Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Slmicro5 stig add audit rules dac/usergroup modification based rules support #12278

Merged
merged 10 commits into from
Aug 27, 2024
Merged

Slmicro5 stig add audit rules dac/usergroup modification based rules support #12278

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
c70020f
add rule audit_rules_dac_modification_fremovexattr to slmicro5 stig p…
svet-se Aug 7, 2024
6b9613f
add rule audit_rules_dac_modification_lchown to slmicro5 stig profile
svet-se Aug 7, 2024
e6c4bd1
add rule audit_rules_dac_modification_fchmod to slmicro5 stig profile
svet-se Aug 7, 2024
2780204
add rule audit_rules_dac_modification to slmicro5 stig profile
svet-se Aug 7, 2024
1ff6d8a
add rule audit_rules_dac_modification_umount2 to slmicro5 stig profile
svet-se Aug 7, 2024
19ab6a5
Fix SLEM-05-654175
svet-se Aug 7, 2024
b114736
add rule audit_rules_usergroup_modification_group to slmicro5 stig pr…
svet-se Aug 7, 2024
237fae4
add rule audit_rules_usergroup_modification_shadow to slmicro5 stig p…
svet-se Aug 7, 2024
29fd3c3
add rule audit_rules_usergroup_modification_opasswd to slmicro5 stig …
svet-se Aug 7, 2024
aacd201
Align CCE availability
teacup-on-rockingchair Aug 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 24 additions & 16 deletions controls/stig_slmicro5.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1686,17 +1686,19 @@ controls:
title:
SLEM 5 must generate audit records for all account creations, modifications,
disabling, and termination events that affect /etc/group.
rules: []
status: pending
rules:
- audit_rules_usergroup_modification_group
status: automated

- id: SLEM-05-654135
levels:
- medium
title:
SLEM 5 must generate audit records for all account creations, modifications,
disabling, and termination events that affect /etc/security/opasswd.
rules: []
status: pending
rules:
- audit_rules_usergroup_modification_opasswd
status: automated

- id: SLEM-05-654140
levels:
Expand All @@ -1714,26 +1716,29 @@ controls:
title:
SLEM 5 must generate audit records for all account creations, modifications,
disabling, and termination events that affect /etc/shadow.
rules: []
status: pending
rules:
- audit_rules_usergroup_modification_shadow
status: automated

- id: SLEM-05-654150
levels:
- medium
title:
SLEM 5 must generate audit records for all uses of the "chmod", "fchmod"
and "fchmodat" system calls.
rules: []
status: pending
rules:
- audit_rules_dac_modification_fchmod
status: automated

- id: SLEM-05-654155
levels:
- medium
title:
SLEM 5 must generate audit records for all uses of the "chown", "fchown",
"fchownat", and "lchown" system calls.
rules: []
status: pending
rules:
- audit_rules_dac_modification_lchown
status: automated

- id: SLEM-05-654160
levels:
Expand Down Expand Up @@ -1769,24 +1774,27 @@ controls:
levels:
- medium
title: SLEM 5 must generate audit records for all uses of the "mount" system call.
rules: []
status: pending
rules:
- audit_rules_media_export
status: automated

- id: SLEM-05-654180
levels:
- medium
title:
SLEM 5 must generate audit records for all uses of the "setxattr", "fsetxattr",
"lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" system calls.
rules: []
status: pending
rules:
- audit_rules_dac_modification_fremovexattr
status: automated

- id: SLEM-05-654185
levels:
- medium
title: SLEM 5 must generate audit records for all uses of the "umount" system call.
rules: []
status: pending
rules:
- audit_rules_dac_modification_umount2
status: automated

- id: SLEM-05-654190
levels:
Expand Down
1 change: 1 addition & 0 deletions ...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ identifiers:
cce@rhel10: CCE-88200-1
cce@sle12: CCE-83133-9
cce@sle15: CCE-85694-8
cce@slmicro5: CCE-93653-4

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...ditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ identifiers:
cce@rhel10: CCE-88352-0
cce@sle12: CCE-83138-8
cce@sle15: CCE-85686-4
cce@slmicro5: CCE-93651-8

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ identifiers:
cce@rhel10: CCE-88243-1
cce@sle12: CCE-83135-4
cce@sle15: CCE-85691-4
cce@slmicro5: CCE-93652-6

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...ng/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ identifiers:
cce@rhel10: CCE-89822-1
cce@sle12: CCE-83219-6
cce@sle15: CCE-91250-1
cce@slmicro5: CCE-93655-9

references:
disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
Expand Down
1 change: 1 addition & 0 deletions linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ identifiers:
cce@rhel10: CCE-86590-7
cce@sle12: CCE-83217-0
cce@sle15: CCE-85718-5
cce@slmicro5: CCE-93654-2

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...s/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ identifiers:
cce@rhel10: CCE-87111-1
cce@sle12: CCE-83121-4
cce@sle15: CCE-85578-3
cce@slmicro5: CCE-93657-5

references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions ...guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ identifiers:
cce@rhel10: CCE-90664-4
cce@sle12: CCE-83123-0
cce@sle15: CCE-85728-4
cce@slmicro5: CCE-93659-1

references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
Expand Down
1 change: 1 addition & 0 deletions .../guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ identifiers:
cce@rhel10: CCE-88637-4
cce@sle12: CCE-83122-2
cce@sle15: CCE-85579-1
cce@slmicro5: CCE-93658-3

references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
Expand Down
7 changes: 0 additions & 7 deletions shared/references/cce-slmicro5-avail.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,3 @@
CCE-93651-8
CCE-93652-6
CCE-93653-4
CCE-93654-2
CCE-93655-9
CCE-93657-5
CCE-93658-3
CCE-93659-1
CCE-93661-7
CCE-93662-5
Expand Down
2 changes: 1 addition & 1 deletion shared/templates/audit_rules_dac_modification/ansible.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
# reboot = true
# strategy = restrict
# complexity = low
Expand Down
2 changes: 1 addition & 1 deletion shared/templates/audit_rules_dac_modification/bash.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian

# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
Expand Down
Loading