skyler / rpms / scap-security-guide

Forked from rpms/scap-security-guide 3 years ago
Clone
Source Code
GIT

Files

  1.   3507633c6d54d009ca4665c25b0be75036e3ccf6
  2.   SOURCES
  3.   scap-security-guide-0.1.47-remove_directory_access_var_log_audit_from_ospp.patch
Blob Blame History Raw 
From d0f70c7a7383dd41277599cb776e03534aa2137c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Wed, 30 Oct 2019 18:11:09 +0100
Subject: [PATCH 1/2] Remove audit_rules_for_ospp from RHEL 7 OSPP

The audit rule `-a always,exit -F dir=/var/log/audit/
-F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail
is present in /usr/share/doc/audit-2.8.5/rules/30-ospp-v42.rules
(checked on audit-2.8.5-4.el7.x86_64). That means this audir rule
is already checked and remediated by rule `audit_rules_for_ospp`.
---
 rhel7/profiles/ospp.profile | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/rhel7/profiles/ospp.profile b/rhel7/profiles/ospp.profile
index e20c58875d..81762ad782 100644
--- a/rhel7/profiles/ospp.profile
+++ b/rhel7/profiles/ospp.profile
@@ -285,13 +285,11 @@ selections:
     ## AU-2(a) / FAU_GEN.1.1.c
     ## Audit Kernel Module Loading and Unloading Events (Success/Failure)
     ## AU-2(a) / FAU_GEN.1.1.c
-    - audit_rules_for_ospp
-
     ## Audit All Audit and Log Data Accesses (Success/Failure)
     ##  CNSSI 1253 Value or DoD-specific Values:
     ##      - Audit and log data access (Success/Failure)
     ## AU-2(a) / FAU_GEN.1.1.c
-    - directory_access_var_log_audit
+    - audit_rules_for_ospp
 
 
     ###  SELinux Configuration

From 0b822d21cdee7c7da136337a45e9c7136b7d576e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Thu, 31 Oct 2019 15:23:01 +0100
Subject: [PATCH 2/2] Make comments the same

---
 rhel7/profiles/ospp.profile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/rhel7/profiles/ospp.profile b/rhel7/profiles/ospp.profile
index 81762ad782..a3168d51a7 100644
--- a/rhel7/profiles/ospp.profile
+++ b/rhel7/profiles/ospp.profile
@@ -278,6 +278,10 @@ selections:
     ##  CNSSI 1253 Value or DoD-specific Values:
     ##      - Privilege/Role escalation (Success/Failure)
     ## AU-2(a) / FAU_GEN.1.1.c
+    ## Audit All Audit and Log Data Accesses (Success/Failure)
+    ##  CNSSI 1253 Value or DoD-specific Values:
+    ##      - Audit and log data access (Success/Failure)
+    ## AU-2(a) / FAU_GEN.1.1.c
     ## Audit Cryptographic Verification of Software (Success/Failure)
     ##  CNSSI 1253 Value or DoD-specific Values:
     ##      - Applications (e.g. Firefox, Internet Explorer, MS Office Suite,
@@ -285,10 +289,6 @@ selections:
     ## AU-2(a) / FAU_GEN.1.1.c
     ## Audit Kernel Module Loading and Unloading Events (Success/Failure)
     ## AU-2(a) / FAU_GEN.1.1.c
-    ## Audit All Audit and Log Data Accesses (Success/Failure)
-    ##  CNSSI 1253 Value or DoD-specific Values:
-    ##      - Audit and log data access (Success/Failure)
-    ## AU-2(a) / FAU_GEN.1.1.c
     - audit_rules_for_ospp

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation