|
|
575137 |
commit 0f82de52d96cd1e98e92ecfd5b8b82acbc050859
|
|
|
575137 |
Author: Gabriel Becker <ggasparb@redhat.com>
|
|
|
575137 |
Date: Mon Mar 11 14:44:01 2019 +0100
|
|
|
575137 |
|
|
|
575137 |
Assign RHEL8 CCE to OSPP rules which were missed during last CCE batch assignment.
|
|
|
575137 |
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
|
|
|
575137 |
index ca21ca80c..8a1abb475 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
|
|
|
575137 |
@@ -30,6 +30,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80988-9
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
ospp@rhel7: FAU_GEN.1.1.c
|
|
|
575137 |
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
|
|
|
575137 |
index 569e67390..f977fcf9b 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
|
|
|
575137 |
@@ -30,6 +30,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80989-7
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
ospp@rhel7: FAU_GEN.1.1.c
|
|
|
575137 |
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
|
|
|
575137 |
index d05aad935..878932fe6 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
|
|
|
575137 |
@@ -30,6 +30,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80991-3
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
ospp@rhel7: FAU_GEN.1.1.c
|
|
|
575137 |
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
|
|
|
575137 |
index 6e251ae77..0cd0337f1 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
|
|
|
575137 |
@@ -30,6 +30,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80992-1
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
ospp@rhel7: FAU_GEN.1.1.c
|
|
|
575137 |
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
|
|
|
575137 |
index 24b24ae82..9bb571290 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
|
|
|
575137 |
@@ -30,6 +30,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80990-5
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
ospp@rhel7: FAU_GEN.1.1.c
|
|
|
575137 |
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml
|
|
|
575137 |
index 0fead2af7..81804a44b 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml
|
|
|
575137 |
@@ -27,6 +27,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80975-6
|
|
|
575137 |
+
|
|
|
575137 |
{{{ complete_ocil_entry_audit_syscall(syscall="chmod") }}}
|
|
|
575137 |
|
|
|
575137 |
warnings:
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml
|
|
|
575137 |
index a7866b9e8..414946dfd 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml
|
|
|
575137 |
@@ -27,6 +27,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80984-8
|
|
|
575137 |
+
|
|
|
575137 |
{{{ complete_ocil_entry_audit_syscall(syscall="chown") }}}
|
|
|
575137 |
|
|
|
575137 |
warnings:
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml
|
|
|
575137 |
index d99ed0be6..68ddc37ee 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml
|
|
|
575137 |
@@ -27,6 +27,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80977-2
|
|
|
575137 |
+
|
|
|
575137 |
{{{ complete_ocil_entry_audit_syscall(syscall="fchmod") }}}
|
|
|
575137 |
|
|
|
575137 |
warnings:
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml
|
|
|
575137 |
index 988c604f6..dfea56dc3 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml
|
|
|
575137 |
@@ -27,6 +27,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80976-4
|
|
|
575137 |
+
|
|
|
575137 |
{{{ complete_ocil_entry_audit_syscall(syscall="fchmodat") }}}
|
|
|
575137 |
|
|
|
575137 |
warnings:
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml
|
|
|
575137 |
index 09aabbb8e..313f359f1 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml
|
|
|
575137 |
@@ -27,6 +27,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80986-3
|
|
|
575137 |
+
|
|
|
575137 |
{{{ complete_ocil_entry_audit_syscall(syscall="fchown") }}}
|
|
|
575137 |
|
|
|
575137 |
warnings:
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml
|
|
|
575137 |
index 28617ead9..fd688b54f 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml
|
|
|
575137 |
@@ -27,6 +27,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80985-5
|
|
|
575137 |
+
|
|
|
575137 |
{{{ complete_ocil_entry_audit_syscall(syscall="fchownat") }}}
|
|
|
575137 |
|
|
|
575137 |
warnings:
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml
|
|
|
575137 |
index 62030fe81..1c47c86aa 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml
|
|
|
575137 |
@@ -27,6 +27,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80978-0
|
|
|
575137 |
+
|
|
|
575137 |
{{{ complete_ocil_entry_audit_syscall(syscall="fremovexattr") }}}
|
|
|
575137 |
|
|
|
575137 |
warnings:
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml
|
|
|
575137 |
index 0a7c9f1ec..3eac105a9 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml
|
|
|
575137 |
@@ -27,6 +27,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80979-8
|
|
|
575137 |
+
|
|
|
575137 |
{{{ complete_ocil_entry_audit_syscall(syscall="fsetxattr") }}}
|
|
|
575137 |
|
|
|
575137 |
warnings:
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml
|
|
|
575137 |
index 990925706..01a6393ba 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml
|
|
|
575137 |
@@ -27,6 +27,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80987-1
|
|
|
575137 |
+
|
|
|
575137 |
{{{ complete_ocil_entry_audit_syscall(syscall="lchown") }}}
|
|
|
575137 |
|
|
|
575137 |
warnings:
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml
|
|
|
575137 |
index 167ae03c6..66f340118 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml
|
|
|
575137 |
@@ -27,6 +27,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80980-6
|
|
|
575137 |
+
|
|
|
575137 |
{{{ complete_ocil_entry_audit_syscall(syscall="lremovexattr") }}}
|
|
|
575137 |
|
|
|
575137 |
warnings:
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml
|
|
|
575137 |
index 106d30321..928705ff3 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml
|
|
|
575137 |
@@ -27,6 +27,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80981-4
|
|
|
575137 |
+
|
|
|
575137 |
{{{ complete_ocil_entry_audit_syscall(syscall="lsetxattr") }}}
|
|
|
575137 |
|
|
|
575137 |
warnings:
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml
|
|
|
575137 |
index c509cf49c..4c60c1397 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml
|
|
|
575137 |
@@ -34,6 +34,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80965-7
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
cis: 5.2.10
|
|
|
575137 |
cui: 3.1.7
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
|
|
|
575137 |
index fb72b3d4f..7375db879 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
|
|
|
575137 |
@@ -33,6 +33,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80966-5
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
cis: 5.2.10
|
|
|
575137 |
cui: 3.1.7
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml
|
|
|
575137 |
index c71447c34..7a79af855 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml
|
|
|
575137 |
@@ -45,6 +45,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80967-3
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
cis: 5.2.10
|
|
|
575137 |
cui: 3.1.7
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml
|
|
|
575137 |
index 86e43df25..34bfd9099 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml
|
|
|
575137 |
@@ -34,6 +34,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80968-1
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
cis: 5.2.10
|
|
|
575137 |
cui: 3.1.7
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml
|
|
|
575137 |
index a05b8127b..f954430d7 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml
|
|
|
575137 |
@@ -33,6 +33,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80969-9
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
cis: 5.2.10
|
|
|
575137 |
cui: 3.1.7
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml
|
|
|
575137 |
index 6f792a5d7..cf04d5414 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml
|
|
|
575137 |
@@ -45,6 +45,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80970-7
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
cis: 5.2.10
|
|
|
575137 |
cui: 3.1.7
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml
|
|
|
575137 |
index 94eed0637..8ceb3c3b1 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml
|
|
|
575137 |
@@ -34,6 +34,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80962-4
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
cis: 5.2.10
|
|
|
575137 |
cui: 3.1.7
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml
|
|
|
575137 |
index 9875ae121..cf740430d 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml
|
|
|
575137 |
@@ -33,6 +33,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80963-2
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
cis: 5.2.10
|
|
|
575137 |
cui: 3.1.7
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml
|
|
|
575137 |
index 22f3b850d..65f9d1909 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml
|
|
|
575137 |
@@ -45,6 +45,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80964-0
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
cis: 5.2.10
|
|
|
575137 |
cui: 3.1.7
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml
|
|
|
575137 |
index 18fac94b1..b0898544e 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml
|
|
|
575137 |
@@ -27,6 +27,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80982-2
|
|
|
575137 |
+
|
|
|
575137 |
{{{ complete_ocil_entry_audit_syscall(syscall="removexattr") }}}
|
|
|
575137 |
|
|
|
575137 |
warnings:
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml
|
|
|
575137 |
index 7409ed4ab..6fd73df0d 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml
|
|
|
575137 |
@@ -26,6 +26,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80973-1
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
cis: 5.2.10
|
|
|
575137 |
cui: 3.1.7
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml
|
|
|
575137 |
index 96ce23fc7..beb16b6d5 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml
|
|
|
575137 |
@@ -26,6 +26,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80974-9
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
cis: 5.2.10
|
|
|
575137 |
cui: 3.1.7
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml
|
|
|
575137 |
index b8fbc09d1..1aff0f14e 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml
|
|
|
575137 |
@@ -27,6 +27,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80983-0
|
|
|
575137 |
+
|
|
|
575137 |
{{{ complete_ocil_entry_audit_syscall(syscall="setxattr") }}}
|
|
|
575137 |
|
|
|
575137 |
warnings:
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
|
|
|
575137 |
index 692d7fe4b..5f84d08a0 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
|
|
|
575137 |
@@ -26,6 +26,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80971-5
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
cis: 5.2.10
|
|
|
575137 |
cui: 3.1.7
|
|
|
575137 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
|
|
|
575137 |
index e52c07889..00bad657e 100644
|
|
|
575137 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
|
|
|
575137 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
|
|
|
575137 |
@@ -26,6 +26,9 @@ rationale: |-
|
|
|
575137 |
|
|
|
575137 |
severity: medium
|
|
|
575137 |
|
|
|
575137 |
+identifiers:
|
|
|
575137 |
+ cce@rhel8: 80972-3
|
|
|
575137 |
+
|
|
|
575137 |
references:
|
|
|
575137 |
cis: 5.2.10
|
|
|
575137 |
cui: 3.1.7
|