|
 |
fe0dde |
From 25dcc59ebea297789ee89cfe0263ec8575455da7 Mon Sep 17 00:00:00 2001
|
|
|
fe0dde |
From: Gabriel Becker <ggasparb@redhat.com>
|
|
|
fe0dde |
Date: Thu, 26 Nov 2020 15:45:10 +0100
|
|
|
fe0dde |
Subject: [PATCH 1/2] Update RHEL7 STIG profile with /var/log/audit related
|
|
|
fe0dde |
rules.
|
|
|
fe0dde |
|
|
|
fe0dde |
Add file_permissions_var_log_audit and file_ownership_var_log_audit to
|
|
|
fe0dde |
RHEL7 STIG profile.
|
|
|
fe0dde |
---
|
|
|
fe0dde |
.../file_ownership_var_log_audit/rule.yml | 1 +
|
|
|
fe0dde |
.../file_permissions_var_log_audit/oval/shared.xml | 2 +-
|
|
|
fe0dde |
.../file_permissions_var_log_audit/rule.yml | 1 +
|
|
|
fe0dde |
rhel7/profiles/stig.profile | 2 ++
|
|
|
fe0dde |
4 files changed, 5 insertions(+), 1 deletion(-)
|
|
|
fe0dde |
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
|
|
|
fe0dde |
index 248ff3598..8a8c71520 100644
|
|
|
fe0dde |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
|
|
|
fe0dde |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
|
|
|
fe0dde |
@@ -21,6 +21,7 @@ identifiers:
|
|
|
fe0dde |
|
|
|
fe0dde |
references:
|
|
|
fe0dde |
stigid@ol7: OL07-00-910055
|
|
|
fe0dde |
+ stigid@rhel7: RHEL-07-910055
|
|
|
fe0dde |
stigid@rhel6: RHEL-06-000384
|
|
|
fe0dde |
srg@rhel6: SRG-OS-000057
|
|
|
fe0dde |
disa@rhel6: CCI-000166
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/oval/shared.xml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/oval/shared.xml
|
|
|
fe0dde |
index 5941ea660f..1bb7dd453c 100644
|
|
|
fe0dde |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/oval/shared.xml
|
|
|
fe0dde |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/oval/shared.xml
|
|
|
fe0dde |
@@ -34,7 +34,7 @@
|
|
|
fe0dde |
</unix:file_object>
|
|
|
fe0dde |
|
|
|
fe0dde |
<unix:file_state id="state_not_mode_0600" version="1" operator="OR">
|
|
|
fe0dde |
-
|
|
|
fe0dde |
+
|
|
|
fe0dde |
<unix:suid datatype="boolean">true</unix:suid>
|
|
|
fe0dde |
<unix:sgid datatype="boolean">true</unix:sgid>
|
|
|
fe0dde |
<unix:sticky datatype="boolean">true</unix:sticky>
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
|
|
|
fe0dde |
index 6c265d68b..d6b36b647 100644
|
|
|
fe0dde |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
|
|
|
fe0dde |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
|
|
|
fe0dde |
@@ -24,6 +24,7 @@ identifiers:
|
|
|
fe0dde |
|
|
|
fe0dde |
references:
|
|
|
fe0dde |
stigid@ol7: OL07-00-910055
|
|
|
fe0dde |
+ stigid@rhel7: RHEL-07-910055
|
|
|
fe0dde |
disa: CCI-000162,CCI-000163,CCI-000164,CCI-001314
|
|
|
fe0dde |
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
|
|
|
fe0dde |
stigid@rhel6: RHEL-06-000383
|
|
|
fe0dde |
diff --git a/rhel7/profiles/stig.profile b/rhel7/profiles/stig.profile
|
|
|
fe0dde |
index 4698785a49..1d94e79964 100644
|
|
|
fe0dde |
--- a/rhel7/profiles/stig.profile
|
|
|
fe0dde |
+++ b/rhel7/profiles/stig.profile
|
|
|
fe0dde |
@@ -313,3 +313,5 @@ selections:
|
|
|
fe0dde |
- mount_option_dev_shm_nosuid
|
|
|
fe0dde |
- audit_rules_privileged_commands_mount
|
|
|
fe0dde |
- package_MFEhiplsm_installed
|
|
|
fe0dde |
+ - file_ownership_var_log_audit
|
|
|
fe0dde |
+ - file_permissions_var_log_audit
|
|
|
fe0dde |
|
|
|
fe0dde |
From e83eaf0ff5a3e3a4cb7a3caac0410c4ad4813312 Mon Sep 17 00:00:00 2001
|
|
|
fe0dde |
From: Gabriel Becker <ggasparb@redhat.com>
|
|
|
fe0dde |
Date: Thu, 26 Nov 2020 15:57:29 +0100
|
|
|
fe0dde |
Subject: [PATCH 2/2] Remove unrelated fix content from
|
|
|
fe0dde |
file_permissions_var_log_audit bash.
|
|
|
fe0dde |
|
|
|
fe0dde |
---
|
|
|
fe0dde |
.../file_permissions_var_log_audit/bash/shared.sh | 5 -----
|
|
|
fe0dde |
1 file changed, 5 deletions(-)
|
|
|
fe0dde |
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
|
|
|
fe0dde |
index 3175a18a23..d6c45867e5 100644
|
|
|
fe0dde |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
|
|
|
fe0dde |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
|
|
|
fe0dde |
@@ -9,12 +9,7 @@ if LC_ALL=C grep -m 1 -q ^log_group /etc/audit/auditd.conf; then
|
|
|
fe0dde |
chmod 0600 /var/log/audit/audit.log
|
|
|
fe0dde |
chmod 0400 /var/log/audit/audit.log.*
|
|
|
fe0dde |
fi
|
|
|
fe0dde |
-
|
|
|
fe0dde |
- chmod 0640 /etc/audit/audit*
|
|
|
fe0dde |
- chmod 0640 /etc/audit/rules.d/*
|
|
|
fe0dde |
else
|
|
|
fe0dde |
chmod 0600 /var/log/audit/audit.log
|
|
|
fe0dde |
chmod 0400 /var/log/audit/audit.log.*
|
|
|
fe0dde |
- chmod 0640 /etc/audit/audit*
|
|
|
fe0dde |
- chmod 0640 /etc/audit/rules.d/*
|
|
|
fe0dde |
fi
|