Description of problem: It is researched and found the link where it is mentioned that DISA directly ships V2 R1 for RHEL 7 profile from IASE but not from Red Hat. >> https://access.redhat.com/articles/2918071 Under the link, I found >> https://iase.disa.mil/stigs/os/unix-linux/Pages/red-hat.aspx Version-Release number of selected component (if applicable): scap-security-guide-0.1.40-12.el7 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: No STIG for RHEL 7 V2 R1 present. Expected results: STIG for RHL 7 V2 R1 in scap-security-gude. Additional info:
Engineering committed to shipping this as part of RHEL 8 GA. Has that changed?
edit: RHEL 8 GA *and* next RHEL 7 rebase
*** Bug 1673665 has been marked as a duplicate of this bug. ***
I see DISA STIG v2r8 was added upstream 3 days ago (https://github.com/ComplianceAsCode/content/commit/a2d23c9e646fb1e0d670a142b0a43ed055d004fa#diff-1d36a525916ee28ef8d16a52a25659c4). Can we expect the Red Hat-shipped scap-security-guide package to incorporate this update anytime soon? Thanks.
(In reply to Pablo Hess from comment #14) > I see DISA STIG v2r8 was added upstream 3 days ago > (https://github.com/ComplianceAsCode/content/commit/ > a2d23c9e646fb1e0d670a142b0a43ed055d004fa#diff- > 1d36a525916ee28ef8d16a52a25659c4). > > Can we expect the Red Hat-shipped scap-security-guide package to incorporate > this update anytime soon? > > Thanks. There is a plan to update the package scap-security-guide with the latest upstream version of DISA STIG v2r8 as you mentioned. You can follow the development of this bugzilla to know its progress.
Update title with latest DISA STIG version (V2R8) available.
Red Hat Enterprise Linux 7 shipped it's final minor release on September 29th, 2020. 7.9 was the last minor releases scheduled for RHEL 7. From intial triage it does not appear the remaining Bugzillas meet the inclusion criteria for Maintenance Phase 2 and will now be closed. From the RHEL life cycle page: https://access.redhat.com/support/policy/updates/errata#Maintenance_Support_2_Phase "During Maintenance Support 2 Phase for Red Hat Enterprise Linux version 7,Red Hat defined Critical and Important impact Security Advisories (RHSAs) and selected (at Red Hat discretion) Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available." If this BZ was closed in error and meets the above criteria please re-open it flag for 7.9.z, provide suitable business and technical justifications, and follow the process for Accelerated Fixes: https://source.redhat.com/groups/public/pnt-cxno/pnt_customer_experience_and_operations_wiki/support_delivery_accelerated_fix_release_handbook Feature Requests can re-opened and moved to RHEL 8 if the desired functionality is not already present in the product. Please reach out to the applicable Product Experience Engineer[0] if you have any questions or concerns. [0] https://bugzilla.redhat.com/page.cgi?id=agile_component_mapping.html&product=Red+Hat+Enterprise+Linux+7
Apologies for the inadvertent closure.
Created attachment 1736423 [details] STIG HTML report (Server variant)
Created attachment 1736425 [details] STIG HTML report (Server with GUI variant)
Verified for scap-security-guide-0.1.52-2.el7_9 based on comment 43.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:5451