|
 |
dac76a |
From 6a669ccfafad0720998b882cd609470a60de3b23 Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 17 Mar 2020 15:54:35 +0100
|
|
|
dac76a |
Subject: [PATCH 1/2] Select rules for system file permissions
|
|
|
dac76a |
|
|
|
dac76a |
And update references for these rules
|
|
|
dac76a |
---
|
|
|
dac76a |
.../rule.yml | 3 +-
|
|
|
dac76a |
.../rule.yml | 3 +-
|
|
|
dac76a |
.../rule.yml | 3 +-
|
|
|
dac76a |
.../file_permissions_ungroupowned/rule.yml | 3 +-
|
|
|
dac76a |
.../files/no_files_unowned_by_user/rule.yml | 3 +-
|
|
|
dac76a |
.../file_groupowner_etc_group/rule.yml | 3 +-
|
|
|
dac76a |
.../file_groupowner_etc_gshadow/rule.yml | 3 +-
|
|
|
dac76a |
.../file_groupowner_etc_passwd/rule.yml | 3 +-
|
|
|
dac76a |
.../file_groupowner_etc_shadow/rule.yml | 3 +-
|
|
|
dac76a |
.../file_owner_etc_group/rule.yml | 3 +-
|
|
|
dac76a |
.../file_owner_etc_gshadow/rule.yml | 3 +-
|
|
|
dac76a |
.../file_owner_etc_passwd/rule.yml | 3 +-
|
|
|
dac76a |
.../file_owner_etc_shadow/rule.yml | 3 +-
|
|
|
dac76a |
.../file_permissions_etc_group/rule.yml | 3 +-
|
|
|
dac76a |
.../file_permissions_etc_gshadow/rule.yml | 3 +-
|
|
|
dac76a |
.../file_permissions_etc_passwd/rule.yml | 3 +-
|
|
|
dac76a |
.../file_permissions_etc_shadow/rule.yml | 3 +-
|
|
|
dac76a |
18 files changed, 74 insertions(+), 18 deletions(-)
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
|
|
|
dac76a |
index 32c176d67f..fb00519f64 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
|
|
|
dac76a |
@@ -31,7 +31,8 @@ identifiers:
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
anssi: NT28(R37),NT28(R38)
|
|
|
dac76a |
- cis: 6.1.14
|
|
|
dac76a |
+ cis@rhel7: 6.1.14
|
|
|
dac76a |
+ cis@rhel8: 6.1.14
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
isa-62443-2013: 'SR 2.1,SR 5.2'
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
|
|
|
dac76a |
index ae5f1307ce..3c7898b912 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
|
|
|
dac76a |
@@ -31,7 +31,8 @@ identifiers:
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
anssi: NT28(R37),NT28(R38)
|
|
|
dac76a |
- cis: 6.1.13
|
|
|
dac76a |
+ cis@rhel7: 6.1.13
|
|
|
dac76a |
+ cis@rhel8: 6.1.13
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
isa-62443-2013: 'SR 2.1,SR 5.2'
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml
|
|
|
dac76a |
index c70b7989c6..871da04b77 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml
|
|
|
dac76a |
@@ -28,7 +28,8 @@ identifiers:
|
|
|
dac76a |
references:
|
|
|
dac76a |
stigid@rhel6: "000282"
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999
|
|
|
dac76a |
- cis: 6.1.10
|
|
|
dac76a |
+ cis@rhel7: 6.1.10
|
|
|
dac76a |
+ cis@rhel8: 6.1.10
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
isa-62443-2013: 'SR 2.1,SR 5.2'
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
|
|
|
dac76a |
index e51cd7e1ea..2fe8c27da3 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
|
|
|
dac76a |
@@ -27,7 +27,8 @@ identifiers:
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
disa@rhel6: '224'
|
|
|
dac76a |
- cis: 6.1.12
|
|
|
dac76a |
+ cis@rhel7: 6.1.12
|
|
|
dac76a |
+ cis@rhel8: 6.1.12
|
|
|
dac76a |
disa: "02165"
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.DS-5,PR.PT-3
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
|
|
|
dac76a |
index f2fb1f2d20..a8bf12ff81 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
|
|
|
dac76a |
@@ -27,7 +27,8 @@ identifiers:
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
disa@rhel6: '224'
|
|
|
dac76a |
- cis: 6.1.11
|
|
|
dac76a |
+ cis@rhel7: 6.1.11
|
|
|
dac76a |
+ cis@rhel8: 6.1.11
|
|
|
dac76a |
disa: "002165"
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.AC-6,PR.DS-5,PR.IP-1,PR.PT-3
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml
|
|
|
dac76a |
index 5ffa26b0f2..53301cbbf5 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml
|
|
|
dac76a |
@@ -19,7 +19,8 @@ references:
|
|
|
dac76a |
stigid@rhel6: "000043"
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999
|
|
|
dac76a |
disa@rhel6: '225'
|
|
|
dac76a |
- cis: 6.1.4
|
|
|
dac76a |
+ cis@rhel7: 6.1.4
|
|
|
dac76a |
+ cis@rhel8: 6.1.4
|
|
|
dac76a |
cjis: 5.5.2.2
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml
|
|
|
dac76a |
index 6c770216f1..c2e12377ef 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml
|
|
|
dac76a |
@@ -19,7 +19,8 @@ references:
|
|
|
dac76a |
stigid@rhel6: "000037"
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999
|
|
|
dac76a |
disa@rhel6: '225'
|
|
|
dac76a |
- cis: 6.1.5
|
|
|
dac76a |
+ cis@rhel7: 6.1.5
|
|
|
dac76a |
+ cis@rhel8: 6.1.5
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
isa-62443-2013: 'SR 2.1,SR 5.2'
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml
|
|
|
dac76a |
index ad9814e836..86e2e6c25c 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml
|
|
|
dac76a |
@@ -19,7 +19,8 @@ references:
|
|
|
dac76a |
stigid@rhel6: "000040"
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999
|
|
|
dac76a |
disa@rhel6: '225'
|
|
|
dac76a |
- cis: 6.1.2
|
|
|
dac76a |
+ cis@rhel7: 6.1.2
|
|
|
dac76a |
+ cis@rhel8: 6.1.2
|
|
|
dac76a |
cjis: 5.5.2.2
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml
|
|
|
dac76a |
index 5147551c0f..d8a9d04142 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml
|
|
|
dac76a |
@@ -19,7 +19,8 @@ references:
|
|
|
dac76a |
stigid@rhel6: "000034"
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999
|
|
|
dac76a |
disa@rhel6: '225'
|
|
|
dac76a |
- cis: 6.1.3
|
|
|
dac76a |
+ cis@rhel7: 6.1.3
|
|
|
dac76a |
+ cis@rhel8: 6.1.3
|
|
|
dac76a |
cjis: 5.5.2.2
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml
|
|
|
dac76a |
index 48cbe081be..ee0433c568 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml
|
|
|
dac76a |
@@ -18,7 +18,8 @@ identifiers:
|
|
|
dac76a |
references:
|
|
|
dac76a |
stigid@rhel6: "000042"
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999
|
|
|
dac76a |
- cis: 6.1.4
|
|
|
dac76a |
+ cis@rhel7: 6.1.4
|
|
|
dac76a |
+ cis@rhel8: 6.1.4
|
|
|
dac76a |
cjis: 5.5.2.2
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml
|
|
|
dac76a |
index a1e65af70a..39f1b83381 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml
|
|
|
dac76a |
@@ -19,7 +19,8 @@ references:
|
|
|
dac76a |
stigid@rhel6: "000036"
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999
|
|
|
dac76a |
disa@rhel6: '366'
|
|
|
dac76a |
- cis: 6.1.5
|
|
|
dac76a |
+ cis@rhel7: 6.1.5
|
|
|
dac76a |
+ cis@rhel8: 6.1.5
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
isa-62443-2013: 'SR 2.1,SR 5.2'
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml
|
|
|
dac76a |
index 9b5048001e..e19de1bba2 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml
|
|
|
dac76a |
@@ -19,7 +19,8 @@ references:
|
|
|
dac76a |
stigid@rhel6: "000039"
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999
|
|
|
dac76a |
disa@rhel6: '225'
|
|
|
dac76a |
- cis: 6.1.2
|
|
|
dac76a |
+ cis@rhel7: 6.1.2
|
|
|
dac76a |
+ cis@rhel8: 6.1.2
|
|
|
dac76a |
cjis: 5.5.2.2
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml
|
|
|
dac76a |
index cf8e6e4a3e..989cb11c62 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml
|
|
|
dac76a |
@@ -22,7 +22,8 @@ references:
|
|
|
dac76a |
stigid@rhel6: "000033"
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999
|
|
|
dac76a |
disa@rhel6: '225'
|
|
|
dac76a |
- cis: 6.1.3
|
|
|
dac76a |
+ cis@rhel7: 6.1.3
|
|
|
dac76a |
+ cis@rhel8: 6.1.3
|
|
|
dac76a |
cjis: 5.5.2.2
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml
|
|
|
dac76a |
index 8e5f39a13e..38ff43d62c 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ references:
|
|
|
dac76a |
stigid@rhel6: "000044"
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999
|
|
|
dac76a |
disa@rhel6: '225'
|
|
|
dac76a |
