Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Align ClientAliveCountMax and ClientAliveInterval on RHEL8 STIG V1R8 #9784

Merged
merged 7 commits into from
Nov 10, 2022
Merged

Align ClientAliveCountMax and ClientAliveInterval on RHEL8 STIG V1R8 #9784

merged 7 commits into from
Nov 10, 2022

Conversation

yuumasato
Copy link
Member

@yuumasato yuumasato commented Nov 8, 2022
edited
Loading

Description:

  • RHEL8 STIG V1R8 configures ClientAliveCountMax 1.
    • This change is valid and keeps the timeout by network availability.
  • Update description of sshd_set_keepalive and sshd_set_idle_timeout to reduce misunderstanding of what the rule configures, which is the timeout of SSH sessions based on network timeout, not user idleness.

Rationale:

  • Align with RHEL8 STIG V1R8

@yuumasato
RHEL8 STIG v1R8 requires ClientAliveCountMax 1
c4afa94 
Following update from V1R8, update the STIG profile to configure
ClientAliveCountMax to 1.

This will timeout SSH connections when client alive messages are not
received within ClientAliveInterval seconds.
This serves the purpose of disconnecting sessions when the client has
become unresponsive.
@yuumasato
Change verbiage on keepalive rules
a9f13cd 
Stop using the 'idle', that implies an idle user; And
start using unresponsive, which better describes the state of network.
@yuumasato
Add tests to check for configuration conflicts
587cec6
@yuumasato
Check all instances of ClientAliveCountMax
d07a7f3 
The rule was only checking the first occurence of ClientAliveCountMax,
but we need to check that all and any occurrences of
ClientAliveCountMax are compliant.
@yuumasato yuumasato added Update Rule Issues or pull requests related to Rules updates. Update Profile Issues or pull requests related to Profiles updates. RHEL8 Red Hat Enterprise Linux 8 product related. STIG STIG Benchmark related. labels Nov 8, 2022
@yuumasato yuumasato requested a review from a team as a code owner November 8, 2022 16:17
@github-actions
Copy link

github-actions bot commented Nov 8, 2022

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@github-actions
Copy link

github-actions bot commented Nov 8, 2022
edited
Loading

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff 
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_grub2_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_grub2_cfg
+++ xccdf_org.ssgproject.content_rule_file_groupowner_grub2_cfg
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if [ ! -f /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
+if rpm --quiet -q grub2-common && [ ! -f /sys/firmware/efi ] && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
 
 chgrp 0 /boot/grub2/grub.cfg
 

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_grub2_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_grub2_cfg
+++ xccdf_org.ssgproject.content_rule_file_groupowner_grub2_cfg
@@ -20,8 +20,8 @@
 path: /boot/grub2/grub.cfg
 register: file_exists
 when:
+ - '"grub2-common" in ansible_facts.packages'
 - '"/boot/efi" not in ansible_mounts | map(attribute="mount") | list'
- - '"grub2-common" in ansible_facts.packages'
 - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80800-6
@@ -42,8 +42,8 @@
 path: /boot/grub2/grub.cfg
 group: '0'
 when:
+ - '"grub2-common" in ansible_facts.packages'
 - '"/boot/efi" not in ansible_mounts | map(attribute="mount") | list'
- - '"grub2-common" in ansible_facts.packages'
 - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - file_exists.stat is defined and file_exists.stat.exists
 tags:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_user_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_user_cfg
+++ xccdf_org.ssgproject.content_rule_file_groupowner_user_cfg
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if [ ! -f /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
+if rpm --quiet -q grub2-common && [ ! -f /sys/firmware/efi ] && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
 
 chgrp 0 /boot/grub2/user.cfg
 

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_user_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_user_cfg
+++ xccdf_org.ssgproject.content_rule_file_groupowner_user_cfg
@@ -20,8 +20,8 @@
 path: /boot/grub2/user.cfg
 register: file_exists
 when:
+ - '"grub2-common" in ansible_facts.packages'
 - '"/boot/efi" not in ansible_mounts | map(attribute="mount") | list'
- - '"grub2-common" in ansible_facts.packages'
 - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-86009-8
@@ -42,8 +42,8 @@
 path: /boot/grub2/user.cfg
 group: '0'
 when:
+ - '"grub2-common" in ansible_facts.packages'
 - '"/boot/efi" not in ansible_mounts | map(attribute="mount") | list'
- - '"grub2-common" in ansible_facts.packages'
 - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - file_exists.stat is defined and file_exists.stat.exists
 tags:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_grub2_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_grub2_cfg
+++ xccdf_org.ssgproject.content_rule_file_owner_grub2_cfg
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if [ ! -f /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
+if rpm --quiet -q grub2-common && [ ! -f /sys/firmware/efi ] && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
 
