From c10f34d8c3932784d69eb0d7b5cff640139ded52 Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Thu, 19 Mar 2020 09:55:24 +0100 Subject: [PATCH 1/3] add new rule --- .../package_libselinux_installed/rule.yml | 38 +++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 linux_os/guide/system/selinux/package_libselinux_installed/rule.yml diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml new file mode 100644 index 0000000000..a9970fb2c2 --- /dev/null +++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml @@ -0,0 +1,38 @@ +documentation_complete: true + +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,ocp4 + +title: 'Install libselinux Package' + +description: |- + {{{ describe_package_install(package="libselinux") }}} + +rationale: |- + Security-enhanced Linux is a feature of the Linux kernel and a number of utilities + with enhanced security functionality designed to add mandatory access controls to Linux. + The Security-enhanced Linux kernel contains new architectural components originally + developed to improve security of the Flask operating system. These architectural components + provide general support for the enforcement of many kinds of mandatory access control + policies, including those based on the concepts of Type Enforcement, Role-based Access + Control, and Multi-level Security. + + The libselinux package contains the core library of the Security-enhanced Linux system. + +severity: high + +identifiers: + cce@rhel7: 82876-4 + cce@rhel8: 82877-2 + +references: + cis@rhel7: 1.6.2 + cis@rhel8: 1.7.1.1 + +ocil_clause: 'the package is not installed' + +ocil: '{{{ ocil_package(package="libselinux") }}}' + +template: + name: package_installed + vars: + pkgname: libselinux From 80e8674b374cd82510abcf923a18235bae3e5948 Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Thu, 19 Mar 2020 15:48:10 +0100 Subject: [PATCH 3/3] change wording of rationale --- .../system/selinux/package_libselinux_installed/rule.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml index a9970fb2c2..2855c21c90 100644 --- a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml +++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml @@ -10,11 +10,6 @@ description: |- rationale: |- Security-enhanced Linux is a feature of the Linux kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. - The Security-enhanced Linux kernel contains new architectural components originally - developed to improve security of the Flask operating system. These architectural components - provide general support for the enforcement of many kinds of mandatory access control - policies, including those based on the concepts of Type Enforcement, Role-based Access - Control, and Multi-level Security. The libselinux package contains the core library of the Security-enhanced Linux system.