- cis: 6.1.4
|
|
|
dac76a |
+ cis@rhel7: 6.1.4
|
|
|
dac76a |
+ cis@rhel8: 6.1.4
|
|
|
dac76a |
cjis: 5.5.2.2
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml
|
|
|
dac76a |
index c8d8c8a73c..d1ed4475fb 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml
|
|
|
dac76a |
@@ -21,7 +21,8 @@ references:
|
|
|
dac76a |
stigid@rhel6: "000038"
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999
|
|
|
dac76a |
disa@rhel6: '225'
|
|
|
dac76a |
- cis: 6.1.5
|
|
|
dac76a |
+ cis@rhel7: 6.1.5
|
|
|
dac76a |
+ cis@rhel8: 6.1.5
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
isa-62443-2013: 'SR 2.1,SR 5.2'
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml
|
|
|
dac76a |
index d72b5277f1..ac48885925 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml
|
|
|
dac76a |
@@ -22,7 +22,8 @@ references:
|
|
|
dac76a |
stigid@rhel6: "000041"
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999
|
|
|
dac76a |
disa@rhel6: '225'
|
|
|
dac76a |
- cis: 6.1.2
|
|
|
dac76a |
+ cis@rhel7: 6.1.2
|
|
|
dac76a |
+ cis@rhel8: 6.1.2
|
|
|
dac76a |
cjis: 5.5.2.2
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml
|
|
|
dac76a |
index 7ec0b092f5..61f4fb6cce 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml
|
|
|
dac76a |
@@ -24,7 +24,8 @@ references:
|
|
|
dac76a |
stigid@rhel6: "000035"
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999
|
|
|
dac76a |
disa@rhel6: '225'
|
|
|
dac76a |
- cis: 6.1.3
|
|
|
dac76a |
+ cis@rhel7: 6.1.3
|
|
|
dac76a |
+ cis@rhel8: 6.1.3
|
|
|
dac76a |
cjis: 5.5.2.2
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
|
|
|
dac76a |
From b7f33f79e59d58cf6181e8fdb7879f40f54bb63a Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 17 Mar 2020 15:56:17 +0100
|
|
|
dac76a |
Subject: [PATCH 2/2] Update references for rpm_verification rules
|
|
|
dac76a |
|
|
|
dac76a |
These rule checks whether permission and ownership of all installed
|
|
|
dac76a |
files are according to what the vendor (package provider) expects.
|
|
|
dac76a |
|
|
|
dac76a |
These rules can contribute to the for specific permissions and
|
|
|
dac76a |
ownerships of specific files, granted the package is aligned with the
|
|
|
dac76a |
rules.
|
|
|
dac76a |
---
|
|
|
dac76a |
.../rpm_verification/rpm_verify_ownership/rule.yml | 3 ++-
|
|
|
dac76a |
.../rpm_verification/rpm_verify_permissions/rule.yml | 4 +++-
|
|
|
dac76a |
2 files changed, 5 insertions(+), 2 deletions(-)
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml
|
|
|
dac76a |
index 6c3c857442..1503836f75 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml
|
|
|
dac76a |
@@ -35,7 +35,8 @@ references:
|
|
|
dac76a |
nist-csf@rhel6: PR.DS-6,PR.DS-8
|
|
|
dac76a |
srg@rhel6: SRG-OS-000257,SRG-OS-000258
|
|
|
dac76a |
stigid@rhel6: "000279"
|
|
|
dac76a |
- cis: 1.2.6,6.1.3,6.1.4,6.1.5,6.1.6,6.1.7,6.1.8,6.1.9,6.2.3
|
|
|
dac76a |
+ cis@rhel7: 1.7.1.4,1.7.1.5,1.7.1.6,6.1.1,6.1.2,6.1.3,6.1.4,6.1.5,6.1.6,6.1.7,6.1.8,6.1.9
|
|
|
dac76a |
+ cis@rhel8: 1.8.1.4,1.8.1.5,1.8.1.6,6.1.1,6.1.2,6.1.3,6.1.4,6.1.5,6.1.6,6.1.7,6.1.8,6.1.9
|
|
|
dac76a |
cjis: 5.10.4.1
|
|
|
dac76a |
cui: 3.3.8,3.4.1
|
|
|
dac76a |
disa: 1494,1496
|
|
|
dac76a |
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml
|
|
|
dac76a |
index d6cc546921..1b3dd500b3 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml
|
|
|
dac76a |
@@ -41,7 +41,9 @@ references:
|
|
|
dac76a |
nist-csf@rhel6: PR.DS-6,PR.IP-8
|
|
|
dac76a |
srg@rhel6: SRG-OS-999999,SRG-OS-000256
|
|
|
dac76a |
stigid@rhel6: "000518"
|
|
|
dac76a |
- cis: 1.2.6,6.1.3,6.1.4,6.1.5,6.1.6,6.1.7,6.1.8,6.1.9,6.2.3
|
|
|
dac76a |
+ cis@rhel7: 1.7.1.4,1.7.1.5,1.7.1.6,6.1.1,6.1.2,6.1.3,6.1.4,6.1.5,6.1.6,6.1.7,6.1.8,6.1.9
|
|
|
dac76a |
+ cis@rhel8: 1.8.1.4,1.8.1.5,1.8.1.6,6.1.1,6.1.2,6.1.3,6.1.4,6.1.5,6.1.6,6.1.7,6.1.8,6.1.9
|
|
|
dac76a |
+
|
|
|
dac76a |
cjis: 5.10.4.1
|
|
|
dac76a |
cui: 3.3.8,3.4.1
|
|
|
dac76a |
disa: 1494,1496
|