skyler / rpms / scap-security-guide

Forked from rpms/scap-security-guide 3 years ago
Clone
Source Code
GIT

Files

  1.   7f349f640d51d38a60f9292c89076e646ba9e6fc
  2.   SOURCES
  3.   scap-security-guide-0.1.54-update_RHEL_07_910055-PR_6430.patch
Blob Blame History Raw 
From 25dcc59ebea297789ee89cfe0263ec8575455da7 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Thu, 26 Nov 2020 15:45:10 +0100
Subject: [PATCH 1/2] Update RHEL7 STIG profile with /var/log/audit related
 rules.

Add file_permissions_var_log_audit and file_ownership_var_log_audit to
RHEL7 STIG profile.
---
 .../file_ownership_var_log_audit/rule.yml                       | 1 +
 .../file_permissions_var_log_audit/oval/shared.xml              | 2 +-
 .../file_permissions_var_log_audit/rule.yml                     | 1 +
 rhel7/profiles/stig.profile                                     | 2 ++
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
index 248ff3598..8a8c71520 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     stigid@ol7: OL07-00-910055
+    stigid@rhel7: RHEL-07-910055
     stigid@rhel6: RHEL-06-000384
     srg@rhel6: SRG-OS-000057
     disa@rhel6: CCI-000166
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/oval/shared.xml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/oval/shared.xml
index 5941ea660f..1bb7dd453c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/oval/shared.xml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/oval/shared.xml
@@ -34,7 +34,7 @@
   </unix:file_object>
 
   <unix:file_state id="state_not_mode_0600" version="1" operator="OR">
-    <!-- if any one of these is true then mode is NOT 0640 (hence the OR operator) -->
+    <!-- if any one of these is true then mode is NOT 0600 (hence the OR operator) -->
     <unix:suid datatype="boolean">true</unix:suid>
     <unix:sgid datatype="boolean">true</unix:sgid>
     <unix:sticky datatype="boolean">true</unix:sticky>
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
index 6c265d68b..d6b36b647 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
@@ -24,6 +24,7 @@ identifiers:
 
 references:
     stigid@ol7: OL07-00-910055
+    stigid@rhel7: RHEL-07-910055
     disa: CCI-000162,CCI-000163,CCI-000164,CCI-001314
     srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
     stigid@rhel6: RHEL-06-000383
diff --git a/rhel7/profiles/stig.profile b/rhel7/profiles/stig.profile
index 4698785a49..1d94e79964 100644
--- a/rhel7/profiles/stig.profile
+++ b/rhel7/profiles/stig.profile
@@ -313,3 +313,5 @@ selections:
     - mount_option_dev_shm_nosuid
     - audit_rules_privileged_commands_mount
     - package_MFEhiplsm_installed
+    - file_ownership_var_log_audit
+    - file_permissions_var_log_audit

From e83eaf0ff5a3e3a4cb7a3caac0410c4ad4813312 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Thu, 26 Nov 2020 15:57:29 +0100
Subject: [PATCH 2/2] Remove unrelated fix content from
 file_permissions_var_log_audit bash.

---
 .../file_permissions_var_log_audit/bash/shared.sh            | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
index 3175a18a23..d6c45867e5 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
@@ -9,12 +9,7 @@ if LC_ALL=C grep -m 1 -q ^log_group /etc/audit/auditd.conf; then
     chmod 0600 /var/log/audit/audit.log
     chmod 0400 /var/log/audit/audit.log.*
   fi
-
-  chmod 0640 /etc/audit/audit*
-  chmod 0640 /etc/audit/rules.d/*
 else
   chmod 0600 /var/log/audit/audit.log
   chmod 0400 /var/log/audit/audit.log.*
-  chmod 0640 /etc/audit/audit*
-  chmod 0640 /etc/audit/rules.d/*
 fi

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation