RHEL 6 STIG v1r19 released

[LeamHall]

And new benchmark. What tools do you use to compare, besides the MK1 eyeball?

[shepdelacreme]

There is a Revision History PDF document included in the STIG ZIP. It lists all the changes in each revision. I use that to find the changed STIG ids and then do a compare between versions of the actual content to verify what was changed. Sometimes the "Description of Change" is not very descriptive.

[LeamHall]

I usually find them...lacking...

[jamescassell]

Updated

• V-38482 - Added "/etc/pam.d/password-auth" to the check and fix.
• V-38497 - Added "/etc/pam.d/password-auth" to the check and fix. (PR #140 )
• V-38569 - Added "/etc/pam.d/password-auth" to the check and fix.
• V-38570 - Added "/etc/pam.d/password-auth" to the check and fix. (Check content looks for lcredit, not ocredit, but that's a DISA bug. This check is a single task that should better be split into separate tasks, but I'm not doing that today.)
• V-38571 - Added "/etc/pam.d/password-auth" to the check and fix.
• V-38693 - Added "/etc/pam.d/password-auth" to the check and fix.
• V-38668 - Updated the faculty from "security.info" to "authpriv.notice". (PR #140 )
• V-38572 - Added "/etc/pam.d/password-auth" to the check and fix.
• V-38574 - Updated the list of inspectable files to include "/etc/pam.d/password-auth" and "/etc/pam.d/password-auth-ac". Added a note to the fix about using authconfig. (okay already. This should probably be enhanced to better ensure that sha512 is present; I'm not convinced the existing remediation is sufficient.}
• V-38658 - Added "/etc/pam.d/password-auth" to the check and fix. Removed text that incorrectly explained the output from the check command. (PR #140 )

Removed

• V-38666 - Removed the requirement for an installed anti-virus. (PR #140 )

Here's a start. I'm doing some updates and will send a PR.

[jamescassell]

Should be fixed by #140