate="false">96 ······<cpe-lang:logical-test·operator="AND"·negate="false">
98 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node:def:1"/>97 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift:def:1"/>
99 ······</cpe-lang:logical-test>98 ······</cpe-lang:logical-test>
100 ····</cpe-lang:platform>99 ····</cpe-lang:platform>
101 ····<cpe-lang:platform·id="ocp4.11_or_ocp4.12_or_ocp4.13_or_ocp4.14_or_ocp4.15">100 ····<cpe-lang:platform·id="not_ocp4-on-hypershift">
102 ······<cpe-lang:logical-test·operator="OR"·negate="false">101 ······<cpe-lang:logical-test·operator="AND"·negate="true">
103 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_11:def:1"/>102 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift:def:1"/>
104 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_12:def:1"/> 
105 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_13:def:1"/> 
106 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_14:def:1"/> 
107 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_15:def:1"/> 
108 ······</cpe-lang:logical-test>103 ······</cpe-lang:logical-test>
109 ····</cpe-lang:platform>104 ····</cpe-lang:platform>
110 ····<cpe-lang:platform·id="ocp4-node_and_s390x_arch">105 ····<cpe-lang:platform·id="ocp4-on-sdn">
111 ······<cpe-lang:logical-test·operator="AND"·negate="false">106 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 107 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_openshiftsdn:def:1"/>
 108 ······</cpe-lang:logical-test>
 109 ····</cpe-lang:platform>
 110 ····<cpe-lang:platform·id="not_s390x_arch_and_ocp4-node">
 111 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 112 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>
112 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node:def:1"/>113 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node:def:1"/>
113 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_s390x:def:1"/> 
114 ······</cpe-lang:logical-test>114 ······</cpe-lang:logical-test>
115 ····</cpe-lang:platform>115 ····</cpe-lang:platform>
116 ····<cpe-lang:platform·id="ocp4.6_or_ocp4.7">116 ····<cpe-lang:platform·id="ocp4.16">
117 ······<cpe-lang:logical-test·operator="OR"·negate="false">117 ······<cpe-lang:logical-test·operator="AND"·negate="false">
118 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_6:def:1"/>118 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_16:def:1"/>
119 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_7:def:1"/> 
120 ······</cpe-lang:logical-test>119 ······</cpe-lang:logical-test>
121 ····</cpe-lang:platform>120 ····</cpe-lang:platform>
122 ····<cpe-lang:platform·id="ocp4.6_or_ocp4.7_or_ocp4.8">121 ····<cpe-lang:platform·id="ocp4-node-on-sdn">
123 ······<cpe-lang:logical-test·operator="OR"·negate="false">122 ······<cpe-lang:logical-test·operator="AND"·negate="false">
124 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_6:def:1"/>123 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node_on_openshift-sdn:def:1"/>
125 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_7:def:1"/> 
126 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_8:def:1"/> 
127 ······</cpe-lang:logical-test>124 ······</cpe-lang:logical-test>
128 ····</cpe-lang:platform>125 ····</cpe-lang:platform>
129 ····<cpe-lang:platform·id="not_s390x_arch_and_ocp4-node">126 ····<cpe-lang:platform·id="ocp4-node_and_s390x_arch">
130 ······<cpe-lang:logical-test·operator="AND"·negate="false">127 ······<cpe-lang:logical-test·operator="AND"·negate="false">
131 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/> 
132 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node:def:1"/>128 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_node:def:1"/>
 129 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_s390x:def:1"/>
133 ······</cpe-lang:logical-test>130 ······</cpe-lang:logical-test>
134 ····</cpe-lang:platform>131 ····</cpe-lang:platform>
135 ····<cpe-lang:platform·id="not_ocp4-on-hypershift">132 ····<cpe-lang:platform·id="ocp4-master-node">
136 ······<cpe-lang:logical-test·operator="AND"·negate="true">133 ······<cpe-lang:logical-test·operator="AND"·negate="false">
137 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift:def:1"/>134 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-node_is_ocp4_master_node:def:1"/>
138 ······</cpe-lang:logical-test>135 ······</cpe-lang:logical-test>
139 ····</cpe-lang:platform>136 ····</cpe-lang:platform>
140 ····<cpe-lang:platform·id="not_ocp4-on-hypershift-hosted_and_ocp4.10_or_ocp4.11_or_ocp4.12_or_ocp4.13_or_ocp4.14_or_ocp4.15_or_ocp4.16_or_ocp4.17_or_ocp4.9">137 ····<cpe-lang:platform·id="not_ocp4-on-hypershift-hosted_and_ocp4.12_or_ocp4.13">
141 ······<cpe-lang:logical-test·operator="AND"·negate="false">138 ······<cpe-lang:logical-test·operator="AND"·negate="false">
142 ········<cpe-lang:logical-test·operator="AND"·negate="true">139 ········<cpe-lang:logical-test·operator="AND"·negate="true">
143 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift_hosted:def:1"/>140 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift_hosted:def:1"/>
144 ········</cpe-lang:logical-test>141 ········</cpe-lang:logical-test>
145 ········<cpe-lang:logical-test·operator="OR"·negate="false">142 ········<cpe-lang:logical-test·operator="OR"·negate="false">
146 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_10:def:1"/> 
147 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_11:def:1"/> 
148 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_12:def:1"/>143 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_12:def:1"/>
149 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_13:def:1"/>144 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_13:def:1"/>
150 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_14:def:1"/> 
151 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_15:def:1"/> 
152 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_16:def:1"/> 
153 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_17:def:1"/> 
154 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_9:def:1"/> 
155 ········</cpe-lang:logical-test>145 ········</cpe-lang:logical-test>
156 ······</cpe-lang:logical-test>146 ······</cpe-lang:logical-test>
157 ····</cpe-lang:platform>147 ····</cpe-lang:platform>
158 ····<cpe-lang:platform·id="not_ocp4-on-hypershift_and_not_ocp4-on-hypershift-hosted">148 ····<cpe-lang:platform·id="ocp4.6_or_ocp4.7_or_ocp4.8">
 149 ······<cpe-lang:logical-test·operator="OR"·negate="false">
 150 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_6:def:1"/>
 151 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_7:def:1"/>
 152 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_8:def:1"/>
 153 ······</cpe-lang:logical-test>
 154 ····</cpe-lang:platform>
 155 ····<cpe-lang:platform·id="ocp4-on-azure">
159 ······<cpe-lang:logical-test·operator="AND"·negate="false">156 ······<cpe-lang:logical-test·operator="AND"·negate="false">
160 ········<cpe-lang:logical-test·operator="AND"·negate="true"> 
161 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift:def:1"/>157 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_azure:def:1"/>
162 ········</cpe-lang:logical-test> 
163 ········<cpe-lang:logical-test·operator="AND"·negate="true"> 
164 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift_hosted:def:1"/> 
165 ········</cpe-lang:logical-test> 
166 ······</cpe-lang:logical-test>158 ······</cpe-lang:logical-test>
167 ····</cpe-lang:platform>159 ····</cpe-lang:platform>
168 ····<cpe-lang:platform·id="not_ocp4-on-hypershift-hosted_and_ocp4.8_or_ocp4.9">160 ····<cpe-lang:platform·id="not_ocp4-on-hypershift-hosted_and_ocp4.6_or_ocp4.7_or_ocp4.8">
169 ······<cpe-lang:logical-test·operator="AND"·negate="false">161 ······<cpe-lang:logical-test·operator="AND"·negate="false">
170 ········<cpe-lang:logical-test·operator="AND"·negate="true">162 ········<cpe-lang:logical-test·operator="AND"·negate="true">
171 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift_hosted:def:1"/>163 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_on_hypershift_hosted:def:1"/>
172 ········</cpe-lang:logical-test>164 ········</cpe-lang:logical-test>
173 ········<cpe-lang:logical-test·operator="OR"·negate="false">165 ········<cpe-lang:logical-test·operator="OR"·negate="false">
 166 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_6:def:1"/>
 167 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_7:def:1"/>
174 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_8:def:1"/>168 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_8:def:1"/>
175 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml"·id-ref="oval:ssg-installed_app_is_ocp4_9:def:1"/> 
176 ········</cpe-lang:logical-test>169 ········</cpe-lang:logical-test>
177 ······</cpe-lang:logical-test>170 ······</cpe-lang:logical-test>
178 ····</cpe-lang:platform>171 ····</cpe-lang:platform>
 172 ····<cpe-lang:platform·id="not_ocp4-on-hypershift-hosted_and_ocp4.6">
 173 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 174 ········<cpe-lang:logical-test·operator="AND"·negate="true">
Max diff block lines reached; 12378/27569 bytes (44.90%) of diff not shown.
7.67 MB
./usr/share/xml/scap/ssg/content/ssg-ol10-ds.xml
7.67 MB
./usr/share/xml/scap/ssg/content/ssg-ol10-ds.xml
Max HTML report size reached
1.74 MB
./usr/share/xml/scap/ssg/content/ssg-ol10-ocil.xml
1.74 MB
./usr/share/xml/scap/ssg/content/ssg-ol10-ocil.xml
Max HTML report size reached
5.88 MB
./usr/share/xml/scap/ssg/content/ssg-ol10-xccdf.xml
5.88 MB
./usr/share/xml/scap/ssg/content/ssg-ol10-xccdf.xml
Max HTML report size reached
8.56 MB
./usr/share/xml/scap/ssg/content/ssg-ol7-ds.xml
8.56 MB
./usr/share/xml/scap/ssg/content/ssg-ol7-ds.xml
Max HTML report size reached
2.1 MB
./usr/share/xml/scap/ssg/content/ssg-ol7-ocil.xml
2.1 MB
./usr/share/xml/scap/ssg/content/ssg-ol7-ocil.xml
Max HTML report size reached
6.23 MB
./usr/share/xml/scap/ssg/content/ssg-ol7-xccdf.xml
6.23 MB
./usr/share/xml/scap/ssg/content/ssg-ol7-xccdf.xml
Max HTML report size reached
9.71 MB
./usr/share/xml/scap/ssg/content/ssg-ol8-ds.xml
9.71 MB
./usr/share/xml/scap/ssg/content/ssg-ol8-ds.xml
Max HTML report size reached
2.48 MB
./usr/share/xml/scap/ssg/content/ssg-ol8-ocil.xml
2.48 MB
./usr/share/xml/scap/ssg/content/ssg-ol8-ocil.xml
Max HTML report size reached
6.99 MB
./usr/share/xml/scap/ssg/content/ssg-ol8-xccdf.xml
6.99 MB
./usr/share/xml/scap/ssg/content/ssg-ol8-xccdf.xml
Max HTML report size reached
7.98 MB
./usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml
7.98 MB
./usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml
Max HTML report size reached
1.97 MB
./usr/share/xml/scap/ssg/content/ssg-ol9-ocil.xml
1.97 MB
./usr/share/xml/scap/ssg/content/ssg-ol9-ocil.xml
Max HTML report size reached
5.87 MB
./usr/share/xml/scap/ssg/content/ssg-ol9-xccdf.xml
5.87 MB
./usr/share/xml/scap/ssg/content/ssg-ol9-xccdf.xml
Max HTML report size reached
1.57 MB
./usr/share/xml/scap/ssg/content/ssg-openembedded-ds.xml
1.57 MB
./usr/share/xml/scap/ssg/content/ssg-openembedded-ds.xml
Max HTML report size reached
900 KB
./usr/share/xml/scap/ssg/content/ssg-openembedded-ocil.xml
900 KB
./usr/share/xml/scap/ssg/content/ssg-openembedded-ocil.xml
Ordering differences only
    
Offset 3, 7435 lines modifiedOffset 3, 7666 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_yama_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_accept_source_route_ocil:questionnaire:1">
11 ······<ocil:title>Enable·Yama·support</ocil:title>11 ······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·all·IPv6·Interfaces</ocil:title>
12 ······<ocil:actions>12 ······<ocil:actions>
13 ········<ocil:test_action_ref>ocil:ssg-kernel_config_security_yama_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
14 ······</ocil:actions>14 ······</ocil:actions>
15 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
16 ····<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdrivermode_ocil:questionnaire:1"> 
17 ······<ocil:title>Ensure·Rsyslog·Encrypts·Off-Loaded·Audit·Records</ocil:title>16 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_compat_brk_ocil:questionnaire:1">
 17 ······<ocil:title>Disable·compatibility·with·brk()</ocil:title>
18 ······<ocil:actions>18 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdrivermode_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-kernel_config_compat_brk_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>20 ······</ocil:actions>
21 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-gid_passwd_group_same_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-account_passwords_pam_faillock_dir_ocil:questionnaire:1">
23 ······<ocil:title>All·GIDs·referenced·in·/etc/passwd·must·be·defined·in·/etc/group</ocil:title>23 ······<ocil:title>Account·Lockouts·Must·Persist</ocil:title>
24 ······<ocil:actions>24 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-gid_passwd_group_same_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-account_passwords_pam_faillock_dir_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>26 ······</ocil:actions>
27 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_icmp_ignore_bogus_error_responses_ocil:questionnaire:1"> 
29 ······<ocil:title>Enable·Kernel·Parameter·to·Ignore·Bogus·ICMP·Error·Responses·on·IPv4·Interfaces</ocil:title>28 ····<ocil:questionnaire·id="ocil:ssg-accounts_minimum_age_login_defs_ocil:questionnaire:1">
 29 ······<ocil:title>Set·Password·Minimum·Age</ocil:title>
30 ······<ocil:actions>30 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_icmp_ignore_bogus_error_responses_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-accounts_minimum_age_login_defs_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>32 ······</ocil:actions>
33 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-rsyslog_files_groupownership_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-selinux_state_ocil:questionnaire:1">
35 ······<ocil:title>Ensure·Log·Files·Are·Owned·By·Appropriate·Group</ocil:title>35 ······<ocil:title>Ensure·SELinux·State·is·Enforcing</ocil:title>
36 ······<ocil:actions>36 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-rsyslog_files_groupownership_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-selinux_state_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>38 ······</ocil:actions>
39 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-package_MFEhiplsm_installed_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-grub2_nosmep_argument_absent_ocil:questionnaire:1">
41 ······<ocil:title>Install·the·Host·Intrusion·Prevention·System·(HIPS)·Module</ocil:title>41 ······<ocil:title>Ensure·SMEP·is·not·disabled·during·boot</ocil:title>
42 ······<ocil:actions>42 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-package_MFEhiplsm_installed_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-grub2_nosmep_argument_absent_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>44 ······</ocil:actions>
45 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-ensure_logrotate_activated_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-service_vsftpd_disabled_ocil:questionnaire:1">
47 ······<ocil:title>Ensure·Logrotate·Runs·Periodically</ocil:title>47 ······<ocil:title>Disable·vsftpd·Service</ocil:title>
48 ······<ocil:actions>48 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-ensure_logrotate_activated_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-service_vsftpd_disabled_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>50 ······</ocil:actions>
51 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_writable_hooks_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-kernel_module_uvcvideo_disabled_ocil:questionnaire:1">
53 ······<ocil:title>Disable·mutable·hooks</ocil:title>53 ······<ocil:title>Disable·the·uvcvideo·module</ocil:title>
54 ······<ocil:actions>54 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-kernel_config_security_writable_hooks_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-kernel_module_uvcvideo_disabled_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>56 ······</ocil:actions>
57 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-mount_option_dev_shm_nodev_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-rsyslog_files_groupownership_ocil:questionnaire:1">
59 ······<ocil:title>Add·nodev·Option·to·/dev/shm</ocil:title>59 ······<ocil:title>Ensure·Log·Files·Are·Owned·By·Appropriate·Group</ocil:title>
60 ······<ocil:actions>60 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nodev_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-rsyslog_files_groupownership_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>62 ······</ocil:actions>
63 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_legacy_ptys_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-kernel_module_tipc_disabled_ocil:questionnaire:1">
65 ······<ocil:title>Disable·legacy·(BSD)·PTY·support</ocil:title>65 ······<ocil:title>Disable·TIPC·Support</ocil:title>
66 ······<ocil:actions>66 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-kernel_config_legacy_ptys_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-kernel_module_tipc_disabled_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>68 ······</ocil:actions>
69 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-sudo_remove_no_authenticate_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-group_unique_id_ocil:questionnaire:1">
71 ······<ocil:title>Ensure·Users·Re-Authenticate·for·Privilege·Escalation·-·sudo·!authenticate</ocil:title>71 ······<ocil:title>Ensure·All·Groups·on·the·System·Have·Unique·Group·ID</ocil:title>
72 ······<ocil:actions>72 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-sudo_remove_no_authenticate_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-group_unique_id_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>74 ······</ocil:actions>
75 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-no_all_squash_exports_ocil:questionnaire:1"> 
77 ······<ocil:title>Ensure·All-Squashing·Disabled·On·All·Exports</ocil:title>76 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lchown_ocil:questionnaire:1">
 77 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·lchown</ocil:title>
78 ······<ocil:actions>78 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-no_all_squash_exports_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_lchown_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>80 ······</ocil:actions>
81 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_audit_ocil:questionnaire:1"> 
83 ······<ocil:title>Account·Lockouts·Must·Be·Logged</ocil:title>82 ····<ocil:questionnaire·id="ocil:ssg-file_owner_grub2_cfg_ocil:questionnaire:1">
 83 ······<ocil:title>Verify·/boot/grub2/grub.cfg·User·Ownership</ocil:title>
84 ······<ocil:actions>84 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-accounts_passwords_pam_faillock_audit_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-file_owner_grub2_cfg_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>86 ······</ocil:actions>
87 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-sysctl_fs_protected_symlinks_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_icmp_echo_ignore_broadcasts_ocil:questionnaire:1">
89 ······<ocil:title>Enable·Kernel·Parameter·to·Enforce·DAC·on·Symlinks</ocil:title>89 ······<ocil:title>Enable·Kernel·Parameter·to·Ignore·ICMP·Broadcast·Echo·Requests·on·IPv4·Interfaces</ocil:title>
90 ······<ocil:actions>90 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-sysctl_fs_protected_symlinks_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_icmp_echo_ignore_broadcasts_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>92 ······</ocil:actions>
93 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-no_rsh_trust_files_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_randomize_va_space_ocil:questionnaire:1">
95 ······<ocil:title>Remove·Rsh·Trust·Files</ocil:title>95 ······<ocil:title>Enable·Randomized·Layout·of·Virtual·Address·Space</ocil:title>
96 ······<ocil:actions>96 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-no_rsh_trust_files_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_randomize_va_space_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>98 ······</ocil:actions>
99 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-package_firewalld_installed_ocil:questionnaire:1"> 
101 ······<ocil:title>Install·firewalld·Package</ocil:title>100 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_monthly_ocil:questionnaire:1">
 101 ······<ocil:title>Verify·Group·Who·Owns·cron.monthly</ocil:title>
102 ······<ocil:actions>102 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-package_firewalld_installed_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_monthly_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>104 ······</ocil:actions>
105 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-account_unique_name_ocil:questionnaire:1">
107 ······<ocil:title>Ensure·Users·Re-Authenticate·for·Privilege·Escalation·-·sudo·NOPASSWD</ocil:title>107 ······<ocil:title>Ensure·All·Accounts·on·the·System·Have·Unique·Names</ocil:title>
108 ······<ocil:actions>108 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-account_unique_name_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>110 ······</ocil:actions>
111 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_bug_ocil:questionnaire:1">112 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_allow_ocil:questionnaire:1">
113 ······<ocil:title>Enable·support·for·BUG()</ocil:title>113 ······<ocil:title>Verify·Group·Who·Owns·/etc/cron.allow·file</ocil:title>
114 ······<ocil:actions>114 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-kernel_config_bug_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_allow_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>116 ······</ocil:actions>
117 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-audit_privileged_commands_shutdown_ocil:questionnaire:1">118 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
119 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·shutdown</ocil:title>119 ······<ocil:title>Record·Events·that·Modify·the·System's·Mandatory·Access·Controls</ocil:title>
120 ······<ocil:actions>120 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-audit_privileged_commands_shutdown_action:testaction:1</ocil:test_action_ref>121 ········<ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>122 ······</ocil:actions>
123 ····</ocil:questionnaire>123 ····</ocil:questionnaire>
124 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_accept_redirects_ocil:questionnaire:1"> 
Max diff block lines reached; 909068/921833 bytes (98.62%) of diff not shown.
652 KB
./usr/share/xml/scap/ssg/content/ssg-openembedded-xccdf.xml
652 KB
./usr/share/xml/scap/ssg/content/ssg-openembedded-xccdf.xml
Ordering differences only
    
Offset 71, 226 lines modifiedOffset 71, 226 lines modified
71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
77 ··<cpe-lang:platform-specification>77 ··<cpe-lang:platform-specification>
78 ····<cpe-lang:platform·id="ipv6_enabled">78 ····<cpe-lang:platform·id="package_shadow-utils">
79 ······<cpe-lang:logical-test·operator="AND"·negate="false">79 ······<cpe-lang:logical-test·operator="AND"·negate="false">
80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-ipv6_enabled:def:1"/>80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
81 ······</cpe-lang:logical-test>81 ······</cpe-lang:logical-test>
82 ····</cpe-lang:platform>82 ····</cpe-lang:platform>
83 ····<cpe-lang:platform·id="package_dnf">83 ····<cpe-lang:platform·id="package_squid_and_system_with_kernel">
84 ······<cpe-lang:logical-test·operator="AND"·negate="false">84 ······<cpe-lang:logical-test·operator="AND"·negate="false">
85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_dnf:def:1"/>85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_squid:def:1"/>
 86 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
86 ······</cpe-lang:logical-test>87 ······</cpe-lang:logical-test>
87 ····</cpe-lang:platform>88 ····</cpe-lang:platform>
88 ····<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">89 ····<cpe-lang:platform·id="aarch64_arch">
89 ······<cpe-lang:logical-test·operator="OR"·negate="false">90 ······<cpe-lang:logical-test·operator="AND"·negate="false">
90 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>91 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
91 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/> 
92 ······</cpe-lang:logical-test>92 ······</cpe-lang:logical-test>
93 ····</cpe-lang:platform>93 ····</cpe-lang:platform>
94 ····<cpe-lang:platform·id="machine">94 ····<cpe-lang:platform·id="machine">
95 ······<cpe-lang:logical-test·operator="AND"·negate="false">95 ······<cpe-lang:logical-test·operator="AND"·negate="false">
96 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>96 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>
97 ······</cpe-lang:logical-test>97 ······</cpe-lang:logical-test>
98 ····</cpe-lang:platform>98 ····</cpe-lang:platform>
99 ····<cpe-lang:platform·id="package_iptables">99 ····<cpe-lang:platform·id="x86_64_arch">
100 ······<cpe-lang:logical-test·operator="AND"·negate="false">100 ······<cpe-lang:logical-test·operator="AND"·negate="false">
101 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>101 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
102 ······</cpe-lang:logical-test>102 ······</cpe-lang:logical-test>
103 ····</cpe-lang:platform>103 ····</cpe-lang:platform>
104 ····<cpe-lang:platform·id="not_aarch64_arch">104 ····<cpe-lang:platform·id="system_with_kernel">
105 ······<cpe-lang:logical-test·operator="AND"·negate="true">105 ······<cpe-lang:logical-test·operator="AND"·negate="false">
106 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>106 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
107 ······</cpe-lang:logical-test>107 ······</cpe-lang:logical-test>
108 ····</cpe-lang:platform>108 ····</cpe-lang:platform>
109 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">109 ····<cpe-lang:platform·id="package_logrotate">
110 ······<cpe-lang:logical-test·operator="AND"·negate="false">110 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 111 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>
 112 ······</cpe-lang:logical-test>
 113 ····</cpe-lang:platform>
 114 ····<cpe-lang:platform·id="package_sudo">
 115 ······<cpe-lang:logical-test·operator="AND"·negate="false">
111 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>116 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
112 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>117 ······</cpe-lang:logical-test>
 118 ····</cpe-lang:platform>
 119 ····<cpe-lang:platform·id="not_aarch64_arch">
 120 ······<cpe-lang:logical-test·operator="AND"·negate="true">
113 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>121 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
114 ······</cpe-lang:logical-test>122 ······</cpe-lang:logical-test>
115 ····</cpe-lang:platform>123 ····</cpe-lang:platform>
116 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">124 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">
117 ······<cpe-lang:logical-test·operator="AND"·negate="false">125 ······<cpe-lang:logical-test·operator="AND"·negate="false">
118 ········<cpe-lang:logical-test·operator="AND"·negate="true">126 ········<cpe-lang:logical-test·operator="AND"·negate="true">
119 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>127 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
120 ········</cpe-lang:logical-test>128 ········</cpe-lang:logical-test>
121 ········<cpe-lang:logical-test·operator="AND"·negate="true">129 ········<cpe-lang:logical-test·operator="AND"·negate="true">
122 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>130 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>
123 ········</cpe-lang:logical-test>131 ········</cpe-lang:logical-test>
124 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>132 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
125 ······</cpe-lang:logical-test>133 ······</cpe-lang:logical-test>
126 ····</cpe-lang:platform>134 ····</cpe-lang:platform>
127 ····<cpe-lang:platform·id="package_pam">135 ····<cpe-lang:platform·id="package_snmpd_and_system_with_kernel">
128 ······<cpe-lang:logical-test·operator="AND"·negate="false">136 ······<cpe-lang:logical-test·operator="AND"·negate="false">
129 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>137 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_snmpd:def:1"/>
 138 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
130 ······</cpe-lang:logical-test>139 ······</cpe-lang:logical-test>
131 ····</cpe-lang:platform>140 ····</cpe-lang:platform>
132 ····<cpe-lang:platform·id="package_firewalld">141 ····<cpe-lang:platform·id="package_firewalld">
133 ······<cpe-lang:logical-test·operator="AND"·negate="false">142 ······<cpe-lang:logical-test·operator="AND"·negate="false">
134 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>143 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>
135 ······</cpe-lang:logical-test>144 ······</cpe-lang:logical-test>
136 ····</cpe-lang:platform>145 ····</cpe-lang:platform>
137 ····<cpe-lang:platform·id="package_rsyslog">146 ····<cpe-lang:platform·id="package_systemd">
138 ······<cpe-lang:logical-test·operator="AND"·negate="false">147 ······<cpe-lang:logical-test·operator="AND"·negate="false">
139 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>148 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_systemd:def:1"/>
140 ······</cpe-lang:logical-test>149 ······</cpe-lang:logical-test>
141 ····</cpe-lang:platform>150 ····</cpe-lang:platform>
142 ····<cpe-lang:platform·id="package_logrotate">151 ····<cpe-lang:platform·id="wifi-iface">
143 ······<cpe-lang:logical-test·operator="AND"·negate="false">152 ······<cpe-lang:logical-test·operator="AND"·negate="false">
144 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>153 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_wifi_interface:def:1"/>
145 ······</cpe-lang:logical-test>154 ······</cpe-lang:logical-test>
146 ····</cpe-lang:platform>155 ····</cpe-lang:platform>
147 ····<cpe-lang:platform·id="package_audit">156 ····<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">
148 ······<cpe-lang:logical-test·operator="AND"·negate="false">157 ······<cpe-lang:logical-test·operator="OR"·negate="false">
 158 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
149 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>159 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
150 ······</cpe-lang:logical-test>160 ······</cpe-lang:logical-test>
151 ····</cpe-lang:platform>161 ····</cpe-lang:platform>
152 ····<cpe-lang:platform·id="non-uefi">162 ····<cpe-lang:platform·id="package_rsyslog">
153 ······<cpe-lang:logical-test·operator="AND"·negate="false">163 ······<cpe-lang:logical-test·operator="AND"·negate="false">
154 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>164 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>
155 ······</cpe-lang:logical-test>165 ······</cpe-lang:logical-test>
156 ····</cpe-lang:platform>166 ····</cpe-lang:platform>
157 ····<cpe-lang:platform·id="package_snmpd_and_system_with_kernel">167 ····<cpe-lang:platform·id="package_gdm">
158 ······<cpe-lang:logical-test·operator="AND"·negate="false">168 ······<cpe-lang:logical-test·operator="AND"·negate="false">
159 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_snmpd:def:1"/>169 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>
160 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/> 
161 ······</cpe-lang:logical-test>170 ······</cpe-lang:logical-test>
162 ····</cpe-lang:platform>171 ····</cpe-lang:platform>
163 ····<cpe-lang:platform·id="package_sudo">172 ····<cpe-lang:platform·id="package_postfix">
164 ······<cpe-lang:logical-test·operator="AND"·negate="false">173 ······<cpe-lang:logical-test·operator="AND"·negate="false">
165 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>174 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_postfix:def:1"/>
166 ······</cpe-lang:logical-test>175 ······</cpe-lang:logical-test>
167 ····</cpe-lang:platform>176 ····</cpe-lang:platform>
168 ····<cpe-lang:platform·id="system_with_kernel">177 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">
169 ······<cpe-lang:logical-test·operator="AND"·negate="false">178 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 179 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
 180 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>
170 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>181 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
171 ······</cpe-lang:logical-test>182 ······</cpe-lang:logical-test>
172 ····</cpe-lang:platform>183 ····</cpe-lang:platform>
173 ····<cpe-lang:platform·id="package_postfix">184 ····<cpe-lang:platform·id="non-uefi">
174 ······<cpe-lang:logical-test·operator="AND"·negate="false">185 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 186 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>
 187 ······</cpe-lang:logical-test>
 188 ····</cpe-lang:platform>
 189 ····<cpe-lang:platform·id="package_rsh-server">
 190 ······<cpe-lang:logical-test·operator="AND"·negate="false">
175 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_postfix:def:1"/>191 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openembedded-cpe-oval.xml"·id-ref="oval:ssg-package_rsh-server:def:1"/>
176 ······</cpe-lang:logical-test>192 ······</cpe-lang:logical-test>
177 ····</cpe-lang:platform>193 ····</cpe-lang:platform>
178 ····<cpe-lang:platform·id="package_chrony">194 ····<cpe-lang:platform·id="package_chrony">
179 ······<cpe-lang:logical-test·operator="AND"·negate="false">195 ······<cpe-lang:logical-test·operator="AND"·negate="false">
Max diff block lines reached; 653164/667042 bytes (97.92%) of diff not shown.
976 KB
./usr/share/xml/scap/ssg/content/ssg-openeuler2203-ds.xml
976 KB
./usr/share/xml/scap/ssg/content/ssg-openeuler2203-ds.xml
    
Offset 19, 15 lines modifiedOffset 19, 15 lines modified
19 ····</ds:checklists>19 ····</ds:checklists>
20 ····<ds:checks>20 ····<ds:checks>
21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-openeuler2203-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-openeuler2203-oval.xml"/>21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-openeuler2203-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-openeuler2203-oval.xml"/>
22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-openeuler2203-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-openeuler2203-ocil.xml"/>22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-openeuler2203-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-openeuler2203-ocil.xml"/>
23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-openeuler2203-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-openeuler2203-cpe-oval.xml"/>23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-openeuler2203-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-openeuler2203-cpe-oval.xml"/>
24 ····</ds:checks>24 ····</ds:checks>
25 ··</ds:data-stream>25 ··</ds:data-stream>
26 ··<ds:component·id="scap_org.open-scap_comp_ssg-openeuler2203-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">26 ··<ds:component·id="scap_org.open-scap_comp_ssg-openeuler2203-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28 ······<cpe-dict:cpe-item·name="cpe:/o:openEuler:openEuler:22.03LTS:ga:server">28 ······<cpe-dict:cpe-item·name="cpe:/o:openEuler:openEuler:22.03LTS:ga:server">
29 ········<cpe-dict:title·xml:lang="en-us">openEuler·22.03·LTS</cpe-dict:title>29 ········<cpe-dict:title·xml:lang="en-us">openEuler·22.03·LTS</cpe-dict:title>
30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml">oval:ssg-installed_OS_is_openeuler2203:def:1</cpe-dict:check>30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml">oval:ssg-installed_OS_is_openeuler2203:def:1</cpe-dict:check>
31 ······</cpe-dict:cpe-item>31 ······</cpe-dict:cpe-item>
32 ······<cpe-dict:cpe-item·name="cpe:/o:openEuler:openEuler:22.03LTS_SP1:ga:server">32 ······<cpe-dict:cpe-item·name="cpe:/o:openEuler:openEuler:22.03LTS_SP1:ga:server">
33 ········<cpe-dict:title·xml:lang="en-us">openEuler·22.03·LTS·SP1</cpe-dict:title>33 ········<cpe-dict:title·xml:lang="en-us">openEuler·22.03·LTS·SP1</cpe-dict:title>
Offset 35, 15 lines modifiedOffset 35, 15 lines modified
35 ······</cpe-dict:cpe-item>35 ······</cpe-dict:cpe-item>
36 ······<cpe-dict:cpe-item·name="cpe:/o:openEuler:openEuler:22.03LTS_SP2:ga:server">36 ······<cpe-dict:cpe-item·name="cpe:/o:openEuler:openEuler:22.03LTS_SP2:ga:server">
37 ········<cpe-dict:title·xml:lang="en-us">openEuler·22.03·LTS·SP2</cpe-dict:title>37 ········<cpe-dict:title·xml:lang="en-us">openEuler·22.03·LTS·SP2</cpe-dict:title>
38 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml">oval:ssg-installed_OS_is_openeuler2203:def:1</cpe-dict:check>38 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml">oval:ssg-installed_OS_is_openeuler2203:def:1</cpe-dict:check>
39 ······</cpe-dict:cpe-item>39 ······</cpe-dict:cpe-item>
40 ····</cpe-dict:cpe-list>40 ····</cpe-dict:cpe-list>
41 ··</ds:component>41 ··</ds:component>
42 ··<ds:component·id="scap_org.open-scap_comp_ssg-openeuler2203-xccdf.xml"·timestamp="2025-02-28T20:08:00">42 ··<ds:component·id="scap_org.open-scap_comp_ssg-openeuler2203-xccdf.xml"·timestamp="2025-03-01T22:08:00">
43 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OPENEULER2203"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">43 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OPENEULER2203"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
44 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>44 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
45 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·openEuler·2203</xccdf-1.2:title>45 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·openEuler·2203</xccdf-1.2:title>
46 ······<xccdf-1.2:description>46 ······<xccdf-1.2:description>
47 ········This·guide·presents·a·catalog·of·security-relevant47 ········This·guide·presents·a·catalog·of·security-relevant
48 configuration·settings·for·openEuler·2203.·It·is·a·rendering·of48 configuration·settings·for·openEuler·2203.·It·is·a·rendering·of
49 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)49 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 112, 172 lines modifiedOffset 112, 172 lines modified
112 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>112 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
113 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>113 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
114 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>114 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
115 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>115 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
116 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>116 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
117 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>117 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
118 ······<cpe-lang:platform-specification>118 ······<cpe-lang:platform-specification>
119 ········<cpe-lang:platform·id="ipv6_enabled">119 ········<cpe-lang:platform·id="package_shadow-utils">
120 ··········<cpe-lang:logical-test·operator="AND"·negate="false">120 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
121 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-ipv6_enabled:def:1"/>121 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
122 ··········</cpe-lang:logical-test>122 ··········</cpe-lang:logical-test>
123 ········</cpe-lang:platform>123 ········</cpe-lang:platform>
124 ········<cpe-lang:platform·id="package_dnf">124 ········<cpe-lang:platform·id="package_ntp">
125 ··········<cpe-lang:logical-test·operator="AND"·negate="false">125 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
126 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_dnf:def:1"/>126 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_ntp:def:1"/>
127 ··········</cpe-lang:logical-test>127 ··········</cpe-lang:logical-test>
128 ········</cpe-lang:platform>128 ········</cpe-lang:platform>
129 ········<cpe-lang:platform·id="grub2">129 ········<cpe-lang:platform·id="system_with_kernel">
130 ··········<cpe-lang:logical-test·operator="AND"·negate="false">130 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
131 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/>131 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
132 ··········</cpe-lang:logical-test>132 ··········</cpe-lang:logical-test>
133 ········</cpe-lang:platform>133 ········</cpe-lang:platform>
134 ········<cpe-lang:platform·id="package_iptables">134 ········<cpe-lang:platform·id="package_sudo">
135 ··········<cpe-lang:logical-test·operator="AND"·negate="false">135 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
136 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>136 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
137 ··········</cpe-lang:logical-test>137 ··········</cpe-lang:logical-test>
138 ········</cpe-lang:platform>138 ········</cpe-lang:platform>
139 ········<cpe-lang:platform·id="not_aarch64_arch">139 ········<cpe-lang:platform·id="not_aarch64_arch">
140 ··········<cpe-lang:logical-test·operator="AND"·negate="true">140 ··········<cpe-lang:logical-test·operator="AND"·negate="true">
141 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>141 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
142 ··········</cpe-lang:logical-test>142 ··········</cpe-lang:logical-test>
143 ········</cpe-lang:platform>143 ········</cpe-lang:platform>
144 ········<cpe-lang:platform·id="package_ntp"> 
145 ··········<cpe-lang:logical-test·operator="AND"·negate="false"> 
146 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_ntp:def:1"/> 
147 ··········</cpe-lang:logical-test> 
148 ········</cpe-lang:platform> 
149 ········<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel"> 
150 ··········<cpe-lang:logical-test·operator="AND"·negate="false"> 
151 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/> 
152 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/> 
153 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/> 
154 ··········</cpe-lang:logical-test> 
155 ········</cpe-lang:platform> 
156 ········<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">144 ········<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">
157 ··········<cpe-lang:logical-test·operator="AND"·negate="false">145 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
158 ············<cpe-lang:logical-test·operator="AND"·negate="true">146 ············<cpe-lang:logical-test·operator="AND"·negate="true">
159 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>147 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
160 ············</cpe-lang:logical-test>148 ············</cpe-lang:logical-test>
161 ············<cpe-lang:logical-test·operator="AND"·negate="true">149 ············<cpe-lang:logical-test·operator="AND"·negate="true">
162 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>150 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>
163 ············</cpe-lang:logical-test>151 ············</cpe-lang:logical-test>
164 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>152 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
165 ··········</cpe-lang:logical-test>153 ··········</cpe-lang:logical-test>
166 ········</cpe-lang:platform>154 ········</cpe-lang:platform>
167 ········<cpe-lang:platform·id="package_pam">155 ········<cpe-lang:platform·id="package_firewalld">
168 ··········<cpe-lang:logical-test·operator="AND"·negate="false">156 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
169 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>157 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>
170 ··········</cpe-lang:logical-test>158 ··········</cpe-lang:logical-test>
171 ········</cpe-lang:platform>159 ········</cpe-lang:platform>
172 ········<cpe-lang:platform·id="package_firewalld">160 ········<cpe-lang:platform·id="package_nftables_and_service_disabled_firewalld_and_service_disabled_ufw">
173 ··········<cpe-lang:logical-test·operator="AND"·negate="false">161 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
174 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>162 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
 163 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>
 164 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_ufw:def:1"/>
 165 ··········</cpe-lang:logical-test>
 166 ········</cpe-lang:platform>
 167 ········<cpe-lang:platform·id="wifi-iface">
 168 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 169 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_wifi_interface:def:1"/>
175 ··········</cpe-lang:logical-test>170 ··········</cpe-lang:logical-test>
176 ········</cpe-lang:platform>171 ········</cpe-lang:platform>
177 ········<cpe-lang:platform·id="package_rsyslog">172 ········<cpe-lang:platform·id="package_rsyslog">
178 ··········<cpe-lang:logical-test·operator="AND"·negate="false">173 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
179 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>174 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>
180 ··········</cpe-lang:logical-test>175 ··········</cpe-lang:logical-test>
181 ········</cpe-lang:platform>176 ········</cpe-lang:platform>
182 ········<cpe-lang:platform·id="package_audit">177 ········<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">
183 ··········<cpe-lang:logical-test·operator="AND"·negate="false">178 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
184 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>179 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
 180 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>
 181 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
185 ··········</cpe-lang:logical-test>182 ··········</cpe-lang:logical-test>
186 ········</cpe-lang:platform>183 ········</cpe-lang:platform>
187 ········<cpe-lang:platform·id="non-uefi">184 ········<cpe-lang:platform·id="non-uefi">
188 ··········<cpe-lang:logical-test·operator="AND"·negate="false">185 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
189 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>186 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>
190 ··········</cpe-lang:logical-test>187 ··········</cpe-lang:logical-test>
191 ········</cpe-lang:platform>188 ········</cpe-lang:platform>
192 ········<cpe-lang:platform·id="uefi">189 ········<cpe-lang:platform·id="grub2">
193 ··········<cpe-lang:logical-test·operator="AND"·negate="false">190 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
194 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_uefi:def:1"/>191 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/>
195 ··········</cpe-lang:logical-test>192 ··········</cpe-lang:logical-test>
196 ········</cpe-lang:platform>193 ········</cpe-lang:platform>
197 ········<cpe-lang:platform·id="package_sudo">194 ········<cpe-lang:platform·id="package_chrony">
Max diff block lines reached; 986185/999100 bytes (98.71%) of diff not shown.
531 KB
./usr/share/xml/scap/ssg/content/ssg-openeuler2203-ocil.xml
531 KB
./usr/share/xml/scap/ssg/content/ssg-openeuler2203-ocil.xml
Ordering differences only
    
Offset 3, 1997 lines modifiedOffset 3, 1997 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_successful_file_modification_lsetxattr_ocil:questionnaire:1"> 
11 ······<ocil:title>Record·Successful·Permission·Changes·to·Files·-·lsetxattr</ocil:title>10 ····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_kptr_restrict_ocil:questionnaire:1">
 11 ······<ocil:title>Restrict·Exposed·Kernel·Pointer·Addresses·Access</ocil:title>
12 ······<ocil:actions>12 ······<ocil:actions>
13 ········<ocil:test_action_ref>ocil:ssg-audit_rules_successful_file_modification_lsetxattr_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_kptr_restrict_action:testaction:1</ocil:test_action_ref>
14 ······</ocil:actions>14 ······</ocil:actions>
15 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
16 ····<ocil:questionnaire·id="ocil:ssg-set_firewalld_appropriate_zone_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_max_auth_tries_ocil:questionnaire:1">
17 ······<ocil:title>Ensure·network·interfaces·are·assigned·to·appropriate·zone</ocil:title>17 ······<ocil:title>Set·SSH·authentication·attempt·limit</ocil:title>
18 ······<ocil:actions>18 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-set_firewalld_appropriate_zone_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-sshd_set_max_auth_tries_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>20 ······</ocil:actions>
21 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-service_avahi-daemon_disabled_ocil:questionnaire:1"> 
23 ······<ocil:title>Disable·Avahi·Server·Software</ocil:title>22 ····<ocil:questionnaire·id="ocil:ssg-set_password_hashing_algorithm_systemauth_ocil:questionnaire:1">
 23 ······<ocil:title>Set·PAM''s·Password·Hashing·Algorithm</ocil:title>
24 ······<ocil:actions>24 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-service_avahi-daemon_disabled_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-set_password_hashing_algorithm_systemauth_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>26 ······</ocil:actions>
27 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_empty_passwords_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_ip_forward_ocil:questionnaire:1">
29 ······<ocil:title>Disable·SSH·Access·via·Empty·Passwords</ocil:title>29 ······<ocil:title>Disable·Kernel·Parameter·for·IP·Forwarding·on·IPv4·Interfaces</ocil:title>
30 ······<ocil:actions>30 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_empty_passwords_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_ip_forward_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>32 ······</ocil:actions>
33 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_gshadow_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_daily_ocil:questionnaire:1">
35 ······<ocil:title>Verify·Group·Who·Owns·Backup·gshadow·File</ocil:title>35 ······<ocil:title>Verify·Owner·on·cron.daily</ocil:title>
36 ······<ocil:actions>36 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-file_owner_cron_daily_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>38 ······</ocil:actions>
39 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-package_tftp-server_removed_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_passwd_ocil:questionnaire:1">
41 ······<ocil:title>Uninstall·tftp-server·Package</ocil:title>41 ······<ocil:title>Verify·User·Who·Owns·passwd·File</ocil:title>
42 ······<ocil:actions>42 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-package_tftp-server_removed_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-file_owner_etc_passwd_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>44 ······</ocil:actions>
45 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-service_dhcpd_disabled_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_deny_ocil:questionnaire:1">
47 ······<ocil:title>Disable·DHCP·Service</ocil:title>47 ······<ocil:title>Lock·Accounts·After·Failed·Password·Attempts</ocil:title>
48 ······<ocil:actions>48 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-service_dhcpd_disabled_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-accounts_passwords_pam_faillock_deny_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>50 ······</ocil:actions>
51 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-nftables_ensure_default_deny_policy_ocil:questionnaire:1"> 
53 ······<ocil:title>Ensure·nftables·Default·Deny·Firewall·Policy</ocil:title>52 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_accept_source_route_ocil:questionnaire:1">
 53 ······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·IPv6·Interfaces·by·Default</ocil:title>
54 ······<ocil:actions>54 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-nftables_ensure_default_deny_policy_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_default_accept_source_route_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>56 ······</ocil:actions>
57 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-wireless_disable_interfaces_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-use_pam_wheel_for_su_ocil:questionnaire:1">
59 ······<ocil:title>Deactivate·Wireless·Network·Interfaces</ocil:title>59 ······<ocil:title>Enforce·usage·of·pam_wheel·for·su·authentication</ocil:title>
60 ······<ocil:actions>60 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-wireless_disable_interfaces_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-use_pam_wheel_for_su_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>62 ······</ocil:actions>
63 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-service_rsyslog_enabled_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_issue_ocil:questionnaire:1">
65 ······<ocil:title>Enable·rsyslog·Service</ocil:title>65 ······<ocil:title>Verify·permissions·on·System·Login·Banner</ocil:title>
66 ······<ocil:actions>66 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-service_rsyslog_enabled_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_issue_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>68 ······</ocil:actions>
69 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-package_httpd_removed_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-file_owner_at_allow_ocil:questionnaire:1">
71 ······<ocil:title>Uninstall·httpd·Package</ocil:title>71 ······<ocil:title>Verify·User·Who·Owns·/etc/at.allow·file</ocil:title>
72 ······<ocil:actions>72 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-package_httpd_removed_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-file_owner_at_allow_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>74 ······</ocil:actions>
75 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-accounts_maximum_age_login_defs_ocil:questionnaire:1"> 
77 ······<ocil:title>Set·Password·Maximum·Age</ocil:title>76 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_networkconfig_modification_ocil:questionnaire:1">
 77 ······<ocil:title>Record·Events·that·Modify·the·System's·Network·Environment</ocil:title>
78 ······<ocil:actions>78 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-accounts_maximum_age_login_defs_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-audit_rules_networkconfig_modification_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>80 ······</ocil:actions>
81 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_daily_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-grub2_audit_argument_ocil:questionnaire:1">
83 ······<ocil:title>Verify·Owner·on·cron.daily</ocil:title>83 ······<ocil:title>Enable·Auditing·for·Processes·Which·Start·Prior·to·the·Audit·Daemon</ocil:title>
84 ······<ocil:actions>84 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-file_owner_cron_daily_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-grub2_audit_argument_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>86 ······</ocil:actions>
87 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_successful_file_modification_fsetxattr_ocil:questionnaire:1"> 
89 ······<ocil:title>Record·Successful·Permission·Changes·to·Files·-·fsetxattr</ocil:title>88 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_cron_daily_ocil:questionnaire:1">
 89 ······<ocil:title>Verify·Permissions·on·cron.daily</ocil:title>
90 ······<ocil:actions>90 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-audit_rules_successful_file_modification_fsetxattr_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-file_permissions_cron_daily_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>92 ······</ocil:actions>
93 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_allow_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_group_ocil:questionnaire:1">
95 ······<ocil:title>Verify·Group·Who·Owns·/etc/cron.allow·file</ocil:title>95 ······<ocil:title>Verify·Permissions·on·group·File</ocil:title>
96 ······<ocil:actions>96 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_allow_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_group_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>98 ······</ocil:actions>
99 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-selinux_policytype_ocil:questionnaire:1">100 ····<ocil:questionnaire·id="ocil:ssg-grub2_password_ocil:questionnaire:1">
101 ······<ocil:title>Configure·SELinux·Policy</ocil:title>101 ······<ocil:title>Set·Boot·Loader·Password·in·grub2</ocil:title>
102 ······<ocil:actions>102 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-selinux_policytype_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-grub2_password_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>104 ······</ocil:actions>
105 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-grub2_audit_backlog_limit_argument_ocil:questionnaire:1"> 
107 ······<ocil:title>Extend·Audit·Backlog·Limit·for·the·Audit·Daemon</ocil:title>106 ····<ocil:questionnaire·id="ocil:ssg-set_iptables_outbound_n_established_ocil:questionnaire:1">
 107 ······<ocil:title>Ensure·Outbound·and·Established·Connections·are·Configured</ocil:title>
108 ······<ocil:actions>108 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-grub2_audit_backlog_limit_argument_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-set_iptables_outbound_n_established_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>110 ······</ocil:actions>
111 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_cron_hourly_ocil:questionnaire:1"> 
113 ······<ocil:title>Verify·Permissions·on·cron.hourly</ocil:title>112 ····<ocil:questionnaire·id="ocil:ssg-ensure_gpgcheck_never_disabled_ocil:questionnaire:1">
 113 ······<ocil:title>Ensure·gpgcheck·Enabled·for·All·dnf·Package·Repositories</ocil:title>
114 ······<ocil:actions>114 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-file_permissions_cron_hourly_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-ensure_gpgcheck_never_disabled_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>116 ······</ocil:actions>
117 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_accept_redirects_ocil:questionnaire:1"> 
119 ······<ocil:title>Disable·Accepting·ICMP·Redirects·for·All·IPv6·Interfaces</ocil:title>118 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_kernel_module_loading_ocil:questionnaire:1">
 119 ······<ocil:title>Ensure·auditd·Collects·Information·on·Kernel·Module·Loading·and·Unloading</ocil:title>
120 ······<ocil:actions>120 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_accept_redirects_action:testaction:1</ocil:test_action_ref>121 ········<ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 531618/543940 bytes (97.73%) of diff not shown.
407 KB
./usr/share/xml/scap/ssg/content/ssg-openeuler2203-xccdf.xml
407 KB
./usr/share/xml/scap/ssg/content/ssg-openeuler2203-xccdf.xml
Ordering differences only
    
Offset 71, 172 lines modifiedOffset 71, 172 lines modified
71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
77 ··<cpe-lang:platform-specification>77 ··<cpe-lang:platform-specification>
78 ····<cpe-lang:platform·id="ipv6_enabled">78 ····<cpe-lang:platform·id="package_shadow-utils">
79 ······<cpe-lang:logical-test·operator="AND"·negate="false">79 ······<cpe-lang:logical-test·operator="AND"·negate="false">
80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-ipv6_enabled:def:1"/>80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
81 ······</cpe-lang:logical-test>81 ······</cpe-lang:logical-test>
82 ····</cpe-lang:platform>82 ····</cpe-lang:platform>
83 ····<cpe-lang:platform·id="package_dnf">83 ····<cpe-lang:platform·id="package_ntp">
84 ······<cpe-lang:logical-test·operator="AND"·negate="false">84 ······<cpe-lang:logical-test·operator="AND"·negate="false">
85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_dnf:def:1"/>85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_ntp:def:1"/>
86 ······</cpe-lang:logical-test>86 ······</cpe-lang:logical-test>
87 ····</cpe-lang:platform>87 ····</cpe-lang:platform>
88 ····<cpe-lang:platform·id="grub2">88 ····<cpe-lang:platform·id="system_with_kernel">
89 ······<cpe-lang:logical-test·operator="AND"·negate="false">89 ······<cpe-lang:logical-test·operator="AND"·negate="false">
90 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/>90 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
91 ······</cpe-lang:logical-test>91 ······</cpe-lang:logical-test>
92 ····</cpe-lang:platform>92 ····</cpe-lang:platform>
93 ····<cpe-lang:platform·id="package_iptables">93 ····<cpe-lang:platform·id="package_sudo">
94 ······<cpe-lang:logical-test·operator="AND"·negate="false">94 ······<cpe-lang:logical-test·operator="AND"·negate="false">
95 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>95 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
96 ······</cpe-lang:logical-test>96 ······</cpe-lang:logical-test>
97 ····</cpe-lang:platform>97 ····</cpe-lang:platform>
98 ····<cpe-lang:platform·id="not_aarch64_arch">98 ····<cpe-lang:platform·id="not_aarch64_arch">
99 ······<cpe-lang:logical-test·operator="AND"·negate="true">99 ······<cpe-lang:logical-test·operator="AND"·negate="true">
100 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>100 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
101 ······</cpe-lang:logical-test>101 ······</cpe-lang:logical-test>
102 ····</cpe-lang:platform>102 ····</cpe-lang:platform>
103 ····<cpe-lang:platform·id="package_ntp"> 
104 ······<cpe-lang:logical-test·operator="AND"·negate="false"> 
105 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_ntp:def:1"/> 
106 ······</cpe-lang:logical-test> 
107 ····</cpe-lang:platform> 
108 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel"> 
109 ······<cpe-lang:logical-test·operator="AND"·negate="false"> 
110 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/> 
111 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/> 
112 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/> 
113 ······</cpe-lang:logical-test> 
114 ····</cpe-lang:platform> 
115 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">103 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">
116 ······<cpe-lang:logical-test·operator="AND"·negate="false">104 ······<cpe-lang:logical-test·operator="AND"·negate="false">
117 ········<cpe-lang:logical-test·operator="AND"·negate="true">105 ········<cpe-lang:logical-test·operator="AND"·negate="true">
118 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>106 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
119 ········</cpe-lang:logical-test>107 ········</cpe-lang:logical-test>
120 ········<cpe-lang:logical-test·operator="AND"·negate="true">108 ········<cpe-lang:logical-test·operator="AND"·negate="true">
121 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>109 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>
122 ········</cpe-lang:logical-test>110 ········</cpe-lang:logical-test>
123 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>111 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
124 ······</cpe-lang:logical-test>112 ······</cpe-lang:logical-test>
125 ····</cpe-lang:platform>113 ····</cpe-lang:platform>
126 ····<cpe-lang:platform·id="package_pam">114 ····<cpe-lang:platform·id="package_firewalld">
127 ······<cpe-lang:logical-test·operator="AND"·negate="false">115 ······<cpe-lang:logical-test·operator="AND"·negate="false">
128 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>116 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>
129 ······</cpe-lang:logical-test>117 ······</cpe-lang:logical-test>
130 ····</cpe-lang:platform>118 ····</cpe-lang:platform>
131 ····<cpe-lang:platform·id="package_firewalld">119 ····<cpe-lang:platform·id="package_nftables_and_service_disabled_firewalld_and_service_disabled_ufw">
132 ······<cpe-lang:logical-test·operator="AND"·negate="false">120 ······<cpe-lang:logical-test·operator="AND"·negate="false">
133 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>121 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
 122 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>
 123 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_ufw:def:1"/>
 124 ······</cpe-lang:logical-test>
 125 ····</cpe-lang:platform>
 126 ····<cpe-lang:platform·id="wifi-iface">
 127 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 128 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_wifi_interface:def:1"/>
134 ······</cpe-lang:logical-test>129 ······</cpe-lang:logical-test>
135 ····</cpe-lang:platform>130 ····</cpe-lang:platform>
136 ····<cpe-lang:platform·id="package_rsyslog">131 ····<cpe-lang:platform·id="package_rsyslog">
137 ······<cpe-lang:logical-test·operator="AND"·negate="false">132 ······<cpe-lang:logical-test·operator="AND"·negate="false">
138 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>133 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>
139 ······</cpe-lang:logical-test>134 ······</cpe-lang:logical-test>
140 ····</cpe-lang:platform>135 ····</cpe-lang:platform>
141 ····<cpe-lang:platform·id="package_audit">136 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">
142 ······<cpe-lang:logical-test·operator="AND"·negate="false">137 ······<cpe-lang:logical-test·operator="AND"·negate="false">
143 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>138 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
 139 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>
 140 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
144 ······</cpe-lang:logical-test>141 ······</cpe-lang:logical-test>
145 ····</cpe-lang:platform>142 ····</cpe-lang:platform>
146 ····<cpe-lang:platform·id="non-uefi">143 ····<cpe-lang:platform·id="non-uefi">
147 ······<cpe-lang:logical-test·operator="AND"·negate="false">144 ······<cpe-lang:logical-test·operator="AND"·negate="false">
148 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>145 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_non_uefi:def:1"/>
149 ······</cpe-lang:logical-test>146 ······</cpe-lang:logical-test>
150 ····</cpe-lang:platform>147 ····</cpe-lang:platform>
151 ····<cpe-lang:platform·id="uefi">148 ····<cpe-lang:platform·id="grub2">
152 ······<cpe-lang:logical-test·operator="AND"·negate="false">149 ······<cpe-lang:logical-test·operator="AND"·negate="false">
153 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-system_boot_mode_is_uefi:def:1"/>150 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/>
154 ······</cpe-lang:logical-test>151 ······</cpe-lang:logical-test>
155 ····</cpe-lang:platform>152 ····</cpe-lang:platform>
156 ····<cpe-lang:platform·id="package_sudo">153 ····<cpe-lang:platform·id="package_chrony">
157 ······<cpe-lang:logical-test·operator="AND"·negate="false">154 ······<cpe-lang:logical-test·operator="AND"·negate="false">
158 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>155 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_chrony:def:1"/>
159 ······</cpe-lang:logical-test>156 ······</cpe-lang:logical-test>
160 ····</cpe-lang:platform>157 ····</cpe-lang:platform>
161 ····<cpe-lang:platform·id="system_with_kernel">158 ····<cpe-lang:platform·id="package_audit">
162 ······<cpe-lang:logical-test·operator="AND"·negate="false">159 ······<cpe-lang:logical-test·operator="AND"·negate="false">
163 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>160 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>
164 ······</cpe-lang:logical-test>161 ······</cpe-lang:logical-test>
165 ····</cpe-lang:platform>162 ····</cpe-lang:platform>
166 ····<cpe-lang:platform·id="package_chrony">163 ····<cpe-lang:platform·id="package_pam">
167 ······<cpe-lang:logical-test·operator="AND"·negate="false">164 ······<cpe-lang:logical-test·operator="AND"·negate="false">
168 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_chrony:def:1"/>165 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>
169 ······</cpe-lang:logical-test>166 ······</cpe-lang:logical-test>
170 ····</cpe-lang:platform>167 ····</cpe-lang:platform>
171 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw">168 ····<cpe-lang:platform·id="package_bash">
172 ······<cpe-lang:logical-test·operator="AND"·negate="false">169 ······<cpe-lang:logical-test·operator="AND"·negate="false">
173 ········<cpe-lang:logical-test·operator="AND"·negate="true"> 
174 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/> 
175 ········</cpe-lang:logical-test> 
176 ········<cpe-lang:logical-test·operator="AND"·negate="true"> 
177 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>170 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>
178 ········</cpe-lang:logical-test> 
179 ······</cpe-lang:logical-test>171 ······</cpe-lang:logical-test>
180 ····</cpe-lang:platform>172 ····</cpe-lang:platform>
181 ····<cpe-lang:platform·id="package_nftables_and_service_disabled_firewalld">173 ····<cpe-lang:platform·id="package_nftables_and_service_disabled_firewalld">
182 ······<cpe-lang:logical-test·operator="AND"·negate="false">174 ······<cpe-lang:logical-test·operator="AND"·negate="false">
183 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>175 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
184 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>176 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-openeuler2203-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>
185 ······</cpe-lang:logical-test>177 ······</cpe-lang:logical-test>
186 ····</cpe-lang:platform>178 ····</cpe-lang:platform>
187 ····<cpe-lang:platform·id="package_avahi_and_system_with_kernel">179 ····<cpe-lang:platform·id="package_iptables">
188 ······<cpe-lang:logical-test·operator="AND"·negate="false">180 ······<cpe-lang:logical-test·operator="AND"·negate="false">
Max diff block lines reached; 402736/416736 bytes (96.64%) of diff not shown.
1.11 MB
./usr/share/xml/scap/ssg/content/ssg-opensuse-ds.xml
1.11 MB
./usr/share/xml/scap/ssg/content/ssg-opensuse-ds.xml
    
Offset 19, 15 lines modifiedOffset 19, 15 lines modified
19 ····</ds:checklists>19 ····</ds:checklists>
20 ····<ds:checks>20 ····<ds:checks>
21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-opensuse-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-opensuse-oval.xml"/>21 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-opensuse-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-opensuse-oval.xml"/>
22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-opensuse-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-opensuse-ocil.xml"/>22 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-opensuse-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-opensuse-ocil.xml"/>
23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-opensuse-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-opensuse-cpe-oval.xml"/>23 ······<ds:component-ref·id="scap_org.open-scap_cref_ssg-opensuse-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-opensuse-cpe-oval.xml"/>
24 ····</ds:checks>24 ····</ds:checks>
25 ··</ds:data-stream>25 ··</ds:data-stream>
26 ··<ds:component·id="scap_org.open-scap_comp_ssg-opensuse-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">26 ··<ds:component·id="scap_org.open-scap_comp_ssg-opensuse-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">27 ····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28 ······<cpe-dict:cpe-item·name="cpe:/o:opensuse:leap:15.0">28 ······<cpe-dict:cpe-item·name="cpe:/o:opensuse:leap:15.0">
29 ········<cpe-dict:title·xml:lang="en-us">openSUSE·Leap·15.0</cpe-dict:title>29 ········<cpe-dict:title·xml:lang="en-us">openSUSE·Leap·15.0</cpe-dict:title>
30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml">oval:ssg-installed_OS_is_opensuse_leap15:def:1</cpe-dict:check>30 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml">oval:ssg-installed_OS_is_opensuse_leap15:def:1</cpe-dict:check>
31 ······</cpe-dict:cpe-item>31 ······</cpe-dict:cpe-item>
32 ······<cpe-dict:cpe-item·name="cpe:/o:opensuse:leap:42.1">32 ······<cpe-dict:cpe-item·name="cpe:/o:opensuse:leap:42.1">
33 ········<cpe-dict:title·xml:lang="en-us">openSUSE·Leap·42.1</cpe-dict:title>33 ········<cpe-dict:title·xml:lang="en-us">openSUSE·Leap·42.1</cpe-dict:title>
Offset 39, 15 lines modifiedOffset 39, 15 lines modified
39 ······</cpe-dict:cpe-item>39 ······</cpe-dict:cpe-item>
40 ······<cpe-dict:cpe-item·name="cpe:/o:opensuse:leap:42.3">40 ······<cpe-dict:cpe-item·name="cpe:/o:opensuse:leap:42.3">
41 ········<cpe-dict:title·xml:lang="en-us">openSUSE·Leap·42.3</cpe-dict:title>41 ········<cpe-dict:title·xml:lang="en-us">openSUSE·Leap·42.3</cpe-dict:title>
42 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml">oval:ssg-installed_OS_is_opensuse_leap42:def:1</cpe-dict:check>42 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml">oval:ssg-installed_OS_is_opensuse_leap42:def:1</cpe-dict:check>
43 ······</cpe-dict:cpe-item>43 ······</cpe-dict:cpe-item>
44 ····</cpe-dict:cpe-list>44 ····</cpe-dict:cpe-list>
45 ··</ds:component>45 ··</ds:component>
46 ··<ds:component·id="scap_org.open-scap_comp_ssg-opensuse-xccdf.xml"·timestamp="2025-02-28T20:08:00">46 ··<ds:component·id="scap_org.open-scap_comp_ssg-opensuse-xccdf.xml"·timestamp="2025-03-01T22:08:00">
47 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OPENSUSE"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">47 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OPENSUSE"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
48 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>48 ······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
49 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·openSUSE</xccdf-1.2:title>49 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·openSUSE</xccdf-1.2:title>
50 ······<xccdf-1.2:description>50 ······<xccdf-1.2:description>
51 ········This·guide·presents·a·catalog·of·security-relevant51 ········This·guide·presents·a·catalog·of·security-relevant
52 configuration·settings·for·openSUSE.·It·is·a·rendering·of52 configuration·settings·for·openSUSE.·It·is·a·rendering·of
53 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)53 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 116, 162 lines modifiedOffset 116, 162 lines modified
116 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>116 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
117 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>117 ······<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
118 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>118 ······<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
119 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>119 ······<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
120 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>120 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
121 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>121 ······<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
122 ······<cpe-lang:platform-specification>122 ······<cpe-lang:platform-specification>
123 ········<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">123 ········<cpe-lang:platform·id="package_shadow-utils">
124 ··········<cpe-lang:logical-test·operator="OR"·negate="false">124 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 125 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
 126 ··········</cpe-lang:logical-test>
 127 ········</cpe-lang:platform>
 128 ········<cpe-lang:platform·id="aarch64_arch">
 129 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
125 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>130 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
126 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/> 
127 ··········</cpe-lang:logical-test>131 ··········</cpe-lang:logical-test>
128 ········</cpe-lang:platform>132 ········</cpe-lang:platform>
129 ········<cpe-lang:platform·id="machine">133 ········<cpe-lang:platform·id="machine">
130 ··········<cpe-lang:logical-test·operator="AND"·negate="false">134 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
131 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>135 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>
132 ··········</cpe-lang:logical-test>136 ··········</cpe-lang:logical-test>
133 ········</cpe-lang:platform>137 ········</cpe-lang:platform>
134 ········<cpe-lang:platform·id="package_iptables">138 ········<cpe-lang:platform·id="x86_64_arch">
135 ··········<cpe-lang:logical-test·operator="AND"·negate="false">139 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
136 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>140 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
137 ··········</cpe-lang:logical-test>141 ··········</cpe-lang:logical-test>
138 ········</cpe-lang:platform>142 ········</cpe-lang:platform>
139 ········<cpe-lang:platform·id="not_aarch64_arch">143 ········<cpe-lang:platform·id="system_with_kernel">
140 ··········<cpe-lang:logical-test·operator="AND"·negate="true">144 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
141 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>145 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
142 ··········</cpe-lang:logical-test>146 ··········</cpe-lang:logical-test>
143 ········</cpe-lang:platform>147 ········</cpe-lang:platform>
144 ········<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">148 ········<cpe-lang:platform·id="package_logrotate">
145 ··········<cpe-lang:logical-test·operator="AND"·negate="false">149 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 150 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>
 151 ··········</cpe-lang:logical-test>
 152 ········</cpe-lang:platform>
 153 ········<cpe-lang:platform·id="package_sudo">
 154 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
146 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>155 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
147 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>156 ··········</cpe-lang:logical-test>
 157 ········</cpe-lang:platform>
 158 ········<cpe-lang:platform·id="not_aarch64_arch">
 159 ··········<cpe-lang:logical-test·operator="AND"·negate="true">
148 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>160 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
149 ··········</cpe-lang:logical-test>161 ··········</cpe-lang:logical-test>
150 ········</cpe-lang:platform>162 ········</cpe-lang:platform>
151 ········<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">163 ········<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">
152 ··········<cpe-lang:logical-test·operator="AND"·negate="false">164 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
153 ············<cpe-lang:logical-test·operator="AND"·negate="true">165 ············<cpe-lang:logical-test·operator="AND"·negate="true">
154 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>166 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
155 ············</cpe-lang:logical-test>167 ············</cpe-lang:logical-test>
156 ············<cpe-lang:logical-test·operator="AND"·negate="true">168 ············<cpe-lang:logical-test·operator="AND"·negate="true">
157 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>169 ··············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>
158 ············</cpe-lang:logical-test>170 ············</cpe-lang:logical-test>
159 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>171 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
160 ··········</cpe-lang:logical-test>172 ··········</cpe-lang:logical-test>
161 ········</cpe-lang:platform>173 ········</cpe-lang:platform>
162 ········<cpe-lang:platform·id="package_pam">174 ········<cpe-lang:platform·id="package_systemd">
163 ··········<cpe-lang:logical-test·operator="AND"·negate="false">175 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
164 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>176 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_systemd:def:1"/>
165 ··········</cpe-lang:logical-test>177 ··········</cpe-lang:logical-test>
166 ········</cpe-lang:platform>178 ········</cpe-lang:platform>
167 ········<cpe-lang:platform·id="package_rsyslog">179 ········<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">
168 ··········<cpe-lang:logical-test·operator="AND"·negate="false">180 ··········<cpe-lang:logical-test·operator="OR"·negate="false">
 181 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
169 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>182 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
170 ··········</cpe-lang:logical-test>183 ··········</cpe-lang:logical-test>
171 ········</cpe-lang:platform>184 ········</cpe-lang:platform>
172 ········<cpe-lang:platform·id="package_logrotate">185 ········<cpe-lang:platform·id="package_rsyslog">
173 ··········<cpe-lang:logical-test·operator="AND"·negate="false">186 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
174 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>187 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>
175 ··········</cpe-lang:logical-test>188 ··········</cpe-lang:logical-test>
176 ········</cpe-lang:platform>189 ········</cpe-lang:platform>
177 ········<cpe-lang:platform·id="package_audit">190 ········<cpe-lang:platform·id="package_gdm">
178 ··········<cpe-lang:logical-test·operator="AND"·negate="false">191 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
179 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>192 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>
180 ··········</cpe-lang:logical-test>193 ··········</cpe-lang:logical-test>
181 ········</cpe-lang:platform>194 ········</cpe-lang:platform>
182 ········<cpe-lang:platform·id="package_sudo">195 ········<cpe-lang:platform·id="package_postfix">
183 ··········<cpe-lang:logical-test·operator="AND"·negate="false">196 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
184 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>197 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_postfix:def:1"/>
185 ··········</cpe-lang:logical-test>198 ··········</cpe-lang:logical-test>
186 ········</cpe-lang:platform>199 ········</cpe-lang:platform>
187 ········<cpe-lang:platform·id="system_with_kernel">200 ········<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">
188 ··········<cpe-lang:logical-test·operator="AND"·negate="false">201 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
 202 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
 203 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>
189 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>204 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
190 ··········</cpe-lang:logical-test>205 ··········</cpe-lang:logical-test>
191 ········</cpe-lang:platform>206 ········</cpe-lang:platform>
192 ········<cpe-lang:platform·id="package_postfix">207 ········<cpe-lang:platform·id="package_rsh-server">
193 ··········<cpe-lang:logical-test·operator="AND"·negate="false">208 ··········<cpe-lang:logical-test·operator="AND"·negate="false">
194 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_postfix:def:1"/>209 ············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_rsh-server:def:1"/>
Max diff block lines reached; 1153325/1166690 bytes (98.85%) of diff not shown.
642 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-ocil.xml
642 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-ocil.xml
Ordering differences only
    
Offset 3, 4775 lines modifiedOffset 3, 4598 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-selinux_state_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_proc_kcore_ocil:questionnaire:1">
11 ······<ocil:title>Ensure·SELinux·State·is·Enforcing</ocil:title>11 ······<ocil:title>Disable·support·for·/proc/kkcore</ocil:title>
12 ······<ocil:actions>12 ······<ocil:actions>
13 ········<ocil:test_action_ref>ocil:ssg-selinux_state_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-kernel_config_proc_kcore_action:testaction:1</ocil:test_action_ref>
14 ······</ocil:actions>14 ······</ocil:actions>
15 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
16 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_tcp_forwarding_ocil:questionnaire:1"> 
17 ······<ocil:title>Disable·SSH·TCP·Forwarding</ocil:title>16 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_randomize_base_ocil:questionnaire:1">
 17 ······<ocil:title>Randomize·the·address·of·the·kernel·image·(KASLR)</ocil:title>
18 ······<ocil:actions>18 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_tcp_forwarding_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-kernel_config_randomize_base_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>20 ······</ocil:actions>
21 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-postfix_client_configure_relayhost_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
23 ······<ocil:title>Configure·System·to·Forward·All·Mail·through·a·specific·host</ocil:title>23 ······<ocil:title>Verify·User·Who·Owns·/var/log·Directory</ocil:title>
24 ······<ocil:actions>24 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-postfix_client_configure_relayhost_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>26 ······</ocil:actions>
27 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-audit_privileged_commands_reboot_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-package_ntp_installed_ocil:questionnaire:1">
29 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·reboot</ocil:title>29 ······<ocil:title>Install·the·ntp·service</ocil:title>
30 ······<ocil:actions>30 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-audit_privileged_commands_reboot_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-package_ntp_installed_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>32 ······</ocil:actions>
33 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_bug_ocil:questionnaire:1"> 
35 ······<ocil:title>Enable·support·for·BUG()</ocil:title>34 ····<ocil:questionnaire·id="ocil:ssg-grub2_spec_store_bypass_disable_argument_ocil:questionnaire:1">
 35 ······<ocil:title>Configure·Speculative·Store·Bypass·Mitigation</ocil:title>
36 ······<ocil:actions>36 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-kernel_config_bug_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-grub2_spec_store_bypass_disable_argument_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>38 ······</ocil:actions>
39 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-auditd_local_events_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_var_log_messages_ocil:questionnaire:1">
41 ······<ocil:title>Include·Local·Events·in·Audit·Logs</ocil:title>41 ······<ocil:title>Verify·Group·Who·Owns·/var/log/messages·File</ocil:title>
42 ······<ocil:actions>42 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-auditd_local_events_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_var_log_messages_action:testaction:1</ocil:test_action_ref>
 44 ······</ocil:actions>
 45 ····</ocil:questionnaire>
 46 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_passwd_ocil:questionnaire:1">
 47 ······<ocil:title>Verify·Group·Who·Owns·Backup·passwd·File</ocil:title>
 48 ······<ocil:actions>
 49 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>50 ······</ocil:actions>
45 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_group_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_group_ocil:questionnaire:1">
47 ······<ocil:title>Verify·Group·Who·Owns·group·File</ocil:title>53 ······<ocil:title>Verify·Group·Who·Owns·group·File</ocil:title>
48 ······<ocil:actions>54 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_group_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_group_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>56 ······</ocil:actions>
51 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_unauthorized_world_writable_ocil:questionnaire:1"> 
53 ······<ocil:title>Ensure·No·World-Writable·Files·Exist</ocil:title>58 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_settimeofday_ocil:questionnaire:1">
 59 ······<ocil:title>Record·attempts·to·alter·time·through·settimeofday</ocil:title>
54 ······<ocil:actions>60 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-file_permissions_unauthorized_world_writable_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-audit_rules_time_settimeofday_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>62 ······</ocil:actions>
57 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-file_groupownership_sshd_pub_key_ocil:questionnaire:1"> 
59 ······<ocil:title>Verify·Group·Ownership·on·SSH·Server·Public·*.pub·Key·Files</ocil:title>64 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lremovexattr_ocil:questionnaire:1">
 65 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·lremovexattr</ocil:title>
60 ······<ocil:actions>66 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-file_groupownership_sshd_pub_key_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_lremovexattr_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>68 ······</ocil:actions>
63 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-package_MFEhiplsm_installed_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-sshd_use_priv_separation_ocil:questionnaire:1">
65 ······<ocil:title>Install·the·Host·Intrusion·Prevention·System·(HIPS)·Module</ocil:title>71 ······<ocil:title>Enable·Use·of·Privilege·Separation</ocil:title>
66 ······<ocil:actions>72 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-package_MFEhiplsm_installed_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-sshd_use_priv_separation_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>74 ······</ocil:actions>
69 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1"> 
71 ······<ocil:title>Verify·Permissions·on·SSH·Server·Private·*_key·Key·Files</ocil:title>76 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_shared_media_ocil:questionnaire:1">
 77 ······<ocil:title>Configure·Sending·and·Accepting·Shared·Media·Redirects·for·All·IPv4·Interfaces</ocil:title>
72 ······<ocil:actions>78 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_shared_media_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>80 ······</ocil:actions>
75 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_shadow_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_acpi_custom_method_ocil:questionnaire:1">
77 ······<ocil:title>Verify·Group·Who·Owns·shadow·File</ocil:title>83 ······<ocil:title>Do·not·allow·ACPI·methods·to·be·inserted/replaced·at·run·time</ocil:title>
78 ······<ocil:actions>84 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_shadow_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-kernel_config_acpi_custom_method_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>86 ······</ocil:actions>
81 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_rhosts_rsa_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_passwd_ocil:questionnaire:1">
83 ······<ocil:title>Disable·SSH·Support·for·Rhosts·RSA·Authentication</ocil:title>89 ······<ocil:title>Verify·User·Who·Owns·Backup·passwd·File</ocil:title>
84 ······<ocil:actions>90 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_rhosts_rsa_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>92 ······</ocil:actions>
87 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_shadow_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_key_ocil:questionnaire:1">
89 ······<ocil:title>Verify·User·Who·Owns·shadow·File</ocil:title>95 ······<ocil:title>Specify·module·signing·key·to·use</ocil:title>
90 ······<ocil:actions>96 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-file_owner_etc_shadow_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_key_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>98 ······</ocil:actions>
93 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-file_groupownership_sshd_private_key_ocil:questionnaire:1">100 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_passwd_ocil:questionnaire:1">
95 ······<ocil:title>Verify·Group·Ownership·on·SSH·Server·Private·*_key·Key·Files</ocil:title>101 ······<ocil:title>Verify·Permissions·on·passwd·File</ocil:title>
96 ······<ocil:actions>102 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-file_groupownership_sshd_private_key_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_passwd_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>104 ······</ocil:actions>
99 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-partition_for_var_log_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-package_openssh-server_installed_ocil:questionnaire:1">
101 ······<ocil:title>Ensure·/var/log·Located·On·Separate·Partition</ocil:title>107 ······<ocil:title>Install·the·OpenSSH·Server·Package</ocil:title>
102 ······<ocil:actions>108 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-partition_for_var_log_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-package_openssh-server_installed_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>110 ······</ocil:actions>
105 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_gshadow_ocil:questionnaire:1">112 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_page_poisoning_no_sanity_ocil:questionnaire:1">
107 ······<ocil:title>Verify·Permissions·on·gshadow·File</ocil:title>113 ······<ocil:title>Enable·poison·without·sanity·check</ocil:title>
108 ······<ocil:actions>114 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_gshadow_action:testaction:1</ocil:test_action_ref>115 ········<ocil:test_action_ref>ocil:ssg-kernel_config_page_poisoning_no_sanity_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>116 ······</ocil:actions>
111 ····</ocil:questionnaire>117 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-grub2_enable_iommu_force_ocil:questionnaire:1"> 
113 ······<ocil:title>IOMMU·configuration·directive</ocil:title>118 ····<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_ocil:questionnaire:1">
 119 ······<ocil:title>Ensure·Rsyslog·Encrypts·Off-Loaded·Audit·Records</ocil:title>
114 ······<ocil:actions>120 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-grub2_enable_iommu_force_action:testaction:1</ocil:test_action_ref>121 ········<ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>122 ······</ocil:actions>
117 ····</ocil:questionnaire>123 ····</ocil:questionnaire>
Max diff block lines reached; 645016/657198 bytes (98.15%) of diff not shown.
451 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-xccdf.xml
451 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-xccdf.xml
Ordering differences only
    
Offset 71, 162 lines modifiedOffset 71, 162 lines modified
71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</xccdf-1.2:reference>
76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
77 ··<cpe-lang:platform-specification>77 ··<cpe-lang:platform-specification>
78 ····<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">78 ····<cpe-lang:platform·id="package_shadow-utils">
79 ······<cpe-lang:logical-test·operator="OR"·negate="false">79 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
 81 ······</cpe-lang:logical-test>
 82 ····</cpe-lang:platform>
 83 ····<cpe-lang:platform·id="aarch64_arch">
 84 ······<cpe-lang:logical-test·operator="AND"·negate="false">
80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
81 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/> 
82 ······</cpe-lang:logical-test>86 ······</cpe-lang:logical-test>
83 ····</cpe-lang:platform>87 ····</cpe-lang:platform>
84 ····<cpe-lang:platform·id="machine">88 ····<cpe-lang:platform·id="machine">
85 ······<cpe-lang:logical-test·operator="AND"·negate="false">89 ······<cpe-lang:logical-test·operator="AND"·negate="false">
86 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>90 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>
87 ······</cpe-lang:logical-test>91 ······</cpe-lang:logical-test>
88 ····</cpe-lang:platform>92 ····</cpe-lang:platform>
89 ····<cpe-lang:platform·id="package_iptables">93 ····<cpe-lang:platform·id="x86_64_arch">
90 ······<cpe-lang:logical-test·operator="AND"·negate="false">94 ······<cpe-lang:logical-test·operator="AND"·negate="false">
91 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>95 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
92 ······</cpe-lang:logical-test>96 ······</cpe-lang:logical-test>
93 ····</cpe-lang:platform>97 ····</cpe-lang:platform>
94 ····<cpe-lang:platform·id="not_aarch64_arch">98 ····<cpe-lang:platform·id="system_with_kernel">
95 ······<cpe-lang:logical-test·operator="AND"·negate="true">99 ······<cpe-lang:logical-test·operator="AND"·negate="false">
96 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>100 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
97 ······</cpe-lang:logical-test>101 ······</cpe-lang:logical-test>
98 ····</cpe-lang:platform>102 ····</cpe-lang:platform>
99 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">103 ····<cpe-lang:platform·id="package_logrotate">
100 ······<cpe-lang:logical-test·operator="AND"·negate="false">104 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 105 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>
 106 ······</cpe-lang:logical-test>
 107 ····</cpe-lang:platform>
 108 ····<cpe-lang:platform·id="package_sudo">
 109 ······<cpe-lang:logical-test·operator="AND"·negate="false">
101 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>110 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
102 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>111 ······</cpe-lang:logical-test>
 112 ····</cpe-lang:platform>
 113 ····<cpe-lang:platform·id="not_aarch64_arch">
 114 ······<cpe-lang:logical-test·operator="AND"·negate="true">
103 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>115 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
104 ······</cpe-lang:logical-test>116 ······</cpe-lang:logical-test>
105 ····</cpe-lang:platform>117 ····</cpe-lang:platform>
106 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">118 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">
107 ······<cpe-lang:logical-test·operator="AND"·negate="false">119 ······<cpe-lang:logical-test·operator="AND"·negate="false">
108 ········<cpe-lang:logical-test·operator="AND"·negate="true">120 ········<cpe-lang:logical-test·operator="AND"·negate="true">
109 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>121 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
110 ········</cpe-lang:logical-test>122 ········</cpe-lang:logical-test>
111 ········<cpe-lang:logical-test·operator="AND"·negate="true">123 ········<cpe-lang:logical-test·operator="AND"·negate="true">
112 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>124 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>
113 ········</cpe-lang:logical-test>125 ········</cpe-lang:logical-test>
114 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>126 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
115 ······</cpe-lang:logical-test>127 ······</cpe-lang:logical-test>
116 ····</cpe-lang:platform>128 ····</cpe-lang:platform>
117 ····<cpe-lang:platform·id="package_pam">129 ····<cpe-lang:platform·id="package_systemd">
118 ······<cpe-lang:logical-test·operator="AND"·negate="false">130 ······<cpe-lang:logical-test·operator="AND"·negate="false">
119 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>131 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_systemd:def:1"/>
120 ······</cpe-lang:logical-test>132 ······</cpe-lang:logical-test>
121 ····</cpe-lang:platform>133 ····</cpe-lang:platform>
122 ····<cpe-lang:platform·id="package_rsyslog">134 ····<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">
123 ······<cpe-lang:logical-test·operator="AND"·negate="false">135 ······<cpe-lang:logical-test·operator="OR"·negate="false">
 136 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
124 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>137 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
125 ······</cpe-lang:logical-test>138 ······</cpe-lang:logical-test>
126 ····</cpe-lang:platform>139 ····</cpe-lang:platform>
127 ····<cpe-lang:platform·id="package_logrotate">140 ····<cpe-lang:platform·id="package_rsyslog">
128 ······<cpe-lang:logical-test·operator="AND"·negate="false">141 ······<cpe-lang:logical-test·operator="AND"·negate="false">
129 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>142 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_rsyslog:def:1"/>
130 ······</cpe-lang:logical-test>143 ······</cpe-lang:logical-test>
131 ····</cpe-lang:platform>144 ····</cpe-lang:platform>
132 ····<cpe-lang:platform·id="package_audit">145 ····<cpe-lang:platform·id="package_gdm">
133 ······<cpe-lang:logical-test·operator="AND"·negate="false">146 ······<cpe-lang:logical-test·operator="AND"·negate="false">
134 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>147 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>
135 ······</cpe-lang:logical-test>148 ······</cpe-lang:logical-test>
136 ····</cpe-lang:platform>149 ····</cpe-lang:platform>
137 ····<cpe-lang:platform·id="package_sudo">150 ····<cpe-lang:platform·id="package_postfix">
138 ······<cpe-lang:logical-test·operator="AND"·negate="false">151 ······<cpe-lang:logical-test·operator="AND"·negate="false">
139 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>152 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_postfix:def:1"/>
140 ······</cpe-lang:logical-test>153 ······</cpe-lang:logical-test>
141 ····</cpe-lang:platform>154 ····</cpe-lang:platform>
142 ····<cpe-lang:platform·id="system_with_kernel">155 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">
143 ······<cpe-lang:logical-test·operator="AND"·negate="false">156 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 157 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
 158 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/>
144 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>159 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
145 ······</cpe-lang:logical-test>160 ······</cpe-lang:logical-test>
146 ····</cpe-lang:platform>161 ····</cpe-lang:platform>
147 ····<cpe-lang:platform·id="package_postfix">162 ····<cpe-lang:platform·id="package_rsh-server">
148 ······<cpe-lang:logical-test·operator="AND"·negate="false">163 ······<cpe-lang:logical-test·operator="AND"·negate="false">
149 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_postfix:def:1"/>164 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_rsh-server:def:1"/>
150 ······</cpe-lang:logical-test>165 ······</cpe-lang:logical-test>
151 ····</cpe-lang:platform>166 ····</cpe-lang:platform>
152 ····<cpe-lang:platform·id="package_chrony">167 ····<cpe-lang:platform·id="package_chrony">
153 ······<cpe-lang:logical-test·operator="AND"·negate="false">168 ······<cpe-lang:logical-test·operator="AND"·negate="false">
154 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_chrony:def:1"/>169 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_chrony:def:1"/>
155 ······</cpe-lang:logical-test>170 ······</cpe-lang:logical-test>
156 ····</cpe-lang:platform>171 ····</cpe-lang:platform>
157 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw">172 ····<cpe-lang:platform·id="not_aarch64_arch_and_not_s390x_arch">
158 ······<cpe-lang:logical-test·operator="AND"·negate="false">173 ······<cpe-lang:logical-test·operator="AND"·negate="false">
159 ········<cpe-lang:logical-test·operator="AND"·negate="true">174 ········<cpe-lang:logical-test·operator="AND"·negate="true">
160 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>175 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
161 ········</cpe-lang:logical-test>176 ········</cpe-lang:logical-test>
162 ········<cpe-lang:logical-test·operator="AND"·negate="true">177 ········<cpe-lang:logical-test·operator="AND"·negate="true">
163 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>178 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_s390x:def:1"/>
164 ········</cpe-lang:logical-test>179 ········</cpe-lang:logical-test>
165 ······</cpe-lang:logical-test>180 ······</cpe-lang:logical-test>
166 ····</cpe-lang:platform>181 ····</cpe-lang:platform>
167 ····<cpe-lang:platform·id="grub2_and_system_with_kernel">182 ····<cpe-lang:platform·id="package_audit">
168 ······<cpe-lang:logical-test·operator="AND"·negate="false">183 ······<cpe-lang:logical-test·operator="AND"·negate="false">
169 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/> 
170 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>184 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_audit:def:1"/>
171 ······</cpe-lang:logical-test>185 ······</cpe-lang:logical-test>
172 ····</cpe-lang:platform>186 ····</cpe-lang:platform>
173 ····<cpe-lang:platform·id="package_ufw_and_system_with_kernel">187 ····<cpe-lang:platform·id="package_pam">
174 ······<cpe-lang:logical-test·operator="AND"·negate="false">188 ······<cpe-lang:logical-test·operator="AND"·negate="false">
175 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>189 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>
176 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/> 
177 ······</cpe-lang:logical-test>190 ······</cpe-lang:logical-test>
178 ····</cpe-lang:platform>191 ····</cpe-lang:platform>
179 ····<cpe-lang:platform·id="package_gdm">192 ····<cpe-lang:platform·id="package_iptables">
180 ······<cpe-lang:logical-test·operator="AND"·negate="false">193 ······<cpe-lang:logical-test·operator="AND"·negate="false">
181 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_gdm:def:1"/>194 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
Max diff block lines reached; 447409/461208 bytes (97.01%) of diff not shown.
1.66 MB
./usr/share/xml/scap/ssg/content/ssg-rhcos4-ds.xml
1.66 MB
./usr/share/xml/scap/ssg/content/ssg-rhcos4-ds.xml
Max HTML report size reached
1.55 MB
./usr/share/xml/scap/ssg/content/ssg-rhcos4-ocil.xml
1.55 MB
./usr/share/xml/scap/ssg/content/ssg-rhcos4-ocil.xml
Ordering differences only
    
Offset 3, 10201 lines modifiedOffset 3, 10189 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
 10 ····<ocil:questionnaire·id="ocil:ssg-accounts_users_home_files_ownership_ocil:questionnaire:1">
 11 ······<ocil:title>All·User·Files·and·Directories·In·The·Home·Directory·Must·Have·a·Valid·Owner</ocil:title>
10 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_idle_timeout_ocil:questionnaire:1"> 
11 ······<ocil:title>Set·SSH·Client·Alive·Interval</ocil:title> 
12 ······<ocil:actions> 
13 ········<ocil:test_action_ref>ocil:ssg-sshd_set_idle_timeout_action:testaction:1</ocil:test_action_ref> 
14 ······</ocil:actions> 
15 ····</ocil:questionnaire> 
16 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchown_ocil:questionnaire:1"> 
17 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchown</ocil:title> 
18 ······<ocil:actions>12 ······<ocil:actions>
19 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchown_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-accounts_users_home_files_ownership_action:testaction:1</ocil:test_action_ref>
20 ······</ocil:actions>14 ······</ocil:actions>
21 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
22 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_sysadmin_actions_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-etc_system_fips_exists_ocil:questionnaire:1">
23 ······<ocil:title>Ensure·auditd·Collects·System·Administrator·Actions</ocil:title>17 ······<ocil:title>Ensure·'/etc/system-fips'·exists</ocil:title>
24 ······<ocil:actions>18 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-audit_rules_sysadmin_actions_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-etc_system_fips_exists_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>20 ······</ocil:actions>
27 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-package_rsyslog_installed_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-accounts_root_gid_zero_ocil:questionnaire:1">
29 ······<ocil:title>Ensure·rsyslog·is·Installed</ocil:title>23 ······<ocil:title>Verify·Root·Has·A·Primary·GID·0</ocil:title>
30 ······<ocil:actions>24 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-package_rsyslog_installed_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-accounts_root_gid_zero_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>26 ······</ocil:actions>
33 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-service_autofs_disabled_ocil:questionnaire:1"> 
35 ······<ocil:title>Disable·the·Automounter</ocil:title>28 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_fremovexattr_ocil:questionnaire:1">
 29 ······<ocil:title>Record·Unsuccessful·Permission·Changes·to·Files·-·fremovexattr</ocil:title>
36 ······<ocil:actions>30 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-service_autofs_disabled_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_fremovexattr_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>32 ······</ocil:actions>
39 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_sshd_pub_key_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-service_sshd_disabled_ocil:questionnaire:1">
41 ······<ocil:title>Verify·Permissions·on·SSH·Server·Public·*.pub·Key·Files</ocil:title>35 ······<ocil:title>Disable·SSH·Server·If·Possible</ocil:title>
42 ······<ocil:actions>36 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-file_permissions_sshd_pub_key_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-service_sshd_disabled_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>38 ······</ocil:actions>
45 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-account_use_centralized_automated_auth_ocil:questionnaire:1"> 
47 ······<ocil:title>Use·Centralized·and·Automated·Authentication</ocil:title>40 ····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_issue_ocil:questionnaire:1">
 41 ······<ocil:title>Verify·ownership·of·System·Login·Banner</ocil:title>
48 ······<ocil:actions>42 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-account_use_centralized_automated_auth_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-file_owner_etc_issue_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>44 ······</ocil:actions>
51 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_panic_on_oops_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_home_dirs_ocil:questionnaire:1">
53 ······<ocil:title>Kernel·panic·oops</ocil:title>47 ······<ocil:title>Ensure·that·User·Home·Directories·are·not·Group-Writable·or·World-Readable</ocil:title>
54 ······<ocil:actions>48 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-kernel_config_panic_on_oops_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-file_permissions_home_dirs_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>50 ······</ocil:actions>
57 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-package_audit_installed_ocil:questionnaire:1">
59 ······<ocil:title>Disable·Compression·Or·Set·Compression·to·delayed</ocil:title>53 ······<ocil:title>Ensure·the·audit·Subsystem·is·Installed</ocil:title>
60 ······<ocil:actions>54 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-package_audit_installed_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>56 ······</ocil:actions>
63 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-sysctl_fs_suid_dumpable_ocil:questionnaire:1">58 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_gpasswd_ocil:questionnaire:1">
65 ······<ocil:title>Disable·Core·Dumps·for·SUID·programs</ocil:title>59 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·gpasswd</ocil:title>
66 ······<ocil:actions>60 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-sysctl_fs_suid_dumpable_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_gpasswd_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>62 ······</ocil:actions>
69 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-service_syslogng_enabled_ocil:questionnaire:1"> 
71 ······<ocil:title>Enable·syslog-ng·Service</ocil:title>64 ····<ocil:questionnaire·id="ocil:ssg-mount_option_nosuid_removable_partitions_ocil:questionnaire:1">
 65 ······<ocil:title>Add·nosuid·Option·to·Removable·Media·Partitions</ocil:title>
72 ······<ocil:actions>66 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-service_syslogng_enabled_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-mount_option_nosuid_removable_partitions_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>68 ······</ocil:actions>
75 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write_ocil:questionnaire:1"> 
77 ······<ocil:title>Record·Unsuccessful·Modification·Attempts·to·Files·-·open_by_handle_at·O_TRUNC_WRITE</ocil:title>70 ····<ocil:questionnaire·id="ocil:ssg-sudoers_explicit_command_args_ocil:questionnaire:1">
 71 ······<ocil:title>Explicit·arguments·in·sudo·specifications</ocil:title>
78 ······<ocil:actions>72 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-sudoers_explicit_command_args_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>74 ······</ocil:actions>
81 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-package_dracut-fips_installed_ocil:questionnaire:1"> 
83 ······<ocil:title>Install·the·dracut-fips·Package</ocil:title>76 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_grub2_set_bootflag_ocil:questionnaire:1">
 77 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·grub2_set_bootflag</ocil:title>
84 ······<ocil:actions>78 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-package_dracut-fips_installed_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_grub2_set_bootflag_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>80 ······</ocil:actions>
87 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_login_events_tallylog_ocil:questionnaire:1"> 
89 ······<ocil:title>Record·Attempts·to·Alter·Logon·and·Logout·Events·-·tallylog</ocil:title>82 ····<ocil:questionnaire·id="ocil:ssg-service_systemd-coredump_disabled_ocil:questionnaire:1">
 83 ······<ocil:title>Disable·acquiring,·saving,·and·processing·core·dumps</ocil:title>
90 ······<ocil:actions>84 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-audit_rules_login_events_tallylog_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-service_systemd-coredump_disabled_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>86 ······</ocil:actions>
93 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-directory_owner_etc_nftables_ocil:questionnaire:1"> 
95 ······<ocil:title>Verify·User·Who·Owns·/etc/nftables·Directory</ocil:title>88 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_sssd_ldap_child_ocil:questionnaire:1">
 89 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·sssd_ldap_child</ocil:title>
96 ······<ocil:actions>90 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-directory_owner_etc_nftables_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_sssd_ldap_child_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>92 ······</ocil:actions>
99 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-configure_usbguard_auditbackend_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-auditd_audispd_configure_remote_server_ocil:questionnaire:1">
101 ······<ocil:title>Log·USBGuard·daemon·audit·events·using·Linux·Audit</ocil:title>95 ······<ocil:title>Configure·audispd·Plugin·To·Send·Logs·To·Remote·Server</ocil:title>
102 ······<ocil:actions>96 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-configure_usbguard_auditbackend_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-auditd_audispd_configure_remote_server_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>98 ······</ocil:actions>
105 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_sudo_ocil:questionnaire:1"> 
107 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·sudo</ocil:title>100 ····<ocil:questionnaire·id="ocil:ssg-file_owner_efi_grub2_cfg_ocil:questionnaire:1">
 101 ······<ocil:title>Verify·the·UEFI·Boot·Loader·grub.cfg·User·Ownership</ocil:title>
108 ······<ocil:actions>102 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_sudo_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-file_owner_efi_grub2_cfg_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>104 ······</ocil:actions>
111 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_shadow_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_fusermount_ocil:questionnaire:1">
113 ······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/shadow</ocil:title>107 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·fusermount</ocil:title>
114 ······<ocil:actions>108 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_shadow_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_fusermount_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>110 ······</ocil:actions>
117 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-zipl_slub_debug_argument_ocil:questionnaire:1">112 ····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_gshadow_ocil:questionnaire:1">
119 ······<ocil:title>Enable·SLUB/SLAB·allocator·poisoning·in·zIPL</ocil:title>113 ······<ocil:title>Verify·User·Who·Owns·gshadow·File</ocil:title>
Max diff block lines reached; 1611660/1623975 bytes (99.24%) of diff not shown.
41.5 KB
./usr/share/xml/scap/ssg/content/ssg-rhcos4-xccdf.xml
41.4 KB
./usr/share/xml/scap/ssg/content/ssg-rhcos4-xccdf.xml
Ordering differences only
    
Offset 71, 355 lines modifiedOffset 71, 355 lines modified
71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>71 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</xccdf-1.2:reference>
72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>72 ··<xccdf-1.2:reference·href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</xccdf-1.2:reference>
73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>73 ··<xccdf-1.2:reference·href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</xccdf-1.2:reference>
74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>74 ··<xccdf-1.2:reference·href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</xccdf-1.2:reference>
75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">stigid</xccdf-1.2:reference>75 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">stigid</xccdf-1.2:reference>
76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>76 ··<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</xccdf-1.2:reference>
77 ··<cpe-lang:platform-specification>77 ··<cpe-lang:platform-specification>
78 ····<cpe-lang:platform·id="ipv6_enabled">78 ····<cpe-lang:platform·id="mount_var-log">
79 ······<cpe-lang:logical-test·operator="AND"·negate="false">79 ······<cpe-lang:logical-test·operator="AND"·negate="false">
80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-ipv6_enabled:def:1"/>80 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-installed_env_mount_var-log:def:1"/>
81 ······</cpe-lang:logical-test>81 ······</cpe-lang:logical-test>
82 ····</cpe-lang:platform>82 ····</cpe-lang:platform>
83 ····<cpe-lang:platform·id="aarch64_arch_or_x86_64_arch">83 ····<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
84 ······<cpe-lang:logical-test·operator="OR"·negate="false">84 ······<cpe-lang:logical-test·operator="AND"·negate="false">
85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/> 
86 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>85 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
87 ······</cpe-lang:logical-test>86 ······</cpe-lang:logical-test>
88 ····</cpe-lang:platform>87 ····</cpe-lang:platform>
89 ····<cpe-lang:platform·id="mount_var-log">88 ····<cpe-lang:platform·id="package_shadow-utils">
90 ······<cpe-lang:logical-test·operator="AND"·negate="false">89 ······<cpe-lang:logical-test·operator="AND"·negate="false">
91 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-installed_env_mount_var-log:def:1"/>90 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
92 ······</cpe-lang:logical-test>91 ······</cpe-lang:logical-test>
93 ····</cpe-lang:platform>92 ····</cpe-lang:platform>
94 ····<cpe-lang:platform·id="grub2">93 ····<cpe-lang:platform·id="package_ntp">
95 ······<cpe-lang:logical-test·operator="AND"·negate="false">94 ······<cpe-lang:logical-test·operator="AND"·negate="false">
96 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-installed_env_has_grub2_package:def:1"/>95 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_ntp:def:1"/>
97 ······</cpe-lang:logical-test>96 ······</cpe-lang:logical-test>
98 ····</cpe-lang:platform>97 ····</cpe-lang:platform>
99 ····<cpe-lang:platform·id="mount_var-tmp">98 ····<cpe-lang:platform·id="rhcos4-rhel9">
100 ······<cpe-lang:logical-test·operator="AND"·negate="false">99 ······<cpe-lang:logical-test·operator="AND"·negate="false">
101 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-installed_env_mount_var-tmp:def:1"/>100 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-installed_OS_is_rhcos4_rhel9:def:1"/>
 101 ······</cpe-lang:logical-test>
 102 ····</cpe-lang:platform>
 103 ····<cpe-lang:platform·id="aarch64_arch">
 104 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 105 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
102 ······</cpe-lang:logical-test>106 ······</cpe-lang:logical-test>
103 ····</cpe-lang:platform>107 ····</cpe-lang:platform>
104 ····<cpe-lang:platform·id="machine">108 ····<cpe-lang:platform·id="machine">
105 ······<cpe-lang:logical-test·operator="AND"·negate="false">109 ······<cpe-lang:logical-test·operator="AND"·negate="false">
106 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>110 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>
107 ······</cpe-lang:logical-test>111 ······</cpe-lang:logical-test>
108 ····</cpe-lang:platform>112 ····</cpe-lang:platform>
109 ····<cpe-lang:platform·id="package_iptables">113 ····<cpe-lang:platform·id="x86_64_arch">
110 ······<cpe-lang:logical-test·operator="AND"·negate="false">114 ······<cpe-lang:logical-test·operator="AND"·negate="false">
111 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>115 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_x86_64:def:1"/>
112 ······</cpe-lang:logical-test>116 ······</cpe-lang:logical-test>
113 ····</cpe-lang:platform>117 ····</cpe-lang:platform>
114 ····<cpe-lang:platform·id="not_aarch64_arch">118 ····<cpe-lang:platform·id="package_libreswan">
115 ······<cpe-lang:logical-test·operator="AND"·negate="true">119 ······<cpe-lang:logical-test·operator="AND"·negate="false">
116 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>120 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_libreswan:def:1"/>
117 ······</cpe-lang:logical-test>121 ······</cpe-lang:logical-test>
118 ····</cpe-lang:platform>122 ····</cpe-lang:platform>
119 ····<cpe-lang:platform·id="krb5_server_older_than_1_17-18_and_krb5_workstation_older_than_1_17-18">123 ····<cpe-lang:platform·id="package_sssd">
120 ······<cpe-lang:logical-test·operator="AND"·negate="false">124 ······<cpe-lang:logical-test·operator="AND"·negate="false">
121 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-krb5_server_older_than_1_17_18:def:1"/>125 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_sssd:def:1"/>
122 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-krb5_workstation_older_than_1_17_18:def:1"/> 
123 ······</cpe-lang:logical-test>126 ······</cpe-lang:logical-test>
124 ····</cpe-lang:platform>127 ····</cpe-lang:platform>
125 ····<cpe-lang:platform·id="package_ntp">128 ····<cpe-lang:platform·id="package_tmux">
126 ······<cpe-lang:logical-test·operator="AND"·negate="false">129 ······<cpe-lang:logical-test·operator="AND"·negate="false">
127 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_ntp:def:1"/>130 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_tmux:def:1"/>
128 ······</cpe-lang:logical-test>131 ······</cpe-lang:logical-test>
129 ····</cpe-lang:platform>132 ····</cpe-lang:platform>
130 ····<cpe-lang:platform·id="mount_tmp">133 ····<cpe-lang:platform·id="machine_and_package_apparmor">
131 ······<cpe-lang:logical-test·operator="AND"·negate="false">134 ······<cpe-lang:logical-test·operator="AND"·negate="false">
132 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-installed_env_mount_tmp:def:1"/>135 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_a_machine:def:1"/>
 136 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_apparmor:def:1"/>
133 ······</cpe-lang:logical-test>137 ······</cpe-lang:logical-test>
134 ····</cpe-lang:platform>138 ····</cpe-lang:platform>
135 ····<cpe-lang:platform·id="package_iptables_and_service_disabled_firewalld_and_system_with_kernel">139 ····<cpe-lang:platform·id="system_with_kernel">
136 ······<cpe-lang:logical-test·operator="AND"·negate="false">140 ······<cpe-lang:logical-test·operator="AND"·negate="false">
137 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/> 
138 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-service_disabled_firewalld:def:1"/> 
139 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>141 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/>
140 ······</cpe-lang:logical-test>142 ······</cpe-lang:logical-test>
141 ····</cpe-lang:platform>143 ····</cpe-lang:platform>
142 ····<cpe-lang:platform·id="mount_home">144 ····<cpe-lang:platform·id="package_logrotate">
143 ······<cpe-lang:logical-test·operator="AND"·negate="false">145 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 146 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_logrotate:def:1"/>
 147 ······</cpe-lang:logical-test>
 148 ····</cpe-lang:platform>
 149 ····<cpe-lang:platform·id="package_sudo">
 150 ······<cpe-lang:logical-test·operator="AND"·negate="false">
144 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-installed_env_mount_home:def:1"/>151 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_sudo:def:1"/>
 152 ······</cpe-lang:logical-test>
 153 ····</cpe-lang:platform>
 154 ····<cpe-lang:platform·id="not_aarch64_arch">
 155 ······<cpe-lang:logical-test·operator="AND"·negate="true">
 156 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_aarch64:def:1"/>
 157 ······</cpe-lang:logical-test>
 158 ····</cpe-lang:platform>
 159 ····<cpe-lang:platform·id="s390x_arch">
 160 ······<cpe-lang:logical-test·operator="AND"·negate="false">
 161 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_s390x:def:1"/>
145 ······</cpe-lang:logical-test>162 ······</cpe-lang:logical-test>
146 ····</cpe-lang:platform>163 ····</cpe-lang:platform>
147 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">164 ····<cpe-lang:platform·id="not_package_nftables_and_not_package_ufw_and_package_iptables">
148 ······<cpe-lang:logical-test·operator="AND"·negate="false">165 ······<cpe-lang:logical-test·operator="AND"·negate="false">
149 ········<cpe-lang:logical-test·operator="AND"·negate="true">166 ········<cpe-lang:logical-test·operator="AND"·negate="true">
150 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>167 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
151 ········</cpe-lang:logical-test>168 ········</cpe-lang:logical-test>
152 ········<cpe-lang:logical-test·operator="AND"·negate="true">169 ········<cpe-lang:logical-test·operator="AND"·negate="true">
153 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>170 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_ufw:def:1"/>
154 ········</cpe-lang:logical-test>171 ········</cpe-lang:logical-test>
155 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>172 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_iptables:def:1"/>
156 ······</cpe-lang:logical-test>173 ······</cpe-lang:logical-test>
157 ····</cpe-lang:platform>174 ····</cpe-lang:platform>
158 ····<cpe-lang:platform·id="not_osbuild_and_system_with_kernel">175 ····<cpe-lang:platform·id="package_nftables">
159 ······<cpe-lang:logical-test·operator="AND"·negate="false">176 ······<cpe-lang:logical-test·operator="AND"·negate="false">
160 ········<cpe-lang:logical-test·operator="AND"·negate="true"> 
161 ··········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-installed_env_is_osbuild:def:1"/>177 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_nftables:def:1"/>
162 ········</cpe-lang:logical-test> 
163 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-system_with_kernel:def:1"/> 
164 ······</cpe-lang:logical-test>178 ······</cpe-lang:logical-test>
165 ····</cpe-lang:platform>179 ····</cpe-lang:platform>
166 ····<cpe-lang:platform·id="package_pam">180 ····<cpe-lang:platform·id="package_usbguard">
167 ······<cpe-lang:logical-test·operator="AND"·negate="false">181 ······<cpe-lang:logical-test·operator="AND"·negate="false">
168 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_pam:def:1"/>182 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_usbguard:def:1"/>
169 ······</cpe-lang:logical-test>183 ······</cpe-lang:logical-test>
170 ····</cpe-lang:platform>184 ····</cpe-lang:platform>
171 ····<cpe-lang:platform·id="package_firewalld">185 ····<cpe-lang:platform·id="package_firewalld">
172 ······<cpe-lang:logical-test·operator="AND"·negate="false">186 ······<cpe-lang:logical-test·operator="AND"·negate="false">
173 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>187 ········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml"·id-ref="oval:ssg-package_firewalld:def:1"/>
174 ······</cpe-lang:logical-test>188 ······</cpe-lang:logical-test>
175 ····</cpe-lang:platform>189 ····</cpe-lang:platform>
176 ····<cpe-lang:platform·id="package_rsyslog">190 ····<cpe-lang:platform·id="package_systemd">
Max diff block lines reached; 29244/42234 bytes (69.24%) of diff not shown.
8.86 MB
./usr/share/xml/scap/ssg/content/ssg-rhel10-ds.xml
8.86 MB
./usr/share/xml/scap/ssg/content/ssg-rhel10-ds.xml
Max HTML report size reached
2.07 MB
./usr/share/xml/scap/ssg/content/ssg-rhel10-ocil.xml
2.07 MB
./usr/share/xml/scap/ssg/content/ssg-rhel10-ocil.xml
Max HTML report size reached
6.66 MB
./usr/share/xml/scap/ssg/content/ssg-rhel10-xccdf.xml
6.66 MB
./usr/share/xml/scap/ssg/content/ssg-rhel10-xccdf.xml
Max HTML report size reached
12.1 MB
./usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
12.1 MB
./usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
Max HTML report size reached
3.28 MB
./usr/share/xml/scap/ssg/content/ssg-rhel8-ocil.xml
3.28 MB
./usr/share/xml/scap/ssg/content/ssg-rhel8-ocil.xml
Max HTML report size reached
8.56 MB
./usr/share/xml/scap/ssg/content/ssg-rhel8-xccdf.xml
8.56 MB
./usr/share/xml/scap/ssg/content/ssg-rhel8-xccdf.xml
Max HTML report size reached
12.0 MB
./usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
12.0 MB
./usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
Max HTML report size reached
3.12 MB
./usr/share/xml/scap/ssg/content/ssg-rhel9-ocil.xml
3.12 MB
./usr/share/xml/scap/ssg/content/ssg-rhel9-ocil.xml
Max HTML report size reached
8.54 MB
./usr/share/xml/scap/ssg/content/ssg-rhel9-xccdf.xml
8.54 MB
./usr/share/xml/scap/ssg/content/ssg-rhel9-xccdf.xml
Max HTML report size reached
6.27 MB
./usr/share/xml/scap/ssg/content/ssg-rhv4-ds.xml
6.27 MB
./usr/share/xml/scap/ssg/content/ssg-rhv4-ds.xml
Max HTML report size reached
1.51 MB
./usr/share/xml/scap/ssg/content/ssg-rhv4-ocil.xml
1.51 MB
./usr/share/xml/scap/ssg/content/ssg-rhv4-ocil.xml
Ordering differences only
    
Offset 3, 10438 lines modifiedOffset 3, 10584 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-ntpd_specify_remote_server_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-auditd_freq_ocil:questionnaire:1">
 11 ······<ocil:title>Set·number·of·records·to·cause·an·explicit·flush·to·audit·logs</ocil:title>
11 ······<ocil:title>Specify·a·Remote·NTP·Server</ocil:title> 
12 ······<ocil:actions> 
13 ········<ocil:test_action_ref>ocil:ssg-ntpd_specify_remote_server_action:testaction:1</ocil:test_action_ref> 
14 ······</ocil:actions> 
15 ····</ocil:questionnaire> 
16 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_execution_restorecon_ocil:questionnaire:1"> 
17 ······<ocil:title>Record·Any·Attempts·to·Run·restorecon</ocil:title> 
18 ······<ocil:actions> 
19 ········<ocil:test_action_ref>ocil:ssg-audit_rules_execution_restorecon_action:testaction:1</ocil:test_action_ref> 
20 ······</ocil:actions> 
21 ····</ocil:questionnaire> 
22 ····<ocil:questionnaire·id="ocil:ssg-package_openssh-server_installed_ocil:questionnaire:1"> 
23 ······<ocil:title>Install·the·OpenSSH·Server·Package</ocil:title> 
24 ······<ocil:actions>12 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-package_openssh-server_installed_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-auditd_freq_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>14 ······</ocil:actions>
27 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-sebool_cron_userdomain_transition_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-disable_ctrlaltdel_burstaction_ocil:questionnaire:1">
29 ······<ocil:title>Enable·the·cron_userdomain_transition·SELinux·Boolean</ocil:title>17 ······<ocil:title>Disable·Ctrl-Alt-Del·Burst·Action</ocil:title>
30 ······<ocil:actions>18 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-sebool_cron_userdomain_transition_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-disable_ctrlaltdel_burstaction_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>20 ······</ocil:actions>
33 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-service_firewalld_enabled_ocil:questionnaire:1"> 
35 ······<ocil:title>Verify·firewalld·Enabled</ocil:title>22 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_ocil:questionnaire:1">
 23 ······<ocil:title>Enable·Kernel·Parameter·to·Use·Reverse·Path·Filtering·on·all·IPv4·Interfaces·by·Default</ocil:title>
36 ······<ocil:actions>24 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-service_firewalld_enabled_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>26 ······</ocil:actions>
39 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_passwd_ocil:questionnaire:1"> 
41 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·passwd</ocil:title>28 ····<ocil:questionnaire·id="ocil:ssg-grub2_rng_core_default_quality_argument_ocil:questionnaire:1">
 29 ······<ocil:title>Configure·the·confidence·in·TPM·for·entropy</ocil:title>
42 ······<ocil:actions>30 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_passwd_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-grub2_rng_core_default_quality_argument_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>32 ······</ocil:actions>
45 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-chronyd_specify_remote_server_ocil:questionnaire:1"> 
47 ······<ocil:title>A·remote·time·server·for·Chrony·is·configured</ocil:title>34 ····<ocil:questionnaire·id="ocil:ssg-sebool_selinuxuser_use_ssh_chroot_ocil:questionnaire:1">
 35 ······<ocil:title>Disable·the·selinuxuser_use_ssh_chroot·SELinux·Boolean</ocil:title>
48 ······<ocil:actions>36 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-chronyd_specify_remote_server_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-sebool_selinuxuser_use_ssh_chroot_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>38 ······</ocil:actions>
51 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_max_sessions_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_max_sessions_ocil:questionnaire:1">
53 ······<ocil:title>Set·SSH·MaxSessions·limit</ocil:title>41 ······<ocil:title>Set·SSH·MaxSessions·limit</ocil:title>
54 ······<ocil:actions>42 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-sshd_set_max_sessions_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-sshd_set_max_sessions_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>44 ······</ocil:actions>
57 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_crontab_ocil:questionnaire:1">46 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_chmod_ocil:questionnaire:1">
59 ······<ocil:title>Verify·Group·Who·Owns·Crontab</ocil:title>47 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·chmod</ocil:title>
60 ······<ocil:actions>48 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_crontab_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_chmod_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>50 ······</ocil:actions>
63 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-accounts_logon_fail_delay_ocil:questionnaire:1">52 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_passwd_ocil:questionnaire:1">
65 ······<ocil:title>Ensure·the·Logon·Failure·Delay·is·Set·Correctly·in·login.defs</ocil:title>53 ······<ocil:title>Verify·Group·Who·Owns·passwd·File</ocil:title>
66 ······<ocil:actions>54 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-accounts_logon_fail_delay_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_passwd_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>56 ······</ocil:actions>
69 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_successful_file_modification_lchown_ocil:questionnaire:1"> 
71 ······<ocil:title>Record·Successful·Ownership·Changes·to·Files·-·lchown</ocil:title>58 ····<ocil:questionnaire·id="ocil:ssg-accounts_user_dot_group_ownership_ocil:questionnaire:1">
 59 ······<ocil:title>User·Initialization·Files·Must·Be·Group-Owned·By·The·Primary·Group</ocil:title>
72 ······<ocil:actions>60 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-audit_rules_successful_file_modification_lchown_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-accounts_user_dot_group_ownership_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>62 ······</ocil:actions>
75 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_sudo_ocil:questionnaire:1"> 
77 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·sudo</ocil:title>64 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_efi_user_cfg_ocil:questionnaire:1">
 65 ······<ocil:title>Verify·/boot/grub2/user.cfg·Group·Ownership</ocil:title>
78 ······<ocil:actions>66 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_sudo_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_efi_user_cfg_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>68 ······</ocil:actions>
81 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_sysadmin_actions_ocil:questionnaire:1"> 
83 ······<ocil:title>Ensure·auditd·Collects·System·Administrator·Actions</ocil:title>70 ····<ocil:questionnaire·id="ocil:ssg-configure_openssl_crypto_policy_ocil:questionnaire:1">
 71 ······<ocil:title>Configure·OpenSSL·library·to·use·System·Crypto·Policy</ocil:title>
84 ······<ocil:actions>72 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-audit_rules_sysadmin_actions_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-configure_openssl_crypto_policy_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>74 ······</ocil:actions>
87 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-no_legacy_plus_entries_etc_passwd_ocil:questionnaire:1"> 
89 ······<ocil:title>Ensure·there·are·no·legacy·+·NIS·entries·in·/etc/passwd</ocil:title>76 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_icmp_echo_ignore_broadcasts_ocil:questionnaire:1">
 77 ······<ocil:title>Enable·Kernel·Parameter·to·Ignore·ICMP·Broadcast·Echo·Requests·on·IPv4·Interfaces</ocil:title>
90 ······<ocil:actions>78 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-no_legacy_plus_entries_etc_passwd_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_icmp_echo_ignore_broadcasts_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>80 ······</ocil:actions>
93 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-sshd_enable_gssapi_auth_ocil:questionnaire:1"> 
95 ······<ocil:title>Enable·GSSAPI·Authentication</ocil:title>82 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_accept_source_route_ocil:questionnaire:1">
 83 ······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·IPv4·Interfaces·by·Default</ocil:title>
96 ······<ocil:actions>84 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-sshd_enable_gssapi_auth_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_accept_source_route_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>86 ······</ocil:actions>
99 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-accounts_umask_etc_profile_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-sebool_selinuxuser_udp_server_ocil:questionnaire:1">
101 ······<ocil:title>Ensure·the·Default·Umask·is·Set·Correctly·in·/etc/profile</ocil:title>89 ······<ocil:title>Disable·the·selinuxuser_udp_server·SELinux·Boolean</ocil:title>
102 ······<ocil:actions>90 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-accounts_umask_etc_profile_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-sebool_selinuxuser_udp_server_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>92 ······</ocil:actions>
105 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_clock_settime_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-no_rsh_trust_files_ocil:questionnaire:1">
107 ······<ocil:title>Record·Attempts·to·Alter·Time·Through·clock_settime</ocil:title>95 ······<ocil:title>Remove·Rsh·Trust·Files</ocil:title>
108 ······<ocil:actions>96 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-audit_rules_time_clock_settime_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-no_rsh_trust_files_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>98 ······</ocil:actions>
111 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_admin_space_left_action_ocil:questionnaire:1"> 
113 ······<ocil:title>Configure·auditd·admin_space_left·Action·on·Low·Disk·Space</ocil:title>100 ····<ocil:questionnaire·id="ocil:ssg-kernel_config_syn_cookies_ocil:questionnaire:1">
 101 ······<ocil:title>Enable·TCP/IP·syncookie·support</ocil:title>
114 ······<ocil:actions>102 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_admin_space_left_action_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-kernel_config_syn_cookies_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>104 ······</ocil:actions>
117 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-sebool_cron_can_relabel_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-package_nss-tools_installed_ocil:questionnaire:1">
119 ······<ocil:title>Disable·the·cron_can_relabel·SELinux·Boolean</ocil:title>107 ······<ocil:title>Ensure·nss-tools·is·installed</ocil:title>
Max diff block lines reached; 1568178/1579766 bytes (99.27%) of diff not shown.
