Merge pull request #12278 from svet-se/slmicro5-stig-add-audit-rules-…

…dac-modification-based-rules-support Slmicro5 stig add audit rules dac/usergroup modification based rules support
ComplianceAsCode · Aug 27, 2024 · 2f91910 · 2f91910
2 parents 6a1c4f6 + aacd201
commit 2f91910
Show file tree

Hide file tree

Showing 12 changed files with 34 additions and 25 deletions.
diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
@@ -1686,17 +1686,19 @@ controls:
       title:
           SLEM 5 must generate audit records for all account creations, modifications,
           disabling, and termination events that affect /etc/group.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_usergroup_modification_group
+      status: automated
 
     - id: SLEM-05-654135
       levels:
           - medium
       title:
           SLEM 5 must generate audit records for all account creations, modifications,
           disabling, and termination events that affect /etc/security/opasswd.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_usergroup_modification_opasswd
+      status: automated
 
     - id: SLEM-05-654140
       levels:
@@ -1714,26 +1716,29 @@ controls:
       title:
           SLEM 5 must generate audit records for all account creations, modifications,
           disabling, and termination events that affect /etc/shadow.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_usergroup_modification_shadow
+      status: automated
 
     - id: SLEM-05-654150
       levels:
           - medium
       title:
           SLEM 5 must generate audit records for all uses of the "chmod", "fchmod"
           and "fchmodat" system calls.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_dac_modification_fchmod
+      status: automated
 
     - id: SLEM-05-654155
       levels:
           - medium
       title:
           SLEM 5 must generate audit records for all uses of the "chown", "fchown",
           "fchownat", and "lchown" system calls.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_dac_modification_lchown
+      status: automated
 
     - id: SLEM-05-654160
       levels:
@@ -1769,24 +1774,27 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "mount" system call.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_media_export
+      status: automated
 
     - id: SLEM-05-654180
       levels:
           - medium
       title:
           SLEM 5 must generate audit records for all uses of the "setxattr", "fsetxattr",
           "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" system calls.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_dac_modification_fremovexattr
+      status: automated
 
     - id: SLEM-05-654185
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "umount" system call.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_dac_modification_umount2
+      status: automated
 
     - id: SLEM-05-654190
       levels:

diff --git a/...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
@@ -33,6 +33,7 @@ identifiers:
     cce@rhel10: CCE-88200-1
     cce@sle12: CCE-83133-9
     cce@sle15: CCE-85694-8
+    cce@slmicro5: CCE-93653-4
 
 references:
     cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9

diff --git a/...ditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/...ditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
@@ -50,6 +50,7 @@ identifiers:
     cce@rhel10: CCE-88352-0
     cce@sle12: CCE-83138-8
     cce@sle15: CCE-85686-4
+    cce@slmicro5: CCE-93651-8
 
 references:
     cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9

diff --git a/...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
@@ -36,6 +36,7 @@ identifiers:
     cce@rhel10: CCE-88243-1
     cce@sle12: CCE-83135-4
     cce@sle15: CCE-85691-4
+    cce@slmicro5: CCE-93652-6
 
 references:
     cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9

diff --git a/...ng/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml b/...ng/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml
@@ -32,6 +32,7 @@ identifiers:
     cce@rhel10: CCE-89822-1
     cce@sle12: CCE-83219-6
     cce@sle15: CCE-91250-1
+    cce@slmicro5: CCE-93655-9
 
 references:
     disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884

diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
@@ -31,6 +31,7 @@ identifiers:
     cce@rhel10: CCE-86590-7
     cce@sle12: CCE-83217-0
     cce@sle15: CCE-85718-5
+    cce@slmicro5: CCE-93654-2
 
 references:
     cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9

diff --git a/...s/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/...s/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
@@ -33,6 +33,7 @@ identifiers:
     cce@rhel10: CCE-87111-1
     cce@sle12: CCE-83121-4
     cce@sle15: CCE-85578-3
+    cce@slmicro5: CCE-93657-5
 
 references:
     cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9

diff --git a/...guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/...guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
@@ -33,6 +33,7 @@ identifiers:
     cce@rhel10: CCE-90664-4
     cce@sle12: CCE-83123-0
     cce@sle15: CCE-85728-4
+    cce@slmicro5: CCE-93659-1
 
 references:
     cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9

diff --git a/.../guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/.../guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
@@ -33,6 +33,7 @@ identifiers:
     cce@rhel10: CCE-88637-4
     cce@sle12: CCE-83122-2
     cce@sle15: CCE-85579-1
+    cce@slmicro5: CCE-93658-3
 
 references:
     cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9

diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
@@ -1,10 +1,3 @@
-CCE-93651-8
-CCE-93652-6
-CCE-93653-4
-CCE-93654-2
-CCE-93655-9
-CCE-93657-5
-CCE-93658-3
 CCE-93659-1
 CCE-93661-7
 CCE-93662-5

diff --git a/shared/templates/audit_rules_dac_modification/ansible.template b/shared/templates/audit_rules_dac_modification/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
 # reboot = true
 # strategy = restrict
 # complexity = low

diff --git a/shared/templates/audit_rules_dac_modification/bash.template b/shared/templates/audit_rules_dac_modification/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system