skyler / rpms / scap-security-guide

Forked from rpms/scap-security-guide 3 years ago
Clone
Source Code
GIT

Files

  1.   dac76ab332cb6f7ca5cdbec311d2754a26f6d91e
  2.   SOURCES
  3.   scap-security-guide-0.1.50-update_sshd_disable_x11_forwarding_PR_5610.patch
Blob Blame History Raw 
From 9931560aa3bca34cc1a5231b370dc86618ba6d9b Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Thu, 16 Apr 2020 14:04:40 +0200
Subject: [PATCH 1/2] Add CCE identifiers to sshd_disable_x11_forwarding.

---
 .../ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml        | 3 +++
 shared/references/cce-redhat-avail.txt                         | 2 --
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
index 09dd808e99..91297a03b9 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
@@ -26,6 +26,9 @@ ocil_clause: "that the X11Forwarding option exists and is enabled"
 ocil: |-
     {{{ ocil_sshd_option(default="no", option="X11Forwarding", value="no") }}}
 
+identifiers:
+    cce@rhel7: 83359-0
+    cce@rhel8: 83360-8
 
 references:
   cis@rhel7: 5.2.5
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index c10448ff8d..cbba06db56 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -50,8 +50,6 @@ CCE-83355-8
 CCE-83356-6
 CCE-83357-4
 CCE-83358-2
-CCE-83359-0
-CCE-83360-8
 CCE-83361-6
 CCE-83362-4
 CCE-83363-2

From 176d03b11b60c0ae41ace2e95e4bb2688f5ac429 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Thu, 16 Apr 2020 14:05:26 +0200
Subject: [PATCH 2/2] Correct CIS reference number for RHEL7.

---
 .../ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
index 91297a03b9..23cb0a07f8 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
@@ -31,7 +31,7 @@ identifiers:
     cce@rhel8: 83360-8
 
 references:
-  cis@rhel7: 5.2.5
+  cis@rhel7: 5.2.4
   cis@rhel8: 5.2.6
   cis@sle12: 5.2.4
   cis@sle15: 5.2.6

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation