[El-errata] ELBA-2023-0829 Oracle Linux 8 scap-security-guide bug fix and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Mar 1 19:57:30 UTC 2023

Oracle Linux Bug Fix Advisory ELBA-2023-0829


The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:




Description of changes:

- Update rules dealing with sshd_config to look into files added to the include
 keyword [Orabug: 34893225]
- Update remediation in sebool_secure_mode_insmod which wasn't letting the system boot when
 running anssi-high profile [Orabug: 34893225]
- Update OL stig profile rule selection remove sshd_disable_compression [Orabug: 35017186]
- Introduce new rules, sshd_use_approved_kex_ordered_stig, configure_bashrc_tmux,
 configure_tmux_lock_keybinding [Orabug: 35017186]
- Update rules modifying pam files to handle /etc/pam.d/system-auth precedence over
 other configuration files [Orabug: 35017186]
- Update version of stig profiles to V1R5 [Orabug: 35017186]

- Unselect rule logind_session_timeout (RHBZ#2168079)

- Rebase to a new upstream release 0.1.66 (RHBZ#2168079)
- Update RHEL8 STIG profile to V1R9 (RHBZ#2168075)
- Fix levels of CIS rules (RHBZ#2168072)
- Remove unused RHEL8 STIG control file (RHBZ#2168069)
- Fix handling of space in sudo_require_reauthentication (RHBZ#2168066)
- Add rule for audit immutable login uids (RHBZ#2168063)
- Fix remediation of audit watch rules (RHBZ#2168060)
- Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2168057)
- Fix applicability of kerberos rules (RHBZ#2168054)
- Add support rainer scripts in rsyslog rules (RHBZ#2168050)

More information about the El-errata mailing list