[BESAdmin-Announcements] SCM Content UPDATE: DISA Unix Checklists ( With Remediation)
Announcements for BES Administrators
besadmin-announcements at bigmail.bigfix.com
Mon Jun 29 12:56:15 PDT 2015
IBM Endpoint Manager for Security and Compliance
Security Configuration Management (SCM)
The Security and Compliance team at IBM has updated the content in the
following sites. See details below:
Updated Sites:
| Site Name | Site
| | Version
----+--------------------------------------------+------------
1 | DISA STIG Checklist for RHEL 5 - RG03 | 12
----+--------------------------------------------+------------
2 | SCM Checklist for DISA STIG on RHEL 5 - | 11
| RG03 |
Changelist:
The DISA Red Hat 5 content was refreshed to Version 1, Release 10.
The following Fixlets were updated:
GEN001025 added
GEN005527 added
GEN000560 No longer also looks at /etc/pam.d/system-auth-ac
(because
/etc/pam.d/system-auth is a symlink to it)
GEN001300 Now only looks at regular files
GEN000241 Now checks /etc/cron.*/* instead of
just /etc/cron.daily/*,
and also checks maxpoll setting in /etc/ntp.conf
GEN001100 Now checks syslog authpriv logfiles instead
of /usr/bin/last
output
GEN001260 Now uses globalfind to check entire log directory trees
GEN001280 Added user changeable parameters
GEN001940 Now looks at all files in user top level directories,
not just
dotfiles
GEN002140 Added check for bad shells in /etc/shells
GEN002280 Added /dev/log to devices to exclude
GEN002360 Added audio to list of allowed groups
GEN002960 The user should disable this check if only the root user
is
permitted to use cron
GEN003160 Now gets cron logfile name from SYSLOG_CONF file
parameter
cron entry
GEN003180 Now gets cron logfile name from SYSLOG_CONF file
parameter
cron entry
GEN003190 Now gets cron logfile name from SYSLOG_CONF file
parameter
cron entry
GEN003660 The path to syslog.conf or rsyslog.conf is now a
parameter and
is exposed to the user
GEN004460 Exposed CONFIG_FILE parameter to users for path to
syslog.conf
or rsyslog.conf
GEN004480 Exposed CONFIG_FILE parameter to users for path to
syslog.conf
or rsyslog.conf
GEN004500 Exposed CONFIG_FILE parameter to users for path to
syslog.conf
or rsyslog.conf
GEN004510 Exposed ACL_FILE parameter to users for path to
syslog.conf or
rsyslog.conf
GEN005390 Exposed CONFIG_FILE parameter to users for path to
syslog.conf
or rsyslog.conf
GEN005395 Exposed ACL_FILE parameter to users for path to
syslog.conf or
rsyslog.conf
GEN005400 Exposed CONFIG_FILE parameter to users for path to
syslog.conf
or rsyslog.conf
GEN005420 Exposed CONFIG_FILE parameter to users for path to
syslog.conf
or rsyslog.conf
GEN005450 The path to syslog.conf or rsyslog.conf is now a
parameter and
is exposed to the user
GEN006600 The path to syslog.conf or rsyslog.conf is now a
parameter and
is exposed to the user
GEN008050 Now only applies if ldap is used in /etc/nsswitch.conf
*Site versions provided for air-gap customers.
We hope you find this latest release of SCM content useful and effective.
Thank you!
-- The IBM Endpoint Manager for Security and Compliance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20150629/37f5de6a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20150629/37f5de6a/attachment.gif>
More information about the Besadmin-announcements
mailing list