 chown 0 /boot/grub2/grub.cfg
 

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_grub2_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_grub2_cfg
+++ xccdf_org.ssgproject.content_rule_file_owner_grub2_cfg
@@ -20,8 +20,8 @@
 path: /boot/grub2/grub.cfg
 register: file_exists
 when:
+ - '"grub2-common" in ansible_facts.packages'
 - '"/boot/efi" not in ansible_mounts | map(attribute="mount") | list'
- - '"grub2-common" in ansible_facts.packages'
 - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80805-5
@@ -42,8 +42,8 @@
 path: /boot/grub2/grub.cfg
 owner: '0'
 when:
+ - '"grub2-common" in ansible_facts.packages'
 - '"/boot/efi" not in ansible_mounts | map(attribute="mount") | list'
- - '"grub2-common" in ansible_facts.packages'
 - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - file_exists.stat is defined and file_exists.stat.exists
 tags:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_user_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_user_cfg
+++ xccdf_org.ssgproject.content_rule_file_owner_user_cfg
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if [ ! -f /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
+if rpm --quiet -q grub2-common && [ ! -f /sys/firmware/efi ] && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
 
 chown 0 /boot/grub2/user.cfg
 

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_user_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_user_cfg
+++ xccdf_org.ssgproject.content_rule_file_owner_user_cfg
@@ -20,8 +20,8 @@
 path: /boot/grub2/user.cfg
 register: file_exists
 when:
+ - '"grub2-common" in ansible_facts.packages'
 - '"/boot/efi" not in ansible_mounts | map(attribute="mount") | list'
- - '"grub2-common" in ansible_facts.packages'
 - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-86015-5
@@ -42,8 +42,8 @@
 path: /boot/grub2/user.cfg
 owner: '0'
 when:
+ - '"grub2-common" in ansible_facts.packages'
 - '"/boot/efi" not in ansible_mounts | map(attribute="mount") | list'
- - '"grub2-common" in ansible_facts.packages'
 - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - file_exists.stat is defined and file_exists.stat.exists
 tags:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_permissions_grub2_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_permissions_grub2_cfg
+++ xccdf_org.ssgproject.content_rule_file_permissions_grub2_cfg
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if [ ! -f /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
+if rpm --quiet -q grub2-common && [ ! -f /sys/firmware/efi ] && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
 
 chmod u-xs,g-xwrs,o-xwrt /boot/grub2/grub.cfg
 

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_file_permissions_grub2_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_permissions_grub2_cfg
+++ xccdf_org.ssgproject.content_rule_file_permissions_grub2_cfg
@@ -18,8 +18,8 @@
 path: /boot/grub2/grub.cfg
 register: file_exists
 when:
+ - '"grub2-common" in ansible_facts.packages'
 - '"/boot/efi" not in ansible_mounts | map(attribute="mount") | list'
- - '"grub2-common" in ansible_facts.packages'
 - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80814-7
@@ -38,8 +38,8 @@
 path: /boot/grub2/grub.cfg
 mode: u-xs,g-xwrs,o-xwrt
 when:
+ - '"grub2-common" in ansible_facts.packages'
 - '"/boot/efi" not in ansible_mounts | map(attribute="mount") | list'
- - '"grub2-common" in ansible_facts.packages'
 - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - file_exists.stat is defined and file_exists.stat.exists
 tags:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_permissions_user_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_permissions_user_cfg
+++ xccdf_org.ssgproject.content_rule_file_permissions_user_cfg
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if [ ! -f /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
+if rpm --quiet -q grub2-common && [ ! -f /sys/firmware/efi ] && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
 
 chmod u-xs,g-xwrs,o-xwrt /boot/grub2/user.cfg
 

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_file_permissions_user_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_permissions_user_cfg
+++ xccdf_org.ssgproject.content_rule_file_permissions_user_cfg
@@ -18,8 +18,8 @@
 path: /boot/grub2/user.cfg
 register: file_exists
 when:
+ - '"grub2-common" in ansible_facts.packages'
 - '"/boot/efi" not in ansible_mounts | map(attribute="mount") | list'
- - '"grub2-common" in ansible_facts.packages'
 - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-86024-7
@@ -38,8 +38,8 @@
 path: /boot/grub2/user.cfg
 mode: u-xs,g-xwrs,o-xwrt
 when:
+ - '"grub2-common" in ansible_facts.packages'
 - '"/boot/efi" not in ansible_mounts | map(attribute="mount") | list'
- - '"grub2-common" in ansible_facts.packages'
 - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - file_exists.stat is defined and file_exists.stat.exists
 tags:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0'.
--- xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0
+++ xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0
@@ -7,10 +7,10 @@
 during a SSH session and waits for a response from the SSH client.
 The option ClientAliveInterval configures timeout after
 each ClientAliveCountMax message. If the SSH server does not
-receive a response from the client, then the connection is considered idle
+receive a response from the client, then the connection is considered unresponsive
 and terminated.
 
