You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
68 lines
3.3 KiB
68 lines
3.3 KiB
From 9062da533315a871939f3c22d4154e1f4141d432 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
Date: Tue, 5 Dec 2023 16:22:30 +0100
|
|
Subject: [PATCH 13/14] Minor modifications to RHEL STIG profiles
|
|
|
|
Patch-name: scap-security-guide-0.1.72-remove_stig_ids-PR_11327.patch
|
|
Patch-status: Minor modifications to RHEL STIG profiles
|
|
---
|
|
controls/stig_rhel9.yml | 2 +-
|
|
.../password_quality/passwd_system-auth_substack/rule.yml | 1 -
|
|
.../audit_rules_immutable_login_uids/rule.yml | 1 +
|
|
.../auditing/policy_rules/audit_immutable_login_uids/rule.yml | 2 --
|
|
4 files changed, 2 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml
|
|
index b576ba08c3..73d9e9e1aa 100644
|
|
--- a/controls/stig_rhel9.yml
|
|
+++ b/controls/stig_rhel9.yml
|
|
@@ -4114,7 +4114,7 @@ controls:
|
|
- medium
|
|
title: RHEL 9 audit system must protect logon UIDs from unauthorized change.
|
|
rules:
|
|
- - audit_immutable_login_uids
|
|
+ - audit_rules_immutable_login_uids
|
|
status: automated
|
|
|
|
- id: RHEL-09-654275
|
|
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/passwd_system-auth_substack/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/passwd_system-auth_substack/rule.yml
|
|
index 89b82af3f2..55d3e47a54 100644
|
|
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/passwd_system-auth_substack/rule.yml
|
|
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/passwd_system-auth_substack/rule.yml
|
|
@@ -19,7 +19,6 @@ references:
|
|
nist: IA-5(1)(a),IA-5(1).1(v),IA-5(1)(a)
|
|
srg: SRG-OS-000069-GPOS-00037
|
|
stigid@ol7: OL07-00-010118
|
|
- stigid@rhel7: RHEL-07-010118
|
|
|
|
ocil_clause: '/etc/pam.d/passwd does not implement /etc/pam.d/system-auth'
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml
|
|
index 46e249efbb..6a8ea53fc5 100644
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml
|
|
@@ -33,6 +33,7 @@ references:
|
|
disa: CCI-000162,CCI-000163,CCI-000164
|
|
srg: SRG-OS-000462-GPOS-00206,SRG-OS-000475-GPOS-00220,SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029
|
|
stigid@rhel8: RHEL-08-030122
|
|
+ stigid@rhel9: RHEL-09-654270
|
|
|
|
ocil_clause: 'the system is not configured to make login UIDs immutable'
|
|
|
|
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
|
|
index 9f2f7dbc11..dbf1015a19 100644
|
|
--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
|
|
+++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
|
|
@@ -35,8 +35,6 @@ references:
|
|
ospp: FAU_GEN.1.2
|
|
srg: SRG-OS-000462-GPOS-00206,SRG-OS-000475-GPOS-00220,SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029
|
|
stigid@ol8: OL08-00-030122
|
|
- stigid@rhel8: RHEL-08-030122
|
|
- stigid@rhel9: RHEL-09-654270
|
|
|
|
ocil_clause: 'the file does not exist or the content differs'
|
|
|
|
--
|
|
2.43.0
|
|
|