Version 5.2

15 December 2020

[FEATURE] Check template: New SAP security baseline v2.2 (Oct 2020)

[FEATURE] Scan comparison: Added scan information in the header of the system column

[FEATURE] Check: New AT-GA-0012-01: SU53 buffer entries must not be too small

[FEATURE] Check: New AT-GA-0013-01: Switchable auth check framework scenarios must be active

[FEATURE] Check: New CF-KE-0006-01: Prevent memory dumps via parameter abap/rabax_no_debug

[FEATURE] Check: New CF-PP-0003-01: Prevent deletion of update requests

[FEATURE] Check: New CF-WD-0025-01: IP address must be set in headerfield x-forwarded-for

[FEATURE] Check: New CO-LP-0011-01: Is the logon timestamp specific enough

[FEATURE] Check: New CO-LP-0012-01: Check logon ticket caching mechanism

[FEATURE] Check: New CO-LP-0013-01: Check logon ticket caching max entries

[FEATURE] Check: New CO-LP-0014-01: Check login quiet mode must be enabled

[FEATURE] Check: New CO-LP-0051-01: SSO ticket: login/ticket_expiration_time must be restricted

[FEATURE] Check: New CO-LP-0055-01: SSO: Accepting of sso2 tickets

[FEATURE] Check: New CO-LP-0056-01: SSO: Creating of sso2 tickets

[FEATURE] Check: New CO-PP-0010-01: Abap pw: Password logon disabled when SSO is active

[FEATURE] Check: New CO-PP-0045-01: Security policy: DISABLE_PASSWORD_LOGON

[FEATURE] Check: New CO-PP-0046-01: Security policy: DISABLE_TICKET_LOGON

[FEATURE] Check: New CO-PP-0047-01: Security policy: PASSWORD_CHANGE_FOR_SSO

[FEATURE] Check: New CO-PP-0050-01: Check the exceptions user group allowed for password logon

[FEATURE] Check: New EN-PH-0002-01: Password hash algorithm: Used algorithm

[FEATURE] Check: New EN-PH-0003-01: Password hash algorithm: Number of iterations

[FEATURE] Check: New EN-PH-0004-01: Password hash algorithm: Saltsize

[FEATURE] Check: New IN-LO-0030-01: ABAP security log: Max diskspace per file

[FEATURE] Check: New IN-LO-0031-01: ABAP security log: Max diskspace per day

[FEATURE] Check: New IN-LO-0032-01: ABAP security log: Max diskspace local

[FEATURE] Check: New IN-LO-0033-01: Authorisation trace: Availability via auth/auth_user_trace

[FEATURE] Check: New IN-LO-0034-01: Authorisation trace: Availability auth/authorization_trace

[FEATURE] Check: New IN-LO-0035-01: Is the ICM Security logging correctly switched on

[FEATURE] Check: New IN-LO-0036-01: Is the ICM HTTP logging correctly switched on

[FEATURE] Check: New IN-LO-0037-01: Is the ICM HTTP CLIENT logging correctly switched on

[FEATURE] Check: New IN-LO-0038-01: Is the Message Server HTTP logging correctly switched on

[FEATURE] Check: New PM-KP-0008-01: Is CommonCryptoLib patch level recent

[FEATURE] Check: New security notes checks

[FIX] System context: The latest Linux Suse and Red Hat versions are determined with the new file format