-To ensure the SSH idle timeout occurs precisely when the
+To ensure the SSH timeout occurs precisely when the
 ClientAliveInterval is set, set the ClientAliveCountMax to
 value of 0 in
 
@@ -333,13 +333,7 @@
 SRG-OS-000480-VMM-002000
 
 [reference]:
-RHEL-08-010200
-
-[reference]:
 5.2.13
-
-[reference]:
-SV-230244r858697_rule
 
 [rationale]:
 This ensures a user login will be terminated as soon as the ClientAliveInterval

OCIL for rule 'xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0' differs.
--- ocil:ssg-sshd_set_keepalive_0_ocil:questionnaire:1
+++ ocil:ssg-sshd_set_keepalive_0_ocil:questionnaire:1
@@ -5,7 +5,7 @@
 If properly configured, the output should be:
 ClientAliveCountMax 0
 
-In this case, the SSH idle timeout occurs precisely when
+In this case, the SSH timeout occurs precisely when
 the ClientAliveInterval is set.
 Is it the case that it is commented out or not configured properly?
 
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0
+++ xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0
@@ -32,7 +32,6 @@
 tags:
 - CCE-83405-1
 - CJIS-5.5.6
- - DISA-STIG-RHEL-08-010200
 - NIST-800-171-3.1.11
 - NIST-800-53-AC-12
 - NIST-800-53-AC-17(a)

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_set_keepalive'.
--- xccdf_org.ssgproject.content_rule_sshd_set_keepalive
+++ xccdf_org.ssgproject.content_rule_sshd_set_keepalive
@@ -7,14 +7,15 @@
 during a SSH session and waits for a response from the SSH client.
 The option ClientAliveInterval configures timeout after
 each ClientAliveCountMax message. If the SSH server does not
-receive a response from the client, then the connection is considered idle
+receive a response from the client, then the connection is considered unresponsive
 and terminated.
 For SSH earlier than v8.2, a ClientAliveCountMax value of 0
-causes an idle timeout precisely when the ClientAliveInterval is set.
+causes a timeout precisely when the ClientAliveInterval is set.
 Starting with v8.2, a value of 0 disables the timeout functionality
 completely. If the option is set to a number greater than 0, then
-the idle session will be disconnected after
-ClientAliveInterval * ClientAliveCountMax seconds.
+the session will be disconnected after
+ClientAliveInterval * ClientAliveCountMax seconds without receiving
+a keep alive message.
 
 [reference]:
 BP28(R29)
@@ -332,7 +333,13 @@
 SRG-OS-000480-VMM-002000
 
 [reference]:
+RHEL-08-010200
+
+[reference]:
 5.2.20
+
+[reference]:
+SV-230244r858697_rule
 
 [rationale]:
 This ensures a user login will be terminated as soon as the ClientAliveInterval

OCIL for rule 'xccdf_org.ssgproject.content_rule_sshd_set_keepalive' differs.
--- ocil:ssg-sshd_set_keepalive_ocil:questionnaire:1
+++ ocil:ssg-sshd_set_keepalive_ocil:questionnaire:1
@@ -2,10 +2,10 @@
 $ sudo grep ClientAliveCountMax /etc/ssh/sshd_config
 If properly configured, the output should be:
 ClientAliveCountMax 
-For SSH earlier than v8.2, a ClientAliveCountMax value of 0 causes an idle timeout precisely when
+For SSH earlier than v8.2, a ClientAliveCountMax value of 0 causes a timeout precisely when
 the ClientAliveInterval is set. Starting with v8.2, a value of 0 disables the timeout
 functionality completely.
-If the option is set to a number greater than 0, then the idle session will be disconnected after
-ClientAliveInterval * ClientAliveCountMax seconds.
+If the option is set to a number greater than 0, then the session will be disconnected after
+ClientAliveInterval * ClientAliveCountMax seconds witout receiving a keep alive message.
 Is it the case that it is commented out or not configured properly?
 
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_keepalive' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_keepalive
+++ xccdf_org.ssgproject.content_rule_sshd_set_keepalive
@@ -38,6 +38,7 @@
 tags:
 - CCE-80907-9
 - CJIS-5.5.6
+ - DISA-STIG-RHEL-08-010200
 - NIST-800-171-3.1.11
 - NIST-800-53-AC-12
 - NIST-800-53-AC-17(a)

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout'.
--- xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout
+++ xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout
@@ -1,12 +1,12 @@
 
 [title]:
-Set SSH Idle Timeout Interval
+Set SSH Client Alive Interval
 
 [description]:
-SSH allows administrators to set an idle timeout interval. After this interval
-has passed, the idle user will be automatically logged out.
-
-To set an idle timeout interval, edit the following line in /etc/ssh/sshd_config as
+SSH allows administrators to set a network responsiveness timeout interval.
+After this interval has passed, the unresponsive client will be automatically logged out.
+
+To set this timeout interval, edit the following line in /etc/ssh/sshd_config as
 follows:
 ClientAliveInterval 'xccdf_org.ssgproject.content_value_sshd_idle_timeout_value'
 
@@ -15,10 +15,10 @@
 
 If a shorter timeout has already been set for the login shell, that value will
 preempt any SSH setting made in /etc/ssh/sshd_config. Keep in mind that
-some processes may stop SSH from correctly detecting that the user is idle.
+some processes may stop SSH from correctly detecting that the user is idle.
 
 [warning]:
-SSH disconnecting idle clients will not have desired effect without also
+SSH disconnecting unresponsive clients will not have desired effect without also
 configuring ClientAliveCountMax in the SSH service configuration.
 
 [warning]:

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout
+++ xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout
@@ -4,7 +4,7 @@
 tags:
 - always
 
-- name: Set SSH Idle Timeout Interval
+- name: Set SSH Client Alive Interval
 block:
 
 - name: Check for duplicate values

@Mab879 Mab879 self-assigned this Nov 8, 2022
@Mab879 Mab879 added this to the 0.1.65 milestone Nov 8, 2022
@yuumasato
Copy link
Member Author

I'll also update sshd_set_idle_timeout in this PR, they are closely related.

@yuumasato
Add test to check for configuration conflicts
d15ebb0 
Add test for non distributed ssh config conflicts for
ClientAliveInterval.
@yuumasato
Change verbiage on idle timeout rule
c19d540 
The config is not really about idle user timeout, the config is about
unresponsive network timeout.
@yuumasato yuumasato changed the title Align ClientAliveCountMax on RHEL8 STIG V1R8 Align ClientAliveCountMax and ClientLiveInterval on RHEL8 STIG V1R8 Nov 8, 2022
@yuumasato
Copy link
Member Author

I'll also update sshd_set_idle_timeout in this PR, they are closely related.

Done.

Mab879
Mab879 requested changes Nov 8, 2022
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR. I do have one question.

linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/oval/shared.xml Show resolved Hide resolved
Mab879
Mab879 approved these changes Nov 8, 2022
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the clarification. LGTM.

Mab879
Mab879 requested changes Nov 8, 2022
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks the profile stability didn't make it in your rebase; can you please take a look?

@yuumasato yuumasato changed the title Align ClientAliveCountMax and ClientLiveInterval on RHEL8 STIG V1R8 Align ClientAliveCountMax and ClientAliveInterval on RHEL8 STIG V1R8 Nov 9, 2022
@yuumasato
Copy link
Member Author

Looks the profile stability didn't make it in your rebase; can you please take a look?

Updated

@codeclimate
Copy link

codeclimate bot commented Nov 9, 2022

Code Climate has analyzed commit 86b1a61 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 46.8% (0.0% change).

View more on Code Climate.

@Mab879 Mab879 merged commit d8e4c7d into ComplianceAsCode:master Nov 10, 2022
@yuumasato yuumasato deleted the stig_rhel8_ClientAliveCountMax branch November 10, 2022 16:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcusburghardt marcusburghardt marcusburghardt left review comments

@ggbecker ggbecker ggbecker left review comments

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels
RHEL8 Red Hat Enterprise Linux 8 product related. STIG STIG Benchmark related. Update Profile Issues or pull requests related to Profiles updates. Update Rule Issues or pull requests related to Rules updates.
Projects
None yet
Milestone
0.1.65
Development

Successfully merging this pull request may close these issues.
4 participants
@yuumasato @Mab879 @marcusburghardt @ggbecker