mitre
diff --git a/‎.github/workflows/lint-profile.yml‎
Lines changed: 0 additions & 12 deletions b/‎.github/workflows/lint-profile.yml‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎.github/workflows/validate-ec2-ansible-lockdown.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/validate-ec2-ansible-lockdown.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/validate-ec2-disa.yml‎
Lines changed: 5 additions & 5 deletions b/‎.github/workflows/validate-ec2-disa.yml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎.gitignore‎
Lines changed: 5 additions & 3 deletions b/‎.gitignore‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎README.md‎
Lines changed: 19 additions & 18 deletions b/‎README.md‎
Lines changed: 19 additions & 18 deletions
diff --git a/‎container.hardened.inputs.yml‎
Lines changed: 4 additions & 0 deletions b/‎container.hardened.inputs.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎container.vanilla.inputs.yml‎
Lines changed: 4 additions & 0 deletions b/‎container.vanilla.inputs.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎control_list.txt.bak.20231227000426‎
Lines changed: 0 additions & 7 deletions b/‎control_list.txt.bak.20231227000426‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎controls/SV-257777.rb‎
Lines changed: 1 addition & 2 deletions b/‎controls/SV-257777.rb‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎controls/SV-257778.rb‎
Lines changed: 1 addition & 2 deletions b/‎controls/SV-257778.rb‎
Lines changed: 1 addition & 2 deletions
@@ -24,18 +24,6 @@ jobs:
       - name: Check out repository
         uses: actions/checkout@v4
 
-      - name: Clone full repository so we can push
-        run: git fetch --prune --unshallow
-
-      - name: Set short git commit SHA
-        id: vars
-        run: |
-          calculatedSha=$(git rev-parse --short ${{ github.sha }})
-          echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV
-
-      - name: Confirm git commit SHA output
-        run: echo ${{ env.COMMIT_SHORT_SHA }}
-
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
         with:
 
@@ -11,8 +11,8 @@ jobs:
       CHEF_LICENSE: accept-silent
       CHEF_LICENSE_KEY: ${{ secrets.SAF_CHEF_LICENSE_KEY }}
       KITCHEN_LOCAL_YAML: kitchen.ec2.ansible_lockdown.yml
-      SAF_PIPELINE_SUBNET: ${{ secrets.SAF_PIPELINE_SUBNET }}
-      SAF_PIPELINE_SG: ${{ secrets.SAF_PIPELINE_SG }}
+      #SAF_PIPELINE_SUBNET: ${{ secrets.SAF_PIPELINE_SUBNET }}
+      #SAF_PIPELINE_SG: ${{ secrets.SAF_PIPELINE_SG }}
       DEPLOYMENT: "ec2"
       HARDENING_SOURCE: "ansible_lockdown"
       PLATFORM: "rhel-9"
@@ -30,8 +30,8 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.SAF_AWS_ACCESS_KEY }}
-          aws-secret-access-key: ${{ secrets.SAF_AWS_SECRET_ACCESS_KEY }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: us-east-1
 
       - name: Check out repository
 
@@ -11,8 +11,8 @@ jobs:
       CHEF_LICENSE: accept-silent
       CHEF_LICENSE_KEY: ${{ secrets.SAF_CHEF_LICENSE_KEY }}
       KITCHEN_LOCAL_YAML: kitchen.ec2.disa.yml
-      SAF_PIPELINE_SUBNET: ${{ secrets.SAF_PIPELINE_SUBNET }}
-      SAF_PIPELINE_SG: ${{ secrets.SAF_PIPELINE_SG }}
+      #SAF_PIPELINE_SUBNET: ${{ secrets.SAF_PIPELINE_SUBNET }}
+      #SAF_PIPELINE_SG: ${{ secrets.SAF_PIPELINE_SG }}
       DEPLOYMENT: "ec2"
       HARDENING_SOURCE: "disa"
       PLATFORM: "rhel-9"
@@ -30,8 +30,8 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.SAF_AWS_ACCESS_KEY }}
-          aws-secret-access-key: ${{ secrets.SAF_AWS_SECRET_ACCESS_KEY }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: us-east-1
 
       - name: Check out repository
@@ -94,7 +94,7 @@ jobs:
             -F "public=true" -F "evaluationTags=${{ env.COMMIT_SHORT_SHA }},${{ github.repository }},${{ github.workflow }},${{ matrix.suite }},${{ env.DEPLOYMENT }},${{ env.HARDENING_SOURCE }},${{ env.PLATFORM }}" \
             -H "Authorization: Api-Key ${{ secrets.SAF_HEIMDALL_UPLOAD_KEY }}" \
             "${{ vars.SAF_HEIMDALL_URL }}/evaluations"
-            
+
       - name: Display our ${{ matrix.suite }} results summary
         if: ${{ !contains(steps.commit.outputs.message, 'only-validate-profile') }}
         uses: mitre/[email protected]
 
@@ -1,3 +1,5 @@
+aws
+awscliv2.zip
 .DS_Store
 *.gem
 *.rbc
@@ -68,8 +70,8 @@ build-iPhoneSimulator/
 .vscode
 
 # delta files
-delta.json
-report.md
-*xccdf.xml
+# delta.json
+# report.md
+# *xccdf.xml
 check-results.txt
 kitchen.local.ec2.yml
@@ -2,8 +2,8 @@
 
 The Redhat Enterprise Linux 9.X Security Technical Implementation Guide (RHEL9.x STIG) InSpec Profile can help programs automate their compliance checks of RedHat Enterprise Linux 9.x System to Department of Defense (DoD) requirements.
 
-- Profile Version: `1.2.2`
-- RedHat Enterprise Linux 9 Security Technical Implementation Guide v1r2
+- Profile Version: `2.4.0`
+- RedHat Enterprise Linux 9 Security Technical Implementation Guide v2r4
 
 This profile was developed to reduce the time it takes to perform a security checks based upon the STIG Guidance from the Defense Information Systems Agency (DISA) in partnership between the DISA Services Directorate (SD) and the DISA Risk Management Executive (RME) office.
 
@@ -14,17 +14,17 @@ The RHEL8 STIG Profile uses the [InSpec](https://github.com/inspec/inspec) open-
 Table of Contents
 =================
 
-* [RedHat Enterprise Linux 9.x Security Technical Implementation Guide InSpec Profile](#redhat-enterprise-linux-9x-security-technical-implementation-guide-inspec-profile)
-   * [RedHat 9.x Enterprise Linux Security Technical Implementation Guide (RHEL9 STIG)](#redhat-9x-enterprise-linux-security-technical-implementation-guide-rhel9-stig)
-* [Getting Started and Intended Usage](#getting-started-and-intended-usage)
-   * [Intended Usage - main vs releases](#intended-usage---main-vs-releases)
-   * [Environment Aware Testing](#environment-aware-testing)
-   * [Tailoring to Your Environment](#tailoring-to-your-environment)
-* [Running the Profile](#running-the-profile)
-   * [(connected) Running the Profile Directly](#connected-running-the-profile-directly)
-   * [(disconnected) Running the profile from a local archive copy](#disconnected-running-the-profile-from-a-local-archive-copy)
-   * [Different Run Options](#different-run-options)
-* [Using Heimdall for Viewing Test Results and Exporting for Checklist and eMASS](#using-heimdall-for-viewing-test-results-and-exporting-for-checklist-and-emass)
+- [RedHat Enterprise Linux 9.x Security Technical Implementation Guide InSpec Profile](#redhat-enterprise-linux-9x-security-technical-implementation-guide-inspec-profile)
+  - [RedHat 9.x Enterprise Linux Security Technical Implementation Guide (RHEL9 STIG)](#redhat-9x-enterprise-linux-security-technical-implementation-guide-rhel9-stig)
+- [Getting Started and Intended Usage](#getting-started-and-intended-usage)
+  - [Intended Usage - main vs releases](#intended-usage---main-vs-releases)
+  - [Environment Aware Testing](#environment-aware-testing)
+  - [Tailoring to Your Environment](#tailoring-to-your-environment)
+- [Running the Profile](#running-the-profile)
+  - [(connected) Running the Profile Directly](#connected-running-the-profile-directly)
+  - [(disconnected) Running the profile from a local archive copy](#disconnected-running-the-profile-from-a-local-archive-copy)
+  - [Different Run Options](#different-run-options)
+- [Using Heimdall for Viewing Test Results and Exporting for Checklist and eMASS](#using-heimdall-for-viewing-test-results-and-exporting-for-checklist-and-emass)
 
 ## RedHat 9.x Enterprise Linux Security Technical Implementation Guide (RHEL9 STIG)
 
@@ -38,7 +38,7 @@ The RHEL9.x STIG profile checks were developed to provide technical implementati
 
 ### Source Guidance
 
-- RedHat Enterprise Linux 9 Security Technical Implementation Guide v1r2
+- RedHat Enterprise Linux 9 Security Technical Implementation Guide v2r4
 
 ### Current Profile Statistics
 
@@ -150,11 +150,12 @@ You can deploy your own instances of Heimdall-Lite or Heimdall Server easily via
 
 # Authors
 
-Defense Information Systems Agency (DISA) https://www.disa.mil/
+Defense Information Systems Agency (DISA) <https://www.disa.mil/>
 
-STIG support by DISA Risk Management Team and Cyber Exchange https://public.cyber.mil/
+STIG support by DISA Risk Management Team and Cyber Exchange <https://public.cyber.mil/>
 
-MITRE Security Automation Framework Team https://saf.mitre.org
+MITRE Security Automation Framework Team <https://saf.mitre.org>
 
 ### NOTICE
-DISA STIGs are published by DISA IASE, see: https://iase.disa.mil/Pages/privacy_policy.aspx
+
+DISA STIGs are published by DISA IASE, see: <https://iase.disa.mil/Pages/privacy_policy.aspx>
@@ -276,4 +276,8 @@ approved_tunnels: []
 # Is the target expected to be a virtual machine
 virtual_machine: true
 
+# SV-257978
 allow_container_openssh_server: false
+
+# SV-257978
+physical_protections_employed: false
@@ -276,4 +276,8 @@ approved_tunnels: []
 # Is the target expected to be a virtual machine
 virtual_machine: true
 
+# SV-257978
 allow_container_openssh_server: true
+
+# SV-257978
+physical_protections_employed: false
@@ -12,11 +12,10 @@
 If the installed version of RHEL 9 is not supported, this is a finding.'
   desc 'fix', 'Upgrade to a supported version of RHEL 9.'
   impact 0.7
-  ref 'DPMS Target Red Hat Enterprise Linux 9'
   tag severity: 'high'
   tag gtitle: 'SRG-OS-000480-GPOS-00227'
   tag gid: 'V-257777'
-  tag rid: 'SV-257777r925318_rule'
+  tag rid: 'SV-257777r991589_rule'
   tag stig_id: 'RHEL-09-211010'
   tag fix_id: 'F-61442r925317_fix'
   tag cci: ['CCI-000366']
 
@@ -23,11 +23,10 @@
 
 $ sudo dnf update'
   impact 0.5
-  ref 'DPMS Target Red Hat Enterprise Linux 9'
   tag severity: 'medium'
   tag gtitle: 'SRG-OS-000480-GPOS-00227'
   tag gid: 'V-257778'
-  tag rid: 'SV-257778r925321_rule'
+  tag rid: 'SV-257778r991589_rule'
   tag stig_id: 'RHEL-09-211015'
   tag fix_id: 'F-61443r925320_fix'
   tag cci: ['CCI-000366']