|
 |
0d5c10 |
commit 167d69498e13516f345dd0581e72720211760476
|
|
|
0d5c10 |
Author: Gabriel Becker <ggasparb@redhat.com>
|
|
|
0d5c10 |
Date: Mon Apr 8 12:43:30 2019 +0200
|
|
|
0d5c10 |
|
|
|
0d5c10 |
Mark as machine only rules which are not applicable for containers.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/group.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/group.yml
|
|
|
0d5c10 |
index 07f6351..3c98479 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/services/obsolete/inetd_and_xinetd/group.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/group.yml
|
|
|
0d5c10 |
@@ -8,3 +8,5 @@ description: |-
|
|
|
0d5c10 |
controls and perform some logging. It has been largely obsoleted by other
|
|
|
0d5c10 |
features, and it is not installed by default. The older Inetd service
|
|
|
0d5c10 |
is not even available as part of {{{ full_name }}}.
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
|
|
|
0d5c10 |
index 6b01ddb..d6feb28 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
|
|
|
0d5c10 |
@@ -37,5 +37,3 @@ ocil: |-
|
|
|
0d5c10 |
To verify the operating system has the packages required for multifactor
|
|
|
0d5c10 |
authentication installed, run the following command:
|
|
|
0d5c10 |
$ sudo yum list installed esc pam_pkcs11 authconfig-gtk
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml
|
|
|
0d5c10 |
index a49f9e7..03e37fd 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml
|
|
|
0d5c10 |
@@ -33,3 +33,5 @@ references:
|
|
|
0d5c10 |
ocil_clause: 'the pcscd service is not enabled'
|
|
|
0d5c10 |
|
|
|
0d5c10 |
ocil: '{{{ ocil_service_enabled(service="pcscd") }}}'
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/rule.yml
|
|
|
0d5c10 |
index a5e92fe..d8aa9ec 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/rule.yml
|
|
|
0d5c10 |
@@ -70,5 +70,3 @@ ocil: |-
|
|
|
0d5c10 |
network and system components from outside the protection boundary
|
|
|
0d5c10 |
documented in the IATT.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml
|
|
|
0d5c10 |
index 56af0e3..a2c4bd9 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml
|
|
|
0d5c10 |
@@ -42,5 +42,3 @@ ocil: |-
|
|
|
0d5c10 |
cert_policy = ca, ocsp_on, signature;
|
|
|
0d5c10 |
cert_policy = ca, ocsp_on, signature;
|
|
|
0d5c10 |
cert_policy = ca, ocsp_on, signature;
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
|
|
|
0d5c10 |
index 968820f..0741629 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
|
|
|
0d5c10 |
@@ -64,4 +64,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
|
|
|
0d5c10 |
index 3803b04..f5ec6e6 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
|
|
|
0d5c10 |
index 13ecde1..a66c91e 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
|
|
|
0d5c10 |
index 982e8e6..26e17b8 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
|
|
|
0d5c10 |
index 16eac8a..27d325c 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
|
|
|
0d5c10 |
index 6db400e..2aa77fa 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
|
|
|
0d5c10 |
index 56528dd..02ac1db 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
|
|
|
0d5c10 |
@@ -68,4 +68,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
|
|
|
0d5c10 |
index 88e8429..545889e 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
|
|
|
0d5c10 |
index 81ea227..de20307 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
|
|
|
0d5c10 |
index 49d6959..726791b 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
|
|
|
0d5c10 |
@@ -68,4 +68,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
|
|
|
0d5c10 |
index 79c16c7..5305faf 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
|
|
|
0d5c10 |
index 6659e81..273abda 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
|
|
|
0d5c10 |
@@ -67,4 +67,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
|
|
|
0d5c10 |
index 10c8001..5282707 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/group.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/group.yml
|
|
|
0d5c10 |
index 719044f..791b8c8 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/group.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/group.yml
|
|
|
0d5c10 |
@@ -20,4 +20,3 @@ description: |-
|
|
|
0d5c10 |
-a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
|
|
|
0d5c10 |
-a always,exit -F arch=b64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
|
|
|
0d5c10 |
index 80f412b..cf741ed 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
|
|
|
0d5c10 |
@@ -55,4 +55,3 @@ ocil: |-
|
|
|
0d5c10 |
The output should return something similar to:
|
|
|
0d5c10 |
-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>={{{ auid }}} -F auid!=unset -F key=privileged-priv_change
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
|
|
|
0d5c10 |
index d24fa07..bb9a502 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
|
|
|
0d5c10 |
@@ -54,4 +54,3 @@ ocil: |-
|
|
|
0d5c10 |
The output should return something similar to:
|
|
|
0d5c10 |
-a always,exit -F path=/usr/sbin/restorecon -F perm=x -F auid>={{{ auid }}} -F auid!=unset -F key=privileged-priv_change
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
|
|
|
0d5c10 |
index 3d9b812..4a7b768 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
|
|
|
0d5c10 |
@@ -55,4 +55,3 @@ ocil: |-
|
|
|
0d5c10 |
The output should return something similar to:
|
|
|
0d5c10 |
-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>={{{ auid }}} -F auid!=unset -F key=privileged-priv_change
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
|
|
|
0d5c10 |
index 39eb75d..5971f64 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
|
|
|
0d5c10 |
@@ -55,4 +55,3 @@ ocil: |-
|
|
|
0d5c10 |
The output should return something similar to:
|
|
|
0d5c10 |
-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>={{{ auid }}} -F auid!=unset -F key=privileged-priv_change
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml
|
|
|
0d5c10 |
index a6ef8d4..cfb5e3b 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml
|
|
|
0d5c10 |
@@ -68,4 +68,3 @@ warnings:
|
|
|
0d5c10 |
<tt>audit_rules_file_deletion_events_unlinkat</tt>
|
|
|
0d5c10 |
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
|
|
|
0d5c10 |
index 13e7da6..c25cfbb 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
|
|
|
0d5c10 |
@@ -48,4 +48,3 @@ references:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_audit_syscall(syscall="rename") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
|
|
|
0d5c10 |
index d2facfa..769527b 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
|
|
|
0d5c10 |
@@ -48,4 +48,3 @@ references:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_audit_syscall(syscall="renameat") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
|
|
|
0d5c10 |
index c68afdc..29a0d77 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
|
|
|
0d5c10 |
@@ -48,4 +48,3 @@ references:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
|
|
|
0d5c10 |
index 4d79c16..5b1ff7b 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
|
|
|
0d5c10 |
@@ -48,4 +48,3 @@ references:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_audit_syscall(syscall="unlink") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
|
|
|
0d5c10 |
index e330ec2..f8ca887 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
|
|
|
0d5c10 |
@@ -48,4 +48,3 @@ references:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_audit_syscall(syscall="unlinkat") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml
|
|
|
0d5c10 |
index 551ca92..3a5cad0 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml
|
|
|
0d5c10 |
@@ -71,4 +71,3 @@ warnings:
|
|
|
0d5c10 |
<tt>audit_rules_kernel_module_loading_modprobe</tt>
|
|
|
0d5c10 |
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
|
|
|
0d5c10 |
index 5797736..50b57ff 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
|
|
|
0d5c10 |
@@ -46,4 +46,3 @@ references:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_audit_syscall(syscall="delete_module") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
|
|
|
0d5c10 |
index a98abfb..da9702d 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
|
|
|
0d5c10 |
@@ -46,4 +46,3 @@ references:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_audit_syscall(syscall="finit_module") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
|
|
|
0d5c10 |
index 8e098d8..ea3b126 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
|
|
|
0d5c10 |
@@ -45,4 +45,3 @@ references:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_audit_syscall(syscall="init_module") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod/rule.yml
|
|
|
0d5c10 |
index 5bf3012..b3c0d36 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod/rule.yml
|
|
|
0d5c10 |
@@ -49,4 +49,3 @@ ocil: |-
|
|
|
0d5c10 |
To verify that auditing is configured for system administrator actions, run the following command:
|
|
|
0d5c10 |
$ sudo auditctl -l | grep "watch=/usr/sbin/insmod\|-w /usr/sbin/insmod"
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe/rule.yml
|
|
|
0d5c10 |
index c734c5b..3a39469 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe/rule.yml
|
|
|
0d5c10 |
@@ -49,4 +49,3 @@ ocil: |-
|
|
|
0d5c10 |
To verify that auditing is configured for system administrator actions, run the following command:
|
|
|
0d5c10 |
$ sudo auditctl -l | grep "watch=/usr/sbin/modprobe\|-w /usr/sbin/modprobe"
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod/rule.yml
|
|
|
0d5c10 |
index bd0cd78..c1554c3 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod/rule.yml
|
|
|
0d5c10 |
@@ -49,4 +49,3 @@ ocil: |-
|
|
|
0d5c10 |
To verify that auditing is configured for system administrator actions, run the following command:
|
|
|
0d5c10 |
$ sudo auditctl -l | grep "watch=/usr/sbin/rmmod\|-w /usr/sbin/rmmod"
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml
|
|
|
0d5c10 |
index e9de60b..5bcd7cf 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml
|
|
|
0d5c10 |
@@ -58,4 +58,3 @@ warnings:
|
|
|
0d5c10 |
<tt>audit_rules_login_events_lastlog</tt>
|
|
|
0d5c10 |
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
|
|
|
0d5c10 |
index 015ad9c..508bbe1 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
|
|
|
0d5c10 |
@@ -51,4 +51,3 @@ ocil: |-
|
|
|
0d5c10 |
To verify that auditing is configured for system administrator actions, run the following command:
|
|
|
0d5c10 |
$ sudo auditctl -l | grep "watch=/var/run/faillock\|-w /var/run/faillock"
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
|
|
|
0d5c10 |
index 5e3795c..5fae020 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
|
|
|
0d5c10 |
@@ -51,4 +51,3 @@ ocil: |-
|
|
|
0d5c10 |
To verify that auditing is configured for system administrator actions, run the following command:
|
|
|
0d5c10 |
$ sudo auditctl -l | grep "watch=/var/log/lastlog\|-w /var/log/lastlog"
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
|
|
|
0d5c10 |
index 7ea479d..26c31e9 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
|
|
|
0d5c10 |
@@ -51,4 +51,3 @@ ocil: |-
|
|
|
0d5c10 |
To verify that auditing is configured for system administrator actions, run the following command:
|
|
|
0d5c10 |
$ sudo auditctl -l | grep "watch=/var/log/tallylog\|-w /var/log/tallylog"
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/rule.yml
|
|
|
0d5c10 |
index 83dbbdd..7debab8 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/rule.yml
|
|
|
0d5c10 |
@@ -86,4 +86,3 @@ warnings:
|
|
|
0d5c10 |
<tt>audit_rules_privileged_commands_passwd</tt>
|
|
|
0d5c10 |
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
|
|
|
0d5c10 |
index f5e8b11..c655fa1 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
|
|
|
0d5c10 |
@@ -56,4 +56,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep chage /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
|
|
|
0d5c10 |
index c5f7dd3..3884282 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
|
|
|
0d5c10 |
@@ -56,4 +56,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep chsh /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
|
|
|
0d5c10 |
index a9bff8b..28fe87c 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
|
|
|
0d5c10 |
@@ -56,4 +56,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep crontab /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
|
|
|
0d5c10 |
index 2a77c28..5254306 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
|
|
|
0d5c10 |
@@ -57,4 +57,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep gpasswd /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
|
|
|
0d5c10 |
index cb92e81..e4138c0 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
|
|
|
0d5c10 |
@@ -57,4 +57,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep newgrp /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
|
|
|
0d5c10 |
index 6249290..61e54af 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
|
|
|
0d5c10 |
@@ -56,4 +56,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep pam_timestamp_check /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
|
|
|
0d5c10 |
index 7a41823..6ff660a 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
|
|
|
0d5c10 |
@@ -57,4 +57,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep passwd /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
|
|
|
0d5c10 |
index 053ea23..cab809e 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
|
|
|
0d5c10 |
@@ -56,4 +56,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep postdrop /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
|
|
|
0d5c10 |
index 0b5188f..206606a 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
|
|
|
0d5c10 |
@@ -56,4 +56,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep postqueue /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
|
|
|
0d5c10 |
index dd3a189..fd231b8 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
|
|
|
0d5c10 |
@@ -54,4 +54,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep pt_chown /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
|
|
|
0d5c10 |
index d27edda..89b09f2 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
|
|
|
0d5c10 |
@@ -57,4 +57,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep ssh-keysign /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
|
|
|
0d5c10 |
index 10b060f..8587f72 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
|
|
|
0d5c10 |
@@ -57,4 +57,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep su /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
|
|
|
0d5c10 |
index e1366d3..b6865ab 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
|
|
|
0d5c10 |
@@ -57,4 +57,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep sudo /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
|
|
|
0d5c10 |
index 7b33ea2..0289b75 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
|
|
|
0d5c10 |
@@ -57,4 +57,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep sudoedit /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
|
|
|
0d5c10 |
index 5c35c29..aa029ef 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
|
|
|
0d5c10 |
@@ -56,4 +56,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep umount /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
|
|
|
0d5c10 |
index dbda1c3..8bfc971 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
|
|
|
0d5c10 |
@@ -57,4 +57,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep unix_chkpwd /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
|
|
|
0d5c10 |
index d6ff871..1508def 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
|
|
|
0d5c10 |
@@ -57,4 +57,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo grep userhelper /etc/audit/audit.rules /etc/audit/rules.d/*
|
|
|
0d5c10 |
It should return a relevant line in the audit rules.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
|
|
|
0d5c10 |
index 3fe0463..619bed8 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
|
|
|
0d5c10 |
@@ -43,4 +43,3 @@ references:
|
|
|
0d5c10 |
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.15.2.1,A.15.2.2,A.16.1.4,A.16.1.5,A.16.1.7,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
|
|
|
0d5c10 |
cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml
|
|
|
0d5c10 |
index 4f54a47..1814663 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml
|
|
|
0d5c10 |
@@ -54,4 +54,3 @@ ocil: |-
|
|
|
0d5c10 |
configuration, a line should be returned (including
|
|
|
0d5c10 |
<tt>perm=wa</tt> indicating permissions that are watched).
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
|
|
|
0d5c10 |
index 740d7c6..d0c39af 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
|
|
|
0d5c10 |
@@ -57,4 +57,3 @@ ocil: |-
|
|
|
0d5c10 |
To verify that auditing is configured for all media exportation events, run the following command:
|
|
|
0d5c10 |
$ sudo auditctl -l | grep syscall | grep mount
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
|
|
|
0d5c10 |
index af42de6..6d9efc2 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ ocil: |-
|
|
|
0d5c10 |
If the system is configured to watch for network configuration changes, a line should be returned for
|
|
|
0d5c10 |
each file specified (and <tt>perm=wa</tt> should be indicated for each).
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml
|
|
|
0d5c10 |
index b0b3c5f..792d64c 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml
|
|
|
0d5c10 |
@@ -48,4 +48,3 @@ references:
|
|
|
0d5c10 |
iso27001-2013: A.11.2.6,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.7,A.15.2.1,A.15.2.2,A.16.1.4,A.16.1.5,A.16.1.7,A.6.2.1,A.6.2.2
|
|
|
0d5c10 |
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
|
|
|
0d5c10 |
index 436d093..03beb79 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
|
|
|
0d5c10 |
@@ -54,4 +54,3 @@ ocil: |-
|
|
|
0d5c10 |
To verify that auditing is configured for system administrator actions, run the following command:
|
|
|
0d5c10 |
$ sudo auditctl -l | grep "watch=/etc/sudoers\|watch=/etc/sudoers.d\|-w /etc/sudoers\|-w /etc/sudoers.d"
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml
|
|
|
0d5c10 |
index 21f5b25..92564b9 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml
|
|
|
0d5c10 |
@@ -54,4 +54,3 @@ ocil: |-
|
|
|
0d5c10 |
The output should contain:
|
|
|
0d5c10 |
-f 2
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/rule.yml
|
|
|
0d5c10 |
index 5dc997b..7ff82bf 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/rule.yml
|
|
|
0d5c10 |
@@ -77,4 +77,3 @@ warnings:
|
|
|
0d5c10 |
<tt>audit_rules_usergroup_modification_passwd</tt>
|
|
|
0d5c10 |
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
|
|
|
0d5c10 |
index 7639721..5604748 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
|
|
|
0d5c10 |
@@ -60,4 +60,3 @@ ocil: |-
|
|
|
0d5c10 |
If the system is configured to watch for account changes, lines should be returned for
|
|
|
0d5c10 |
each file specified (and with <tt>perm=wa</tt> for each).
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
|
|
|
0d5c10 |
index 4dd886e..0fb6873 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
|
|
|
0d5c10 |
@@ -60,4 +60,3 @@ ocil: |-
|
|
|
0d5c10 |
If the system is configured to watch for account changes, lines should be returned for
|
|
|
0d5c10 |
each file specified (and with <tt>perm=wa</tt> for each).
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
|
|
|
0d5c10 |
index aeb9241..22e8114 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
|
|
|
0d5c10 |
@@ -60,4 +60,3 @@ ocil: |-
|
|
|
0d5c10 |
If the system is configured to watch for account changes, lines should be returned for
|
|
|
0d5c10 |
each file specified (and with <tt>perm=wa</tt> for each).
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
|
|
|
0d5c10 |
index e1dc4d0..e07a77f 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
|
|
|
0d5c10 |
@@ -60,4 +60,3 @@ ocil: |-
|
|
|
0d5c10 |
If the system is configured to watch for account changes, lines should be returned for
|
|
|
0d5c10 |
each file specified (and with <tt>perm=wa</tt> for each).
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
|
|
|
0d5c10 |
index 2bbba00..18294e2 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
|
|
|
0d5c10 |
@@ -60,4 +60,3 @@ ocil: |-
|
|
|
0d5c10 |
If the system is configured to watch for account changes, lines should be returned for
|
|
|
0d5c10 |
each file specified (and with <tt>perm=wa</tt> for each).
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml
|
|
|
0d5c10 |
index f250c07..e511b12 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml
|
|
|
0d5c10 |
@@ -58,4 +58,3 @@ ocil_clause: 'the system is not configured to audit time changes'
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_audit_syscall(syscall="adjtimex") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml
|
|
|
0d5c10 |
index d0371e2..52544e7 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml
|
|
|
0d5c10 |
@@ -58,4 +58,3 @@ ocil_clause: 'the system is not configured to audit time changes'
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_audit_syscall(syscall="clock_settime") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml
|
|
|
0d5c10 |
index 9d21d98..a7b87b2 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml
|
|
|
0d5c10 |
@@ -58,4 +58,3 @@ ocil_clause: 'the system is not configured to audit time changes'
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_audit_syscall(syscall="settimeofday") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml
|
|
|
0d5c10 |
index 09dd535..4f069dc 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml
|
|
|
0d5c10 |
@@ -64,4 +64,3 @@ ocil: |-
|
|
|
0d5c10 |
If the system is 64-bit only, this is not applicable
|
|
|
0d5c10 |
{{{ complete_ocil_entry_audit_syscall(syscall="stime") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml
|
|
|
0d5c10 |
index ed393a4..8e2b77f 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml
|
|
|
0d5c10 |
@@ -57,4 +57,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo auditctl -l | grep "watch=/etc/localtime"
|
|
|
0d5c10 |
If the system is configured to audit this activity, it will return a line.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification/rule.yml
|
|
|
0d5c10 |
index ae079ab..30780c7 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification/rule.yml
|
|
|
0d5c10 |
@@ -72,4 +72,3 @@ warnings:
|
|
|
0d5c10 |
<tt>audit_rules_unsuccessful_file_modification_creat</tt>
|
|
|
0d5c10 |
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
|
|
|
0d5c10 |
index f797fa7..7d1fee5 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
|
|
|
0d5c10 |
index d737fcd..5186f7a 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
|
|
|
0d5c10 |
index a5f1d03..9cf0a90 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
|
|
|
0d5c10 |
index 6571e87..6f523f1 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
|
|
|
0d5c10 |
index eec216c..0ed0a60 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
|
|
|
0d5c10 |
index d6c3608..ce91925 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
|
|
|
0d5c10 |
@@ -62,4 +62,3 @@ warnings:
|
|
|
0d5c10 |
have been placed independent of other system calls. Grouping these system
|
|
|
0d5c10 |
calls with others as identifying earlier in this guide is more efficient.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml
|
|
|
0d5c10 |
index 90e5181..5981689 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml
|
|
|
0d5c10 |
@@ -34,3 +34,5 @@ ocil: |-
|
|
|
0d5c10 |
/var/log/audit directory, run the following command:
|
|
|
0d5c10 |
$ sudo grep "dir=/var/log/audit" /etc/audit/audit.rules
|
|
|
0d5c10 |
If the system is configured to audit this activity, it will return a line.
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
|
|
|
0d5c10 |
index e0ba2a5..41a0ae9 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
|
|
|
0d5c10 |
@@ -39,4 +39,3 @@ ocil: |-
|
|
|
0d5c10 |
{{{ describe_file_owner(file="/var/log/audit", owner="root") }}}
|
|
|
0d5c10 |
{{{ describe_file_owner(file="/var/log/audit/*", owner="root") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
|
|
|
0d5c10 |
index b9ae2ef..851d1bb 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
|
|
|
0d5c10 |
@@ -43,4 +43,3 @@ ocil: |-
|
|
|
0d5c10 |
$ sudo ls -l /var/log/audit
|
|
|
0d5c10 |
Audit logs must be mode 0640 or less permissive.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
|
|
|
0d5c10 |
index e97f2d8..d760406 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
|
|
|
0d5c10 |
@@ -51,4 +51,3 @@ ocil: |-
|
|
|
0d5c10 |
is an IP address or hostname:
|
|
|
0d5c10 |
remote_server = REMOTE_SYSTEM
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
|
|
|
0d5c10 |
index 0635d1e..664b988 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
|
|
|
0d5c10 |
@@ -41,4 +41,3 @@ ocil: |-
|
|
|
0d5c10 |
Acceptable values also include <tt>syslog</tt> and
|
|
|
0d5c10 |
<tt>halt</tt>.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
|
|
|
0d5c10 |
index 484464c..9327ca6 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
|
|
|
0d5c10 |
@@ -48,4 +48,3 @@ ocil: |-
|
|
|
0d5c10 |
enable_krb5 = yes
|
|
|
0d5c10 |
{{% endif %}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
|
|
|
0d5c10 |
index c8699c7..874df40 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
|
|
|
0d5c10 |
@@ -41,4 +41,3 @@ ocil: |-
|
|
|
0d5c10 |
Acceptable values also include <tt>syslog</tt> and
|
|
|
0d5c10 |
<tt>halt</tt>.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
|
|
|
0d5c10 |
index 20bc9d2..e5a783b 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
|
|
|
0d5c10 |
@@ -57,4 +57,3 @@ ocil: |-
|
|
|
0d5c10 |
{{% endif %}}
|
|
|
0d5c10 |
If the plugin is active, the output will show <tt>yes</tt>.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
|
|
|
0d5c10 |
index 19347e9..01a3b57 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
|
|
|
0d5c10 |
@@ -48,4 +48,3 @@ ocil: |-
|
|
|
0d5c10 |
account when it needs to notify an administrator:
|
|
|
0d5c10 |
action_mail_acct = root
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml
|
|
|
0d5c10 |
index abb19df..cbd1ae6 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml
|
|
|
0d5c10 |
@@ -53,4 +53,3 @@ ocil: |-
|
|
|
0d5c10 |
or halt when disk space has run low:
|
|
|
0d5c10 |
admin_space_left_action single
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml
|
|
|
0d5c10 |
index 9b8dff7..e26cab6 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml
|
|
|
0d5c10 |
@@ -45,4 +45,3 @@ ocil: |-
|
|
|
0d5c10 |
Acceptable values are <tt>DATA</tt>, and <tt>SYNC</tt>. The setting is
|
|
|
0d5c10 |
case-insensitive.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/rule.yml
|
|
|
0d5c10 |
index fa9de00..66b30c2 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/rule.yml
|
|
|
0d5c10 |
@@ -46,4 +46,3 @@ ocil: |-
|
|
|
0d5c10 |
<tt>$ sudo grep max_log_file /etc/audit/auditd.conf</tt>
|
|
|
0d5c10 |
max_log_file = 6
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
|
|
|
0d5c10 |
index 70d95ff..5d685bb 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
|
|
|
0d5c10 |
@@ -56,4 +56,3 @@ ocil: |-
|
|
|
0d5c10 |
<tt>$ sudo grep max_log_file_action /etc/audit/auditd.conf</tt>
|
|
|
0d5c10 |
max_log_file_action <tt>rotate</tt>
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/rule.yml
|
|
|
0d5c10 |
index 76ca34b..3f88969 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/rule.yml
|
|
|
0d5c10 |
@@ -45,4 +45,3 @@ ocil: |-
|
|
|
0d5c10 |
<tt>$ sudo grep num_logs /etc/audit/auditd.conf</tt>
|
|
|
0d5c10 |
num_logs = 5
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
|
|
|
0d5c10 |
index 884f5dc..b185f06 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
|
|
|
0d5c10 |
@@ -46,4 +46,3 @@ ocil: |-
|
|
|
0d5c10 |
determine if the system is configured correctly:
|
|
|
0d5c10 |
space_left SIZE_in_MB
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
|
|
|
0d5c10 |
index 5f1c0c9..015b1c6 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
|
|
|
0d5c10 |
@@ -63,4 +63,3 @@ ocil: |-
|
|
|
0d5c10 |
space_left_action
|
|
|
0d5c10 |
Acceptable values are <tt>email</tt>, <tt>suspend</tt>, <tt>single</tt>, and <tt>halt</tt>.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/group.yml b/linux_os/guide/system/auditing/group.yml
|
|
|
0d5c10 |
index 586caa9..82f87e8 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/group.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/group.yml
|
|
|
0d5c10 |
@@ -101,3 +101,6 @@ description: |-
|
|
|
0d5c10 |
the process, which in this case, is <tt>exe="/usr/sbin/httpd"</tt>.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+platform: machine
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
|
|
|
0d5c10 |
index 3e63c36..d8c5495 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
|
|
|
0d5c10 |
@@ -69,4 +69,3 @@ warnings:
|
|
|
0d5c10 |
{{% endif %}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
|
|
|
0d5c10 |
index b61c67d..ad03a9c 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
|
|
|
0d5c10 |
@@ -52,3 +52,5 @@ warnings:
|
|
|
0d5c10 |
~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
|
|
|
0d5c10 |
{{% endif %}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
|
|
|
0d5c10 |
index b181588..91a4e67 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
|
|
|
0d5c10 |
@@ -48,4 +48,3 @@ references:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
ocil: '{{{ ocil_service_enabled(service="auditd") }}}'
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
|
|
|
0d5c10 |
index e5c8052..0c8992e 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
|
|
|
0d5c10 |
@@ -22,3 +22,5 @@ references:
|
|
|
0d5c10 |
nist: SC-39
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/permissions/restrictions/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/grub2_vsyscall_argument/rule.yml
|
|
|
0d5c10 |
index c2d4f7a..8431198 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/permissions/restrictions/grub2_vsyscall_argument/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/permissions/restrictions/grub2_vsyscall_argument/rule.yml
|
|
|
0d5c10 |
@@ -50,3 +50,5 @@ warnings:
|
|
|
0d5c10 |
~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
|
|
|
0d5c10 |
{{% endif %}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
|
|
|
0d5c10 |
index bedc3d4..97aa564 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
|
|
|
0d5c10 |
@@ -53,3 +53,5 @@ warnings:
|
|
|
0d5c10 |
~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
|
|
|
0d5c10 |
{{% endif %}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
|
|
|
0d5c10 |
index bee9f1a..7762bfe 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
|
|
|
0d5c10 |
@@ -53,3 +53,5 @@ warnings:
|
|
|
0d5c10 |
~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
|
|
|
0d5c10 |
{{% endif %}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
|
|
|
0d5c10 |
index 1213164..e359566 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
|
|
|
0d5c10 |
@@ -17,3 +17,4 @@ identifiers:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kexec_load_disabled", value="1") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
+platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
|
|
|
0d5c10 |
index 86f0748..ad39585 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
|
|
|
0d5c10 |
@@ -19,3 +19,4 @@ identifiers:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.yama.ptrace_scope", value="1") }}}
|
|
|
0d5c10 |
|
|
|
0d5c10 |
+platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
|
|
|
0d5c10 |
index fc1f87b..80844ca 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
|
|
|
0d5c10 |
@@ -54,3 +54,5 @@ ocil: |-
|
|
|
0d5c10 |
All authorized non-administrative
|
|
|
0d5c10 |
users must be mapped to the <tt>user_u</tt> role or the appropriate domain
|
|
|
0d5c10 |
(user_t).
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
|
|
|
0d5c10 |
index b1315e1..94ebc4a 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
|
|
|
0d5c10 |
@@ -53,5 +53,3 @@ warnings:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
See {{{ weblink(link="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm") }}}
|
|
|
0d5c10 |
for a list of FIPS certified vendors.
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
|
|
|
0d5c10 |
index 303119f..c640718 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
|
|
|
0d5c10 |
@@ -41,5 +41,3 @@ warnings:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
See {{{ weblink(link="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm") }}}
|
|
|
0d5c10 |
for a list of FIPS certified vendors.
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/software/integrity/fips/group.yml b/linux_os/guide/system/software/integrity/fips/group.yml
|
|
|
0d5c10 |
index d8719f6..abcfc29 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/software/integrity/fips/group.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/software/integrity/fips/group.yml
|
|
|
0d5c10 |
@@ -14,3 +14,5 @@ description: |-
|
|
|
0d5c10 |
Security Levels 1, 2, 3, or 4 for use on {{{ full_name }}}.
|
|
|
0d5c10 |
|
|
|
0d5c10 |
See {{{ weblink(link="http://csrc.nist.gov/publications/PubsFIPS.html") }}} for more information.
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
|
|
|
0d5c10 |
index 21687ed..1395d85 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
|
|
|
0d5c10 |
@@ -70,5 +70,3 @@ warnings:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
See {{{ weblink(link="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm") }}}
|
|
|
0d5c10 |
for a list of FIPS certified vendors.
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-platform: machine
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
|
|
|
0d5c10 |
index dac5329..f27dd2f 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
|
|
|
0d5c10 |
@@ -49,5 +49,3 @@ warnings:
|
|
|
0d5c10 |
|
|
|
0d5c10 |
See {{{ weblink(link="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm") }}}
|
|
|
0d5c10 |
for a list of FIPS certified vendors.
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-platform: machine
|