4.59 MB
./usr/share/xml/scap/ssg/content/ssg-rhv4-xccdf.xml
4.59 MB
./usr/share/xml/scap/ssg/content/ssg-rhv4-xccdf.xml
Max HTML report size reached
6.97 MB
./usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml
6.97 MB
./usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml
Max HTML report size reached
1.71 MB
./usr/share/xml/scap/ssg/content/ssg-sle12-ocil.xml
1.71 MB
./usr/share/xml/scap/ssg/content/ssg-sle12-ocil.xml
Max HTML report size reached
5.05 MB
./usr/share/xml/scap/ssg/content/ssg-sle12-xccdf.xml
5.05 MB
./usr/share/xml/scap/ssg/content/ssg-sle12-xccdf.xml
Max HTML report size reached
7.45 MB
./usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml
7.45 MB
./usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml
Max HTML report size reached
1.8 MB
./usr/share/xml/scap/ssg/content/ssg-sle15-ocil.xml
1.8 MB
./usr/share/xml/scap/ssg/content/ssg-sle15-ocil.xml
Max HTML report size reached
5.45 MB
./usr/share/xml/scap/ssg/content/ssg-sle15-xccdf.xml
5.45 MB
./usr/share/xml/scap/ssg/content/ssg-sle15-xccdf.xml
Max HTML report size reached
4.61 MB
./usr/share/xml/scap/ssg/content/ssg-slmicro5-ds.xml
4.61 MB
./usr/share/xml/scap/ssg/content/ssg-slmicro5-ds.xml
Max HTML report size reached
986 KB
./usr/share/xml/scap/ssg/content/ssg-slmicro5-ocil.xml
986 KB
./usr/share/xml/scap/ssg/content/ssg-slmicro5-ocil.xml
Ordering differences only
    
Offset 3, 5756 lines modifiedOffset 3, 5756 lines modified
3 ··<ocil:generator>3 ··<ocil:generator>
4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>4 ····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>5 ····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6 ····<ocil:schema_version>2.0</ocil:schema_version>6 ····<ocil:schema_version>2.0</ocil:schema_version>
7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>7 ····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8 ··</ocil:generator>8 ··</ocil:generator>
9 ··<ocil:questionnaires>9 ··<ocil:questionnaires>
10 ····<ocil:questionnaire·id="ocil:ssg-package_openldap-servers_removed_ocil:questionnaire:1"> 
11 ······<ocil:title>Uninstall·openldap-servers·Package</ocil:title> 
12 ······<ocil:actions> 
13 ········<ocil:test_action_ref>ocil:ssg-package_openldap-servers_removed_action:testaction:1</ocil:test_action_ref> 
14 ······</ocil:actions> 
15 ····</ocil:questionnaire> 
16 ····<ocil:questionnaire·id="ocil:ssg-package_avahi_removed_ocil:questionnaire:1"> 
17 ······<ocil:title>Uninstall·avahi·Server·Package</ocil:title> 
18 ······<ocil:actions> 
19 ········<ocil:test_action_ref>ocil:ssg-package_avahi_removed_action:testaction:1</ocil:test_action_ref> 
20 ······</ocil:actions> 
21 ····</ocil:questionnaire> 
22 ····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_shadow_ocil:questionnaire:1">10 ····<ocil:questionnaire·id="ocil:ssg-file_owner_grub2_cfg_ocil:questionnaire:1">
23 ······<ocil:title>Verify·Group·Who·Owns·shadow·File</ocil:title>11 ······<ocil:title>Verify·/boot/grub2/grub.cfg·User·Ownership</ocil:title>
24 ······<ocil:actions>12 ······<ocil:actions>
25 ········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_shadow_action:testaction:1</ocil:test_action_ref>13 ········<ocil:test_action_ref>ocil:ssg-file_owner_grub2_cfg_action:testaction:1</ocil:test_action_ref>
26 ······</ocil:actions>14 ······</ocil:actions>
27 ····</ocil:questionnaire>15 ····</ocil:questionnaire>
28 ····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_kptr_restrict_ocil:questionnaire:1">16 ····<ocil:questionnaire·id="ocil:ssg-mount_option_dev_shm_nosuid_ocil:questionnaire:1">
29 ······<ocil:title>Restrict·Exposed·Kernel·Pointer·Addresses·Access</ocil:title>17 ······<ocil:title>Add·nosuid·Option·to·/dev/shm</ocil:title>
30 ······<ocil:actions>18 ······<ocil:actions>
31 ········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_kptr_restrict_action:testaction:1</ocil:test_action_ref>19 ········<ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nosuid_action:testaction:1</ocil:test_action_ref>
32 ······</ocil:actions>20 ······</ocil:actions>
33 ····</ocil:questionnaire>21 ····</ocil:questionnaire>
34 ····<ocil:questionnaire·id="ocil:ssg-package_dovecot_removed_ocil:questionnaire:1">22 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_redirects_ocil:questionnaire:1">
35 ······<ocil:title>Uninstall·dovecot·Package</ocil:title>23 ······<ocil:title>Disable·Accepting·ICMP·Redirects·for·All·IPv4·Interfaces</ocil:title>
36 ······<ocil:actions>24 ······<ocil:actions>
37 ········<ocil:test_action_ref>ocil:ssg-package_dovecot_removed_action:testaction:1</ocil:test_action_ref>25 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_redirects_action:testaction:1</ocil:test_action_ref>
38 ······</ocil:actions>26 ······</ocil:actions>
39 ····</ocil:questionnaire>27 ····</ocil:questionnaire>
40 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_chage_ocil:questionnaire:1">28 ····<ocil:questionnaire·id="ocil:ssg-no_empty_passwords_etc_shadow_ocil:questionnaire:1">
41 ······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·chage</ocil:title>29 ······<ocil:title>Ensure·There·Are·No·Accounts·With·Blank·or·Null·Passwords</ocil:title>
42 ······<ocil:actions>30 ······<ocil:actions>
43 ········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_chage_action:testaction:1</ocil:test_action_ref>31 ········<ocil:test_action_ref>ocil:ssg-no_empty_passwords_etc_shadow_action:testaction:1</ocil:test_action_ref>
44 ······</ocil:actions>32 ······</ocil:actions>
45 ····</ocil:questionnaire>33 ····</ocil:questionnaire>
46 ····<ocil:questionnaire·id="ocil:ssg-disable_ctrlaltdel_reboot_ocil:questionnaire:1">34 ····<ocil:questionnaire·id="ocil:ssg-sshd_disable_tcp_forwarding_ocil:questionnaire:1">
47 ······<ocil:title>Disable·Ctrl-Alt-Del·Reboot·Activation</ocil:title>35 ······<ocil:title>Disable·SSH·TCP·Forwarding</ocil:title>
48 ······<ocil:actions>36 ······<ocil:actions>
49 ········<ocil:test_action_ref>ocil:ssg-disable_ctrlaltdel_reboot_action:testaction:1</ocil:test_action_ref>37 ········<ocil:test_action_ref>ocil:ssg-sshd_disable_tcp_forwarding_action:testaction:1</ocil:test_action_ref>
50 ······</ocil:actions>38 ······</ocil:actions>
51 ····</ocil:questionnaire>39 ····</ocil:questionnaire>
52 ····<ocil:questionnaire·id="ocil:ssg-cracklib_accounts_password_pam_ocredit_ocil:questionnaire:1">40 ····<ocil:questionnaire·id="ocil:ssg-package_cups_removed_ocil:questionnaire:1">
53 ······<ocil:title>Set·Password·Strength·Minimum·Special·Characters</ocil:title>41 ······<ocil:title>Uninstall·CUPS·Package</ocil:title>
54 ······<ocil:actions>42 ······<ocil:actions>
55 ········<ocil:test_action_ref>ocil:ssg-cracklib_accounts_password_pam_ocredit_action:testaction:1</ocil:test_action_ref>43 ········<ocil:test_action_ref>ocil:ssg-package_cups_removed_action:testaction:1</ocil:test_action_ref>
56 ······</ocil:actions>44 ······</ocil:actions>
57 ····</ocil:questionnaire>45 ····</ocil:questionnaire>
58 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_space_left_action_ocil:questionnaire:1"> 
59 ······<ocil:title>Configure·auditd·space_left·Action·on·Low·Disk·Space</ocil:title>46 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_ungroupowned_ocil:questionnaire:1">
 47 ······<ocil:title>Ensure·All·Files·Are·Owned·by·a·Group</ocil:title>
60 ······<ocil:actions>48 ······<ocil:actions>
61 ········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action_action:testaction:1</ocil:test_action_ref>49 ········<ocil:test_action_ref>ocil:ssg-file_permissions_ungroupowned_action:testaction:1</ocil:test_action_ref>
62 ······</ocil:actions>50 ······</ocil:actions>
63 ····</ocil:questionnaire>51 ····</ocil:questionnaire>
64 ····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_icmp_ignore_bogus_error_responses_ocil:questionnaire:1"> 
65 ······<ocil:title>Enable·Kernel·Parameter·to·Ignore·Bogus·ICMP·Error·Responses·on·IPv4·Interfaces</ocil:title>52 ····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_group_ocil:questionnaire:1">
 53 ······<ocil:title>Verify·Permissions·on·Backup·group·File</ocil:title>
66 ······<ocil:actions>54 ······<ocil:actions>
67 ········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_icmp_ignore_bogus_error_responses_action:testaction:1</ocil:test_action_ref>55 ········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_group_action:testaction:1</ocil:test_action_ref>
68 ······</ocil:actions>56 ······</ocil:actions>
69 ····</ocil:questionnaire>57 ····</ocil:questionnaire>
70 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_umount2_ocil:questionnaire:1"> 
71 ······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·umount2</ocil:title>58 ····<ocil:questionnaire·id="ocil:ssg-service_iptables_enabled_ocil:questionnaire:1">
 59 ······<ocil:title>Verify·iptables·Enabled</ocil:title>
72 ······<ocil:actions>60 ······<ocil:actions>
73 ········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_umount2_action:testaction:1</ocil:test_action_ref>61 ········<ocil:test_action_ref>ocil:ssg-service_iptables_enabled_action:testaction:1</ocil:test_action_ref>
74 ······</ocil:actions>62 ······</ocil:actions>
75 ····</ocil:questionnaire>63 ····</ocil:questionnaire>
76 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_gshadow_ocil:questionnaire:1">64 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_creat_ocil:questionnaire:1">
77 ······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/gshadow</ocil:title>65 ······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·creat</ocil:title>
78 ······<ocil:actions>66 ······<ocil:actions>
79 ········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_gshadow_action:testaction:1</ocil:test_action_ref>67 ········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_creat_action:testaction:1</ocil:test_action_ref>
80 ······</ocil:actions>68 ······</ocil:actions>
81 ····</ocil:questionnaire>69 ····</ocil:questionnaire>
82 ····<ocil:questionnaire·id="ocil:ssg-security_patches_up_to_date_ocil:questionnaire:1">70 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_shadow_ocil:questionnaire:1">
83 ······<ocil:title>Ensure·Software·Patches·Installed</ocil:title>71 ······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/shadow</ocil:title>
84 ······<ocil:actions>72 ······<ocil:actions>
85 ········<ocil:test_action_ref>ocil:ssg-security_patches_up_to_date_action:testaction:1</ocil:test_action_ref>73 ········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_shadow_action:testaction:1</ocil:test_action_ref>
86 ······</ocil:actions>74 ······</ocil:actions>
87 ····</ocil:questionnaire>75 ····</ocil:questionnaire>
88 ····<ocil:questionnaire·id="ocil:ssg-auditd_data_disk_full_action_ocil:questionnaire:1">76 ····<ocil:questionnaire·id="ocil:ssg-sshd_use_strong_ciphers_ocil:questionnaire:1">
89 ······<ocil:title>Configure·auditd·Disk·Full·Action·when·Disk·Space·Is·Full</ocil:title>77 ······<ocil:title>Use·Only·Strong·Ciphers</ocil:title>
90 ······<ocil:actions>78 ······<ocil:actions>
91 ········<ocil:test_action_ref>ocil:ssg-auditd_data_disk_full_action_action:testaction:1</ocil:test_action_ref>79 ········<ocil:test_action_ref>ocil:ssg-sshd_use_strong_ciphers_action:testaction:1</ocil:test_action_ref>
92 ······</ocil:actions>80 ······</ocil:actions>
93 ····</ocil:questionnaire>81 ····</ocil:questionnaire>
94 ····<ocil:questionnaire·id="ocil:ssg-pam_disable_automatic_configuration_ocil:questionnaire:1">82 ····<ocil:questionnaire·id="ocil:ssg-ensure_GPG_keys_are_configured_ocil:questionnaire:1">
95 ······<ocil:title>The·PAM·configuration·should·not·be·changed·automatically</ocil:title>83 ······<ocil:title>Ensure·GPG·keys·are·configured</ocil:title>
96 ······<ocil:actions>84 ······<ocil:actions>
97 ········<ocil:test_action_ref>ocil:ssg-pam_disable_automatic_configuration_action:testaction:1</ocil:test_action_ref>85 ········<ocil:test_action_ref>ocil:ssg-ensure_GPG_keys_are_configured_action:testaction:1</ocil:test_action_ref>
98 ······</ocil:actions>86 ······</ocil:actions>
99 ····</ocil:questionnaire>87 ····</ocil:questionnaire>
100 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_execution_chcon_ocil:questionnaire:1">88 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_session_events_utmp_ocil:questionnaire:1">
101 ······<ocil:title>Record·Any·Attempts·to·Run·chcon</ocil:title>89 ······<ocil:title>Record·Attempts·to·Alter·Process·and·Session·Initiation·Information·utmp</ocil:title>
102 ······<ocil:actions>90 ······<ocil:actions>
103 ········<ocil:test_action_ref>ocil:ssg-audit_rules_execution_chcon_action:testaction:1</ocil:test_action_ref>91 ········<ocil:test_action_ref>ocil:ssg-audit_rules_session_events_utmp_action:testaction:1</ocil:test_action_ref>
104 ······</ocil:actions>92 ······</ocil:actions>
105 ····</ocil:questionnaire>93 ····</ocil:questionnaire>
106 ····<ocil:questionnaire·id="ocil:ssg-sshd_set_loglevel_verbose_ocil:questionnaire:1">94 ····<ocil:questionnaire·id="ocil:ssg-group_unique_name_ocil:questionnaire:1">
107 ······<ocil:title>Set·SSH·Daemon·LogLevel·to·VERBOSE</ocil:title>95 ······<ocil:title>Ensure·All·Groups·on·the·System·Have·Unique·Group·Names</ocil:title>
108 ······<ocil:actions>96 ······<ocil:actions>
109 ········<ocil:test_action_ref>ocil:ssg-sshd_set_loglevel_verbose_action:testaction:1</ocil:test_action_ref>97 ········<ocil:test_action_ref>ocil:ssg-group_unique_name_action:testaction:1</ocil:test_action_ref>
110 ······</ocil:actions>98 ······</ocil:actions>
111 ····</ocil:questionnaire>99 ····</ocil:questionnaire>
112 ····<ocil:questionnaire·id="ocil:ssg-encrypt_partitions_ocil:questionnaire:1">100 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_kernel_module_loading_ocil:questionnaire:1">
113 ······<ocil:title>Encrypt·Partitions</ocil:title>101 ······<ocil:title>Ensure·auditd·Collects·Information·on·Kernel·Module·Loading·and·Unloading</ocil:title>
114 ······<ocil:actions>102 ······<ocil:actions>
115 ········<ocil:test_action_ref>ocil:ssg-encrypt_partitions_action:testaction:1</ocil:test_action_ref>103 ········<ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_action:testaction:1</ocil:test_action_ref>
116 ······</ocil:actions>104 ······</ocil:actions>
117 ····</ocil:questionnaire>105 ····</ocil:questionnaire>
118 ····<ocil:questionnaire·id="ocil:ssg-sshd_use_approved_macs_ocil:questionnaire:1">106 ····<ocil:questionnaire·id="ocil:ssg-audit_rules_execution_setfiles_ocil:questionnaire:1">
119 ······<ocil:title>Use·Only·FIPS·140-2·Validated·MACs</ocil:title>107 ······<ocil:title>Record·Any·Attempts·to·Run·setfiles</ocil:title>
120 ······<ocil:actions>108 ······<ocil:actions>
121 ········<ocil:test_action_ref>ocil:ssg-sshd_use_approved_macs_action:testaction:1</ocil:test_action_ref>109 ········<ocil:test_action_ref>ocil:ssg-audit_rules_execution_setfiles_action:testaction:1</ocil:test_action_ref>
122 ······</ocil:actions>110 ······</ocil:actions>
123 ····</ocil:questionnaire>111 ····</ocil:questionnaire>
124 ····<ocil:questionnaire·id="ocil:ssg-permissions_local_var_log_ocil:questionnaire:1">112 ····<ocil:questionnaire·id="ocil:ssg-package_sudo_installed_ocil:questionnaire:1">
125 ······<ocil:title>Verify·permissions·of·log·files</ocil:title>113 ······<ocil:title>Install·sudo·Package</ocil:title>
126 ······<ocil:actions>114 ······<ocil:actions>
Max diff block lines reached; 996823/1009293 bytes (98.76%) of diff not shown.
3.52 MB
./usr/share/xml/scap/ssg/content/ssg-slmicro5-xccdf.xml
3.52 MB
./usr/share/xml/scap/ssg/content/ssg-slmicro5-xccdf.xml
Max HTML report size reached
Generated by diffoscope 289