Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Slmicro5 auth,security and audit STIG rules #12192

Merged
merged 10 commits into from
Jul 29, 2024
Merged

Slmicro5 auth,security and audit STIG rules #12192

merged 10 commits into from
Jul 29, 2024

Commits on Jul 25, 2024

  1. Add some user account related DISA STIG rules for SLE Micro 5.x platform 

    - enabled slmicro5 platform for accounts_passwords_pam_faildelay_delay and accounts_logon_fail_delay rules
- implemented new rule accounts_passwords_pam_tally2_file_selinux in the context of STIG SLEM-05-412030 requirement "SLEM 5 must use the default pam_tally2 tally directory."
    @teacup-on-rockingchair
    teacup-on-rockingchair committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    a4eee33 View commit details
    Browse the repository at this point in the history

  2. Add slmicro5 rule package_policycoreutils_installed 

    - Enable some specifics of the package applicability cheks for slmicro5
    @teacup-on-rockingchair
    teacup-on-rockingchair committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    ad38787 View commit details
    Browse the repository at this point in the history

  3. Add selinux basic support rules for slmicro5

    @teacup-on-rockingchair
    teacup-on-rockingchair committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    3dced9f View commit details
    Browse the repository at this point in the history

  4. Add package_audit-audispd-plugins_installed rule for slmicro5

    @teacup-on-rockingchair
    teacup-on-rockingchair committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    8f3801a View commit details
    Browse the repository at this point in the history

  5. Add to STIG for slmicro5 rules for audit of selinux commands

    @teacup-on-rockingchair
    teacup-on-rockingchair committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    8463bc2 View commit details
    Browse the repository at this point in the history

  6. Drop allocated CCEs from availabiility list

    @teacup-on-rockingchair
    teacup-on-rockingchair committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    b1bcccd View commit details
    Browse the repository at this point in the history

  7. Fix description of rule

    @teacup-on-rockingchair
    teacup-on-rockingchair committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    83682b7 View commit details
    Browse the repository at this point in the history

  8. Assign accounts_passwords_pam_tally2_file_selinux to pam component

    @teacup-on-rockingchair
    teacup-on-rockingchair committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    3c6bbe5 View commit details
    Browse the repository at this point in the history

  9. Add accounts_passwords_pam_tally2_file rule for default pam_tally2 ta… 

    …lly directory STIG requirement

Also fixed some platform references
    @teacup-on-rockingchair
    teacup-on-rockingchair committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    0ea87c2 View commit details
    Browse the repository at this point in the history

Commits on Jul 29, 2024

  1. Fix description of rule 

    tallylog_t term was carbon copied from DISA spec, which later discovered had a mistake, and though DISA were contacted and opened a ticket on their side, we forgot to fix the rule sections involving the tallylog_t.
Thanks @jan-cerny 🙇
    @teacup-on-rockingchair
    teacup-on-rockingchair committed Jul 29, 2024
    Configuration menu
    Copy the full SHA
    9b94058 View commit details
    Browse the repository at this point in the history