File GCE.changes.json of Package SLES15-SP7-SAP-Hardened-BYOS

{
  "0.9.3": [
    {
      "change": "Add work-around for broken hardening rule (bsc#1241615)",
      "date": "2025-04-24T11:45:05",
      "details": "Add temporary work-around for broken evaluation of limit password reuse\nhardening rule."
    },
    {
      "change": "No root login with password over ssh",
      "date": "2025-04-21T20:34:43",
      "details": "Do not allow root to login via ssh using a password. While we already have\nmeasures in place to make it difficult to setup password based login via\nssh, this adds another layer addressing the root user. Cloud instances\nshould only used key based login."
    },
    {
      "change": "Disable password based login for ssh",
      "date": "2025-04-18T11:40:04",
      "details": "Depending on the protocol version for SSH we need to set either\nChallengeResponseAuthentication or KbdInteractiveAuthentication to\n\"no\". Prior to this change we only set ChallengeResponseAuthentication\nallowing password based login when the SSHv2 protocol is used. We now\nmodify newer config files appropriately."
    },
    {
      "change": "Drop instance-billing-flavor check from CHOST and Azure LI/VLI",
      "date": "2025-03-12T12:56:10"
    },
    {
      "change": "Disable KBD numlock (bsc#1230336)",
      "date": "2025-02-04T12:51:31",
      "details": "Disable KBB numlock to work around kernel crash with TDX."
    }
  ],
  "0.9.2": [],
  "0.9.1": [
    {
      "change": "Create empty /etc/security/opasswd",
      "date": "2025-01-15T15:32:49",
      "details": "Mitigation for rule xccdf_org.ssgproject.content_rule_file_etc_security_opasswd\nfails if file is absent."
    }
  ],
  "0.9.0": [
    {
      "change": "New image",
      "date": "2025-01-06T17:06+00:00"
    }
  ]
}