[issue #405] updating NIST 800-53 refs for accounts_password_warn_age#411
Merged
iankko merged 1 commit intoJan 20, 2015
Conversation
shawndwells
changed the title
|
Just out-of-curiosity wouldn't rules: wouldn't be better candidate rules to hold the So adding it to |
iankko
pushed a commit
that referenced
this pull request
Jan 20, 2015
[issue #405] updating NIST 800-53 refs for accounts_password_warn_age
redhatrises
modified the milestones:
Version 0.1.21: RHEL-6 USGCB stabilization towards Tier IV,
0.1.22
israel-villar
added a commit
to israel-villar/content
that referenced
this pull request
May 24, 2026
- Enable SCE content build for Debian 11/12/13 in CMakeLists.txt
- Fix all_apparmor_profiles_enforced SCE script:
- Add fallback XCCDF_RESULT_PASS/FAIL values for environments where
the engine does not export them (e.g. noexec /tmp + missing
oscap-run-sce-script on Debian with OpenSCAP 1.4.x)
- Guard aa-status output with grep -oE '^[0-9]+$' and ${var:-0} to
prevent bash arithmetic errors when output is empty or non-numeric
- Add 2>/dev/null to suppress spurious stderr from aa-status
- Add debian13 to platform list
- Apply same aa-status robustness fixes to
all_apparmor_profiles_in_enforce_complain_mode SCE script
- Extend bash/shared.sh and test scenarios to use
find/aa-enforce|aa-complain per-file (ubuntu/debian workaround for
apparmor-utils issue ComplianceAsCode#411) instead of glob aa-enforce/aa-complain
- Add debian13 packagename override in apparmor_configured rule.yml
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
israel-villar
added a commit
to israel-villar/content
that referenced
this pull request
Jun 4, 2026
- Enable SCE content build for Debian 11/12/13 in CMakeLists.txt
- Fix all_apparmor_profiles_enforced SCE script:
- Add fallback XCCDF_RESULT_PASS/FAIL values for environments where
the engine does not export them (e.g. noexec /tmp + missing
oscap-run-sce-script on Debian with OpenSCAP 1.4.x)
- Guard aa-status output with grep -oE '^[0-9]+$' and ${var:-0} to
prevent bash arithmetic errors when output is empty or non-numeric
- Add 2>/dev/null to suppress spurious stderr from aa-status
- Add debian13 to platform list
- Apply same aa-status robustness fixes to
all_apparmor_profiles_in_enforce_complain_mode SCE script
- Extend bash/shared.sh and test scenarios to use
find/aa-enforce|aa-complain per-file (ubuntu/debian workaround for
apparmor-utils issue ComplianceAsCode#411) instead of glob aa-enforce/aa-complain
- Add debian13 packagename override in apparmor_configured rule.yml
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
resolves #405
AC-2(2) language:
Feedback from NRO / @lukek1 & @lindelled's program request this mapping. This also removes discrepancies between SSG mappings and those provided by SECSCAN